Hacker News new | past | comments | ask | show | jobs | submit login
The NSA Reportedly Has Total Access To The Apple iPhone (forbes.com)
342 points by larubbio on Dec 31, 2013 | hide | past | web | favorite | 201 comments

I know this headline generates traffic by being about the iPhone, but this is a minor point. The big message from Jacob's talk and the original articles in Der Spiegel is that the NSA can intercept anything. Period. Full stop. People have suspected such far reaching capabilities for some time. This talk and the articles demonstrate that it exists. I'm personally a little uncomfortable with this kind of disclosure. On one hand, the NSA exists for the express purpose of spying. That is their job. You can not like that the NSA is a spy organization and we can debate whether we should conduct spy operations as a society, but I'm not sure what exposing their methods in this level of detail does for advancing that debate. Did people expect them to be a spy organization that was incompetent? A group that makes crappy and obvious listening devices stamped with "Designed by the NSA in Maryland"? On the other hand, the cases of potential abuses and dragnet surveillance capturing everything indiscriminately are extremely worrying. I don't know how a free society can do all this spying in support of legitimate foreign policy goals and at the same time not grow into an out of control, unaccountable organization ripe for abuse.

First off, I don't think anyone except "tinfoil hats" really imagined the scale of NSA spying. Who really thought the NSA would try to subvert the cryptographic standards they pretend to create to "secure systems"? Who really thought they'd go to US service and hardware companies and ask them to implement backdoors for them?

Also, there's a big difference between letting NSA protect US against Real Threats - real national security people-are-going-to-die threats, and spying not just on every single citizen on the planet (which includes corporate espionage), but on American citizens and companies, too.

Just like everyone has a little "evil" in them, without all of us being Hitler, the NSA can do a little bit of spying on important targets, without going 10/10 on the scale of evil spying.

So no, I really don't think "this is their job" or that "everyone knew they were doing this". I think the vast majority of people thought NSA would be reasonable with their spying.

I also hate it when people say, "didn't you see when they passed the Patriot Act? You should've expected this." Perhaps, but if you go back to when they passed it, they did it in literally hours, and if you watch Bush speak about it [1], he makes it sound as if they are only going to use it to spy on the terrorists' communications - not everyone's. Going by how fast they passed the bill, and how few details were offered, you can't really blame most people for "not knowing".

Heck, it was even called the "anti-terrorism bill" on TV, so I don't think people imagined that meant all of their communications are going to be swept up, because they were now thinking everyone is a potential terrorist (which is what "collecting it all" means) until proven otherwise by their systems.

[1] - http://www.youtube.com/watch?v=DfRcfTakhFo

But my issue is that very little in the slides released by Der Spiegel talks about the actual targets where devices were employed. There is the Internet dragnet stuff which is rightly worrisome, but the vast majority of the slides are similar to the one about the iPhone and detail targeted exploits: specific phones, specific servers, specific routers. Targeted spying on real threats requires those capabilities. Unfortunately, if deployed at scale they could be used for large scale spying. But there is no evidence here that these methods are used in this way (in contrast to stuff like PRISM). I think that's what makes me uncomfortable here. There is a bit of sloppiness going on where people are trying to conflate techniques for targeted spying with mass surveillance. I think it's important to be careful to make the distinctions.

Some of these items need to be deployed with "black bag jobs" and that has some natural limits. Still, we know that people like Martin Luther King were the targets of dirty tricks campaigns, and that the treatment of people like Jacob Appelbaum indicate such dirty tricks are still in play.

There are enough prominent technology and finance people reading this who back controversial and truly disruptive technologies like bitcoin, biotech hacker spaces, open source crypto, etc. that they may have a reasonable concern about being a target.

To me it seems that the underlying issue in these talks isn't that these methods exist or that they can be employed on a large scale. The issue is that these powers are complety secretive and unchecked. I do agree that they could have been more clear on this.

"Who really thought the NSA would try to subvert the cryptographic standards they pretend to create"

I first encountered speculation that this was the case in a textbook from 1986, in a chapter discussing encryption algorithms in wide use that were contributed to by the NSA.

"Who really thought they'd go to US service and hardware companies and ask them to implement backdoors"

The fascinating book The Puzzle Palace, from 1982, describes the precursors to the NSA setting up shop in telegraph offices and copying all traffic with the collusion of the new industry.

None of this is new, and none of it is in the least bit surprising.

None of this is surprising to an extremely small subset of the global population, those who have had the means to study computer science and cryptography, and the history(ies) of government sanctioned spy agencies for a long enough period to be able to glean insights into the future behaviour of said agencies.

Since not everyone who reads this site meets those criteria, I suspect that it is even a not-insignificant subset on hacker news as well.

You might find it helps to mentally (or programmatically) replace every instance of NSA, and its various expansions, with the name of that agency's direct lineal predecessor, which existed in a time when bureaucratic circumlocution was far less pervasive, and which could therefore rejoice in such an ominously portentous name as "the Black Chamber."

To see the effect, let's try it with some headlines I've just cherry-picked from a Google search results page for purposes of demonstration:

"Black Chamber team spies, hacks to gather intelligence on targets, report says"

"Appelbaum: 'Scary' Black Chamber will spy on you – every which way they can ..."

"Black Chamber Secret Toolbox: ANT Unit Offers Spy Gadgets for Every Need ..."

"Black Chamber 'spying on Europe-Asia undersea telecom cables' - Yahoo News"

"The Black Chamber Is Building the Country's Biggest Spy Center"

"Black Chamber can spy on offline computers wirelessly, says security expert"

"A Peek Inside the Black Chamber's Spy Gear Catalog"

"Report: Black Chamber intercepts computer deliveries"

"Black Chamber targets foreigners, catches Americans: Column"

I mean, how can you not love a name like that? You can't even say it in an ordinary tone of voice. See for yourself! No matter how you try, you'll find yourself saying not merely "the Black Chamber," but...the Black Chamber.

I think an official change of name is long overdue.

Clearly you're right, in the sense that, as a simple statement of fact, the NSA revelations are surprising to a great many people, maybe most people who learn of them. But there is a sense in which, when people say "this is not surprising", it implies "to people who know some things about the subject". I guess this expression, used this way, might come off as elitist or haughty, but I think it's a pretty common usage. Another reason I'm surprised at all the surprise is that I never studied cryptography, computer science, or the history of spy agencies systematically. The Puzzle Palace was a popular book, widely read, and I learned about NSA involvement in academic cryptography research by accident while studying up on numerical algorithms for physics simulations.

"Going by how fast they passed the bill, and how few details were offered, you can't really blame most people for "not knowing"."

True, but perhaps someday we can learn to not advocate the passage of bills in such a short amount of time that representatives themselves do not have a chance to read or digest them, much less have debate about the specific contents. I say perhaps because I suspect we'll continue to see much more of this until there's some sort of mechanical change requiring a X day waiting period on any legislation introduced, and/or something requiring reps to sign a document with real penalties for perjury that they've read the damn things before voting on them.

This sounds great in principle, but it would turn the way congress does business upside down (maybe not a bad thing). I've heard stories about hundreds or thousands of pages being added to bills by staff just minutes before a vote. I suspect the way it works is that the legislators tell their staffs what they want the bills to do, rely on them, and have no interest in actually reading the result (and who can blame them - ever read legislation?).

> I suspect the way it works is that the legislators tell their staffs what they want the bills to do

Many bills today (perhaps most) are not written by legislators and their staff, but rather by lobbyists. That might have been the case since forever (if the movie "The Aviator" is not too dramatized, this has been true in the 1930's as well)

"Who really thought they'd go to US service and hardware companies and ask them to implement backdoors"

To this point has there been any evidence that a company has add in a "backdoor" at the request of the NSA?

The media keeps using the term "backdoor" when they talk about covert access but that doesn't mean that some company added a "NSA Access" feature to their product. It is possible (I would even say probable) that the NSA has exploited unknown vulnerabilities rather than used built in backdoors.

Covert access is only effective if it remains covert. If companies are building in these features then a lot more people know about it and it reduces the likely hood of staying covert.

> I know this headline generates traffic by being about the iPhone, but this is a minor point.

I disagree, the article implies that Apple might (probably?) is helping them with their spying. This is not a minor point for me. I think it's very important to expose which tech companies are betraying their customers, and conversely which are not.

Jacob made this assertion in his talk but presented no evidence. He explicitly said he wanted to call out the companies because they should be held accountable if they were complicit in this.

But no evidence was presented that any of the hardware companies were coordinating with the NSA. Given that jail breaking continues to exist, it is entirely possible that Apple and other companies are victims of security exploits identified by the NSA.

That being said, it would be good to get some companies on record on this.

