
The NSA Reportedly Has Total Access To The Apple iPhone - larubbio
http://www.forbes.com/sites/erikkain/2013/12/30/the-nsa-reportedly-has-total-access-to-your-iphone/
======
JunkDNA
I know this headline generates traffic by being about the iPhone, but this is
a minor point. The big message from Jacob's talk and the original articles in
Der Spiegel is that the NSA can intercept anything. Period. Full stop. People
have suspected such far reaching capabilities for some time. This talk and the
articles demonstrate that it exists. I'm personally a little uncomfortable
with this kind of disclosure. On one hand, the NSA exists for the express
purpose of spying. That is their job. You can not like that the NSA is a spy
organization and we can debate whether we should conduct spy operations as a
society, but I'm not sure what exposing their methods in this level of detail
does for advancing that debate. Did people expect them to be a spy
organization that was incompetent? A group that makes crappy and obvious
listening devices stamped with "Designed by the NSA in Maryland"? On the other
hand, the cases of potential abuses and dragnet surveillance capturing
everything indiscriminately are extremely worrying. I don't know how a free
society can do all this spying in support of legitimate foreign policy goals
and at the same time not grow into an out of control, unaccountable
organization ripe for abuse.

~~~
salient
First off, I don't think anyone except "tinfoil hats" really imagined the
scale of NSA spying. Who really thought the NSA would try to subvert the
cryptographic standards they pretend to create to "secure systems"? Who really
thought they'd go to US service and hardware companies and ask them to
implement backdoors for them?

Also, there's a big difference between letting NSA protect US against Real
Threats - real national security people-are-going-to-die threats, and spying
not just on every single citizen on the planet (which includes corporate
espionage), but on American citizens and companies, too.

Just like everyone has a little "evil" in them, without all of us being
Hitler, the NSA can do a little bit of spying on important targets, without
going 10/10 on the scale of evil spying.

So no, I really don't think "this is their job" or that "everyone knew they
were doing this". I think the vast majority of people thought NSA would be
_reasonable_ with their spying.

I also hate it when people say, "didn't you see when they passed the Patriot
Act? You should've expected this." Perhaps, but if you go back to when they
passed it, they did it in literally hours, and if you watch Bush speak about
it [1], he makes it sound as if they are only going to use it to spy on the
_terrorists ' communications_ \- not _everyone 's_. Going by how fast they
passed the bill, and how few details were offered, you can't really blame most
people for "not knowing".

Heck, it was even called the "anti-terrorism bill" on TV, so I don't think
people imagined that meant all of their communications are going to be swept
up, because they were now thinking everyone is a potential terrorist (which is
what "collecting it all" means) until proven otherwise by their systems.

[1] -
[http://www.youtube.com/watch?v=DfRcfTakhFo](http://www.youtube.com/watch?v=DfRcfTakhFo)

~~~
JunkDNA
But my issue is that very little in the slides released by Der Spiegel talks
about the actual _targets_ where devices were employed. There is the Internet
dragnet stuff which is rightly worrisome, but the vast majority of the slides
are similar to the one about the iPhone and detail targeted exploits: specific
phones, specific servers, specific routers. Targeted spying on real threats
requires those capabilities. Unfortunately, if deployed at scale they _could_
be used for large scale spying. But there is no _evidence_ here that these
methods are used in this way (in contrast to stuff like PRISM). I think that's
what makes me uncomfortable here. There is a bit of sloppiness going on where
people are trying to conflate techniques for targeted spying with mass
surveillance. I think it's important to be careful to make the distinctions.

~~~
Zigurd
Some of these items need to be deployed with "black bag jobs" and that has
some natural limits. Still, we know that people like Martin Luther King were
the targets of dirty tricks campaigns, and that the treatment of people like
Jacob Appelbaum indicate such dirty tricks are still in play.

There are enough prominent technology and finance people reading this who back
controversial and truly disruptive technologies like bitcoin, biotech hacker
spaces, open source crypto, etc. that they may have a reasonable concern about
being a target.

------
forgottenpaswrd
"one question has been paramount for privacy advocates: How do we, as a
society, balance the need for security against the rights to privacy and
freedom? "

I hear this fallacy question again an again. It implies that giving total
power to gobertment is "security". It is not.

Giving total control to Stalin meant hundred of millions of Russians got
murdered in terror, giving total power to Hitler or Mussolini from democracies
meant the total destruction of Germany and Italy with millions dead.

