"Dishing out a lot of data behind our backs.." is an very misleading, false, click bait type of headline. There are no examples in the article of where Apple "dished out" any information. I expect such crappy headlines from some but hoped AppleInsider was more truthful. How many of your other articles are now trustworthy?
"Dishing out a lot of data behind our backs.." is an very misleading, false, click bait type of headline. There are no examples in the article of where Apple "dished out" any information. I expect such crappy headlines from some but hoped AppleInsider was more truthful. How many of your other articles are now trustworthy?
Agreed, the headline is misleading...
As I'm at work, I don't have much time, but I did go into the original paper published by Jonathan Zdziarski, and to me at least, it would appear a great deal of the "backdoors" he identifies would be utilized by engineers at Apple to troubleshoot issues. While a lot of these could used for nefarious purposes if somewhat scrupulous individuals or organizations gained access to them, they do appear to be mostly troubleshooting utilities.
You don't get to present at these conferences if you're an idiot. The standards for appearing there are fairly high.
The standard for posting comments on AI forums, not so much.
You should take your own advice (in bold above).
Keep in mind that people challenged the government in court for years about being spied on, only to be told "you can't prove it - go away"
Then Snowden reveled their immoral / illegal activity, now the cases are moving forward again.
It is difficult to get a man to understand something, when his salary depends upon his not understanding it - Upton Sinclair
Poor little baby. What are you, 12? How clever changing my from Bee to Wit. How many hours did it take you to come up with that nugget of genius? I suppose you have a long list of words you can add an "i" in front of in order to make yourself appear witty as well.
I stand by my comments. It's one thing for someone to claim the government is spying without having concrete proof. It's quite another for someone to claim (and list ) modules in an OS that supposedly do this, and then refuse to back it up with examples of the exploit. This guy's just looking for his 15 minutes of fame by throwing out a bunch of "possibilities" disguised as "facts".
As I'm at work, I don't have much time, but I did go into the original paper published by Jonathan Zdziarski, and to me at least, it would appear a great deal of the "backdoors" he identifies would be utilized by engineers at Apple to troubleshoot issues. While a lot of these could used for nefarious purposes if somewhat scrupulous individuals or organizations gained access to them, they do appear to be mostly troubleshooting utilities.
No kidding. Imagine that - the architects/developers of an operating system have ways to gain access to portions of it that normal people never would.
Perhaps you should take a moment to peruse the slide deck linked in the article, where you will find several working examples.
I did. It read more from a standpoint of what is theoretically possible. I never saw a step by step WORKING example. I saw some naive code examples of how it could be possible that demonstrates the core idea. I also find it funny the mention of being able to spoof the fingerprint reader. I remember when news of that released. It basically required a perfect fingerprint under perfect conditions in order to work. Its POSSIBLE, but how likely is it?
It is possible to extract data from the phone, at least with physical possession. Apple provides that service to law enforcement, although there is an extremely long waiting list. If Apple has a back door then it is not impossible for others to figure out how to gain access as well.
I never said what this guy is saying is impossible. I just think it's highly unlikely. Of course if someone has access to the hardware the security is basically gone. It's only a matter of time at that point. Same idea as physical access to a server room. If an attacker has your hardware it's over unless you have some insane encryption.
(Edit) insane encryption meaning a strong algorithm with a strong key. Then your only hope is the attacker gives up because it may be infeasible at this time to crack.
Not necessarily. Have you thought about perhaps he's not releasing the details to the public to prevent this from being exploited by nefarious people outside the NSA?
I rather he do it the way he has, then give the facts over to Apple R&D for them to remove the code and plug the leaks.
That's what I meant and is typically how apple operates. When they hear news of an exploit or find something themselves, they don't announce the nitty gritty specifics until they have a fix. That's the only intelligent way to handle it.
Only problem is, if what this guy says is true, don't you think the NSA already has this capability or are now researching it because they know what's possible. Why not just tell apple and then announce what he found after the fix? Like I said, he wants his 15 minutes.
Why doesn't this guy do the OBVIOUS? Connect his iPhone to a hone WiFi network where the iPhone is the only device connected. Then record all of the traffic (packets) that leave the iPhone. Would be pretty easy to do and then you'd know EXACTLYwhat information is being "dished out" from your device.
The technical know-how to figure out these exploits is often sufficiently high enough that only the worst offenders with mad skillz can figure them out and make use of them.
In either case, it's free consulting for apple.... Good work!
Why doesn't this guy do the OBVIOUS? Connect his iPhone to a hone WiFi network where the iPhone is the only device connected. Then record all of the traffic (packets) that leave the iPhone. Would be pretty easy to do and then you'd know EXACTLYwhat information is being "dished out" from your device.
Why hasn't he done this one very simple task?