> Jacob made this assertion in his talk but presented no evidence.

He based this assertion on an NSA slide that said 100% of iPhones could be tapped. In the rest of the talk there was frequent mention (in bulletpoints or even more interestingly graphs) of efficacy rates, and as I recall most were between 50-80 percent. Apple was the only slide cited with 100% which is why this was noteworthy.

As apple has few phones with large quantities of users, I am not surprised. I think you'll find similar penetration levels for any phone with lots of users

It's a resources/efficacy decision on the part of the NSA for targeting.

It's the same reason there were "no" mac viruses for many years: there were far more windows users to target.

Further add context:

Charlie Miller (that apple 0day guy) is ex NSA. In 2009 or so, he made huge waves with his iphone hacks.

I also find it appaling how widely revered charlie is. In this context, he is clearly an example of the kind of hacker we should be fucking shaming.

No more free bugs finds its logical conclusion. 0xcharlie: NSA stooge.

Some clarification from the companies would certainly be nice, but for me and many others, the damage has already been done.

If you start your company today and put all your stuff on newly bought Apple machines (or Windows boxen), in case your stuff is stolen by the NSA or GCHQ or whoever in five years time, you will recieve (and deserve?) little compassion: When you complain, people will tell you that you should have known. After all, you started after the Snowden affair caused "all of us" to lose trust in these companies.

I'm starting to arrange myself with the "new" situation to maintain my sanity. If there is some life-or-death info, that should go into a crypto-container on an airgap linux box. For everything else, I'll have to become accustomed to the thought that there is someone out there who can get at it if they want and that all my efforts can make it only marginally more difficult for them.

No, the article didn't imply that.

"Here’s a problem: I don’t really believe that Apple didn’t help them."

That is a bullshit statement. It is pure speculation without a SHRED of facts to back it up.

> No, the article didn't imply that.

There's a whole paragraph about that. You quoted part of it. It's not a minor point of the article. There's no smoking gun but that doesn't mean it shouldn't be discussed.

There are many shades of gray in manufacturers helping the NSA to hack their products: from outright creating back doors, to using gimpy RNGs, to revealing bugs to the NSA before otherwise disclosing them, to using peripherals with back doors. Deniability and cover stories are part and parcel with such work. It is naive to claim it simply isn't happening.

> Did people expect them to be a spy organization that was incompetent?

i'm guessing most people thought that spying of US agencies was an activity that was carried out abroad, and aimed at real threats.

Indeed. But nothing in these slides suggests that this stuff wasn't used that way. In contrast to PRISM a lot of the techniques Jacob presented seem like they would only be useful for targeted work. The crucial question of where those targets are located and how many there actually are is left open. That is what makes me uncomfortable about this sort of presentation. I'm concerned that it does real harm to legitimate intelligence programs by conflating them with unrelated mass internet surveillance programs.

> But nothing in these slides suggests that this stuff wasn't used that way.

that's true of course. but i'm afraid that the revelations of the past months have almost turned "jumping to conclusions" into a legitimate response to this kind of information.

When terrorism in the big concern, droid strikes are used against real threats. General espionage is used to figure out what the real threats are.

I guess they'd still be hoovering up everything they could, just in case, if it weren't for the threat of terrorism. Public opinion is strategically important (if a foreign power starts a war, how will their people react?), but it wouldn't be so important.

> droid strikes

Next on the NSA revelations list: A backdoor software "implant" capable of exploiting holes in everything from Froyo to KitKat, and which subverts the device's power management circuitry, such that a remote command can short-circuit and overheat the battery. Results, and especially the likelihood of explosion, depend strongly on battery capacity and charge state, but in-house testing suggests probability of fire should be ca. 95%+ across all device models susceptible to the implant.

(Speaking of which: "Implant", I like that choice of term, it's got just the cyberpunk flavor today's world needs.)

true, but as we've come to see, a big proportion of the spying efforts of the NSA are being directed towards information gathering, for various other reasons than threat assessment. e.g. i don't think many people would have believed the NSA to be spying on US allies, or being involved in industrial espionage.

The absolute, fundamental founding principle of the US constitution is the limitation of powers of the government. Such power is limited by splitting it three ways and having separate institutions keeping each other in check, through the will of the people via voting electing representatives and the president, and through the very strong protections of individual liberty embodied in the bill of rights.

And yet today we find ourselves in a situation where bit by bit those limitations have been eroded so severely that they might as well not exist. We have organizations, such as the NSA, who have multi-billion dollar budgets with limited oversight and little public transparency. Who similarly operate with limited oversight in conditions of near utter secrecy. Who, through those conditions, have essentially unfettered ability to undertake any conceivable surveillance effort imaginable and much else besides.

It is simply untenable to have so many people with such power and no accountability and also maintain democratic institutions and preserve individual liberty. We should be thankful that, so far as I am aware, there has not been an individual with an excess of competence and ambition combined with a scarcity of morals or we would be in a much worse place today. But realistically it is only a matter of time before this power falls into the wrong hands. We have already been dangerously close in relatively recent history, such as with J. Edgar Hoover, we should not be courting fate again.

It would not be an exaggeration to say that how we handle this crisis will greatly affect the near-future history of the United States and significantly affect the future of all mankind in the 21st century and beyond. This is potentially a defining moment for this generation.

In a severe but perhaps useful reduction, look at what this and other "secretive" activity appears in conjunction with. Arguments might thereupon be promoted, that it is also "in support of".

Increasing income disparity. Exposure to versus shelter from the legal system and justice -- as stated in the U.S. in published, public laws and mounted through public, accountable law enforcement activities. Freedom of movement, or constraint of same (e.g. the secret, unaudit-able, un-appealable, unaccountable no-fly list). Etc.

I'd argue that, in the large, a democratic society is based upon the willing participation of its members. Who share in responsibility for its security.

What is being created seems already to be, and regardless of ones opinion of current circumstances, capable of being made into and becoming, rather something else.

In other words, "equality before the law" already seems to be going out the window. (Well, that has always been somewhat of a myth, but, in many opinions, it seems to be getting worse.) Our democratic societies deserve and need to know about this, for the sake of remaining democratic.

And it's time to pull out a potent word in description of what has been and is going on: Hypocrisy.

Our leaders actions and their words -- platitudes -- do not align.

And it's time for us to think hard about whether our own do.

"one question has been paramount for privacy advocates: How do we, as a society, balance the need for security against the rights to privacy and freedom? "

I hear this fallacy question again an again. It implies that giving total power to gobertment is "security". It is not.

Giving total control to Stalin meant hundred of millions of Russians got murdered in terror, giving total power to Hitler or Mussolini from democracies meant the total destruction of Germany and Italy with millions dead.

I don't even think you need to go that far, with extreme examples of totalitarianism.

I'm not American, so obviously I'm less emotionally involved. My view on it is that the US is not under any meaningful threat of terrorism. 9/11 was big, but on the scale of decades it is still far down the likelihood list of violent ways an American may be harmed. Murder, Rape and other assaults are a reality too, a far more likely reality.

The real "solution" is "ignore terrorism, it's not a big threat." That's contrary to human nature, but I think it is the most rational response.

Yes. Let's put the threat of terrorism in perceptive: In 2010, 13,186 people died in terrorist attacks worldwide, while 31,672 people were killed with firearms in America alone, reports CNN’s Samuel Burke. http://amanpour.blogs.cnn.com/2013/01/15/more-americans-kill...

You can't even average that out, because the vast majority of those 13,000 "terrorist attacks", if true, are certainly inside countries where they are basically at war with each other. And in many of those countries, US contributes to the kill count, although I assume these reports don't count that as "terrorism", even as they blow up 15 people going to a wedding.

Be careful, you're treading into muddy waters, and it's not necessary for your argument.

Consider a few problems with your statistics. First, 20k of those gun deaths in the US are suicides, which distorts the statistics into pretending to show a certain level of gun violence that's not actually evident. Second, dying in terrorist attacks is not the same thing as dying at the hands of terrorists or terrorist organizations. There are tens of thousands of people being killed every year in Syria, for example, at the hands of al qaeda or other terrorist aligned soldiers. There have been about ten thousand people killed every year in Mexico at the hands of drug cartels in what is effectively a weird kind of civil war happening there. During the Iraq war and during the war in Chechnya terrorists and terrorist aligned fighters killed tens of thousands of people, many of them civilians.

Moreover, very few people die every year from jet crashes. However, that low figure is due to a truly enormous amount of effort and resources put forth, probably in the trillions of dollars per year range, to keep air travel safe and reliable.

That's the danger of using naive statistics and straight death-toll comparisons the way you are doing. Sure, more people are going to die from cheeseburgers than likely will ever die from terrorism. But A: overall that's a good thing, and B: it's not necessarily meaningful.