~~~
netcan
I don't even think you need to go that far, with extreme examples of
totalitarianism.

I'm not American, so obviously I'm less emotionally involved. My view on it is
that the US is not under any meaningful threat of terrorism. 9/11 was big, but
on the scale of decades it is still far down the likelihood list of violent
ways an American may be harmed. Murder, Rape and other assaults are a reality
too, a far more likely reality.

The real "solution" is "ignore terrorism, it's not a big threat." That's
contrary to human nature, but I think it is the most rational response.

~~~
digitalengineer
Yes. Let's put the threat of terrorism in perceptive: In 2010, 13,186 people
died in terrorist attacks worldwide, while 31,672 people were killed with
firearms in America alone, reports CNN’s Samuel Burke.
[http://amanpour.blogs.cnn.com/2013/01/15/more-americans-
kill...](http://amanpour.blogs.cnn.com/2013/01/15/more-americans-killed-by-
guns-than-by-terrorists/)

~~~
InclinedPlane
Be careful, you're treading into muddy waters, and it's not necessary for your
argument.

Consider a few problems with your statistics. First, 20k of those gun deaths
in the US are suicides, which distorts the statistics into pretending to show
a certain level of gun violence that's not actually evident. Second, dying in
terrorist attacks is not the same thing as dying at the hands of terrorists or
terrorist organizations. There are tens of thousands of people being killed
every year in Syria, for example, at the hands of al qaeda or other terrorist
aligned soldiers. There have been about ten thousand people killed every year
in Mexico at the hands of drug cartels in what is effectively a weird kind of
civil war happening there. During the Iraq war and during the war in Chechnya
terrorists and terrorist aligned fighters killed tens of thousands of people,
many of them civilians.

Moreover, very few people die every year from jet crashes. However, that low
figure is due to a truly enormous amount of effort and resources put forth,
probably in the trillions of dollars per year range, to keep air travel safe
and reliable.

That's the danger of using naive statistics and straight death-toll
comparisons the way you are doing. Sure, more people are going to die from
cheeseburgers than likely will ever die from terrorism. But A: overall that's
a _good_ thing, and B: it's not necessarily meaningful.

More importantly, there are much more direct and more substantive attacks
against NSA surveillance effectiveness, TSA screening, etc.

For example, with regard to TSA screening it's notable that the TSA has not
thwarted even one terrorist attack on a plane since 9/11\. However, there are
many documented accounts of TSA failures to prevent weapons of various sorts
(knives, guns, even bombs) from getting on planes. And there have been
attempted attacks on planes which the TSA did not stop but which passengers
did.

The case with regard to the ineffectuality of the NSA's surveillance efforts
is even stronger. They put out a list of foiled plots where the NSA
surveillance had some role and it is wall to wall bullshit. Most of the
"plots" are little more than entrapment, and there appears to be no case at
all where surveillance was the lynchpin that made the difference between
shutting down a plot when that plot would have gone undetected without the
surveillance data. Worse yet, there are several examples of cases, such as the
Tsarnaev brothers, of outright incompetence where the FBI/NSA et al had a case
handed to them on a golden platter and they screwed the pooch and let someone
they were warned about end up murdering American civilians. And one has to
wonder if those sorts of failures, which vastly outweigh the vast majority of
phony "successes", happened because federal law enforcement agencies were too
focused on this high-tech bullshit instead of actually doing their fucking
jobs.

~~~
digitalengineer
You're right of course. And even the label 'terrorist' can vary. I think if we
ask the people living under the threat of predator-strikes they'd say _it 's
the US_ thats causing a lot of the terror there.