He doesn't need to prove anything to us. He is already a published author on iOS security, an early member of iOS jail breaking teams and invited to lecture at a well known conference. It is no different than a doctor lecturing at a medical conference about his work in cancer research. You don't expect him to first cure cancer before being allowed to give talk on the subject.
I'm so sick of people talking about what "could be happening" or that it's "possible". Quit talking out of your ass to make a name for yourself and show us a working, functioning exploit where you've successfully pulled data off a device. <span style="line-height:1.4em;">Like he claims forensics agencies are doing.</span>
t's pretty common when discussing malware, security holes or other threats affecting any particular OS to talk about the theoretical possibility of user harm whether any actual harm has occurred or not. You know how it works.
I define "dishing out" as giving information to others with no restrictions. From all reports, Apple does not do this. My big complaint is the crappy headline.
If these hooks are necessary, they should have the same user controls as other ways that expose user data. And by default, they should be OFF.
He doesn't need to prove anything to us. He is already a published author on iOS security, an early member of iOS jail breaking teams and invited to lecture at a well known conference. It is no different than a doctor lecturing at a medical conference about his work in cancer research. You don't expect him to first cure cancer before being allowed to give talk on the subject.
If the doctor makes claims that people could use what he's talking about and cure cancer simply by doing a little extra work, then I'd have a problem with it. Or if he's claiming that others are already curing cancer using techniques he's talking about.
That's what he's saying - that the systems are in place, forensics experts are ALREADY exploiting them to get at data, and others could too "if they really tried".
t's pretty common when discussing malware, security holes or other threats affecting any particular OS to talk about the theoretical possibility of user harm whether any actual harm has occurred or not. You know how it works.
Funny how in previous discussions about the problems with malware on Android you demanded "proof" of something happening.
I'm so sick of people talking about what "could be happening" or that it's "possible". Quit talking out of your ass to make a name for yourself and show us a working, functioning exploit where you've successfully pulled data off a device. Like he claims forensics agencies are doing.
Otherwise STFU.
I was thinking the exact same thing, it is like the whole concept of a space elevator, in theory it can be done, but no one can actually demonstrate it.
Instead of talking about back doors and possible exploits, show us how you did it and what happens when you do it.
Lots of systems have back doors and most of them as only accessible when the product is going through the manufacturing process or when it put into some debug mode which would be completely obvious to the everyday users
Questions for the Emperor: 1. Why did you build the Death Star, whose sole purpose is to end life on a planetary scale? Isn't the purpose of the government to serve its citizens? 2. Why did you dissolve the Imperial Senate? 3. Now that the Separatists have been defeated, what is the purpose of the Grand Army of the Empire, other than to crush dissent? 4. How badly has the clone DNA degraded that the final batch of your elite stormtroopers can get their ass whooped by teddy bears wielding rocks and sticks?
It's too difficult for me to assess the technical merits of the issues this guy is raising, and I doubt I'll be able to really assess Apple's reply either, if they make one.
So here's how I look at it:
1. Apple's profits come from selling iPhones to consumers, not from selling consumers' data to other people. This leads me to think Apple will tend to be better (not perfect, just better) about respecting and protecting customer privacy than Google. (Microsoft's incentives are a little fuzzy here, but my sense is they are somewhere in between Apple and Google).
2. Apple has to respect the governments and law enforcement officials in the countries where they operate. That means that if any given government (US, China, whoever) pressures Apple to share customer data, we cannot realistically expect Apple to resist that pressure. In fact, I'm not sure we should even want Apple to resist that pressure -- Apple should not be above the laws of the countries in which they operate. If the citizens of any given country don't like what their government is asking corporations to do, then the citizens need to change their government (I don't mean to imply that's an easy thing to do, but ultimately that is what's necessary).
Apart from the other accusations is this guy also asking for all personal data on the iPhone to be encrypted?
That's a completely different and over-reaching request.
If you connect a phone using, say, "iPhone explorer" you ( or anyone) can get in and 'explore' all the files on your iPhone once the phone is unlocked. It is up to the app developer to encrypt his apps data. Do we really expect that our iPhone will now encrypt/decrypt all data on the iPhone in "real time" ? That's crazy!
Apart from the other accusations is this guy also asking for all personal data on the iPhone to be encrypted?
That's a completely different and over-reaching request.
If you connect a phone using, say, "iPhone explorer" you ( or anyone) can get in and 'explore' all the files on your iPhone once the phone is unlocked. It is up to the app developer to encrypt his apps data. Do we really expect that our iPhone will now encrypt/decrypt all data on the iPhone in "real time" ? That's crazy!