More importantly, there are much more direct and more substantive attacks against NSA surveillance effectiveness, TSA screening, etc.

For example, with regard to TSA screening it's notable that the TSA has not thwarted even one terrorist attack on a plane since 9/11. However, there are many documented accounts of TSA failures to prevent weapons of various sorts (knives, guns, even bombs) from getting on planes. And there have been attempted attacks on planes which the TSA did not stop but which passengers did.

The case with regard to the ineffectuality of the NSA's surveillance efforts is even stronger. They put out a list of foiled plots where the NSA surveillance had some role and it is wall to wall bullshit. Most of the "plots" are little more than entrapment, and there appears to be no case at all where surveillance was the lynchpin that made the difference between shutting down a plot when that plot would have gone undetected without the surveillance data. Worse yet, there are several examples of cases, such as the Tsarnaev brothers, of outright incompetence where the FBI/NSA et al had a case handed to them on a golden platter and they screwed the pooch and let someone they were warned about end up murdering American civilians. And one has to wonder if those sorts of failures, which vastly outweigh the vast majority of phony "successes", happened because federal law enforcement agencies were too focused on this high-tech bullshit instead of actually doing their fucking jobs.

You're right of course. And even the label 'terrorist' can vary. I think if we ask the people living under the threat of predator-strikes they'd say it's the US thats causing a lot of the terror there.

"Terrorist" does not currently have a well-accepted objective definition. To me a terrorist is a guerrilla fighter who lacks popular support where they are fighting and specifically attacks soft targets for political (rather than military/tactical) goals. Regardless, the casualness with which "collateral" deaths of civilians has been handled for several of the US's recent military activities may be of a different nature but not necessarily on a higher moral standing. This is probably most true of the US's participation in the Yemeni civil war over the last several years, but there is much else worthy of approbation. The theory of arming surveillance drones was always that it would enable attacks on extremely high value targets of opportunity using precision guided munitions that would limit collateral damage. In practice it has resulted in an unprecedented expansion in the extent of the currently active battlefield and a weapon system which appears to be on the same moral level as the car bomb in the degree to which it causes deaths of innocent civilians.

Kofi Annan's definition seemed reasonable to me:

Any action constitutes terrorism if it is intended to cause death or serious bodily harm to civilians or non-combatants with the purpose of intimidating a population or compelling a government or an international organization to do or abstain from doing any act.

Even better: use all that money and intelligence, not to hunt down and kill people, not to invade countries, but to help make the world a better place. Then less people might dedicate their lives to killing American civilians.

I think the risk assessment should take into account more than just casualties.

The risk of terrorism that scares governments is not necessarily the casualties (though that undoubtedly is a factor), but longer-term consequences. For example, repeated terrorist attacks on U.S. soil may deteriorate the confidence of citizens in their government, increase the audacity of terrorists, make the U.S. appear weak, etc.

I don't agree with the U.S.'s response to terrorism, but I'm also not convinced that tallying casualties provides an accurate risk assessment. The political risk of terrorism is much higher than, say, automobile fatalities (or firearms, as digitalengineer pointed out in a sibling reply).

I don't think we disagree much. But the tally of affected people (not just mortalities) is a scale of sorts, even if it must be weighted. 9/11 was significant also becasue it happened in a dense, crowded city and many were affected. But even considering heavily weighted scales terrorism is less of a threat than violent rape by a stranger (itself far less common but more impactful on the public psyche than rape by a non-stranger).

People will not lose confidence in the government unless their lives are constantly affected, just like other crimes.

I think it's very reasonable to put things in proportion (eg. car accidents kill way more people than terrorists), but restricting the perspective on terrorism, as long as US maintains the military offensive, there will be always such threat.

I have never understood how rarely attacks occur. I think of the places I visit in London, and the volume of people, and I conclude that there is simply no shortage of opportunity to create casualties of at least 3 figures.

So my question becomes, do the supposed large swathes of angry terrorists not want to damage it in traditional terrorist attacks, or are they being prevented from doing so by the security services, surveillance and border controls etc.

I genuinely believe that some attacks are being foiled though whether it's 1 a year or 1000 a year is extremely unclear.

Some are, just like other crimes. There just isn't very much terrorism outside of civil war/independence war type situations. It's not a common type of violence. It never really was.

Just try applying the same logic you apply to other horrible problems which are dealt with but never fully eradicated. Pedophilia. It's a crime. Many cases are foiled. Many are not.

> "I hear this fallacy question again an again. It implies that giving total power to gobertment is "security". It is not."

You seemingly don't understand this abstract trade-off the correct way. Nowhere did anybody state that giving total power to the government would be the way to gain total security. You could just as well create a giant prison run by a private corporation and put every single citizen permanently in a cell. Then you'd have basically no freedom and almost total security without any government involvement.

Stalin is a bad example. By forcing industrialization on the ussr, he has increased average life span of the population by something like 15 years ( measures in 1958) and enabled the ussr to defend itself against the Germany which saved countless lives, and increased living standards, education, female equality greatly.

In his case, and the case of Chinese communism, it somewhat debatable whether a strong government is preferable.

As someone borne in the USSR, I am sad that Stalin lived to an old age and died without suffering. If there is hell, I hope he is in it right now.

I would further never trust any statistics from the old USSR. For instance, the communists were able to dramatically "reduce" infant mortality by simply not recording births until the first birthday, when the child became one.

If you think Stalin was good for USSR you are an ignorant idiot. I am sorry to be so touchy on the subject, but Stalin killed more of my people than Hitler.

While this might be true, as a European I'm eternally thankful for USSR saving us from the claws of nazi tyranny.

Soviet people laid down their lives to win WWII, then, after WWII a lot more Soviet people lost their lives due to the tyrannical rule of a completely insane and evil man. I don't even want to dive into the pros and cons of communism. The only point I am making is that Stalin was an utterly evil fuck head.

> Stalin was an utterly evil fuck head.

...as many important historians have said

As a West European I presume. Because as a East European you would have ended up in the claws of Soviet tyranny for 50+ years and they made the nazis look like amateurs when it came to abuses and persecution.

I didn't mean no disrespect to the great pain that stalin inflicted.

And my view is based upon this thread in reddit /r/askhistorians which is managed by professional historians and is generally a reliable source for historical analysis :


Uh, Stalin is responsible for more suffering than possibly anyone in recent history. He probably killed more russian people than the german soldiers.

His policies screwed up a significant part of the world for decades.

He also gave Communism a bad name, and, by proxy, Socialism. These systems of government did not have all of the answers, however we now have free market economics everywhere with anything vaguely socialist being absolutely taboo.

We have not a lot of diversity in government, government is nowadays about managing a country rather than anything ideological. Some diversity is better even if other systems are not how one would want to live.

with anything vaguely socialist being absolutely taboo

This is not true, at least not in Europe. Most countries have some form of universal health care, and there are benefits for people who do not work, etc. That is more than vaguely socialist, and is definitely not taboo.

Those things are not inherently socialist, which is why you see capitalist countries embracing them. Socialism isn't a group of government policies, it's an economic system where there is not a profit motive and generally implies public or cooperative ownership. What you see in Scandinavia is not socialism, it's capitalism with welfare.

> He also gave Communism a bad name, and, by proxy, Socialism.

You should read the things Lenin did, and the many more things he advocated doing. Read his pre-revolution material as well, he was one of the leading theorists.

> These systems of government did not have all of the answers

That's not true, read anything by Marx, Engels, Trotsky, or Lenin and not only did they have an answer for almost everything, they (especially the latter two) believed maximally that there is "only one way".

I appreciate where you are coming from, however, from my childhood reading of Das Kapital I cannot recall a great deal about Peak Oil, the merits of a surveillance state and much else that is pertinent to today's world. That is what I mean by 'not having all the answers'.

You ignore the damage Stalin did to the Russian armed forces with his paranoid purges. Russian defences would have been stronger, and fewer would have died, if Stalin had died a few decades earlier.

Aren't we missing a critical point here??

> "The initial release of DROPOUTJEEP will focus on installing the implant via closed access methods." [2007]

OK, we knew this much already. I remember seeing a number of stories on how law enforcement can pull data off an iPhone, etc. Not really much new here.

> "A remote installation capability will be pursued for a future release"

Here is the interesting bit. You don't put this in a document unless you have a good plan on how to do it. Obviously with iOS devices having ports closed and being behind NAT, the NSA can't exploit them remotely. However, the NSA is pretty clear that it will have the capability in the future. Note the date on this - 2007.

