Comment by kornhole
2 years ago
but why pay hackers to try to find a backdoor when you can just walk in the front door and use the carrot and stick to get what you want?
2 years ago
but why pay hackers to try to find a backdoor when you can just walk in the front door and use the carrot and stick to get what you want?
Here's my serious answer that still works if you hate Apple.
Your question assumes two things: (1) That Apple intentionally leaves vulnerabilities in the stack, and (2) that Tim Apple is occasionally willing to share this candy with governments.
Having worked at Apple, I don't believe (1) can be true. Not only is it extremely unlikely that it could be kept a secret, but Apple's thing is "obsessive control", a mindset borne of organizational PTSD which originated with its near-death experience in the mid-to-late 90s. The Apple I know would not risk intentionally leaving back doors unlocked for enemies to find and leverage.
As for (2), the existence of a "Binder of Vulns" by nation-states would expose Apple to existential risk. It's possible that it could be kept secret within Apple's walls if it were never used, but once shared with a government it could not be contained. The splash damage of such a discovery could easily kill Apple.
I am assuming or knowing that the national security apparatus can both coerce and incentivize companies and individuals to give it what it wants. Their power is great and relatively unchecked to do both. Coercion tactics include releasing compromising information on a company, person or family member and more directly injuring person or company. Incentives include favorable regulation, taxation, and deals with other companies they control.
Knowledge of a binder of vulnerabilities is perhaps one of the greatest secrets that must be protected. Wikileaks releasing the Vault 7 leak was the death knell of Julian Assange. It proved such a binder exists in great detail.
I don't hate Apple, but assuming they can't be reached, seems naïve.
We already know Apple has participated to the PRISM program, it's not speculation anymore.
This happened at a company I worked at so it’s not out of the question. I figured it out by reverse engineering and quit on the spot. They tried to tell me I’d never work again if spying on users was a dealbreaker. They showed me a natsec slide deck that identified other collaborating companies as a way of making their point. Among them was Apple.
You are telling me that natsec people give every rando the full list of participants in the conspiracy? That just doesn't make sense for any (semi)competent security agency to disclose.
I would say all the info was already known, for example Apple’s participation in PRISM.