We know Facebook’s Mark Zuckerberg relies on good old-fashioned tape to disable his MacBook’s mic and camera, and NSA whistleblower Edward Snowden is working on something a little more sophisticated to stop your iPhone from snooping. It’s a protective case not aimed at preventing damage from drops and tumbles but instead spying and snooping…
While the FBI has successfully accessed the data on the iPhone 5c in the San Bernardino shootings, and the court battle is over for now, the government says that it may not accede to Apple’s demand to be told the method used.
The White House said back in 2014 that the government would consider the pros and cons of disclosing vulnerabilities discovered by its various law enforcement agencies. ArsTechnica asked whether the FBI would reveal the method used in this case, and was told that it wasn’t saying one way or the other …
We said yesterday that the war of words on the Apple/FBI dispute were hotting up, and Edward Snowden has now taken things a step further, suggesting that the FBI’s claims that they need Apple to access the iPhone are … not true. His comments were reported by The Intercept, which posted video of the discussion at a civil liberties conference.
“The FBI says Apple has the ‘exclusive technical means’” to unlock the phone, Snowden said during a discussion at Common Cause’s Blueprint for Democracy conference.
“Respectfully, that’s bullsh*t,” he said, over a video link from Moscow.
Snowden had earlier described how the FBI could physically extract the passcode from the iPhone chip, and has now linked to an explanation of how the agency could bypass the auto-erase feature …
With Apple calling on the government to withdraw its demand that the company create a tool to unlock the iPhone in the San Bernardino case, it seems the FBI does have a plan B – albeit a long-winded and highly uncertain one. Edward Snowden says that FBI claims that it cannot access the phone without Apple’s help are not quite true.
“The problem is, the FBI has other means… They told the courts they didn’t, but they do,” Snowden said during a virtual talk hosted by Johns Hopkins University. “The FBI does not want to do this.”
The technique Snowden described is known as chip de-capping, and involves physically attacking the chip in order to probe its contents. Four cyber security researchers contacted by ABC News confirmed that the technique is real, but far from certain to succeed …
Civil rights organizations have expressed strong support for Apple’s resistance to a court order instructing it to create special firmware that would allow the FBI to break into an iPhone – with tech companies doing the same, albeit in a weaker fashion.
The Electronic Frontier Foundation (EFF) posted a statement in which it said that it applauded Apple for standing up for the rights of its customers, and would be making its views known to the court.
Essentially, the government is asking Apple to create a master key so that it can open a single phone. And once that master key is created, we’re certain that our government will ask for it again and again, for other phones, and turn this power against any software or device that has the audacity to offer strong security […]
EFF applauds Apple for standing up for real security and the rights of its customers. We have been fighting to protect encryption, and stop backdoors, for over 20 years. That’s why EFF plans to file an amicus brief in support of Apple’s position.
The Verge notes similar support from both the American Civil Liberties Union (ACLU) and Amnesty International …
Apple and Google have co-signed a letter calling on President Obama to reject any government proposal to allow the government backdoor access to encrypted data on smartphones and other devices. The Washington Post says the letter, due to be delivered today, is signed by more than 140 tech companies, prominent technologists and civil society groups.
The signatories urge Obama to follow the group’s unanimous recommendation that the government should “fully support and not undermine efforts to create encryption standards” and not “in any way subvert, undermine, weaken or make vulnerable” commercial software.
Apple uses end-to-end encryption for iMessages, meaning that Apple has no way to access the data even if presented with a court order. Tim Cook stated last year “it’s encrypted, and we don’t have the key.”
The FBI has been pushing increasingly hard to require tech companies to build in backdoor access to their encryption systems to allow access by law enforcement, even going so far as to say that Apple could be responsible for the death of a child. U.S. Attorney General Eric Holder has also cited child safety as a justification for demanding access to encrypted data.
The letter calling on Obama to reject this argument is also signed by five members of a presidential review group appointed by Obama in 2013 to assess technology policies in the wake of leaks by former intelligence contractor Edward Snowden.
Many in the tech industry have pointed out that, aside from the obvious concerns over government intrusion into the private lives of its citizens, any backdoor used by the government could potentially be discovered and exploited by hackers and foreign governments.
Apple is one of ten tech giants to once again call on the US Government not to reauthorize the Patriot Act in its current form. The Act expires on 1st June unless it is renewed by Congress. Apple was joined by AOL, Dropbox, Evernote, Facebook, Google, LinkedIn, Microsoft, Twitter and Yahoo.
In an open letter to President Obama, NSA Director Admiral Rogers and other prominent government figures, the companies urge Congress to end the bulk collection of communications metadata–the logs that determine how and when ordinary citizens contact each other.
