Yeah people keep talking about reverse engineering but it’s just as real a possibility that this was simply engineered to be there. Apple and the government made a big public show about the San Bernardino iPhone situation[1] but that could have easily been a cover to convince people the government can’t get in to iPhones - because eventually the government dropped the court case, got in anyway, and the whole thing was quickly forgotten.
We can imagine that the government either has ideological capture of apple - that the management of apple agree to install hard to exploit vulnerabilities tailored for US government use - or legal capture through FISA rulings.
I’d be curious if anyone can summarize the latest understanding of FISA court actions in this realm.
"the government" isn't really a single entity. domestic LE and foreign intelligence have different laws and processes enforced by the constitution (thankfully). Its certainly reasonable that domestic LE really can't force Apple to handover US citizens data, while foreign intelligence services can effect supply chain attacks, back-dooring and other methods not permitted for US citizens..
The problem with conspiracies is everyone involved knows it’s a secret. If you’re the CIA, it’s much less risky to compromise a chip design engineer than have everyone from the CEO down at Apple in on the plant.
Maybe but then again what’s another secret when at a high level these firms are already very secretive.
It’s not apple but I think a lot about how Eric Schmidt of google was directly meeting with US military officials and talking about how important US defense was.
You can end up with a situation where the chip designer and some higher up both know what is happening and the higher up is there as a check to provide cover in case the chip designer is caught up in suspicion. (“No we asked for this for the manufacturing team.” Kind of thing.)
Of course this is all conjecture with no evidence and I understand why we don’t want to spend much energy on discussions we can’t confirm, but at the same time it is frustrating when the default assumption is that apple had no knowledge about this. The truth is that we don’t know and likely will never know.
> several of MMIO addresses the attackers used to bypass the memory protections weren’t identified in any device tree documentation, which acts as a reference for engineers creating hardware or software for iPhones. Even after the researchers further scoured source codes, kernel images, and firmware, they were still unable to find any mention of the MMIO addresses
I'd disagree with this. Apple execs surely know if this information gets leaked they're losing 30% market cap in a single day, why would they risk something like that when administrations change every 4-8 years?
I think the charitable explanation here is that this was an undocumented debugging interface. Apple knew about it and did not disclose it in any publicly available material. The NSA almost certainly has access to Apple's source code and documentation. Just look at the Snowden leaks when it was disclosed that the NSA was mitming Google's DC to DC links. They already knew Google wasn't encrypting those links before they surreptitiously dug up the fiber and they already knew enough about the system architecture to make sense of that firehose of data. Clearly either through NSL or bribing some insiders, they already exfiltrated a bunch of internal documentation and source code. Why would Apple be any different?
I wouldn't expect them to have HSM keys or anything but a mirror of their VCS? Yeah the NSA probably has that.
Power is more important than profit. Those running the national security apparatus have been in power for 60 years. The fact that they still haven't released the documents on the JFK assassination evidences that they are still in power.
Let’s say your old boss was embezzling and got away with it. Now you are the boss, and if you go public with it, not only are they out of power and likely nothing will happen, but all the freedom and flexibility you have in the same position is gone, and you or your friends have an island-problem you would rather not get into.
Maybe it’s just better to not rile up the shareholders.
People will call you a crank or a conspiracy theorist but that is only because they are afraid to think about the answers to those questions themselves. Its easier to pretend it couldn't happen.
Yeah people keep talking about reverse engineering but it’s just as real a possibility that this was simply engineered to be there. Apple and the government made a big public show about the San Bernardino iPhone situation[1] but that could have easily been a cover to convince people the government can’t get in to iPhones - because eventually the government dropped the court case, got in anyway, and the whole thing was quickly forgotten.
We can imagine that the government either has ideological capture of apple - that the management of apple agree to install hard to exploit vulnerabilities tailored for US government use - or legal capture through FISA rulings.
I’d be curious if anyone can summarize the latest understanding of FISA court actions in this realm.
[1] https://www.theguardian.com/technology/2016/mar/28/apple-fbi...
"the government" isn't really a single entity. domestic LE and foreign intelligence have different laws and processes enforced by the constitution (thankfully). Its certainly reasonable that domestic LE really can't force Apple to handover US citizens data, while foreign intelligence services can effect supply chain attacks, back-dooring and other methods not permitted for US citizens..
> that could have easily been a cover
The problem with conspiracies is everyone involved knows it’s a secret. If you’re the CIA, it’s much less risky to compromise a chip design engineer than have everyone from the CEO down at Apple in on the plant.
Maybe but then again what’s another secret when at a high level these firms are already very secretive.
It’s not apple but I think a lot about how Eric Schmidt of google was directly meeting with US military officials and talking about how important US defense was.
You can end up with a situation where the chip designer and some higher up both know what is happening and the higher up is there as a check to provide cover in case the chip designer is caught up in suspicion. (“No we asked for this for the manufacturing team.” Kind of thing.)
Of course this is all conjecture with no evidence and I understand why we don’t want to spend much energy on discussions we can’t confirm, but at the same time it is frustrating when the default assumption is that apple had no knowledge about this. The truth is that we don’t know and likely will never know.
7 replies →
> several of MMIO addresses the attackers used to bypass the memory protections weren’t identified in any device tree documentation, which acts as a reference for engineers creating hardware or software for iPhones. Even after the researchers further scoured source codes, kernel images, and firmware, they were still unable to find any mention of the MMIO addresses
It sure quacks like a duck.
I'd disagree with this. Apple execs surely know if this information gets leaked they're losing 30% market cap in a single day, why would they risk something like that when administrations change every 4-8 years?
I think the charitable explanation here is that this was an undocumented debugging interface. Apple knew about it and did not disclose it in any publicly available material. The NSA almost certainly has access to Apple's source code and documentation. Just look at the Snowden leaks when it was disclosed that the NSA was mitming Google's DC to DC links. They already knew Google wasn't encrypting those links before they surreptitiously dug up the fiber and they already knew enough about the system architecture to make sense of that firehose of data. Clearly either through NSL or bribing some insiders, they already exfiltrated a bunch of internal documentation and source code. Why would Apple be any different?
I wouldn't expect them to have HSM keys or anything but a mirror of their VCS? Yeah the NSA probably has that.
Highly unlikely. Nobody cares.
What stock was crushed by Snowden revelations?
https://finance.yahoo.com/quote/AAPL/ seems you are wrong
Compare with minute 22:40 of the talk
As well as https://imgur.com/a/82JV7I9
Power is more important than profit. Those running the national security apparatus have been in power for 60 years. The fact that they still haven't released the documents on the JFK assassination evidences that they are still in power.
Eh.
Let’s say your old boss was embezzling and got away with it. Now you are the boss, and if you go public with it, not only are they out of power and likely nothing will happen, but all the freedom and flexibility you have in the same position is gone, and you or your friends have an island-problem you would rather not get into.
Maybe it’s just better to not rile up the shareholders.
People will call you a crank or a conspiracy theorist but that is only because they are afraid to think about the answers to those questions themselves. Its easier to pretend it couldn't happen.