Since 2007, what has changed? iCloud allows Apple to install and run code directly on your device remotely. Is there any doubt that the NSA would request Apple give them full access to iCloud? So the real issue here is what that last little line hints at: the NSA was looking to get remote access rights to all iPhones back in 2007 and with the knowledge now that they will happily backdoor AT&T/Google/Microsoft to retrieve data, is there any doubt they are now using iCloud to gain remote access to all iPhones?

I'm sure NSA/Google does the same with Google Play Services.

> "Obviously with iOS devices having ports closed and being behind NAT, the NSA can't exploit them remotely."

This is a pretty limited view of remote exploits. It could easily be a browser-based exploit for example, with the payload as part of an image served by an ad, thus not requiring any open ports.

I cannot imagine the NSA waited for iCloud to get access to iPhones.

Back on iOS 2 (or 1 or 3 maybe), there was a browser-based jailbreak that exploited a flaw in the iOS PDF viewer, so there's definitely precedent for such a thing.


Enterprise profiles offer complete control over an iPhone in iOS7, including bypassing password, installing apps and so on. In theory one needs to install a profile by hand, but I don't see why it wouldn't be possible to do it remotely with the right vulnerabilities. Some devices can come from the factory with an ID that auto-enrolls them with an EDM profile, including after OS reinstalls. I don't remember if Apple can push profiles, but I think it can.

More info on Zdziarski's blog.

Anyway, all devices with centralized managment like Android, iPhone, Blackberry can't be secured IMHO against such a capable adversary. When an actor can push stuff to the device it's hopeless.

Yes, definitely. This is what I was trying to get at - the idea that they still need exploits as other comments are talking about is incredibly unlikely. With things like iCloud, centralized device management, remotely installable admin certificates, google play services, etc. it is very unlikely that the NSA is even considering using any kind of exploit anymore.

When the NSA wants to use your phone, you don't have to worry about them exploiting something. A special packet will come down using one of the many available 'official backdoors' on your device to redirect your device to an NSA server.

This is FUD. Do you have any evidence that iOS allows any Apple server to get some kind of full control without asking permission and without using an exploit? I suppose that if you are restoring from an iCloud backup and Apple has been convinced to allow the NSA to modify that backup, some kind of MDM stuff could be enabled, but this is limited and detectable. Otherwise, it may be possible, but you have not provided any evidence.

>> "A remote installation capability will be pursued for a future release"

> Here is the interesting bit. You don't put this in a document unless you have a good plan on how to do it.

Well, you also put that sort of statement in a document because a manager you're presenting to asked you about it and you need to acknowledge it, but you don't have any plans to actually do it. Any questions about it can be answered with relatively vague platitudes and "conceptual architectures", and then the feature is left to quietly fade away in subsequent iterations of the backlog.

" iCloud allows Apple to install and run code directly on your device remotely."

I dont understand this? so far as I am aware, apple has always been able to install and run code directly on your device remotely.

what am I missing?

Features - iCloud is just an extension of the stuff that was on iOS already. Previously you had preinstalled apps as part of the rom that could run in the background etc, and you had apps that you could download that ran sandboxed and had to have an icon, etc. iCloud allows direct access to the filesystem remotely. iCloud also now has routing support to assign you to different Apple servers, etc. All of these features would make it trivial for the NSA to put their own special server in at the iCloud data centers and redirect specific people onto it without them knowing.

So while it would have been theoretically possible for the NSA to do it before iCloud, iCloud makes it actually practical to do it without subverting the whole iOS team.

I am sorry, I dont think that makes much sense.

Apple has had remote access to the file system forever - an early use of it was to remove apps that had certain kinds of legal issues from the phones of those who had purchased it.

iCloud is simply remote file storage, and not all applications use it anyway - if the NSA wants access to my phone, achieving access to my iCloud account is a pretty poor second best.

Providing an XML feed that lists banned apps does not equate to remote file system access.

That they let spies run arbitrary code on your phone too.

We don't know that, we also don't know whether Google or Microsoft or any of the other phone or phone OS vendors 'let' the NSA do any of this. Even if the NSA had inside help, it may have been via individual Apple (Google, MS, etc) employees without Apple's knowledge, or ex-Apple engineers contracted by the NSA. In fact the later would be a much more useful approach for the NSA since it would minimize the number of people who knew it was going on and could therefore leak about it or interfere with the capability.

Not only is the slide from 2008, but it also says it requires "close access methods" and "remote installation will be pursued for a future release." In other words, they need physical access to your device. If we think that the NSA can't compromise a device after gaining physical access, well then I think we should be scared about the competence of the NSA.

I don't have the patience to watch Appelbaum's hour long talk, but unless he has something far more impressive than these documents then he's just another activist who will willfully mislead in order to advance his cause.

>I don't have the patience to watch Appelbaum's hour long talk, but unless he has something far more impressive than these documents then he's just another activist who will willfully mislead in order to advance his cause.

The fact that you cherry picked a obvious example, and even downplayed its singificance -- plus fact that you were quick to call him an "activist" (nay, "another activist", how their pesky multitudes annoy you), tells more about you than about him or the talk.

I didn't cherry pick any example. I just used the example that the article was written about.

Much of Jacob's presentation echoes many of the articles he (and others) had published in Der Spiegel earlier that day, going into a little more into the technical aspects (to the extent they are known and/or can be inferred.) While you may skip out the talk, at least look over the articles. While Jacob's style may rub you wrong, the issues are there regardless, and impatience is hardly a justifiable excuse.

On another note, if you are aware of Jacob misleading on any matter, it would be nice pointing that out directly. He is an activist that has done everything from helping with on-the-ground infrastructure deployments in war-torn areas, working on and advocating for Tor, speaking in front of the EU council… Casting doubt on his integrity without highlighting relevant facts is a way of distracting from the actual issues under discussion.

Close access includes the assembly line, and that would be the preferred option for an intelligence organ seeking access to a consumer device - it scales well. Given the logistics of the electronics industry, there are many potential vectors to introduce the exploit unilaterally, though working cooperatively with Korean or Taiwanese agencies is possible given shared interests and those country's roles in component manufacturing. Of course with their own chip design arm, going directly through Apple is a more obvious choice.

Yeah.. close access methods..

Hope you didn't have that phone shipped to you, because apparently the NSA is cool with slicing open your new package before conveniently reshipping it.

I would say this is one of the least impressive things mentioned in that talk.

"physical access", or "we'll run a jailbreak tool and set the 'hidden' property of the Cydia app to true"

Now the talk he gave was interesting, laying out some known and some new facts about the surveillance and automated attack capabilities of the NSA, particularity interesting is the targeting of infrastructure and their traffic injection systems. And he is right to make the point, that its particularly despicable that they actively sabotage infrastructure security, something everyone on this planet has to suffer from.

But.. I don't even know where to begin, its not only that we need to convince a large portion of the US population that living in a dystopian total surveillance state is actually not something to thrive for, we can't even begin to discuss those issues in any meaningful way when people have not the slightest clue whats really going on, even if leaks like this occur that outline frightening and utterly insane surveillance and attack capabilities nobody is going to explain it to them (not that anyone cares anyways).

The NSA developed and deployed a global system that enables them to do DPI on the whole internet traffic, analyze that traffic, inject traffic, attack every system through countless vulnerabilities and backdoors and all of that automated, not only against their “targets” but also against any infrastructure they are interested in.

They have secret laws, can force companies to work with them, force backdoors and not only are the US companies not allowed to talk about those things, they are legally bound to publicly lie about it.

So yeah they can hack every iPhone on this planet, and turn it into a silent listening device, among many many many other things, is that really what we should be talking about?

> force backdoors


> they are legally bound to publicly lie about it


Can you be a little more specific? Also, re: that article, is there any evidence that there are exploits placed by NSA or GHCQ that could be used by other adversaries? I hear this claim a lot, but haven't seen any evidence...

As far as I know, you're obliged not to divulge the fact that you're cooperating, including saying that you aren't if you're asked, if that's what you've been doing so far.

I don't think there's any evidence that someone has used an NSA backdoor, but, given how widespread exploits are, I wouldn't be surprised.

NSA paid RSA 10 million US-Dollar to use Dual_EC_DRBG in their products, a standard they forced into the standard with lots of known problems, NIST did it anyways.

So yeah they force backdoors.

If you still think you need to defend the NSA, you are not stupid or naive. You are evil.

I really see this working remotely, as long as you have control over a cell phone tower or you use a phony portable base station, both of which are within the NSA's reach.

The thing is phone baseband software (which is reused on different phone models and controls the phone's I/O including GSM, USB, etc.) has hardly ever been under attack. When the iPhone arrived with its new security model, baseband bugs became one of the major ways to jailbreak a phone. Those bugs have been fixed one by one, but they were mostly on the USB side - the GSM side has been impractical to attack. A carefully crafted GSM packet could in 2008 and probably could now cause a buffer overflow in the baseband and gain access.

