Sooner or later people will come out of denial and will understand that these reports are WAY understated and only a small part of the overall story. Every smartphone in the world, especially the iPhone, can be invisibly hacked and can be used to spy on the owner.
I know how badly some of you want to trust Apple, and even crazier, want to trust the gov, but that's not the real world.
The report is outdated. These remote exploits are all possible with jailbreaks and open source software. In 2010, iOS had a remote PDF jailbreak exploit that was fixed.
Since then, iOS and Mac security have beefed up significantly. It's now sandboxes everywhere compared to 2010. It will continue to be a cat and mouse game as Apple rewrite their software frequently.
But the NSA is resourceful. If they can't do it remotely, they will try to gain physical access to your devices. It doesn't have to be a phone. They can pick the easier ones to start.
If they can't get to your devices, they will try to sieve the network traffic, or target the servers at the same time.
Rovio, one of the app providers mentioned in yesterdays' report has issued a statement, a portion of it sayin:
"The alleged surveillance may be conducted through third party advertising networks used by millions of commercial web sites and mobile applications across all industries. If advertising networks are indeed targeted, it would appear that no internet-enabled device that visits ad-enabled web sites or uses ad-enabled applications is immune to such surveillance. Rovio does not allow any third party network to use or hand over personal end-user data from Rovio’s apps." http://www.rovio.com/en/news/press-releases/450/rovio-does-not-provide-end-user-data-to-government-surveillance-agencies/
EDIT: In the 23 different tracking ad providers working in AppleInsider at the moment I don't see Millennial Media.
Those are different mechanism altogether from the jailbreak, rootkit type exploit.
They are more like user tracking in popular social networks today. Users are already volunteering a lot of location, preferences and relationship data to feed their favorite services. They only need to intercept the network and servers to get more info.
If the users sets the preferences to stop cookie or any form of tracking, the OS, app and service providers have to stop doing so.
Why? At least in the US it's not illegal to ignore "Do Not Track" and many do.
Ah, then it is piece of cake for NSA to track you. ^_^
They don't even need to jailbreak your phone to track your activities online. Everything has been harvested by the ads people on the server side. And big and small companies share data between each other.
Three year old doc which means that it may have been invalidated by iOS 5 etc.
And likely requires either physical access to a non passcoded device. Or for said device to be jailbroken to allow for side loading and the user to install the exploit themselves through some kind of Trojan horse move.
Unless Apple, Google, MS and other OS providers were aware of the NSA spying and all the ways it was being accomplished I personally think it's ridiculous to assume that the holes they were using are all closed by happenstance. We're just now becoming aware of how pervasive it is, with both Apple and Google claiming they had no idea themselves.
Any sort of exploit in iOS that the NSA etc might use are the same sort of thing that jailbreak developers might use. So no it wouldn't be happenstance so much as Apple trying to cure rabies and 'accidentally' cured cancer as well
Those 'always on' connected location services rather than more standard Airplane mode GPS services are no Secret Service. Those added beacons mean location services are ultra important to the future of Apple, secret or no secret services.
I'm still sort of waiting to see a cursing email when Apple truncated that user lifetime location database on the iPhone.
Well this can't be right. Everyone knows that the US is the only country that ever spies on anyone and that they've only been doing it for the last couple of years.
Ah, then it is piece of cake for NSA to track you. ^_^
They don't even need to jailbreak your phone to track your activities online. Everything has been harvested by the ads people on the server side. And big and small companies share data between each other.
Yup, a lotta sharing going on. You're getting there.
Apple and Samsung may have vastly improved the security on their devices. But how secure are the facilities when phone components are designed, manufactured, or assembled? These have to be tempting targets. What's to stop an Apple (or a contractor) engineer, who's really a covert agent, from compromising the chip, ROM, or something? Or compromising core software at the source where its written? I don't think it would be difficult for a major intelligence agency to infiltrate any tech company they've targeted. Especially with so much to gain. We already know the NSA has actively tried to compromise encryption standards (and who knows what else) - right at the source. Going to the source may be the emerging strategy.