~~~
InclinedPlane
"Terrorist" does not currently have a well-accepted objective definition. To
me a terrorist is a guerrilla fighter who lacks popular support where they are
fighting and specifically attacks soft targets for political (rather than
military/tactical) goals. Regardless, the casualness with which "collateral"
deaths of civilians has been handled for several of the US's recent military
activities may be of a different nature but not necessarily on a higher moral
standing. This is probably most true of the US's participation in the Yemeni
civil war over the last several years, but there is much else worthy of
approbation. The theory of arming surveillance drones was always that it would
enable attacks on extremely high value targets of opportunity using precision
guided munitions that would limit collateral damage. In practice it has
resulted in an unprecedented expansion in the extent of the currently active
battlefield and a weapon system which appears to be on the same moral level as
the car bomb in the degree to which it causes deaths of innocent civilians.

~~~
scott_karana
Kofi Annan's definition seemed reasonable to me:

 _Any action constitutes terrorism if it is intended to cause death or serious
bodily harm to civilians or non-combatants with the purpose of intimidating a
population or compelling a government or an international organization to do
or abstain from doing any act._

------
RyanZAG
Aren't we missing a critical point here??

> _" The initial release of DROPOUTJEEP will focus on installing the implant
> via closed access methods." [2007]_

OK, we knew this much already. I remember seeing a number of stories on how
law enforcement can pull data off an iPhone, etc. Not really much new here.

> _" A remote installation capability will be pursued for a future release"_

Here is the interesting bit. You don't put this in a document unless you have
a good plan on how to do it. Obviously with iOS devices having ports closed
and being behind NAT, the NSA can't exploit them remotely. However, the NSA is
pretty clear that it will have the capability in the future. Note the date on
this - 2007.

Since 2007, what has changed? iCloud allows Apple to install and run code
directly on your device remotely. Is there any doubt that the NSA would
request Apple give them full access to iCloud? So the real issue here is what
that last little line hints at: the NSA was looking to get remote access
rights to all iPhones back in 2007 and with the knowledge now that they will
happily backdoor AT&T/Google/Microsoft to retrieve data, is there any doubt
they are now using iCloud to gain remote access to all iPhones?

I'm sure NSA/Google does the same with Google Play Services.

~~~
bandushrew
" iCloud allows Apple to install and run code directly on your device
remotely."

I dont understand this? so far as I am aware, apple has _always_ been able to
install and run code directly on your device remotely.

what am I missing?

~~~
RyanZAG
Features - iCloud is just an extension of the stuff that was on iOS already.
Previously you had preinstalled apps as part of the rom that could run in the
background etc, and you had apps that you could download that ran sandboxed
and had to have an icon, etc. iCloud allows direct access to the filesystem
remotely. iCloud also now has routing support to assign you to different Apple
servers, etc. All of these features would make it trivial for the NSA to put
their own special server in at the iCloud data centers and redirect specific
people onto it without them knowing.

So while it would have been theoretically possible for the NSA to do it before
iCloud, iCloud makes it actually practical to do it without subverting the
whole iOS team.

~~~
bandushrew
I am sorry, I dont think that makes much sense.

Apple has had remote access to the file system forever - an early use of it
was to remove apps that had certain kinds of legal issues from the phones of
those who had purchased it.

iCloud is simply remote file storage, and not all applications use it anyway -
if the NSA wants access to my phone, achieving access to my iCloud account is
a pretty poor second best.

~~~
hobbes300
Providing an XML feed that lists banned apps does not equate to remote file
system access.

------
roin
Not only is the slide from 2008, but it also says it requires "close access
methods" and "remote installation will be pursued for a future release." In
other words, they need physical access to your device. If we think that the
NSA can't compromise a device after gaining physical access, well then I think
we should be scared about the competence of the NSA.

I don't have the patience to watch Appelbaum's hour long talk, but unless he
has something far more impressive than these documents then he's just another
activist who will willfully mislead in order to advance his cause.