An interesting presentation on the topic: http://www.youtube.com/watch?v=fQqv0v14KKY

This is from a very old version of iOS (2007). We don't know if this is still true.

Regardless, I can say for a fact that there are exploits for all cell phone platforms. iOS exploits are by far the hardest to find. An iOS remote execution 0day will easily fetch $250k. I've seen one go for $600k. For an Android remote exec 0day, you're looking at closer to $50k.

Even if the NSA doesn't have these on hand, they can certainly purchase them.

Seriously? Apple fanboys feel the need to try to defend Apple by saying that their competitors are worse?

Wake the fuck up! This isn't about Apple. It's about an out of control military that's spying on all of us and threatening our way of life and our livelihoods.

That's the major issue at play, but the article is about Apple. There can be more than two things happening at once. Most Apple fans natural reaction to any negative article about them is "Why Apple?" and to work from there.

Because more often than not, the answer is "Because it draws clicks". Since that isn't the case here, the next step is typically "Is this unique or specific to Apple, and does the issue at hand pertain to other devices or OSes?" In OPs opinion, it isn't. His evidence is the high cost of zero day exploits relative to other platforms.

He's not "defending Apple by saying their competitors are worse", he's providing context to an article that provides none itself. If negative articles about Apple weren't such rabid click bait, this wouldn't be needed as it would be part of the reporting process. Unfortunately, that isn't the case.

"Wake the fuck up!" is an extremely patronizing sentiment. I can be both aware of the overall NSA situation while simultaneously defending Apple from knee-jerk reactionaries. They aren't mutually exclusive activities.

1. The word "fanboy" is dismissive and only makes people defensive. If you want people to actually listen to you, please consider avoiding it.

2. This is a linkbaity article that needs to be corrected. This correction may be an important factor in determining which devices are more secure.

3. Yes, the NSA spying fiasco is the bigger topic here. No, it's not a competition.

Your comment would be of more value if you removed your "Apple fanboy" rant and made a point about the government being out of control.

I know very well why this hurts Apple fans so much:

It has been Apple's strategy all along to get you to buy literally everything from them. Their USP was to have it all integrated.

Problem is: Once you understand that at least 1 peace of your integrated platform is foul, your whole equipment "looses value" for you, because it's now less integrated.

It's a similar strategy to how banks have been protecting themselves: Be/remain "too big to fail", meaning: Become so big that, when your bottom line is under attack (by whatever market forces), the whole society suffers. Thus, society will protect you, no matter how you behave.

Relax dude, you can protect your phone by using the fingerprint sensor!



>I've seen one go for $600k.

Without revealing the actual site/method/whatever; can you please explain how the 0day exploit market works?

I can make basic assumptions that it is deep-web-forums/TOR/Whatever... but can you enlighten me as to how one might go about selling/buying such an exploit?

It's not really a huge secret. I'm sure you could do a little digging and find out what's what. But that said, here's a run-down of the market:

There are lone ranger types and small groups that churn out a few exploits. These guys (the small groups) go through trusted middlemen (usually via encrypted email), who buy the exploits at a discount. Now the middleman has a collection of 0days that he can sell to established customers, which might be government or criminal organizations. Sometimes the organizations want exclusive rights to an 0day (to prevent it getting leaked and patched), sometimes they don't.

On the other, less sketchy, side of things, there are companies that do more or less the same thing. They do the same kind of vulnerability research, but a lot of the time it's on behalf of the company whose product they're trying to hack, or possibly a government organization. They don't usually go through middlemen; they just work directly with the government or company. They can't and don't do anything obviously illegal, which limits the amount of stuff they can make, but obviously sticking to legal activities has its benefits. Sometimes legality is a little fuzzy, but these groups try to tread lightly.

I can smell a Hollywood movie potential here. "0day the Movie"

I just went to a security conference and started asking around among friends. It's like asking around a high school who sells weed, everyone kinda knows but they don't talk about it openly.

You'll get introduced to someone who has a small security firm and from their LinkedIn page you can see they have a pretty vague but interesting past. Ask for a shit ton of money.

Did the guy spend 8 years at a british aerospace company before going into consulting? GCHQ. 5 years at the "Department of Defense"? NSA. High school drop out? Chinese or Russians.

Why isn't Apple (or some other consumer group) in that market buying up the 0days? I want to see the price of 0days that compromise any longitudinal user information above $10 million.

Idea: 0day markets are legalised [1]. Regulators require companies keep the average price of their 0days above a threshold or attach a warning to their product and marketing materials. This aligns the security interests of consumers with companies while incentivising companies and researchers to build secure products.

[1] A license to the 0day (but not the 0day itself) would be freely traded for a duration after which the company would have the option to (a) buy it at some price or (b) release it to the public, retaining full liability for any consequences (last holder of the license gets a percentage cut of any fines or legal awards).

I like the idea. I would donate towards a more secure AOSP.

Unfortunately, no matter how much you sure up your phone's OS, there is still a massive, gaping hole in the form of the baseband processor. Until we have phones where the baseband is a tightly regulated slave processor, accessible only through a low-privelege mechanism (like a USB port), we can't really hope to have truly secure phones anyway.

One technical solution to this is encrypting the content of ram, using keys that cannot leave the processor. It's called TREZOR. Sorry no link, I'm on mobile . It doesn't work well with current phones but it should work well with cortex-a15 chips (assuming they won't be back doored against this, which is pretty hard to assume. But as far as I know, there isn't a realistic solution to back doored processors ).

Could you elaborate on this? -- I don't know anything about the issues of baseband processors on mobile phones (or even what they are) but it sounds interesting.

Many vendors do this covertly through HP (with ZDI) and other intermediaries. The problem is the government will always pay more, or even offer to let you sell it back to the vendor and buy it from you (in the case of things that are difficult to field upgrade like routers).

The people cranking out high volumes of exploits for the customer are sitting on huge multi-year contracts worth tens if not hundreds of millions of dollars. They don't want to go play in some utopian regulated marketplace, they just want to make money and protect America.

Because then Apple would be promoting and adding money to a market it does not want developed and also probably engaging in illegal transactions.

No, Google sort of does this with their bug bounties for Chrome.

Apple being Apple, they wouldn't tell you. But I'm sure someone in there is thinking it. They did hire Geohot after his jailbreak...

Doesn't matter if any of this is true or not, it's the perception that counts.

I'm quite interested to see what, if anything, Tim Cook will do or say to reassure the faithful.

"Apple is erasing discussions on this topic at their support forum, right now the whole forum is shut down for a complete cleanup."


Who said Apple doesn't provide one voluntarily? In such case no one will get anything for it.

> This is from a very old version of iOS (2007). We don't know if this is still true.

According to this the NSA itself claims that it has access to all iOS devices:

https://www.youtube.com/watch?v=b0w36GAyZIA&t=44m32s (Jacob Applebaum @ 30c3, "To Protect And Infect, Part 2")

>Regardless, I can say for a fact that there are exploits for all cell phone platforms. iOS exploits are by far the hardest to find

Harder to find than for Windows Phone?

Given the 100% success they get with the iPhone, my guess is that they hijacked one of Apple's remote control mechanisms, e.g. we do know that Apple has the ability to uninstall apps from any iPhone, perhaps there's a way to install too.

Honestly, I don't really care. The NSA can read whatever they want of mine. I've heard the arguments about how you should care, even if you don't have anything to hide. And I find them persuasive on one level and simultaneously unengaging on another. By contrast, the parallels to fascist Italy and Nazi Germany and living in a turnkey fascist state are most unpersuasive.

The one argument against what I've written that has been made that I think is worthy of highlighting is that there are people around the world who are risking their lives under totalitarian regimes. People's smug responses and ad hominem detract from this important point, which could be helpful to others outside of HN in better understanding the issue.

Your downvotes will not persuade me or anyone else with my views. They do demonstrate that some are committed partisans on this issue. I appreciate some of the clear, unemotional arguments that have been made, however.

The protection from snooping government for law abiders isn't for humdrum people like you. It's for people working to make the world better who come under fire through no illegal activity of their own.

Did you know the FBI put MLK under surveillance at the orders of Bobby Kennedy (then-Attorney General)? They didn't find evidence of crimes, so they threatened to publicize his extramarital affair if he didn't give up his civil rights work.

It's about preventing unchecked government power over those who aren't criminals who are working against the status quo.

OF COURSE you don't care if the NSA reads your email. You don't change anything, and consequently don't matter.

We as a society care if the NSA reads the private emails of the next important up-and-coming political party leader who will break us out of the corporate-owned two-party system. THAT'S the person we're trying to protect, not boring uninspired people who "have nothing to hide".