You know that the iPhone already does this, right? What it *doesn't* do by default is combine the hardware encryption key with your passcode. That feature is available on an app by app basis (Data Protection), but I would be much happier if it were (at least optionally) implemented for the whole filesystem.
The way that things stand now, it's possible to access the contents of the phone's filesystem (bypassing the lock code). Anything that's not protected via Apple's Data Protection system can be read from the phone. The method for doing this is nontrivial but well known.
He doesn't need to prove anything to us. He is already a published author on iOS security, an early member of iOS jail breaking teams and invited to lecture at a well known conference. It is no different than a doctor lecturing at a medical conference about his work in cancer research. You don't expect him to first cure cancer before being allowed to give talk on the subject.
AHAHAHAHAHAHAHAHAHA
Okay, NOW I understand why you believe some of the things you believe. That clears up a ton of confusion.
Originally Posted by fallenjt
Go ahead NSA. I don't give a sht. I got nothing to hide.
This is in no way a valid argument.
By the way, mind posting a picture of your wife in her underwear holding the receipt of your credit card? After all, you have nothing to hide.
Comments
if you think Apple is bad you should look at Android cause Android is worse!
I'd hate to be an Android owner, becuase the NSA pwns all of Android phones. And windoze
Apple is Awesome!
So you're OK with this because you think Android is worse?
As I'm at work, I don't have much time, but I did go into the original paper published by Jonathan Zdziarski, and to me at least, it would appear a great deal of the "backdoors" he identifies would be utilized by engineers at Apple to troubleshoot issues. While a lot of these could used for nefarious purposes if somewhat scrupulous individuals or organizations gained access to them, they do appear to be mostly troubleshooting utilities.
You don't get to present at these conferences if you're an idiot. The standards for appearing there are fairly high.
The standard for posting comments on AI forums, not so much.
You should take your own advice (in bold above).
Keep in mind that people challenged the government in court for years about being spied on, only to be told "you can't prove it - go away"
Then Snowden reveled their immoral / illegal activity, now the cases are moving forward again.
It is difficult to get a man to understand something, when his salary depends upon his not understanding it - Upton Sinclair
Poor little baby. What are you, 12? How clever changing my from Bee to Wit. How many hours did it take you to come up with that nugget of genius? I suppose you have a long list of words you can add an "i" in front of in order to make yourself appear witty as well.
I stand by my comments. It's one thing for someone to claim the government is spying without having concrete proof. It's quite another for someone to claim (and list ) modules in an OS that supposedly do this, and then refuse to back it up with examples of the exploit. This guy's just looking for his 15 minutes of fame by throwing out a bunch of "possibilities" disguised as "facts".
Agreed, the headline is misleading...
As I'm at work, I don't have much time, but I did go into the original paper published by Jonathan Zdziarski, and to me at least, it would appear a great deal of the "backdoors" he identifies would be utilized by engineers at Apple to troubleshoot issues. While a lot of these could used for nefarious purposes if somewhat scrupulous individuals or organizations gained access to them, they do appear to be mostly troubleshooting utilities.
No kidding. Imagine that - the architects/developers of an operating system have ways to gain access to portions of it that normal people never would.
I did. It read more from a standpoint of what is theoretically possible. I never saw a step by step WORKING example. I saw some naive code examples of how it could be possible that demonstrates the core idea. I also find it funny the mention of being able to spoof the fingerprint reader. I remember when news of that released. It basically required a perfect fingerprint under perfect conditions in order to work. Its POSSIBLE, but how likely is it?
I never said what this guy is saying is impossible. I just think it's highly unlikely. Of course if someone has access to the hardware the security is basically gone. It's only a matter of time at that point. Same idea as physical access to a server room. If an attacker has your hardware it's over unless you have some insane encryption.
(Edit) insane encryption meaning a strong algorithm with a strong key. Then your only hope is the attacker gives up because it may be infeasible at this time to crack.
That's what I meant and is typically how apple operates. When they hear news of an exploit or find something themselves, they don't announce the nitty gritty specifics until they have a fix. That's the only intelligent way to handle it.
Only problem is, if what this guy says is true, don't you think the NSA already has this capability or are now researching it because they know what's possible. Why not just tell apple and then announce what he found after the fix? Like I said, he wants his 15 minutes.
Why hasn't he done this one very simple task?
In either case, it's free consulting for apple.... Good work!
Why doesn't this guy do the OBVIOUS? Connect his iPhone to a hone WiFi network where the iPhone is the only device connected. Then record all of the traffic (packets) that leave the iPhone. Would be pretty easy to do and then you'd know EXACTLYwhat information is being "dished out" from your device.
Why hasn't he done this one very simple task?