~~~
coldtea
> _I don 't have the patience to watch Appelbaum's hour long talk, but unless
> he has something far more impressive than these documents then he's just
> another activist who will willfully mislead in order to advance his cause._

The fact that you cherry picked a obvious example, and even downplayed its
singificance -- plus fact that you were quick to call him an "activist" (nay,
"another activist", how their pesky multitudes annoy you), tells more about
you than about him or the talk.

~~~
roin
I didn't cherry pick any example. I just used the example that the article was
written about.

------
rlx0x
Now the talk he gave was interesting, laying out some known and some new facts
about the surveillance and automated attack capabilities of the NSA,
particularity interesting is the targeting of infrastructure and their traffic
injection systems. And he is right to make the point, that its particularly
despicable that they actively sabotage infrastructure security, something
everyone on this planet has to suffer from.

But.. I don't even know where to begin, its not only that we need to convince
a large portion of the US population that living in a dystopian total
surveillance state is actually not something to thrive for, we can't even
begin to discuss those issues in any meaningful way when people have not the
slightest clue whats really going on, even if leaks like this occur that
outline frightening and utterly insane surveillance and attack capabilities
nobody is going to explain it to them (not that anyone cares anyways).

The NSA developed and deployed a global system that enables them to do DPI on
the whole internet traffic, analyze that traffic, inject traffic, attack every
system through countless vulnerabilities and backdoors and all of that
automated, not only against their “targets” but also against any
infrastructure they are interested in.

They have secret laws, can force companies to work with them, force backdoors
and not only are the US companies not allowed to talk about those things, they
are legally bound to publicly lie about it.

So yeah they can hack every iPhone on this planet, and turn it into a silent
listening device, among many many many other things, is that really what we
should be talking about?

~~~
andreyf
> force backdoors

unlikely

> they are legally bound to publicly lie about it

source?

~~~
StavrosK
[http://www.theguardian.com/technology/2013/sep/09/nsa-
sabota...](http://www.theguardian.com/technology/2013/sep/09/nsa-sabotage-
dead-mans-switch)

~~~
andreyf
Can you be a little more specific? Also, re: that article, is there any
evidence that there are exploits placed by NSA or GHCQ that could be used by
other adversaries? I hear this claim a lot, but haven't seen any evidence...

~~~
StavrosK
As far as I know, you're obliged not to divulge the fact that you're
cooperating, including saying that you aren't if you're asked, if that's what
you've been doing so far.

I don't think there's any evidence that someone has used an NSA backdoor, but,
given how widespread exploits are, I wouldn't be surprised.

------
andr
I really see this working remotely, as long as you have control over a cell
phone tower or you use a phony portable base station, both of which are within
the NSA's reach.

The thing is phone baseband software (which is reused on different phone
models and controls the phone's I/O including GSM, USB, etc.) has hardly ever
been under attack. When the iPhone arrived with its new security model,
baseband bugs became one of the major ways to jailbreak a phone. Those bugs
have been fixed one by one, but they were mostly on the USB side - the GSM
side has been impractical to attack. A carefully crafted GSM packet could in
2008 and probably could now cause a buffer overflow in the baseband and gain
access.

An interesting presentation on the topic:
[http://www.youtube.com/watch?v=fQqv0v14KKY](http://www.youtube.com/watch?v=fQqv0v14KKY)

------
wyager
This is from a very old version of iOS (2007). We don't know if this is still
true.

Regardless, I can say for a fact that there are exploits for all cell phone
platforms. iOS exploits are by far the hardest to find. An iOS remote
execution 0day will easily fetch $250k. I've seen one go for $600k. For an
Android remote exec 0day, you're looking at closer to $50k.

Even if the NSA doesn't have these on hand, they can certainly purchase them.

~~~
guelo
Seriously? Apple fanboys feel the need to try to defend Apple by saying that
their competitors are worse?