The MLK example is a great one. Also, it's still not 100% clear what happened with Hendrix, Marilyn Monroe or the Kennedys. I read recently that there was evidence of the NSA having dirt on a governor, which was used to blackmail him (can't recall the specific instance unfortunately). And of course, I'm sure everyone knows about what happened with the IRS and certain non profits last year, while not directly tied to the NSA gives an example of why this stuff matters.

So yea, it's not to protect people like us. It's to protect the MLKs, the politicians, the accountants, the journalist, the news anchor, etc... Everyone either has a skeleton in their closet or cares about someone who does. If one is so inclined, having this information can be extremely valuable when trying to prevent a "free society" from becoming a little too free.

Fuck Ya. Here Here. Sorry for the expletive, but you sure did nail it.

Yes, this! Exactly to the point. This is in my view THE argument against all-out snooping. It is about control, not about criminality.

> By contrast, the parallels to fascist Italy and Nazi Germany and living in a turnkey fascist state are most unpersuasive.

Why? The possibility of a turnkey fascist state is very real. You need only look to history to see how many leaders, once elected, completely ignored all laws and constitutions and legislating bodies to declare martial law and institute a tyranny. How can you say that you aren't worried about that, and the power of a surveillance apparatus in the hands of such a leader?

> Honestly, I don't really care.

Some non-empty subset of the population needs privacy. Maybe you're not in that subset, but you should still be fighting on their behalf.

On a related note, do you believe in freedom of press? "a survey of American writers revealed that nearly one in four has self-censored" http://www.cnn.com/2013/12/04/opinion/snowden-chilling-effec...

Hey, can you post your email username/password here so we can all read your mail?

I worry about random people on the Internet having access to my information about 1000 times more than I do the NSA.

a.) the way the NSA seems to foster security flaws to use them, instead of helping fix them, they are also helping "random people" get access to your data. A backdoor put there by the NSA can be used by anyone else, in theory.

b.) what you personally do not worry about is not relevant, your arguments why nobody else should worry either are. You are not a journalist or activist, so you don't care. It's like saying it's okay that certain food contents are not labelled for the benefit of those having allergies against them, or that kids should be used as bio fuel, because you don't have an allergy or kids.

who are these NSA people that aren't also random people?

They are a subset of random people, and one OP is less concerned about having his credentials than random people as a whole.

an interesting question GP raises...

Who would you be more worried about having access to your email account and why?

  a. NSA
  b. a random criminal (unaffiliated with government)
For me, the answer is not even close, but I'm more interested in understanding how others on HN process this.

In cases like these you have to evaluate the probability of something bad happening times the magnitude of the harm (essentially the expected value). The NSA can do much more damage (excluding the fact that they can do similar damage even without having this information) than a random lowly criminal, however the likelihood they'll target a boring person such as me is much lower. So for me I'd be more worried about b. Of course, ideally I would rather not have to worry about either.

I'm insured against criminality. I'm on my own should the government decide to shit on me.

What leads you to believe that a and b are mutually exclusive? OK a has probably not been caught and charged with anything, but may well have committed criminal acts. Is there not a statistic that the average American commits 3 criminal acts a day without realizing it?

The sets of a and b are not exclusive, until _you_ explicitly declared them to be exclusive.

Imagine the abuses of J. Edgar Hoover or Richard Nixon, except amplified with today's tech.

"It always seemed like President Nixon's campaign was one step ahead of us, almost as if they were reading our email...but nobody ever broke into our hotel suite or anything so it's all just speculation."

Edit: brainfart as pointed out by jeremyswank.

I guess you probably mean J. Edgar Hoover, a former head of the FBI.

I've lived in both the United States and Germany for long periods of time. In general, these are two modern, democratic countries, not typical oppressive regimes, an 99% of the people have nothing to worry about 99% of the time.

The problem are the 1% who express the wrong ideas at the wrong time. I know people who have been put under surveillance or charged in court for things that are perfectly legal, or just minor infractions. Some examples from Germany:

One guy I knew made a poster protesting against nuclear power, and put it up near his university. About a year later he got a letter saying that the "proceedings against him have been terminated". He found out that the police suspected him of planning a terrorist attack against a nuclear waste transport. They bugged his cell phone, his apartment, and followed him and his friends for about a year, until they realized they have the wrong guy.

A friend of mine made a mistake of visiting a squatted house an being seen there. Later he went to a demonstration, got filmed by the police, and charged with something you could translate as "ring leadership" or "inciting a riot".

There also was a famous case last year where a pacifist pastor who visited a anti-nazi demonstration was charged with something similar [1]. (And of course there are numerous examples from the US.)

The thing is, the threshold invading people's privacy is getting lower and lower. Police or intelligence agencies will put you under surveilance if they just have a hunch. At the same time, persecutors are under really high pressure to "make a case". More and more they will rather convict an innocent on dubious grounds than admit a mistake. Actual quotes from judges (paraphrased): "we need to make an example", and "I don't know if the accusations are technically true, but if you were there [at the demonstration], you have to be guilty of something".

A situation like this is unworthy of a democratic society. As I said, stuff like this doesn't happen to 99% of the people. But you never know when you are in the 1%. I have to be afraid to say anything controverisal - I have firecrackers and vinegar at home, what if some overeager investigator decides I want to make a bomb out of it? And this kind of fear is what they call a "chilling effect" - people will stop using their democratic rights, their right to free speach and freedom of assembly and so on.

[1]: http://news.msn.com/world/german-pastor-faces-trial-over-ant...

Fair enough. I do care. So, which of us matters more?

The majority.

Which, as it turns out, I don't think is you or me.

Unfortunately, I think you're spot on there. Now, the question becomes whether that can be changed, and how?

So you're not concerned about the government themselves having a bad security record and leaking all the data they gather on you, either? (government leaks data all the time)

Or someone in government deciding to stalk you? (this has happened, within the NSA I believe, but certainly in other places)

Or someone deciding they dislike you and using your information to pursue frivolous legal action? (You never broke any law? Any law at all? How would you even know, there are so many and they're so vague!)

Beyond that, well I guess you just don't care about privacy. Me, I do. It's not somehow the right of a bunch of other people I don't know, with minimal to zero democratic oversight, to poke into my life just because they feel like it.

You make a great point about data leaking out.

My position isn't that I don't care about privacy. It's that in the modern age, with so much information kept about people in corporate and government databases, we're necessarily talking about mitigation rather than a pure ideal of full privacy. I assume the NSA can access my records with the IRS or my bank anytime they wish, even if they were prevented by law from tapping my iPhone. This has been the case for decades no doubt. At this point in time, beyond that, they can break into an advertising agency database if they wish and find out about all of my click behavior and location information. In the battles I choose to take on, rolling back an NSA iPhone compromise is an interesting idea, but it is less a priority than other battles, such as protecting dissidents in oppressive countries (which is also a relevant contrast to the point I first made, as has been mentioned elsewhere), and, yes, preventing terrorist attacks.

I think anyone is allowed the prerogative to prioritize their battles. I also do not think the world would be a safer or better place without intelligence gathering. If I permit that much, now we're talking about degrees rather than absolutes, and we're arguing about where to draw the line.

>> If I permit that much, now we're talking about degrees rather than absolutes, and we're arguing about where to draw the line.

We're always talking about where to draw the line, in basically everything worth debating about, ever. There are very few absolutes in life and I think that opting out of the discussion by saying "Well, we're just deciding where to put the line" is a total cop-out.

Where we put the line is important, and where we place our priorities. "Preventing terrorist attacks" sounds very noble, until you add up all the harm that's been done in pursuit of that goal. And remember - there's no compelling evidence that the NSA mass data-gathering activities have actually prevented any attacks.

>> In the battles I choose to take on, rolling back an NSA iPhone compromise is an interesting idea, but it is less a priority than other battles, such as protecting dissidents in oppressive countries (which is also a relevant contrast to the point I first made, as has been mentioned elsewhere)

I don't know how you can't see that these are the same thing. The iPhone compromise, if such exists, further endangers dissidents in oppressive countries, not to mention dissidents in countries we don't consider overtly oppressive, like our own.

The iPhone compromise, if such exists, further endangers dissidents in oppressive countries

I've implicitly acknowledged this point.

Your apathy has been duly noted. Thanks for taking the time, and keep on keeping on.

Question is what if the data is misused ? At this rate, it's very easy to get who supports which politician etc. Democracy may become a sham. I don't know, everything mentioned in the movie "Enemy of the State" can come true.

I completely disagree, but I have voted you up. You represent normal people. Those of us who care are the weirdos.

I've given up. Whats the point? Frankly, if I knew I needed actual privacy, I'd not use anything electronic, and go olde skool. That's all I need to know now. I've told everyone I know and / or care about. Its now up to them.

