We are developing the social individualist meta-context for the future. From the very serious to the extremely frivolous... lets see what is on the mind of the Samizdata people.

Samizdata, derived from Samizdat /n. - a system of clandestine publication of banned literature in the USSR [Russ.,= self-publishing house]

Samizdata quote of the day

Do you think Apple helped [the NSA] build that? I don’t know. I hope Apple will clarify that… Here’s a problem: I don’t really believe that Apple didn’t help them. I can’t really prove it, but they [the NSA] literally claim that anytime they target an iOS device, that it will succeed for implantation. Either they have a huge collection of exploits that work against Apple products, meaning that they are hoarding information about critical systems that American companies produce and sabotaging them, or Apple sabotaged it themselves. Not sure which one it is. I’d like to believe that since Apple didn’t join the PRISM program until after Steve Jobs died, that maybe it’s just that they write shitty software.

Jacob Applebaum

11 comments to Samizdata quote of the day

  • I’d be fairly careful about anything said by Appelbaum myself.

    He fails to emphasise that this is software that has to be implanted on the phone: it’s not something that can attack it over the network or anything.

    And if you actually have physical access to a phone of course you can bug it. Doesn’t require the aid of the manufacturer in the slightest.

    In other words, Appelbaum is bigging this up for his own reasons. Whatever they are….

  • WWTWM

    The NSA apparently claims a 100% success rate in installing the malware on iPhones.

    I took that to mean installing remotely, Tim.

  • Sigivald

    WWTWM: Ah, but it doesn’t mean that, is the thing.

    I recall hearing about DROPOUTJEEP weeks ago from more reliable (as in, less “amping it for publicity”) sources, and they were all clear that it required physical access to the device.

    I wouldn’t trust any piece of hardware to be secure in the physical possession of any first-rate State security institution, whether NSA, FSB, MI5/6, or whatever the Chinese version is.

    Probability that Apple put in a remote backdoor for anyone rounds to zero.

  • Ben

    All software is vulnerable. All operating systems are vulnerable, completely, and 100%. Even the very best. It is not necessary to posit collusion.

    All hardware is vulnerable. Physical access for five minutes is enough. (You don’t have to be a state-level adversary to do this any more either, this is down to organised crime level of difficulty, and rapidly making its way towards highschool prankster level.)

    All wireless hardware is vulnerable (that’s your mobile phone or Wi-Fi). That’s because it runs software on a dedicated chip – software which doesn’t get security updates – on a chip which can access the main memory of the phone, bypassing all security mechanisms. A suitable radio device with a high gain antenna and you don’t even have to be in the same town to own the device. Harder but also coming into reach of non-state-actors. Some attacks are already at highschool prankster level.

    All of it is vulnerable.

    But the way in for each device is different.

    IOS devices run a small number of hardware and software configurations and have a huge market share. The payoff for the painstaking work of putting together an exploit package is correspondingly much higher.

    I am pretty sure that they can also do at least the top hundred non-apple products, but after that you get down to quite low volumes, of only a couple of million devices, and the return on investment looks pretty poor. After all it’s not like these people are terrorists or anything, so a genuine targeted effort is not justified.

    Tim, Sigivald, these are all old news – look at the dates. Snowden has kept back the good stuff because he is a patriot after all. Goodness only knows what the NSA have now.

  • Bruce Hoult

    The original source was very clear that the NSA required physical access to the device.

    They are very probably simply using the same bugs as the JailBreaking community finds and exploits. Hell, they may well use the standard JailBreaking tools.

    Apple keeps an eye on the exploits the jailbreakers have found and patches them, generally at the next scheduled OS release. They are bugs, and they fix them, but something that requires physical access to the device is not regarded as urgent.

    There have several times in the history of iOS been exploits discovered that allow jailbreaking merely by visiting a web site. Generally this has been some bug in a library used by Apple and everyone else, such as for decoding JPEG or TIFF or PDF files. Such an exploit, when discovered, has in the past been made available as a service at jailbreakme.com

    Apple fixes these remote root exploits very quickly once they become aware of them. Typically about a week.

    Contrary to what Ben says, Apple does regularly update the code running on the processor in the radios (“baseband”).

    It’s *possible* that the NSA has discovered remote root exploits that the jailbreaking community hasn’t, and is keeping them quiet for their own use. I think it’s unlikely though. Everything points to them needing physical posession of the device in order for them to bug it.

  • marvo

    “I’d like to believe…until after Steve Jobs died.” Fanboy. Jobs was a sociopath but he did not show any particular pro state tendencies.

  • Bruce Hoult

    If you look at the pic in that article, it says “The initial release of DROPOUTJEEP will focus on installing the implant via close access methods. A remote installation capability will be pursued for a future release”. So they didn’t at that time know how to do remote installation. An trying to figure one out doesn’t mean they succeeded.

    Furthermore, Tim Cook has very forcefully said that they don’t cooperate with intelligence agencies, and Apple has put a “dead man switch” clause in their quarterly reports that says they don’t cooperate, and that they will remove the clause only if somehow forced to cooperate in future.

  • Laird

    Assuming that the NSA must physically install this spy software in Apple devices, as has been asserted here, I’m still not getting a warm and fuzzy feeling. We already know that the NSA is intercepting laptops and servers purchased online and secretly installing spyware on them. Does anyone really doubt that they are using similar techniques to “infect” iPhones, too?

    Incidentally, I’m not as sanguine about Apple’s “dead man switch” clause as is Bruce. If we know about it so does the NSA, and if the NSA can force Apple to cooperate in other matters it can just as easily force it to leave the clause untouched. In fact, the NSA might really like such a clause, if it gives people an unwarranted sense of security. Sound paranoid? How can any aware person not be paranoid in the current environment? Indeed, I would posit that no paranoia fantasy is beyond the realm of possibility any more.

  • J.M. Heinrichs

    The slide being cited as proof of NSA’s exploit is based on a tasking dated “20070108”, which is about the date on which the iPhone was announced; the slide itself is apparently dated 10/01/08, with the software being still in development.
    On the other hand, Google announced Android in Nov 2007, and NSA followed up with “Security Enhanced Android” in Jan 2012.
    It is my understanding that Apple continues its policy of not submitting its software to NSA for security examination and certification.

    Cheers

  • bloke in spain

    “Probability that Apple put in a remote backdoor for anyone rounds to zero.”

    Including a backdoor for Apple?