Wake the fuck up! This isn't about Apple. It's about an out of control
military that's spying on all of us and threatening our way of life and our
livelihoods.

~~~
shinratdr
That's the major issue at play, but the article is about Apple. There can be
more than two things happening at once. Most Apple fans natural reaction to
any negative article about them is "Why Apple?" and to work from there.

Because more often than not, the answer is "Because it draws clicks". Since
that isn't the case here, the next step is typically "Is this unique or
specific to Apple, and does the issue at hand pertain to other devices or
OSes?" In OPs opinion, it isn't. His evidence is the high cost of zero day
exploits relative to other platforms.

He's not "defending Apple by saying their competitors are worse", he's
providing context to an article that provides none itself. If negative
articles about Apple weren't such rabid click bait, this wouldn't be needed as
it would be part of the reporting process. Unfortunately, that isn't the case.

"Wake the fuck up!" is an extremely patronizing sentiment. I can be both aware
of the overall NSA situation while simultaneously defending Apple from knee-
jerk reactionaries. They aren't mutually exclusive activities.

------
allochthon
Honestly, I don't really care. The NSA can read whatever they want of mine.
I've heard the arguments about how you should care, even if you don't have
anything to hide. And I find them persuasive on one level and simultaneously
unengaging on another. By contrast, the parallels to fascist Italy and Nazi
Germany and living in a turnkey fascist state are most unpersuasive.

The one argument against what I've written that has been made that I think is
worthy of highlighting is that there are people around the world who are
risking their lives under totalitarian regimes. People's smug responses and ad
hominem detract from this important point, which could be helpful to others
outside of HN in better understanding the issue.

Your downvotes will not persuade me or anyone else with my views. They do
demonstrate that some are committed partisans on this issue. I appreciate some
of the clear, unemotional arguments that have been made, however.

~~~
sneak
The protection from snooping government for law abiders isn't for humdrum
people like you. It's for people working to make the world better who come
under fire through no illegal activity of their own.

Did you know the FBI put MLK under surveillance at the orders of Bobby Kennedy
(then-Attorney General)? They didn't find evidence of crimes, so they
threatened to publicize his extramarital affair if he didn't give up his civil
rights work.

It's about preventing unchecked government power over those who aren't
criminals who are working against the status quo.

OF COURSE you don't care if the NSA reads your email. You don't change
anything, and consequently don't matter.

We as a society care if the NSA reads the private emails of the next important
up-and-coming political party leader who will break us out of the corporate-
owned two-party system. THAT'S the person we're trying to protect, not boring
uninspired people who "have nothing to hide".

~~~
deelowe
The MLK example is a great one. Also, it's still not 100% clear what happened
with Hendrix, Marilyn Monroe or the Kennedys. I read recently that there was
evidence of the NSA having dirt on a governor, which was used to blackmail him
(can't recall the specific instance unfortunately). And of course, I'm sure
everyone knows about what happened with the IRS and certain non profits last
year, while not directly tied to the NSA gives an example of why this stuff
matters.

So yea, it's not to protect people like us. It's to protect the MLKs, the
politicians, the accountants, the journalist, the news anchor, etc... Everyone
either has a skeleton in their closet or cares about someone who does. If one
is so inclined, having this information can be extremely valuable when trying
to prevent a "free society" from becoming a little too free.

------
samstave
So here is a complete anecdotal suspicion:

I have had the iPhone since the first day of release. I have gone through 16
physical devices over that period (due to me breaking them a lot and going
through several employers where I had never purchased my own phone since (well
before) it was released). I am currently, for the first time in a long time,
on my own personal device; an iPhone 4.

I upgraded it to iOS7 when it was available. The device is a slow POS and I
want to stab my eyes out when I use it....

However; there is a behavior that I have only personally noticed recently:
___(Please tell me if you see the same thing)_ __

Whenever I transition between literally ANY screen, I see a quick __ _BLINK_
__of the screen - in the same anim that you would see when you take a
screenshot.

So I am wondering "Is my phone taking a screen cap of EVERY switch/transition
I make? WHY"

Now, I know that iOS does do screen caps of things so that when you are
switching in various ways that it already has a cache of the last state of
that screen in order to thumbnail the previous view... BUT I understood this
to be limited to certain circumstances. Currently I am noticing it on pretty
much ANY transition.

Even if this is the actual, ___" Normal"_ __, my suspicion is that this fact
can be used to entirely rebuild an entire session of activity for a user
through their entire interactions. Even if you just grab these screens which
are used at a system level - a great deal could be inferred from just these
workflow screen caps.