Get used to it, Big Brother has been here for a while, is staying, and will get stronger.

Just, I wont be listening in the future when it gets really out of hand. I dont expect anyone to come bleating to me if something goes wrong.

Of course you have the right to say these extremely depressive things.

But if this is really what you think, then you should not put any children on this planet - they don't deserve the mess you/we're about to accept/create for future generations.

On a brighter note: think about people like Applebaum, Snowden, Assange, Manning, etc. They fight and keep fighting. Each of them accepts that we have to sacrifice something personal/important to get back a life that is worth living. If they can, why can't you?

PS, if you feel depressed (many people do, especially with these horrible recent news), it might be a good idea to get a professional opinion on that, maybe there's more to it.

I wrote you a sticky note encrypted with a Caesar-cipher based on the one published in the 1964 Encyclopedia Britannica. I affixed it to the door of the first stall of the men's bathroom of the 3rd floor of the engineering building. Please reply by February 7th 2014, as the final meeting is scheduled for October 2014 and there is barely time to coordinate with Eagle, Moe, and Fixie. Given the custodial hazards of stall-based sticky note networking there will be a follow-up note soon. -- exxegoexsrgi

> Honestly, I don't really care. The NSA can read whatever they want of mine.

Hmm. You know what? I care. I don't want the NSA reading your stuff, because they're doing it in my name. I believe they're violating our 4th and 1st Amendment rights, and I want it to stop, for me and for you.

If the government is violating our rights, the damage goes beyond anything resulting from the actual violations. The real damage is that we have a government that does that.

Disagree completely but upvoted because it's an opinion that I think should be seen. Your comments effectively represent the 99.999% of the population that doesn't pay attention to any of this, except to what small amount they're fed via "paranoid" tech friends (and they all wear tinfoil hats, so whatever), nightly news and 60 minutes.

I agree. And also it's been delightful to read the counterarguments to his comment.

I'm inclined to agree with you. It's a first world problem filled with hyperbole and misinformation by the individuals leading this fight. Frankly, I wouldn't trust anyone.

There's plenty of ocurrences of unlawful high tech surveillance and political persecution all over the third world too. More often than not even more problematic situations.

So here is a complete anecdotal suspicion:

I have had the iPhone since the first day of release. I have gone through 16 physical devices over that period (due to me breaking them a lot and going through several employers where I had never purchased my own phone since (well before) it was released). I am currently, for the first time in a long time, on my own personal device; an iPhone 4.

I upgraded it to iOS7 when it was available. The device is a slow POS and I want to stab my eyes out when I use it....

However; there is a behavior that I have only personally noticed recently: (Please tell me if you see the same thing)

Whenever I transition between literally ANY screen, I see a quick BLINK of the screen - in the same anim that you would see when you take a screenshot.

So I am wondering "Is my phone taking a screen cap of EVERY switch/transition I make? WHY"

Now, I know that iOS does do screen caps of things so that when you are switching in various ways that it already has a cache of the last state of that screen in order to thumbnail the previous view... BUT I understood this to be limited to certain circumstances. Currently I am noticing it on pretty much ANY transition.

Even if this is the actual, "Normal", my suspicion is that this fact can be used to entirely rebuild an entire session of activity for a user through their entire interactions. Even if you just grab these screens which are used at a system level - a great deal could be inferred from just these workflow screen caps.

Yes. The screenshot is old/known, and it does that in order to make the transitions appear smooth. It's also been cited as a privacy risk before, for the reasons you mention.


Dunno if you are right or wrong. Its just sad that people now think like this. That little device of joy, which has now become almost essential, is now a source of stress, worry, and suspicion.

Complete bogus - but lets play: If you were the NSA; why would you even hint to the user that you were taking screenshots? Its not like the blink animation is tucked away from software control.

That wasnt my point: irrespective of any "nefarious interest" in said screen shots; IS the iOS device actually capturing every single screen change via a screenshot?

As I understood it - there were certain apps that were captured in the past. This was so that when the app loaded it had the previous state shown as quickly as possible, and it would then refresh.

My point was I am noticing this flashing screen cap anim on literally EVERY screen change... this does not make sense to me and I am wondering why the device does this.

Finally, I surmise that if it actually IS doing these caps, that if one COULD get access to them one could then build a pretty clear session history.

Again, I said it was a simple suspicion. I have no idea if this is actually happening; but the device seems to be revealing the caps happening... but I am not so sure.

The screenshots that are used for transition animations do not make the dimming "screenshot" effect that occurs when pressing the Menu and Power button. That invisibly occurs immediately prior to an animation, to produce a less computationally intensive 2D effect.

The iPhone 4 runs iOS 7 terribly and more likely you are seeing some graphics stuttering from the (albeit limited on that device) new iOS 7 fade/transition animations.

If you were the NSA, would you be taking screenshots just as the target was /switching/ apps, instead of taking them while they're using it? Oh, he's opened Mail, take a screenshot of Mail's splash screen while it's loading, now don't do anything. Oh, he's done using the app, quick, take a screenshot of his empty inbox before the app switches to Candy Crush.

Not to mention that the screen flash while a screenshot is being taken is a usability feature and is there to help us know when a screenshot has been successfully taken. I know there are tweaks on Cydia that allow screen recordings, so why are the NSA messing about taking screenshots of some unimportant (no offense, i mean it in a national security sense) guy?

tl;dr your iPhone 4 is struggling with iOS 7 and probably has some redraw problems, most likely no one is taking screenshots of you while you're switching apps.

I am not talking about the "NSA taking screen shots" -- I am talking about the iOS taking screenshots... this is just a "nice feature" that any phone tapper/hacker (like the NSA) could exploit.

My question is: Does the iOS device, in fact, take a screenshot of every single transition?

everyone seems to miss my question, thus I must be posing it poorly.

What I said again, simply, was that:

I knew that some transitions had a screen capped to allow for a faster, subjective, transition to the user... a UX cheat.

However, I noticed that my iOS7 device APPEARS to be doing this on EVERY transition... Is it really capping, or, as you smartly suggest; the iPhone 4 is a POS that struggles in the anims for each transition.

Finally, I was just surmising that should the device, indeed, take a screen for every transition; this could be a sweet exploit in rebuilding session actions for any user of the device.

Ah, i see what you mean. I think you are correct in that iOS takes a screenshot of pretty much every transition, but i'm willing to bet that it has nothing to do with the screen flashes as it should be automatic and in the background. The screen flashes are UX features for user controlled screenshots. I believe the screenshots of each application's state before transition has to be stored somewhere and if someone manages to access them, some damage could be done, but at the same time, not that much. I don't know exactly how the screenshots are queued up (is there 1 screenshot for each application? If i open the app again and navigate to another view and transition out, is the first screenshot overwritten?)

Apologies, your initial comment sounded like you thought you were being targeted by the NSA or something.

I think they're on to you. Quick, hide the evidence.

Hm, now I'm paranoid re the little "special teams" that article mentions that intercepts the mail package and plugs in whatever doodad the NSA has into the phone, and then sends it along to the customer...my new iPhone had a fingerprint smudge on the screen plastic protector packaging that I otherwise attributed to some overworked Foxconn employee but now I have half a mind it was some NSA agent after 1 too many pizzas....

..and Jacob Appelbaum's actual talk on all of it: https://www.youtube.com/watch?v=b0w36GAyZIA

The slide is dated in 2007 - i.e. either iOS 1.0 or some pre-release beta. Who knows what it does now with iOS 7? Also, its unclear what's needed - does one of those other ridiculous govt alphabet soup programs act as a trojan, or does Tom Cruise has to dangle from my ceiling with laser beams to plug in some wingding to do this?

IIRC Tom Cruise didn't have the laser beams - he was avoiding the laser beams. So the responsibility to set up a defense perimeter with laser beams is yours.

The GP is grammatically and textually correct. The lasers belonged to the ceiling.

"Is the iPhone taking secret pictures of FaceTime users?" (2011)


> One person said that her boyfriend saw a picture of himself at work displayed in FaceTime, even though he has never used the service in the office.

At least we know why Obama still uses a blackberry

Obama only uses a blackberry for show when he is in public.

The Whitehouse Communications Office is responsible for maintaining communications with the rest of the government, business and political contacts, and his family. In the event the president needs to take a call, an aide will direct him to a secure tent they setup nearby that is shielded against eavesdropping and electronic surveillance (see http://www.theage.com.au/world/barack-obamas-portable-secrec...). If it is a conversation where they do not expect sensitive topics to be discussed, they might give him a Sectera Edge that is routed over an encrypted satellite link back to the Whitehouse switchboard where the actual call is connected.

I have an iPhone.