In 5 years when we find out that NSA and GCHQ had remote access to IOS-7 all along, we won't care because we'll all believe that IOS-9 is leaps and bounds ahead of IOS-7 in terms of security.
Apple and Samsung may have vastly improved the security on their devices. But how secure are the facilities when phone components are designed, manufactured, or assembled? These have to be tempting targets. What's to stop an Apple (or a contractor) engineer, who's really a covert agent, from compromising the chip, ROM, or something? Or compromising core software at the source where its written? I don't think it would be difficult for a major intelligence agency to infiltrate any tech company they've targeted. Especially with so much to gain. We already know the NSA has actively tried to compromise encryption standards (and who knows what else) - right at the source. Going to the source may be the emerging strategy.
Welp, what's to stop tainted components in your router, PC and [drum roll~] servers ?
[EDIT: Incidentally, this is why I'm very curious about a US designed and built Mac Pro]
If you want to look at human vulnerability, it won't be just Samsung and Apple. People running Google, Microsoft, Amazon, Facebook, etc. services can be tempted, fooled or threatened too. There are even richer user data in those environments, nicely analyzed and profiled.
Snowden himself is a great example of an inside "threat".
Quote:
Originally Posted by patpatpat
In 5 years when we find out that NSA and GCHQ had remote access to IOS-7 all along, we won't care because we'll all believe that IOS-9 is leaps and bounds ahead of IOS-7 in terms of security.
It's always a cat and mouse game. In a connected world, when there are easier ways to get the same data, then NSA or the bad guys will go there first.
If Apple do it right, iOS9 should indeed be ahead of iOS7. I doubt they will throw their hands up. Doesn't make sense.
Unless Apple, Google, MS and other OS providers were aware of the NSA spying and all the ways it was being accomplished I personally think it's ridiculous to assume that the holes they were using are all closed by happenstance. We're just now becoming aware of how pervasive it is, with both Apple and Google claiming they had no idea themselves.
Who said anything about happenstance? It's not like tha NSA has secret exploits that no other hacker can figure out for themselves. In four years there has been numerous security fixes, architectural changes, and OS updates. And there are audits going on constantly. I'd be amazed if any of toes exploits still worked, and it's getting harder and harder to find new ones.
Apple and Samsung may have vastly improved the security on their devices. But how secure are the facilities when phone components are designed, manufactured, or assembled? These have to be tempting targets. What's to stop an Apple (or a contractor) engineer, who's really a covert agent, from compromising the chip, ROM, or something? Or compromising core software at the source where its written? I don't think it would be difficult for a major intelligence agency to infiltrate any tech company they've targeted. Especially with so much to gain. We already know the NSA has actively tried to compromise encryption standards (and who knows what else) - right at the source. Going to the source may be the emerging strategy.
While such scenarios are possible, source code is audited, as are chip designs. One would have to place a lot of covert agents in a lot of key positions for this to be plausible.
Unless Apple, Google, MS and other OS providers were aware of the NSA spying and all the ways it was being accomplished I personally think it's ridiculous to assume that the holes they were using are all closed by happenstance. We're just now becoming aware of how pervasive it is, with both Apple and Google claiming they had no idea themselves.
All of these companies were quite aware of holes in their OS by the hundreds of exploits (root kits and jailbreaks) presented by hackers. There is little doubt the NSA uses the same basic exploits and must find new ones every time Apple and Google close a hole. And yes, many exploits can be closed by happenstance.
In 5 years when we find out that NSA and GCHQ had remote access to IOS-7 all along, we won't care because we'll all believe that IOS-9 is leaps and bounds ahead of IOS-7 in terms of security.
While I agree with what you're getting at, there isn't much need for the NSA to backdoor iOS 7. Apple is already on board with the PRISM program and willingly hands over information.
