#AceSecurityNews says `Apple Security flaw could be a back-door for the #NSA
Was the National Security Agency exploiting two just-discovered security flaws to hack into the iPhones and Apple computers of certain targets? Some skeptic’s are saying there is cause to be concerned about recent coincidences regarding the #NSA and Apple.
Within hours of one another over the weekend, Apple acknowledged that it had discovered critical vulnerabilities in both its iOS and OSX operating systems that, if exploited correctly, would put thought-to-be-secure communications into the hands of skilled hackers.
“An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS,” the company announced.
Apple has since taken steps to supposedly patch up the flaw that affected mobile devices running its iOS operating system, such as iPhones, but has yet to unveil any fix for the OSX used by desktop and laptop computers.
As experts investigated the issue through the weekend, though, many couldn’t help but consider the likelihood — no matter how modicum — that the United States’ secretive spy agency exploited those security flaws to conduct surveillance on targets.
On Saturday, Apple enthusiast and blogger John Gruber noted on his personal website that information contained within internal NSA documents leaked by former intelligence contractor Edward Snowden last year coincide closely with the release of the affected mobile operating system, iOS 6.
According to a NSA slideshow leaked by Mr. Snowden last June, the US government has since 2007 relied on a program named PRISM that enables the agency to collect data “directly from the servers” of Microsoft, Yahoo, Google, Facebook and others. The most recent addition to that list, however, was Apple, which the NSA said it was only able to exploit using PRISM since October 2012.
The affected operating system — iOS 6.0 — was released days earlier on September 24, 2012.
These facts, Gruber blogged, “prove nothing” and are “purely circumstantial.” Nevertheless, he wrote, “the shoe fits.”
With the iOS vulnerability being blamed on a single line of erroneous code, Gruber considered a number of possibilities to explain how that happened.
“Conspiratorially, one could suppose the #NSA planted the bug, through an employee mole, perhaps. Innocuously, the Occam’s Razor explanation would be that this was an inadvertent error on the part of an Apple engineer,” he wrote.
“Once the bug was in place, the #NSA wouldn’t even have needed to find it by manually reading the source code. All they would need are automated tests using spoofed certificates that they run against each new release of every OS. Apple releases iOS, the #NSA’s automated spoofed certificate testing finds the vulnerability, and boom, Apple gets ‘added’ to PRISM.”