He doesn't need to prove anything to us. He is already a published author on iOS security, an early member of iOS jail breaking teams and invited to lecture at a well known conference. It is no different than a doctor lecturing at a medical conference about his work in cancer research. You don't expect him to first cure cancer before being allowed to give talk on the subject.
t's pretty common when discussing malware, security holes or other threats affecting any particular OS to talk about the theoretical possibility of user harm whether any actual harm has occurred or not. You know how it works.
I define "dishing out" as giving information to others with no restrictions. From all reports, Apple does not do this. My big complaint is the crappy headline.
If these hooks are necessary, they should have the same user controls as other ways that expose user data. And by default, they should be OFF.
He doesn't need to prove anything to us. He is already a published author on iOS security, an early member of iOS jail breaking teams and invited to lecture at a well known conference. It is no different than a doctor lecturing at a medical conference about his work in cancer research. You don't expect him to first cure cancer before being allowed to give talk on the subject.
If the doctor makes claims that people could use what he's talking about and cure cancer simply by doing a little extra work, then I'd have a problem with it. Or if he's claiming that others are already curing cancer using techniques he's talking about.
That's what he's saying - that the systems are in place, forensics experts are ALREADY exploiting them to get at data, and others could too "if they really tried".
t's pretty common when discussing malware, security holes or other threats affecting any particular OS to talk about the theoretical possibility of user harm whether any actual harm has occurred or not. You know how it works.
Funny how in previous discussions about the problems with malware on Android you demanded "proof" of something happening.
I want to see this guy demonstrate this function.
I'm so sick of people talking about what "could be happening" or that it's "possible". Quit talking out of your ass to make a name for yourself and show us a working, functioning exploit where you've successfully pulled data off a device. Like he claims forensics agencies are doing.
Otherwise STFU.
I was thinking the exact same thing, it is like the whole concept of a space elevator, in theory it can be done, but no one can actually demonstrate it.
Instead of talking about back doors and possible exploits, show us how you did it and what happens when you do it.
Lots of systems have back doors and most of them as only accessible when the product is going through the manufacturing process or when it put into some debug mode which would be completely obvious to the everyday users
1. Why did you build the Death Star, whose sole purpose is to end life on a planetary scale? Isn't the purpose of the government to serve its citizens?
2. Why did you dissolve the Imperial Senate?
3. Now that the Separatists have been defeated, what is the purpose of the Grand Army of the Empire, other than to crush dissent?
4. How badly has the clone DNA degraded that the final batch of your elite stormtroopers can get their ass whooped by teddy bears wielding rocks and sticks?
It's too difficult for me to assess the technical merits of the issues this guy is raising, and I doubt I'll be able to really assess Apple's reply either, if they make one.
So here's how I look at it:
1. Apple's profits come from selling iPhones to consumers, not from selling consumers' data to other people. This leads me to think Apple will tend to be better (not perfect, just better) about respecting and protecting customer privacy than Google. (Microsoft's incentives are a little fuzzy here, but my sense is they are somewhere in between Apple and Google).
2. Apple has to respect the governments and law enforcement officials in the countries where they operate. That means that if any given government (US, China, whoever) pressures Apple to share customer data, we cannot realistically expect Apple to resist that pressure. In fact, I'm not sure we should even want Apple to resist that pressure -- Apple should not be above the laws of the countries in which they operate. If the citizens of any given country don't like what their government is asking corporations to do, then the citizens need to change their government (I don't mean to imply that's an easy thing to do, but ultimately that is what's necessary).
That's a completely different and over-reaching request.
If you connect a phone using, say, "iPhone explorer" you ( or anyone) can get in and 'explore' all the files on your iPhone once the phone is unlocked. It is up to the app developer to encrypt his apps data. Do we really expect that our iPhone will now encrypt/decrypt all data on the iPhone in "real time" ? That's crazy!
That's a completely different and over-reaching request.
If you connect a phone using, say, "iPhone explorer" you ( or anyone) can get in and 'explore' all the files on your iPhone once the phone is unlocked. It is up to the app developer to encrypt his apps data. Do we really expect that our iPhone will now encrypt/decrypt all data on the iPhone in "real time" ? That's crazy!
You know that the iPhone already does this, right? What it *doesn't* do by default is combine the hardware encryption key with your passcode. That feature is available on an app by app basis (Data Protection), but I would be much happier if it were (at least optionally) implemented for the whole filesystem.
The way that things stand now, it's possible to access the contents of the phone's filesystem (bypassing the lock code). Anything that's not protected via Apple's Data Protection system can be read from the phone. The method for doing this is nontrivial but well known.
AHAHAHAHAHAHAHAHAHA
Okay, NOW I understand why you believe some of the things you believe. That clears up a ton of confusion.
This is in no way a valid argument.
By the way, mind posting a picture of your wife in her underwear holding the receipt of your credit card? After all, you have nothing to hide.