The letter says that mass surveillance must end, and that a revised bill must contain mechanisms to ensure that future government surveillance is both transparent and accountable …
Expand
Expanding
Close
Update: One of the approaches suggested – modifying Xcode to inject malware – has now been used, though we don’t at this stage know who was responsible.
The Central Intelligence Agency has conducted “a multi-year, sustained effort to break the security of Apple’s iPhones and iPads,” claims The Intercept, referencing new Snowden leaks of a document from the CIA’s internal wiki system.
A presentation on the attempts, focusing on breaking Apple’s encryption of iOS devices, was said to have been delivered at an annual CIA conference called the Jamboree.
Studying both “physical” and “non-invasive” techniques, U.S. government-sponsored research has been aimed at discovering ways to decrypt and ultimately penetrate Apple’s encrypted firmware. This could enable spies to plant malicious code on Apple devices and seek out potential vulnerabilities in other parts of the iPhone and iPad currently masked by encryption.
One route reportedly taken by the CIA was to create a modified version of Xcode, which would allow it to compromise apps at the point at which they are created …
Expand
Expanding
Close
Tim Cook appears to be using his international tour, which so far includes Israel, Germany and the UK, to push a second product every bit as hard as the Apple Watch: privacy. In an interview with the German newspaper BILD posted yesterday (paywall), Cook went as far as to praise Edward Snowden for his role in prompting discussion of the issue.
If Snowden did anything for us at all, then it was to get us to talk more about these things. [Apple’s] values have always been the same.
The comments follow a meeting with German Chancellor Angela Merkel, at which data privacy was reportedly a key topic. Cook also told the Telegraph last week that “none of us should accept that the government or a company or anybody should have access to all of our private information.” Cook has in the past resisted FBI pressure to compromise its strong encryption, and was the only tech CEO to attend a recent White House cybersecurity summit.
In the BILD interview, Cook reiterated Apple’s stance on privacy, and also said that as Apple had grown larger, it had taken deliberate decisions to be less secretive about some aspects of its business …
Expand
Expanding
Close
The first clip of part two of Tim Cook’s interview with Charlie Rose has posted tonight with a segment on Apple and privacy. In the interview, Cook discussed the privacy of user data using Apple services as Apple has mentioned in the past.
We’re not reading your email, we’re not reading your iMessages. If the government laid a subpoena on us to get your iMessages, we can’t provide it. It’s encrypted and we don’t have the key.
Cook also discussed how Apple’s approach to Apple Pay, its new mobile payment system, emphasizing that Apple is in the business of selling iPhones, not user information like other companies. Cook commented strongly that he is “offended” by the practices of some other companies. The shot at Google, which Cook stated is his idea of Apple’s competition in the part one with Charlie Rose, was mentioned similarly during last week’s iPhone event. Cook also discussed earlier privacy issues involving “server backdoors” and Edward Snowden. You can view the new clip below…
The reported ban on national and local government departments purchasing Apple products was just a misunderstanding, according to statements by the Finance Ministry and Central Government Procurement Centre cited by Reuters.
The statements say that the procurement list referred to by Bloomberg was just one of many, and listed only “energy-saving products.” China claims that Apple products did not make this list despite qualifying because the necessary paperwork had not been completed …
Expand
Expanding
Close
After a Chinese state-run TV channel last month described the iPhone as a “national security concern” (a claim Apple denied), Bloomberg reports that the Chinese government has stepped up its war on Apple by removing the company’s products from its procurement lists.
Ten Apple products — including the iPad, iPad Mini, MacBook Air and MacBook Pro — were omitted from a final government procurement list distributed in July, according to officials who read it and asked not to be identified because the information isn’t public. The models were on a June version of the list drafted by the National Development and Reform Commission and Ministry of Finance, the officials said …
The WSJ reports that the state-run China Central TV has described the iPhone as a “national security concern” due to its location-tracking capabilities.
In its national noon broadcast, state-run China Central Television criticized the “frequent locations” function in Apple’s iOS 7 mobile operating system, which tracks and records the time and location of the owner’s movements. The report quoted researchers who said that those with access to that data could gain knowledge of the broader situation in China or “even state secrets” …
The Electronic Frontier Foundation (EFF) today published its annual “Who Has Your Back?” report that rates and compares how major corporations deal with government data requests. The EFF’s ranking of technology company data request transparency is notable because the organization is the “leading nonprofit organization defending civil liberties in the digital world.” The report ranks companies based on six categories: requires a warrant for content, tells users about data requests, publishes transparency reports, publishes law enforcement guidelines, fights for users’ privacy in courts, fights for users’ privacy for rights in Congress. This year, Apple received a star for each of the six categories.
