undefined | Better HN

0 pointskevinnk10y ago0 comments

Could you be more specific? I've followed the NSA leaks with some interest, but not particularly closely, so I'd be really interested in seeing the actual presentation/document/whatever.

For reference I've googled every combination of "nsa apple mobile OS leak" I could think of and couldn't find a primary source.

0 comments

nickpsecurity10y ago

I Googled "nsa leak iOS" and found the first one:

http://www.spiegel.de/international/world/how-the-nsa-spies-...

Helps to type in just what you want and what will specifically have your answer. Mobile will give you garbage most of the time. Apple as well. A technical document will usually reference iOS. Also, you can use quotes to ensure something appears.

Interesting enough, me typing what you typed into Google still led to same leak and others showing potential backdoors. Hmmm.

Udo_Schmitz10y ago

If you are asked for a source it doesn't look great to begin your answer with: "I googled …" About the linked article: out of date (2013, mentions iOS 4.3.3). Very thin on actual information. 90% of article is about Blackberry but insinuates same risks for iOS. As a German I wouldn’t trust Der Spiegel anyway: when it come to IT issues my fellow countrymen are often fueled by longstanding anti-americanism and technophobia :/

nickpsecurity10y ago

He said he couldn't find anything on the topic Googling. When anyone does that, the first thing I do is Google exactly what they said. Usually turns up something. Then I point that as if I wonder how much research they actually did. If they otherwise seem alright, I might also give tips on how I get decent results out of search engines.

"About the linked article: out of date (2013, mentions iOS 4.3.3). Very thin on actual information. "

It's what I got out of a quick Google. I was unwilling to spend more time on that angle as my list of risks plus Apple's development practices shows we should consider it untrustworthy by default. I just don't feel like putting too much time into finding the specific evidence NSA might hit a specific version of a product that wasn't secure in its entire history. Also, which came from a company whose products did things like require an admin login on certain services but not check if password matches records: just the existence of a password in submission was enough. Better to spend that time on researching actual security. ;)

kevinnkOP10y ago

Sorry, maybe I should have been a little more specific. I was looking for a primary source that shows this part: "FBI talked about how they couldn't beat iPhones but NSA had them in the leaks & was parallel constructing to FBI." The link you posted only talks about "hacking" iPhones, but nothing about parallel construction. Additionally, it only talks about how the NSA is making use of the device's (local) backup. As far as I can tell that doesn't imply a hack of the iPhone itself.

nickpsecurity10y ago

Oh, OK. That makes more sense. As I said to other commenter, I'm not doing enough research to figure out how they're hacking it directly. There's so many published hacks of hardware and firmware that were designed for secure operation that it would be a miracle if they didn't have something on iPhones. It's more a "insecure-by-default" if it doesn't address what's on my list of attack vectors. I know it doesn't because it wouldn't be compatible with legacy ARM or iOS code without modifications. ;)

Far as parallel construction, let me see if I can quickly Google something. Here's you a few on it early on with FBI and DEA's stronger cooperation.

https://www.techdirt.com/articles/20150427/11042430811/nsas-...

http://www.reuters.com/article/us-dea-sod-idUSBRE97409R20130...

Further, they'll actually let a criminal go just to prevent either the public or courts learning the details of defense-related techniques. The Stingrays are a perfect example:

http://arstechnica.com/tech-policy/2015/04/fbi-would-rather-...

kevinnkOP10y ago

Gotcha. I agree that there are a lot of potential security issues present on the iPhone, and if I was a terrorist (or my name was Edward Snowden) I would definitely act as if they were already hacked by the NSA/FBI/whomever.

However, your original comment made it sound like we had direct confirmation of that fact. I hadn't heard that before, which is why I was interested.

1 more reply

j / k navigate · click thread line to collapse

0 comments

nickpsecurity10y ago

I Googled "nsa leak iOS" and found the first one:

http://www.spiegel.de/international/world/how-the-nsa-spies-...

Interesting enough, me typing what you typed into Google still led to same leak and others showing potential backdoors. Hmmm.

Udo_Schmitz10y ago

nickpsecurity10y ago

"About the linked article: out of date (2013, mentions iOS 4.3.3). Very thin on actual information. "

kevinnkOP10y ago

nickpsecurity10y ago

Far as parallel construction, let me see if I can quickly Google something. Here's you a few on it early on with FBI and DEA's stronger cooperation.

https://www.techdirt.com/articles/20150427/11042430811/nsas-...

http://www.reuters.com/article/us-dea-sod-idUSBRE97409R20130...

Further, they'll actually let a criminal go just to prevent either the public or courts learning the details of defense-related techniques. The Stingrays are a perfect example:

http://arstechnica.com/tech-policy/2015/04/fbi-would-rather-...

kevinnkOP10y ago

However, your original comment made it sound like we had direct confirmation of that fact. I hadn't heard that before, which is why I was interested.

1 more reply

j / k navigate · click thread line to collapse