Comment by CharlesW
2 years ago
My adjacent conspiracy theory is that the NSA and other state agencies do both original research and pay hackers for exploits that Apple hasn’t yet discovered.
2 years ago
My adjacent conspiracy theory is that the NSA and other state agencies do both original research and pay hackers for exploits that Apple hasn’t yet discovered.
The Darknet Diaries episode "Zero Day Brokers" goes into this. Apparently Argentina hosts a lot of outsourced exploit development. Here's the transcript: https://darknetdiaries.com/transcript/98/
They have the budget to do both easily.
Like how the NRO used to design and launch satellites that cost more than aircraft carriers but are now working closely with private companies like Maxar to find more economical solutions.
https://www.maxar.com/press-releases/nro-awards-maxar-a-10-y...
Thing is the fundamental laws of physics give us a good idea as to the capabilities of the NRO given a certain launch platform. Like how when scientists in the late 70s were figuring out the best telescope they could launch they ended up with almost the exact specs of the Keyhole spy satellites, a spare of which became Hubble.
but why pay hackers to try to find a backdoor when you can just walk in the front door and use the carrot and stick to get what you want?
Here's my serious answer that still works if you hate Apple.
Your question assumes two things: (1) That Apple intentionally leaves vulnerabilities in the stack, and (2) that Tim Apple is occasionally willing to share this candy with governments.
Having worked at Apple, I don't believe (1) can be true. Not only is it extremely unlikely that it could be kept a secret, but Apple's thing is "obsessive control", a mindset borne of organizational PTSD which originated with its near-death experience in the mid-to-late 90s. The Apple I know would not risk intentionally leaving back doors unlocked for enemies to find and leverage.
As for (2), the existence of a "Binder of Vulns" by nation-states would expose Apple to existential risk. It's possible that it could be kept secret within Apple's walls if it were never used, but once shared with a government it could not be contained. The splash damage of such a discovery could easily kill Apple.
I am assuming or knowing that the national security apparatus can both coerce and incentivize companies and individuals to give it what it wants. Their power is great and relatively unchecked to do both. Coercion tactics include releasing compromising information on a company, person or family member and more directly injuring person or company. Incentives include favorable regulation, taxation, and deals with other companies they control.
Knowledge of a binder of vulnerabilities is perhaps one of the greatest secrets that must be protected. Wikileaks releasing the Vault 7 leak was the death knell of Julian Assange. It proved such a binder exists in great detail.
I don't hate Apple, but assuming they can't be reached, seems naïve.
We already know Apple has participated to the PRISM program, it's not speculation anymore.
This happened at a company I worked at so it’s not out of the question. I figured it out by reverse engineering and quit on the spot. They tried to tell me I’d never work again if spying on users was a dealbreaker. They showed me a natsec slide deck that identified other collaborating companies as a way of making their point. Among them was Apple.
You are telling me that natsec people give every rando the full list of participants in the conspiracy? That just doesn't make sense for any (semi)competent security agency to disclose.
1 reply →