This compares to many other technology companies, including Google, Yahoo, and Facebook, that received stars across the board:
Yesterday we reported on new leaked docs from Edward Snowden reported by The New York Times and others that detailed secret NSA and GCHQ programs used to siphon data from popular smartphone apps on both iOS and Android. While Apple and Google have yet to respond to the reports, today one of the main developers singled out in the claims has. Rovio, maker of the popular Angry Birds game that was mentioned several times in the reports, today posted a response on its website.
The developer confirms that it in no way works with NSA, GCHQ or any other government organization to provide data about users, but it does point to third-party advertising networks as a possibility of the leaks:
The alleged surveillance may be conducted through third party advertising networks used by millions of commercial web sites and mobile applications across all industries. If advertising networks are indeed targeted, it would appear that no internet-enabled device that visits ad-enabled web sites or uses ad-enabled applications is immune to such surveillance. Rovio does not allow any third party network to use or hand over personal end-user data from Rovio’s apps.
Referring to the third-party advertising networks, Rovio CEO Mikael Hed said the company would have to “re-evaluate working with these networks if they are being used for spying purposes.”
Angry Birds wasn’t the only app specifically mentioned in the leaked docs, however. The reports claim the NSA program is capable of intercepting information ranging from location, age, and sex of users to address books, buddy lists, phone logs, geographic data and more from various mobile apps and third-party ad networks. Twitter, Google Maps, Facebook and others were also specifically mentioned in yesterday’s reports.
New documents leaked by Edward Snowden and reported by The New York Times, The Guardian and ProPublica detail how the NSA and its British counterpart can collect users’ personal data through smartphone apps. The reports specifically mention popular apps like Angry Birds, Twitter, Google Maps and Facebook and claim the NSA is capable of intercepting information ranging from location, age, and sex of users to address books, buddy lists, phone logs, geographic data and more:
The N.S.A. and Britain’s Government Communications Headquarters were working together on how to collect and store data from dozens of smartphone apps by 2007, according to the documents, provided by Edward J. Snowden, the former N.S.A. contractor. Since then, the agencies have traded recipes for grabbing location and planning data when a target uses Google Maps, and for vacuuming up address books, buddy lists, phone logs and the geographic data embedded in photos when someone sends a post to the mobile versions of Facebook, Flickr, LinkedIn, Twitter and other services.
At least one of the app developers, Rovio, is not surprisingly unaware of any of the activity mentioned in the documents, but it will be up to the app developers, Apple, and Google to address the issue and clarify for users if their personal data is safe. In a recent interview with ABC, Apple CEO Tim Cook commented on the controversy over surveillance programs and promised he would press congress for more transparency:
Expand
Expanding
Close
http://www.youtube.com/watch?v=VC05RJidXDs#t=174
Interesting but totally unsubstantiated claim by Anonymous.
…claims the group make concerning Touch ID seem to focus on Authentec director, Robert E Grady, who appears to have been a prominent figure within the George Bush administration and (Anonymous claim) was connected with The Carlyle Group, which Anonymous also claim is a majority shareholder in Booz Allen Hamilton, the NSA contractor with which whistleblower Edward Snowden worked.
I’d like to think the government and NSA already have my fingerprints but they went out of business so NBD.
Expand
Expanding
Close
An NSA presentation leaked by NSA whistle-blower Edward Snowden pointing to the potential of smartphones for government surveillance suggest that Steve Jobs was an unwitting Big Brother figure by popularizing the devices and iPhone owners zombies for buying them.
The reference, made in slides leaked to German news site Spiegel, is to the 1984 ad (below) created for the launch of the original Macintosh.
About 130 million people in the US have [a smartphone]. The mini-computers have become personal communication centers, digital assistants and life coaches, and they often know more about their users than most users suspect.
For an agency like the NSA, the data storage units are a goldmine, combining in a single device almost all the information that would interest an intelligence agency: social contacts, details about the user’s behavior and location, interests (through search terms, for example), photos and sometimes credit card numbers and passwords.
The 2010 presentation, Exploring Current Trends, Targets and Techniques, describes steps the NSA was taking to hack into iOS, Android and Blackberry devices, and refers to the range of data it is possible to extract.
Under the heading “iPhone capability,” the NSA specialists list the kinds of data they can analyze in these cases. The document notes that there are small NSA programs, known as “scripts,” that can perform surveillance on 38 different features of the iPhone 3 and 4 operating systems. They include the mapping feature, voicemail and photos, as well as the Google Earth, Facebook and Yahoo Messenger applications.
The presentation does not suggest that any of the smartphone or online companies were complicit in allowing access to user data, although it has been suggested that denials made by Apple and others in regard to server access via the PRISM program may have been a matter of careful wording.
The slides include two stills from the original Macintosh ad from 1984. Apple famously aired the ad just once, relying on TV stations repeating it in news reports at no cost to Apple.
http://www.youtube.com/watch?v=g_d5R6Il0II
