
Apple Hints China Behind ‘Billion Device iPhone Hack’ That Google Reported - baylearn
https://www.forbes.com/sites/johnkoetsier/2019/09/06/apple-hints-china-behind-billion-device-iphone-hack-that-google-reported/#2295d5f812c9
======
blueadept111
So it only takes a couple million dollars to finance an exploit that
circumvents all security from a billion iphones? Holy Heck, this must just be
the tip of an iceberg.

~~~
dymk
“Only” a couple million dollars?

~~~
blueadept111
Apple could afford to spend a couple million dollars to find those same
security problems and then fix them before everyone's phones became
compromised, but apparently they weren't as interested.

~~~
andreasley
Apple can (and does) spend lots of millions of dollars to find security
vulnerabilities in their products, but it probably won't be the same ones that
some malicious actor finds. All our devices are riddled with (hard to find)
holes and that's not going to change anytime soon.

~~~
xbmcuser
From looks of it many of the vulnerabilies could have have actually been found
at the time of coding if some security best practices were followed

------
29_29
Does anyone know when one travels to China, is the iCloud data entirely
compromised by Chinese access? For example is it all synched?

~~~
Despegar
Apple has already publicly said in court filings, and under threat of perjury,
that they don't make any exceptions for China.

From Apple's filing [1]:

>Finally, the government attempts to disclaim the obvious international
implications of its demand, asserting that any pressure to hand over the same
software to foreign agents “flows from [Apple’s] decision to do business in
foreign countries . . . .” Opp. 26. Contrary to the government’s misleading
statistics (Opp. 26), which had to do with lawful process and did not compel
the creation of software that undermines the security of its users, Apple has
never built a back door of any kind into iOS, or otherwise made data stored on
the iPhone or in iCloud more technically accessible to any country’s
government. See Dkt. 16-28 [Apple Inc., Privacy, Gov’t Info. Requests];
Federighi Decl. ¶¶ 6–7. The government is wrong in asserting that Apple made
“special accommodations” for China (Opp. 26), as Apple uses the same security
protocols everywhere in the world and follows the same standards for
responding to law enforcement requests. See Federighi Decl. ¶ 5.

and a declaration from Craig Federighi personally [2]:

>Apple uses the same security protocols everywhere in the world.

>Apple has never made user data, whether stored on the iPhone or in iCloud,
more technologically accessible to any country's government. We believe any
such access is too dangerous to allow. Apple has also not provided any
government with its proprietary iOS source code. While governmental agencies
in various countries, including the United States, perform regulatory reviews
of new iPhone releases, all that Apple provides in those circumstances is an
unmodified iPhone device.

>It is my understanding that Apple has never worked with any government agency
from any country to create a "backdoor" in any of our products and services.

>I declare under penalty of perjury under the laws of the United States of
America that the foregoing is true and correct.

When China wants something from iCloud they do it the same way that law
enforcement does it everywhere in the world, which is through Apple.

I've seen a number of bad faith claims about this over the years, especially
from Alex Stamos on Twitter.

[1] [https://assets.documentcloud.org/documents/2762131/C-D-
Cal-1...](https://assets.documentcloud.org/documents/2762131/C-D-
Cal-16-Cm-00010-Dckt-000177-000-Filed-2016.pdf)

[2] [https://www.documentcloud.org/documents/2762118-Federighi-
De...](https://www.documentcloud.org/documents/2762118-Federighi-Decl-
Executed.html#document/p1)

~~~
lern_too_spel
Why are you posting statements from 2016 when Apple handed over its iCloud
encryption keys to a Chinese company in 2018? That's dangerously misleading
and puts users at risk.
[https://www.amnesty.org/en/latest/news/2018/02/5-things-
you-...](https://www.amnesty.org/en/latest/news/2018/02/5-things-you-need-to-
know-about-apple-in-china/)

------
acd10j
After reading Apple press release again, It seems it was actually directed
against China but in very subtle way. Even Google Project zero skipped mention
of Uighur community targeting to not get involved in Geo politics of this
attack. But Apple is now in a big dilemma as it is in very vulnerable to
retaliation by Chinese government hence it also had to draft press release in
such a way that it would seem that they are angry at Google. Apple do not want
to go Google way and lose access to Chinese market.
[https://www.technologyreview.com/s/612601/how-google-took-
on...](https://www.technologyreview.com/s/612601/how-google-took-on-china-and-
lost/)

~~~
lern_too_spel
Especially after they already bent over backwards to give the Chinese
government unfettered access to Chinese users' iCloud data. Apple's MO is to
play down any bad thing that China does, so customers can still feel good
about their purchases. [https://www.amnesty.org/en/latest/news/2018/03/apple-
privacy...](https://www.amnesty.org/en/latest/news/2018/03/apple-privacy-
betrayal-for-chinese-icloud-users/)

------
mensetmanusman
China’s methods worked on Tibet; I expect the Uighur culture to be
dramatically changed in a generation, especially since recording devices are
being put in the homes of these people to prevent passage of oral
culture/history to the young.

After the Uighur culture is gone, will China keep the surveillance technology
in place, e.g. the face scans required to enter the strip-malls, etc.?

~~~
deogeo
> recording devices are being put in the homes of these people to prevent
> passage of oral culture/history to the young

This is the first time I hear of this, but I haven't been paying close
attention - can you tell me more about it?

~~~
brendanw
[https://www.shahit.biz/eng/](https://www.shahit.biz/eng/) Here is a database
of over 5000 video testimonials by people who have had family members
disappeared into Chinese "re-education camps". You can spit the database file
out as a .xls and text search it. I found four accounts of forced abortions
for women held in the camps.

~~~
deogeo
I meant specifically the recording devices in homes. I'm otherwise aware of
China's general anti-Uyghur policy.