~~~
jbergstroem
Complete bogus - but lets play: If you were the NSA; why would you even hint
to the user that you were taking screenshots? Its not like the blink animation
is tucked away from software control.

~~~
samstave
That wasnt my point: irrespective of any "nefarious interest" in said screen
shots; IS the iOS device actually capturing every single screen change via a
screenshot?

As I understood it - there were certain apps that were captured in the past.
This was so that when the app loaded it had the previous state shown as
quickly as possible, and it would then refresh.

My point was I am noticing this flashing screen cap anim on literally EVERY
screen change... this does not make sense to me and I am wondering why the
device does this.

Finally, I surmise that if it actually IS doing these caps, that if one COULD
get access to them one could then build a pretty clear session history.

Again, I said it was a simple suspicion. I have no idea if this is actually
happening; but the device seems to be revealing the caps happening... but I am
not so sure.

~~~
coolnow
If you were the NSA, would you be taking screenshots just as the target was
/switching/ apps, instead of taking them while they're using it? Oh, he's
opened Mail, take a screenshot of Mail's splash screen while it's loading, now
don't do anything. Oh, he's done using the app, quick, take a screenshot of
his empty inbox before the app switches to Candy Crush.

Not to mention that the screen flash while a screenshot is being taken is a
usability feature and is there to help us know when a screenshot has been
successfully taken. I know there are tweaks on Cydia that allow screen
recordings, so why are the NSA messing about taking screenshots of some
unimportant (no offense, i mean it in a national security sense) guy?

tl;dr your iPhone 4 is struggling with iOS 7 and probably has some redraw
problems, most likely no one is taking screenshots of you while you're
switching apps.

~~~
samstave
I am not talking about the "NSA taking screen shots" \-- I am talking about
the iOS taking screenshots... this is just a "nice feature" that any phone
tapper/hacker (like the NSA) could exploit.

My ___question_ __is: Does the iOS device, in fact, take a screenshot of every
single transition?

everyone seems to miss my question, thus I must be posing it poorly.

What I said again, simply, was that:

I knew that some transitions had a screen capped to allow for a faster,
subjective, transition to the user... a UX cheat.

However, I noticed that my iOS7 device ___APPEARS_ __to be doing this on EVERY
transition... Is it really capping, or, as you smartly suggest; the iPhone 4
is a POS that struggles in the anims for each transition.

Finally, I was just surmising that should the device, indeed, take a screen
for every transition; this could be a sweet exploit in rebuilding session
actions for any user of the device.

~~~
coolnow
Ah, i see what you mean. I think you are correct in that iOS takes a
screenshot of pretty much every transition, but i'm willing to bet that it has
nothing to do with the screen flashes as it should be automatic and in the
background. The screen flashes are UX features for user controlled
screenshots. I believe the screenshots of each application's state before
transition has to be stored somewhere and if someone manages to access them,
some damage could be done, but at the same time, not that much. I don't know
exactly how the screenshots are queued up (is there 1 screenshot for each
application? If i open the app again and navigate to another view and
transition out, is the first screenshot overwritten?)

Apologies, your initial comment sounded like you thought you were being
targeted by the NSA or something.

------
zebra
Spiegel source: [http://www.spiegel.de/international/world/how-the-nsa-
spies-...](http://www.spiegel.de/international/world/how-the-nsa-spies-on-
smartphones-including-the-blackberry-a-921161.html)

~~~
caycep
Hm, now I'm paranoid re the little "special teams" that article mentions that
intercepts the mail package and plugs in whatever doodad the NSA has into the
phone, and then sends it along to the customer...my new iPhone had a
fingerprint smudge on the screen plastic protector packaging that I otherwise
attributed to some overworked Foxconn employee but now I have half a mind it
was some NSA agent after 1 too many pizzas....

------
caycep
The slide is dated in 2007 - i.e. either iOS 1.0 or some pre-release beta. Who
knows what it does now with iOS 7? Also, its unclear what's needed - does one
of those other ridiculous govt alphabet soup programs act as a trojan, or does
Tom Cruise has to dangle from my ceiling with laser beams to plug in some
wingding to do this?

