Apple Warnings of Government Spyware a “game-changer”

D

dada_dave

Elite Member
Joined
Oct 25, 2022
Posts
3,447
Security researchers giving Apple credit for their processes in warning people (human right defenders, dissidents, journalists, etc …) about spyware and where to get help:



I do wish the article went into more depth on why it was good that Apple doesn’t provide forensics services itself as I can think of several reasons but I would’ve liked to hear the experts give them rather than just stating it.
 
Related:


Behind a paywall, but here's the headline:

1738920309283.png
 
Cmaier said:
of course zero chance apple complies. If it were just UK citizens’ accounts, then *maybe*.
Click to expand...

What I was thinking... is that by having the above UK demand leak out as it has, that could possibly encourage many all over the world to believe Apple's encryption is 100% secure, and can't be broken. And encourage its use worldwide. All the while MI5/6 have already found a way in.

Perhaps a long shot. But you'd never know.
 
Citysnaps said:
What I was thinking... is that by having the above UK demand leak out as it has, that could possibly encourage many all over the world to believe Apple's encryption is 100% secure, and can't be broken. And encourage its use worldwide. All the while MI5/6 have already found a way in.

Perhaps a long shot. But you'd never know.
Click to expand...
To be blunt, that kind of wheels-within-wheels planning would require a level of competence in humans that I just don't believe in anymore. While occasionally we pull shit like that off, for the most the world is exactly what it seems to be, which is just somehow worse.

theorist9 said:
Related:


Behind a paywall, but here's the headline:

View attachment 33750
Click to expand...

I guess nobody has learned that building backdoor encryptions lets everyone in?

techcrunch.com

The 30-year-old internet backdoor law that came back to bite | TechCrunch

China reportedly hacked the wiretap systems required by U.S. internet providers under a 1994 U.S. wiretapping law.
techcrunch.com techcrunch.com
 
dada_dave said:
To be blunt, that kind of wheels-within-wheels planning would require a level of competence in humans that I just don't believe in anymore. While occasionally we pull shit like that off, for the most the world is exactly what it seems to be, which is just somehow worse.
Click to expand...

With respect to pulling a ruse/deception like that off? Or that that MI5/6's cryptanalysts couldn't successfully attack Apple's encryption?

"I guess nobody has learned that building backdoor encryptions lets everyone in?"

I don't think Apple would do that. Or would be necessary.
 
Citysnaps said:
With respect to pulling a ruse/deception like that off? Or that that MI5/6's cryptanalysts couldn't successfully attack Apple's encryption?
Click to expand...
The former, especially not as a deliberate attempt by the lawmakers - ie that they were in on the ruse.
Citysnaps said:
"I guess nobody has learned that building backdoor encryptions lets everyone in?"

I don't think Apple would do that. Or would be necessary.
Click to expand...
It’s what the law requires, if Apple were to comply, which they might not.
 
dada_dave said:
It’s what the law requires, if Apple were to comply, which they might not.
Click to expand...

If Apple were not to comply, which I suspect will be the case, that would complete the ruse. With the world believing Apple's encryption is 100% secure. While MI5/6 has already found a way in.
 
Citysnaps said:
With respect to pulling a ruse/deception like that off? Or that that MI5/6's cryptanalysts couldn't successfully attack Apple's encryption?
Click to expand...

I read it as the ruse side of things.

That said, if a government agency finds issues with AES or the like and doesn’t tell their allies to stop using it, that’s really bad for everyone. Keep in mind Apple’s encryption is the same encryption the (western) world relies on for security. And reading from Apple’s white papers is interesting because I get a pretty good idea that Apple has some smart security folks onboard and is listening to them.

For example, when they added post-quantum encryption schemes to iMessages recently, they did it such that it wasn’t old *or* new, but both. So if the new happens to have ugly flaws that are exploitable, it still has the same level of security it did before. They are following good practices that other tech companies should be doing. Exploiting systems built on these sort of good practices would have far reaching consequences, and I would be appalled if it turned out an agency like the NSA or MI5 had pulled it off but kept it secret on the *hope* that an opponent wouldn’t find and exploit it too.
 
Nycturne said:
That said, if a government agency finds issues with AES or the like and doesn’t tell their allies to stop using it, that’s really bad for everyone.
Click to expand...

I suspect such a discovery would only be disseminated to the Five Eyes countries. As an aside... with trump in office, I wonder if UK/Australia/Canada/New Zealand would still trust the US in sharing that information.
 
Citysnaps said:
I suspect such a discovery would only be disseminated to the Five Eyes countries. As an aside... with trump in office, I wonder if UK/Australia/Canada/New Zealand would still trust the US in sharing that information.
Click to expand...
Still we’ve learned that such backdoors don’t stay in the hands “of the good guys” for long. Which is why even if it’s a ruse by those who think they’re being clever, it’s still fundamentally stupid. This isn’t 30 years ago, the Russians and especially the Chinese are almost as good and they don’t necessarily need to be, if they suspect there’s a flaw it’s just a matter of time.

Jimmyjames said:
As someone from the UK, is difficult to overstate how disappointed I am in them. The last lot were grossly incompetent and nasty. These are no better so far.
Click to expand...

I can understand the disappointment, but every time we think that it's good to remember that the conservatives just get even worse the next time - the number of times I've heard "the Democrats (or Labour in Britain) are just as bad" during an election only for the next conservative government of Republicans/Tories just to prove that so horrifyingly wrong. That doesn't really console me when the Democrats/Labour do shit like this though (though the law under whose auspices they do this under was passed in 2016, so Tories, but the Starmer government didn't have to take advantage of it).
 
Last edited:
dada_dave said:
Still we’ve learned that such backdoors don’t stay in the hands “of the good guys” for long. Which is why even if it’s a ruse by those they’re being clever, it’s still fundamentally stupid. This isn’t 30 years ago, the Russians and especially the Chinese are almost as good and they don’t necessarily need to be, if they suspect there’s a flaw it’s just a matter of time.
Click to expand...

Let's say it isn't a backdoor... And the US and close partners have a novel way of attacking Apple's encryption. If China were to eventually be able to do that as well, that means there's one more country that can do that.

The US government and close partners have their own robust encryption systems that hopefully are resistant to such attacks.

BTW... I'm enjoying this discussion. Thanks!
 
Citysnaps said:
Let's say it isn't a backdoor... And the US and close partners have a novel way of attacking Apple's encryption. If China were to eventually be able to do that as well, that means there's one more country that can do that.

The US government and close partners have their own robust encryption systems that hopefully are resistant to such attacks.
Click to expand...

As I’ve already pointed out, it’s not "Apple’s encryption", it’s RSA/AES. If you can crack the most trusted, widely used encryption setup in the world, then congrats, you’ve built Janek’s little black box and things are going to get bad quick. The US/UK government is dependent on this as much as Apple. Apple’s good practices are governmental good practices, and are informed by those "robust encryption systems".

Fundamentally, if you believe a nation state can crack the encryption in use for commerce, that means the infrastructure of the modern world is equally at risk. And more so than the telecom hack. If that’s true, you really should be putting your money under your mattress.
 
Nycturne said:
As I’ve already pointed out, it’s not "Apple’s encryption", it’s RSA/AES. If you can crack the most trusted, widely used encryption setup in the world, then congrats, you’ve built Janek’s little black box and things are going to get bad quick. The US/UK government is dependent on this as much as Apple. Apple’s good practices are governmental good practices, and are informed by those "robust encryption systems".

Fundamentally, if you believe a nation state can crack the encryption in use for commerce, that means the infrastructure of the modern world is equally at risk. And more so than the telecom hack. If that’s true, you really should be putting your money under your mattress.
Click to expand...
Was just about to type all this, but you got there first, and better!

Beyond commerce, government employees use and communicate in their private lives on these system (and occasionally professional when they aren't supposed to) ... never mind when idiots in our government demand CIA employee names get sent in an email ...
 
I forgot about this, but it’s true. As written by MacRumors another wrinkle is the US security agencies have finally come around to realizing that isn’t the best approach and have been advocating for the opposite official position:

The timing is particularly awkward, given that US security agencies have recently been advocating for increased use of encryption to combat Chinese cyber threats. In December, the FBI, the National Security Agency, and the Cybersecurity and Infrastructure Security Agency jointly recommended that companies "ensure that traffic is end-to-end encrypted to the maximum extent possible" to protect against state-sponsored hacking. Creating a backdoor for UK authorities would directly contradict this guidance and could weaken US cyber defenses, potentially forcing Apple to choose between complying with UK law or protecting US national security interests.
Click to expand...

The Brits are just out of step on this one.
 
Nycturne said:
If you can crack the most trusted, widely used encryption setup in the world, then congrats, you’ve built Janek’s little black box and things are going to get bad quick.
Click to expand...
SETEC ASTRONOMY

My favorite movie. My wife’s too.

“Whistler, I hate to tell you this, but you’re blind”
 
Cmaier said:
SETEC ASTRONOMY

My favorite movie. My wife’s too.

“Whistler, I hate to tell you this, but you’re blind”
Click to expand...

I discovered this on VHS as a teen, and enjoyed it then because it was just a good spy romp. As I got older, and realized that Janek was literally talking about breaking RSA with his dialogue, and the black box was supposed to be a sort of “Shor’s Algorithm on a chip" thing, I started to appreciate the texture underneath it all that helped ground it.

I feel silly only recently recognizing that the room Martin and Cosmo talk in was supposed to be a sort of 1990s-style Cray supercomputer. Just so many good details beneath the surface to pull apart.
 
Nycturne said:
I discovered this on VHS as a teen, and enjoyed it then because it was just a good spy romp. As I got older, and realized that Janek was literally talking about breaking RSA with his dialogue, and the black box was supposed to be a sort of “Shor’s Algorithm on a chip" thing, I started to appreciate the texture underneath it all that helped ground it.

I feel silly only recently recognizing that the room Martin and Cosmo talk in was supposed to be a sort of 1990s-style Cray supercomputer. Just so many good details beneath the surface to pull apart.
Click to expand...

I first saw it when I was at RPI. The TV announcer at the end was the local ABC news anchor. Then I moved out here and became familiar with the birds Whistler heard. Anyway, just a great movie that nobody seems to know about.
 
Back
Top