The report is outdated. These remote exploits are all possible with jailbreaks and open source software. In 2010, iOS had a remote PDF jailbreak exploit that was fixed.
Since then, iOS and Mac security have beefed up significantly. It's now sandboxes everywhere compared to 2010. It will continue to be a cat and mouse game as Apple rewrite their software frequently.
But the NSA is resourceful. If they can't do it remotely, they will try to gain physical access to your devices. It doesn't have to be a phone. They can pick the easier ones to start.
If they can't get to your devices, they will try to sieve the network traffic, or target the servers at the same time.
Another point, how is that Snowdon did't and couldn't release the latest spying activities through exploits on the smartphones.
Whatever he had released are dated years back and nothing current.
Another point, how is that Snowdon did't and couldn't release the latest spying activities through exploits on the smartphones.
Whatever he had released are dated years back and nothing current.
I don't think we know if he can't or instead just hasn't. . . yet. The information has been trickling out for weeks now. I'm guessing we haven't seen nearly all of it with much more to come.
All of these companies were quite aware of holes in their OS by the hundreds of exploits (root kits and jailbreaks) presented by hackers. There is little doubt the NSA uses the same basic exploits and must find new ones every time Apple and Google close a hole. And yes, many exploits can be closed by happenstance.
So just to be clear, your opinion is that iOS is hardened against any possible exploits and only users of other OS'es have anything to be concerned about? Or is it all of the major operating systems have been improved by previous hacker exploits and security breaches so that no users need to be concerned any longer?
Comments
The report is outdated. These remote exploits are all possible with jailbreaks and open source software. In 2010, iOS had a remote PDF jailbreak exploit that was fixed.
Since then, iOS and Mac security have beefed up significantly. It's now sandboxes everywhere compared to 2010. It will continue to be a cat and mouse game as Apple rewrite their software frequently.
But the NSA is resourceful. If they can't do it remotely, they will try to gain physical access to your devices. It doesn't have to be a phone. They can pick the easier ones to start.
If they can't get to your devices, they will try to sieve the network traffic, or target the servers at the same time.
Those are different mechanism altogether from the jailbreak, rootkit type exploit.
They are more like user tracking in popular social networks today. Users are already volunteering a lot of location, preferences and relationship data to feed their favorite services. They only need to intercept the network and servers to get more info.
If the users sets the preferences to stop cookie or any form of tracking, the OS, app and service providers have to stop doing so.
Why? At least in the US it's not illegal to ignore "Do Not Track" and many do.
Ah, then it is piece of cake for NSA to track you. ^_^
They don't even need to jailbreak your phone to track your activities online. Everything has been harvested by the ads people on the server side. And big and small companies share data between each other.
And likely requires either physical access to a non passcoded device. Or for said device to be jailbroken to allow for side loading and the user to install the exploit themselves through some kind of Trojan horse move.
Any sort of exploit in iOS that the NSA etc might use are the same sort of thing that jailbreak developers might use. So no it wouldn't be happenstance so much as Apple trying to cure rabies and 'accidentally' cured cancer as well
Those added beacons mean location services are ultra important to the future of Apple, secret or no secret services.
I'm still sort of waiting to see a cursing email when Apple truncated that user lifetime location database on the iPhone.
Yup, a lotta sharing going on. You're getting there.
I’d forgotten how butt-wipingly ugly a presentation slide could be. Someone needs to splurge and pay the $20 for Keynote.
Apple and Samsung may have vastly improved the security on their devices. But how secure are the facilities when phone components are designed, manufactured, or assembled? These have to be tempting targets. What's to stop an Apple (or a contractor) engineer, who's really a covert agent, from compromising the chip, ROM, or something? Or compromising core software at the source where its written? I don't think it would be difficult for a major intelligence agency to infiltrate any tech company they've targeted. Especially with so much to gain. We already know the NSA has actively tried to compromise encryption standards (and who knows what else) - right at the source. Going to the source may be the emerging strategy.