~~~
auctiontheory
IIRC Tom Cruise didn't have the laser beams - he was avoiding the laser beams.
So the responsibility to set up a defense perimeter with laser beams is yours.

~~~
zachrose
The GP is grammatically and textually correct. The lasers belonged to the
ceiling.

------
ChrisAntaki
"Is the iPhone taking secret pictures of FaceTime users?" (2011)

[http://news.cnet.com/8301-13506_3-20051758-17.html#](http://news.cnet.com/8301-13506_3-20051758-17.html#)!

> One person said that her boyfriend saw a picture of himself at work
> displayed in FaceTime, even though he has never used the service in the
> office.

------
cdooh
At least we know why Obama still uses a blackberry

~~~
dsl
Obama only uses a blackberry for show when he is in public.

The Whitehouse Communications Office is responsible for maintaining
communications with the rest of the government, business and political
contacts, and his family. In the event the president needs to take a call, an
aide will direct him to a secure tent they setup nearby that is shielded
against eavesdropping and electronic surveillance (see
[http://www.theage.com.au/world/barack-obamas-portable-
secrec...](http://www.theage.com.au/world/barack-obamas-portable-secrecy-tent-
some-assembly-required-20131111-2xb0l.html)). If it is a conversation where
they do not expect sensitive topics to be discussed, they might give him a
Sectera Edge that is routed over an encrypted satellite link back to the
Whitehouse switchboard where the actual call is connected.

------
f_salmon
I have an iPhone.

And when I read that the US government tracks mobile phone movements all over
the world (generating a ton of other information about people), I turned it
off permanently (flight mode) and use it only as a PDA.

Turns out, landline phones combined with email is more than one needs.

If I wouldn't have stopped using the "mobile call feature", my iPhone would
have gone straight to ebay, right now.

------
neilkelty
Couldn't this be accomplished simply by creating apps that deal with contacts,
photos, camera, etc. and then having users download and accept the permissions
themselves.

For example, imagine that any one of the contact or calendar management apps
where you "Allow xxxxx to access your contacts" was produced by the NSA under
the guise of an innovative startup.

~~~
kevinchen
Not quite: for example, iOS doesn't allow apps to access the SMS database.

In light of recent leaks, it's still pretty obvious: think a repackaging of
OTA jailbreaks (like jailbreakme from the iPhone OS 3 era) plus Foxacid.

You could make jailbreakme not display a dialog or install Cydia, and the user
wouldn't notice anything except their phone got warm for awhile and has a
newly opened port for SSH.

------
wslh
I am waiting for a real GNU phone. The original free software spirit is not
there yet.

~~~
CervezaPorFavor
Since explots can be done through hardware, firmware and software, how is a
GNU phone better (genuine question)?

~~~
wslh
You can take into account initiatives like OpenCores:
[http://opencores.org/](http://opencores.org/)

Vulnerabilities exists anywhere for sure but the community (whatever it means)
should create a defense against those threads.

------
Create
We begin therefore where they are determined not to end, with the question
whether any form of democratic self-government, anywhere, is consistent with
the kind of massive, pervasive, surveillance into which the Unites States
government has led not only us but the world.

This should not actually be a complicated inquiry.

[http://snowdenandthefuture.info/events.html](http://snowdenandthefuture.info/events.html)

[http://benjamin.sonntag.fr/Moglen-at-Re-Publica-Freedom-
of-t...](http://benjamin.sonntag.fr/Moglen-at-Re-Publica-Freedom-of-thought-
requires-free-media)

------
jokoon
One thing is true: whatever your phone is, the more complex, the more
features, the more risks there are.

I really don't see the advantages of having a handsized computer, really. The
performance/battery/usability/cost compromises are not really making it worth
it.

Most people do a lot of text messaging, usual smartphones are not designed for
it. Old school, classic cellphone do it pretty well.

Why would you need the internet while you're outside, in the cold, in the
train, while not sitting ? You only need an iPhone for very unnecessary,
unplanned, rich things.

For example, you need to locate something, like the nearest restaurant, or
coffee place, in a town you know nothing about. The data transfer and costs to
make a web search on such a low-powered device, will be ridiculous if you
compare it to just asking somebody.

You're in a coffee place, you're arguing about something, and you want to know
who's right, so you want to search it on the web. Why not just enable the
wifi, and why not carry your 13 inch notebook ?

You want to read your emails. Even if you receive email, what's the real
difference with text messaging ? Emails are for long message on which you can
attach big files. Email is a very old protocol, and it wasn't really thought
to work hand in hand with text messaging.

You want to read a digital document. If you're in for a long, comfortable
read, use an ebook device, use the small screen of a classic cellphone, or
just plan ahead and print it.

Smartphones are all-in one, expensive, software and hardware quirky solutions
which are just not that much awesome. Computers are not entirely secure. A
smartphone will create new technical challenges, but also many other risks,
especially if you have a homogenous device like the iPhone.

Engineers should start to create protocols and software which are already
designed for smaller devices, not create smaller powerful computers: laptops
and desktops are already at the limit of tiny.

Apple created a market of an attractive, dreamy device, which sold, and the
market followed, but the truth is, there is much more to do on the embedded
software design.

