Jacob Appelbaum has yet another revelation from the Edward Snowden trove of documents: that the NSA has a backdoor into all of Apple's iPhones. And I have no doubt at all that the NSA does indeed have the capability to crack an iPhone if it so wishes. But it’s what Appelbaum then goes on to say that is what I would call misinformation. At the very least it’s a disingenuous suggestion. Here’s what he does go on to say:
“Either [the NSA] have a huge collection of exploits that work against Apple products, meaning they are hoarding information about critical systems that American companies produce, and sabotaging them, or Apple sabotaged it themselves,” Appelbaum said at the Chaos Communication Conference in Hamburg, Germany.
Apple has of course clarified that:
Apple has never worked with the NSA to create a backdoor in any of our products, including iPhone. Additionally, we have been unaware of this alleged NSA program targeting our products. We care deeply about our customers’ privacy and security. Our team is continuously working to make our products even more secure, and we make it easy for customers to keep their software up to date with the latest advancements. Whenever we hear about attempts to undermine Apple’s industry-leading security, we thoroughly investigate and take appropriate steps to protect our customers. We will continue to use our resources to stay ahead of malicious hackers and defend our customers from security attacks, regardless of who’s behind them.
According to leaked documents, the NSA claims a 100 percent success rate when it comes to implanting iOS devices with spyware. The documents suggest that the NSA needs physical access to a device to install the spyware….
You can hack anything at all if you’ve got physical access to the hardware that you want to hack. We could undoubtedly hack President Obama’s BlackBerry if we could lay hands on it for a couple of days.
Appelbaum’s conclusion, that all Apple iPhones are vulnerable to some backdoor that is either a risk to Apple users or that Apple helped to create, is simply not backed up at all by the fact that physical access to the device is necessary to be able to hack it. Because, as I say, you can hack anything if you’ve physical access to it. You could, for example, jailbreak it and then add malicious code. If you were being really ambitious you might create some customs ROMs and add those. The list of things that you can do with said physical access is very long: and mean absolutely nothing at all about whether there is a backdoor into a system or whether Apple, or any other manufacturer, has either left a security gap or collaborated in the creation of the hack.
I’m entirely willing to believe that Edward Snowden is honest in his motivations, even if I think him misguided. This latest from Appelbaum (to add to all those lovely stories of his sojourn in Hawaii etc at a crucial time) make me much less willing to trust his statements on this or any other matter. He knows, as a security expert, that there are no secure systems if those who desire access gain physical access to the hardware. Yet even though he knows this point he goes on to claim a general backdoor and casts all sorts of aspersions about the motives that led to this. That’s just not credible, knowing what he already does about that physical access requirement. And those two things together make Appelbaum not credible to me I’m afraid.