In 5 years when we find out that NSA and GCHQ had remote access to IOS-7 all along, we won't care because we'll all believe that IOS-9 is leaps and bounds ahead of IOS-7 in terms of security.
Apple and Samsung may have vastly improved the security on their devices. But how secure are the facilities when phone components are designed, manufactured, or assembled? These have to be tempting targets. What's to stop an Apple (or a contractor) engineer, who's really a covert agent, from compromising the chip, ROM, or something? Or compromising core software at the source where its written? I don't think it would be difficult for a major intelligence agency to infiltrate any tech company they've targeted. Especially with so much to gain. We already know the NSA has actively tried to compromise encryption standards (and who knows what else) - right at the source. Going to the source may be the emerging strategy.
Welp, what's to stop tainted components in your router, PC and [drum roll~] servers ?
[EDIT: Incidentally, this is why I'm very curious about a US designed and built Mac Pro]
If you want to look at human vulnerability, it won't be just Samsung and Apple. People running Google, Microsoft, Amazon, Facebook, etc. services can be tempted, fooled or threatened too. There are even richer user data in those environments, nicely analyzed and profiled.
Snowden himself is a great example of an inside "threat".
In 5 years when we find out that NSA and GCHQ had remote access to IOS-7 all along, we won't care because we'll all believe that IOS-9 is leaps and bounds ahead of IOS-7 in terms of security.
It's always a cat and mouse game. In a connected world, when there are easier ways to get the same data, then NSA or the bad guys will go there first.
If Apple do it right, iOS9 should indeed be ahead of iOS7. I doubt they will throw their hands up. Doesn't make sense.
Who said anything about happenstance? It's not like tha NSA has secret exploits that no other hacker can figure out for themselves. In four years there has been numerous security fixes, architectural changes, and OS updates. And there are audits going on constantly. I'd be amazed if any of toes exploits still worked, and it's getting harder and harder to find new ones.
While such scenarios are possible, source code is audited, as are chip designs. One would have to place a lot of covert agents in a lot of key positions for this to be plausible.
It is 100% likely. This is from 2010. So we are talking iOS 3 or so for the exploits in this slide.
All of these companies were quite aware of holes in their OS by the hundreds of exploits (root kits and jailbreaks) presented by hackers. There is little doubt the NSA uses the same basic exploits and must find new ones every time Apple and Google close a hole. And yes, many exploits can be closed by happenstance.
In 5 years when we find out that NSA and GCHQ had remote access to IOS-7 all along, we won't care because we'll all believe that IOS-9 is leaps and bounds ahead of IOS-7 in terms of security.
While I agree with what you're getting at, there isn't much need for the NSA to backdoor iOS 7. Apple is already on board with the PRISM program and willingly hands over information.
The report is outdated. These remote exploits are all possible with jailbreaks and open source software. In 2010, iOS had a remote PDF jailbreak exploit that was fixed.
Since then, iOS and Mac security have beefed up significantly. It's now sandboxes everywhere compared to 2010. It will continue to be a cat and mouse game as Apple rewrite their software frequently.
But the NSA is resourceful. If they can't do it remotely, they will try to gain physical access to your devices. It doesn't have to be a phone. They can pick the easier ones to start.
If they can't get to your devices, they will try to sieve the network traffic, or target the servers at the same time.
Another point, how is that Snowdon did't and couldn't release the latest spying activities through exploits on the smartphones.
Whatever he had released are dated years back and nothing current.
I don't think we know if he can't or instead just hasn't. . . yet. The information has been trickling out for weeks now. I'm guessing we haven't seen nearly all of it with much more to come.
So just to be clear, your opinion is that iOS is hardened against any possible exploits and only users of other OS'es have anything to be concerned about? Or is it all of the major operating systems have been improved by previous hacker exploits and security breaches so that no users need to be concerned any longer?