And when I read that the US government tracks mobile phone movements all over the world (generating a ton of other information about people), I turned it off permanently (flight mode) and use it only as a PDA.

Turns out, landline phones combined with email is more than one needs.

If I wouldn't have stopped using the "mobile call feature", my iPhone would have gone straight to ebay, right now.

Couldn't this be accomplished simply by creating apps that deal with contacts, photos, camera, etc. and then having users download and accept the permissions themselves.

For example, imagine that any one of the contact or calendar management apps where you "Allow xxxxx to access your contacts" was produced by the NSA under the guise of an innovative startup.

Not quite: for example, iOS doesn't allow apps to access the SMS database.

In light of recent leaks, it's still pretty obvious: think a repackaging of OTA jailbreaks (like jailbreakme from the iPhone OS 3 era) plus Foxacid.

You could make jailbreakme not display a dialog or install Cydia, and the user wouldn't notice anything except their phone got warm for awhile and has a newly opened port for SSH.

I am waiting for a real GNU phone. The original free software spirit is not there yet.

Since explots can be done through hardware, firmware and software, how is a GNU phone better (genuine question)?

You can take into account initiatives like OpenCores: http://opencores.org/

Vulnerabilities exists anywhere for sure but the community (whatever it means) should create a defense against those threads.

We begin therefore where they are determined not to end, with the question whether any form of democratic self-government, anywhere, is consistent with the kind of massive, pervasive, surveillance into which the Unites States government has led not only us but the world.

This should not actually be a complicated inquiry.



One thing is true: whatever your phone is, the more complex, the more features, the more risks there are.

I really don't see the advantages of having a handsized computer, really. The performance/battery/usability/cost compromises are not really making it worth it.

Most people do a lot of text messaging, usual smartphones are not designed for it. Old school, classic cellphone do it pretty well.

Why would you need the internet while you're outside, in the cold, in the train, while not sitting ? You only need an iPhone for very unnecessary, unplanned, rich things.

For example, you need to locate something, like the nearest restaurant, or coffee place, in a town you know nothing about. The data transfer and costs to make a web search on such a low-powered device, will be ridiculous if you compare it to just asking somebody.

You're in a coffee place, you're arguing about something, and you want to know who's right, so you want to search it on the web. Why not just enable the wifi, and why not carry your 13 inch notebook ?

You want to read your emails. Even if you receive email, what's the real difference with text messaging ? Emails are for long message on which you can attach big files. Email is a very old protocol, and it wasn't really thought to work hand in hand with text messaging.

You want to read a digital document. If you're in for a long, comfortable read, use an ebook device, use the small screen of a classic cellphone, or just plan ahead and print it.

Smartphones are all-in one, expensive, software and hardware quirky solutions which are just not that much awesome. Computers are not entirely secure. A smartphone will create new technical challenges, but also many other risks, especially if you have a homogenous device like the iPhone.

Engineers should start to create protocols and software which are already designed for smaller devices, not create smaller powerful computers: laptops and desktops are already at the limit of tiny.

Apple created a market of an attractive, dreamy device, which sold, and the market followed, but the truth is, there is much more to do on the embedded software design.

"You know all those things you like having in a smartphone? You could do without them, you know."

I agree with your point that more software = more surface area, but your examples of alternatives aren't very viable for most people, in my opinion.

I made much the same arguments before I bought my first smartphone. Turns out they're a lot more useful than you notice when you're only looking for reasons to dislike the whole concept.

For an example from my own experience, I used to do a lot of contract IT work, both freelance and as part of a firm, often visiting several clients over the course of a day. Originally I'd keep track of everything in an old-fashioned spiral-bound pocket notebook, but dead trees are hard to grep, especially remotely, and at the rate at which I filled notebooks it got to be a real pain having to copy and distill everything worth keeping track of from the old one to the new one. I had an old-fashioned candybar phone, too, which worked well enough for phone calls and text messages, and if I had to, I could use it to talk a client through power-cycling a server and other similarly simple procedures, which was at least a little better than having to go out and do it myself, or back to the office where I could remote into the client's PDU.

So I bought an iPhone. Thus, with a modicum of effort, I gained a shared, always up-to-date calendar, providing both an agenda of upcoming events and a searchable record of what I'd done and when; an always-connected email client, providing both an easy means of keeping in touch while on the road and, again, a searchable record of past communications; a shared, collated, searchable collection of notes concerning every relevant detail of my various clients' operations; a shared, &c., collection of contact information for all my various clients and industry contacts; and, last but not least, an always-connected administrative terminal with which to remotely solve even relatively subtle and complex problems, as and when necessary, for clients who had urgent needs and for whom I could not fit an in-person emergency visit into my schedule.

No doubt all of this makes it sound as though I was a preposterously busy person, and for several years that's exactly what I was. My smartphone enabled me to streamline my efforts in a fashion which I had hardly imagined possible before I first laid hands on the means of so doing, to the extent that it made me able to get more work done, with less effort, than I had been able to accomplish before. If there is any purpose at all behind our species' longstanding habit of building interesting trinkets and gewgaws, "more work with less effort" is certainly the very soul of that purpose.

I do, though, like your "only frivolous people with frivolous purposes would ever have a smartphone" argument, though. I think that's the most sensible thing anyone has said in this whole thread. Certainly it is in no way redolent of, for example, someone who bravely defies his ignorance in order to declaim at length on a subject of which he has absolutely no relevant experience whatsoever.

Ha, I wonder what this will do to acceptance of Apple products inside DoD's (well govt in general). Many agencies and military branches love them some new cool toys and have been pushing for their inclusion. Now revealing that Apple security can so seemingly easily be compromised, will they still allow or advise use of Apple products on government's own networks?

I thought the largest take away from all these leaks was that various branches of government, even within the military and intelligence communities, routinely deploy solutions that are known to be insecure?

Well they do try to (at least on the surface) to protect their own sensitive information. NSA's other mission (besides spying) is and advising govt agencies and military on keeping their data safe.

Now this involves a lot of red tape security certifications, hardening 'scripts', monitoring, auditing and so on. They legitimately do not want sensitive information leaking. Projects employ air gaps with CDs being burnt and that is how data is transferred some times.

They cynic in me assumes that even tech savvy people would much rather rationalize away NSA access to their Apple products than give them up.

The easiest rebuttal is simply that every smartphone is equally at risk.

A last resort will be to simply say "meh, don't care"

That's how good/sticky Apple products are

Is there more to the evidence for this than the slide? Because the slide says that the product is "In development." Just because capabilities are described in present tense on a slide does not mean that they are in fact available.

All Your iPhones Are Belong To Us. Surrender to your iNSA overlords, while you're still alive.

Humm... I was going to buy the new iPhone, this changed my mind. Maybe I should just get a feature phone instead.

Oh just buy whatever you want, for whatever reasons you used to make up to justify an overpriced trinket which people think boosts their social standing because it pretty, and overpriced. Just know its not secure and act accordingly. Use it to build up a nice pure profile. When you want to rob banks, build your nuke, or whatever, dont use it.

Or, have lots of trying to bait the spies. Call it art or something. Look up lots of terror stuff, like you are writing a book. Back, I dunno, 1000 years ago, when I first heard the oh so mad notion of echelon, I added an invisible signature to my email containing every naughty key word I could think of. Idea being to some how annoy the spooks. Yeah, childish and pointless, but it amused me.

Hmmm, maybe half a year of banging my head against a brick wall has had an effect after all.

There's always "that guy" who makes this comment. We should start giving out "StackOverFlow style badges".

The sad fact is that it doesn't matter how secure your phone is because there's a weaker link in your security chain. You...

All the phones are exploited. I doubt it matters.

Really any phone is exploited. When you've got a baseband with direct hardware access that the carrier can connect to there isn't really anything short of fully open hardware that is gonna save you.

If (as claimed) the NSA has hacked the major BIOS/firmware as well as encryption, is there such as thing as "fully open hardware" and would it help?

To my knowledge no, there is not. If there was, it would also require approval from the network operator. And if you believe that the network operators are aligned with the intelligence community anyways, you would never expect that approval to happen.

Perhaps, but with a feature phone there's much less for the eavesdroppers to see.

Yes, hence the feature phone :), no GPS, no email, no browsing records, etc.

True but phones with highest market share are more susceptible to the phones with least market share.

And you think others are better? iPhone is probably one of the more "private" ones.

All cell phone OSs are compromised to some degree. If Apple's claims about their crypto were auditable, I would say that iOS is the best from a security standpoint.

My TracFone is safe :-)

I wonder if they are doing this with Android devices too.

Anyways, it's not of concern to me as I ditched my smartphone for an old school motorolla flip phone.

Ok! Isn't this obvious?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact