Apple moves to bring iCloud infrastructure in-house predicated by backdoor fears - report

Posted:
in Future Apple Hardware
Apple's multi-year effort to develop its own servers and networking hardware has reportedly been driven in large part by security concerns, as the company worries that supply chain tampering may lead to deeply embedded vulnerabilities which are difficult to find and remediate.


National Security Agency personnel are shown delicately opening a Cisco box to add malware to the device within after intercepting it during shipping


Apple's fears center around the possibility that infrastructure equipment could be intercepted by third parties between the time it leaves the manufacturer and the time it arrives at Apple's datacenters, according to The Information. The company believes that malicious actors could be adding new or modified components that would enable unauthorized access.

This fear is said to have been a primary driver of the company's strategy to move as much infrastructure design as possible in-house. The gargantuan size of such a task -- Apple's cloud services serve tens of billions of requests each day -- has led to delays in reducing its reliance on outside service providers like Google and Amazon.

Unfortunately, Apple's worries are not unfounded.

While it may never be known who the targets were, information revealed by NSA leaker Edward Snowden revealed the existence of government programs designed to do exactly the thing Apple fears.

The National Security Agency's Tailored Operations Access unit was, and may still be, tasked with redirecting shipments of servers and routers headed for targeted organizations to government facilities. The packages would be opened, compromised firmware installed, and then the packages re-sealed and delivered.

One NSA manager described the program as "some of the most productive operations in TAO because they pre-position access points into hard target networks around the world."

Photos which accompanied the leaks showed intelligence agency workers modifying Cisco gear, infuriating the networking giant. Cisco later announced that it would address shipments to empty houses to avoid government tracking.


Apple's data center in Maiden, N.C.


"We ship [boxes] to an address that's has nothing to do with the customer, and then you have no idea who ultimately it is going to," Cisco security chief John Stewart said at last year's CiscoLive 2015 conference.

"When customers are truly worried... it causes other issues to make [interception] more difficult in that [agencies] don't quite know where that router is going, so it's very hard to target - you'd have to target all of them. There is always going to be inherent risk."

Apple is said to have gone to extreme lengths to verify the integrity of products it receives, even comparing photographs of motherboards with explanations of each component and its function.

"You can't go take an X-Ray of every computer that hits the floor. You want to make sure there's no extracurricular activity" by building servers in-house, one source told the publication.

Comments

  • Reply 1 of 15
    coolfactorcoolfactor Posts: 1,504member
    That guy's head makes me dizzy.  :D
    Soli
  • Reply 2 of 15
    paxmanpaxman Posts: 4,607member
    Wow. This kind of stuff is justified by governments as measures to prevent evil terrorists from winning. The way I see it this kind of stuff is proof that they already are.
    lostkiwicurt12Rayz2016latifbp
  • Reply 3 of 15
    davendaven Posts: 538member
    The whole project makes me dizzy. Under what authority do they have the right to snoop on my network usage?
  • Reply 4 of 15
    plovellplovell Posts: 801member
    daven said:
    The whole project makes me dizzy. Under what authority do they have the right to snoop on my network usage?
    Just because. Because they're "the Government" and we're not. That's all.
    latifbp
  • Reply 5 of 15
    prokipprokip Posts: 150member
    Sad days for civilisation !! Is it really a better world where anything and everything you say and do, anything you note down and record, text, a photo, a video, is available to someone you have never met who does not necessarily have your good will at heart.  When will the microphone on your phone, tablet, watch, or even the camera switch on without your knowledge and become the eyes and ears through which your whole life is open to those who choose to watch and listen. 

    Interesting that some old scriptures written over 2,000 years ago referred to this stuff happening in the world at a time in the future.  How did they know?


    lostkiwiicoco3
  • Reply 6 of 15
    bsimpsenbsimpsen Posts: 295member
    prokip said:
    Interesting that some old scriptures written over 2,000 years ago referred to this stuff happening in the world at a time in the future.  How did they know?


    They didn't know. You're simply picking one "prediction" that you think came true from the thousands that didn't.
    nolamacguydaren_mitchelllatifbp
  • Reply 7 of 15
    prokipprokip Posts: 150member
    bsimpsen said:
    prokip said:
    Interesting that some old scriptures written over 2,000 years ago referred to this stuff happening in the world at a time in the future.  How did they know?


    They didn't know. You're simply picking one "prediction" that you think came true from the thousands that didn't.
    There's a reference to the whole world witnessing an event (the death of two guys) at exactly the same time.  Did not make sense until now.  Now it is possible.  Lots of other examples (e.g.  the complete collapse of the world mercantile and commodity markets in an hour - not possible until now, and we have seen pre-cursors of this possibility more than once over the past decade and century).      
    lostkiwiicoco3
  • Reply 8 of 15
    volcanvolcan Posts: 1,789member
    I guess you can't be too cautious. Intercepting packages is one thing, but I remember reading just recently that Juniper got their source code hacked and were unknowingly  installing unauthorized code on their equipment at the factory. At large data centers they usually have factory technicians delivering, installing and maintaining that type of equipment. Data centers don't usually use stuff that would fit in that small box. Their equipment stands 3 feet tall and needs a fork lift to move. Building your own computers is always a good idea, but you can't really build your own routers and firewalls. The best precaution is having your own delivery people pick up the equipment at will call and drive it to the datacenter. Can't trust couriers or package companies.
    lostkiwi
  • Reply 9 of 15
    I knew this type of activity was likely happening. In fact, I wouldn't be surprised if hardware was put into keyboards to log keystrokes and send the data surreptitiously to the NSA. 

    Such malware could easily bypass encryption as it would provide the actual pass codes. 

    Thumbprint authentication is a way around the issue, but keystrokes are always the backup. 

    It is a whole new world where search warrants and court orders are no longer needed. And for governments to require back doors only compromises the systems for nearly all, putting secure encryption only into the hands of the criminals. 
  • Reply 10 of 15
    lkrupplkrupp Posts: 7,162member
    I’m guessing competent network administrators would insist on reflashing all firmware AFTER delivery of any network hardware.
    linkman
  • Reply 11 of 15
    I think Apple almost has to build a large cloud infrastructure due to the fact Apple is being devalued by Wall Street for not having one like all of its peers. Amazon, Google and Microsoft are constantly being praised by the big investors for having cloud services and yet Apple has almost nothing to compare to those three. With as much money as Apple has, it really doesn't make much sense to simply sit on it and let its rivals get all the glory. It's said that Apple's need for cloud infrastructure is constantly growing and Apple can't keep up on its own. However, I don't understand why Apple can't build data centers as fast as its peers. Buy up some land, put up a building and stuff it with servers. Is it really that difficult for a company with billions of dollars to do? I really thought that data center in Maiden, N.C. was a big deal but apparently it doesn't amount to very much because I've heard Amazon's data centers have many times the capacity of anything Apple has. If Apple wants to be self-reliant then they need to step up the pace and create enough cloud capacity for at least their own use. Why bother to give money to rivals to boost their value? That's just self-defeating.
  • Reply 12 of 15
    xamaxxamax Posts: 132member
    If Apple wants to be self-reliant then they need to step up the pace and create enough cloud capacity for at least their own use. Why bother to give money to rivals to boost their value? That's just self-defeating.
    I believe the issue with Apple, which has served them well up to this point but probably has to change, is an aversion to go out of their core business.

    I believe that has to change if they want to control - which is something they care for even more - their world.

    Mark this: Security is not just end to end encryption. This article just proves security is end-to-end control over ones business.

    And in subcontracting, one loses control over one's business, trying to frame such control with compliance contracts.

    Because of this, the anal.ists and bought out media have argued that  is almost just a hardware company as it has given most of the services and software for others to create. I feel the hardware and few basic software  supplies to be like a really slim body  needs to bulk up with the muscle coming from services, content and Apps.

    In terms of their server farms, it is very odd they don't even come up with a specific rack server of their own, build it up, control the entire process, make server farms ones of their products  could even outsource to others. Why not create a department for that.

    The thing is,  tries to stay startup like basic as much as possible but I believe a company that has achieved this much of a scale needs to adapt and grow its way of conducting business and not just focus on going for a entry level price point of one of their products. , should they want to survive and thrive long term, needs serious internal changes/restructuring, give up its attachment to its old ways, not give up on them but evolve them without losing the original spirit.

    For example, besides the obvious in-your-face server farm issue, it could just create a new content-services department and either buy out Time Warner Inc and restructure it, selling off what is useless, or start its own content production like Netflix is doing, putting its money in competent professionals. Jobs created Pixar, it almost bought out Disney, Laurene Powell Jobs has huge control over that company, it's not that they don't have any expertise or connections in the area. Get Spielberg, Lucas, Wachowski brothers, irreverent people making content. Apple is so badly served by the manipulated media, it would do them really good to get powered up in the area - Time Warner Inc has newspapers, etc. But no, they don't want to get out of their old core business so Apple has been stuck for years with the hobby TV, incapable of launching its one cord-cutting service, just plain ol stuck for years on end, with an aging movie selling iTunes business model that has proven how far it goes and is stuck, just stuck.

    If  is unable to reinvent itself and grow its structure to accompany it's behemoth numbers growth it's not going to thrive for long.

    Apple needs to "get" that its core business is not the Mac evolved into iPhone or even hardware but designing-revolutionizing-reinventing industries-processes-lifestyles, delivering the well designed product-service-processes to the masses that now worship and follow its lead.
    edited March 2016 palomine
  • Reply 13 of 15
    volcan said:
    I guess you can't be too cautious. Intercepting packages is one thing, but I remember reading just recently that Juniper got their source code hacked and were unknowingly  installing unauthorized code on their equipment at the factory. At large data centers they usually have factory technicians delivering, installing and maintaining that type of equipment. Data centers don't usually use stuff that would fit in that small box. Their equipment stands 3 feet tall and needs a fork lift to move. Building your own computers is always a good idea, but you can't really build your own routers and firewalls. The best precaution is having your own delivery people pick up the equipment at will call and drive it to the datacenter. Can't trust couriers or package companies.
    How do we know there aren't agents already working inside Apple or the Chinese factories?
    edited March 2016
  • Reply 14 of 15
    volcanvolcan Posts: 1,789member
    Blaster said

    How do we know there aren't agents already working inside Apple or the Chinese factories?
    We can't be sure of anything. For all we know Trump's real family name from his ancestors in Germany is actually Drumpf and Obama was born in Kenya. If you need absolute verification, you have to do your due diligence.
  • Reply 15 of 15
    stourquestourque Posts: 354member
    paxman said:
    Wow. This kind of stuff is justified by governments as measures to prevent evil terrorists from winning. The way I see it this kind of stuff is proof that they already are.
    You can buy whatever weapons you want online, and unlimited amounts of ammunition and the NRA makes sure the gov't can't track it, but buy a computer and now you're in their crosshairs. Land of the free and the home of the brave.
    Kenster999
Sign In or Register to comment.