~~~
unethical_ban
"You know all those things you like having in a smartphone? You could do
without them, you know."

I agree with your point that more software = more surface area, but your
examples of alternatives aren't very viable for most people, in my opinion.

------
rdtsc
Ha, I wonder what this will do to acceptance of Apple products inside DoD's
(well govt in general). Many agencies and military branches love them some new
cool toys and have been pushing for their inclusion. Now revealing that Apple
security can so seemingly easily be compromised, will they still allow or
advise use of Apple products on government's own networks?

~~~
Phlarp
I thought the largest take away from all these leaks was that various branches
of government, even within the military and intelligence communities,
routinely deploy solutions that are known to be insecure?

~~~
rdtsc
Well they do try to (at least on the surface) to protect their own sensitive
information. NSA's other mission (besides spying) is and advising govt
agencies and military on keeping their data safe.

Now this involves a lot of red tape security certifications, hardening
'scripts', monitoring, auditing and so on. They legitimately do not want
sensitive information leaking. Projects employ air gaps with CDs being burnt
and that is how data is transferred some times.

------
skc
They cynic in me assumes that even tech savvy people would much rather
rationalize away NSA access to their Apple products than give them up.

The easiest rebuttal is simply that every smartphone is equally at risk.

A last resort will be to simply say "meh, don't care"

That's how good/sticky Apple products are

------
snowwrestler
Is there more to the evidence for this than the slide? Because the slide says
that the product is "In development." Just because capabilities are described
in present tense on a slide does not mean that they are in fact available.

------
aruggirello
All Your iPhones Are Belong To Us. Surrender to your iNSA overlords, while
you're still alive.

------
presty
welp [http://news.cnet.com/8301-1035_3-57614604-94/president-
obama...](http://news.cnet.com/8301-1035_3-57614604-94/president-obama-says-
he-cant-use-iphone-for-security-reasons/) now we know why

------
marveller
Humm... I was going to buy the new iPhone, this changed my mind. Maybe I
should just get a feature phone instead.

~~~
electic
All the phones are exploited. I doubt it matters.

~~~
supergauntlet
Really any phone is exploited. When you've got a baseband with direct hardware
access that the carrier can connect to there isn't really anything short of
fully open hardware that is gonna save you.

~~~
auctiontheory
If (as claimed) the NSA has hacked the major BIOS/firmware as well as
encryption, is there such as thing as "fully open hardware" and would it help?

~~~
zachrose
To my knowledge no, there is not. If there was, it would also require approval
from the network operator. And if you believe that the network operators are
aligned with the intelligence community anyways, you would never expect that
approval to happen.

------
xacaxulu
My TracFone is safe :-)

~~~
superuser2
False. [http://www.cellebrite.com/mobile-
forensics](http://www.cellebrite.com/mobile-forensics)

------
notastartup
I wonder if they are doing this with Android devices too.

Anyways, it's not of concern to me as I ditched my smartphone for an old
school motorolla flip phone.

------
jaseemabid
Ok! Isn't this obvious?

