This page has been archived and commenting is disabled.
5 Reasons To Question Apple's Data Security
Submitted by Mike Krieger of Liberty Blitzkrieg blog,
I’m the furthest thing in the world from a technology or security expert, but what I have learned in recent years is that a dedicated, sophisticated and well funded hacker can pretty much own your data no matter how many precautions you take. Nevertheless, the major technology companies on the planet shouldn’t go out of their way to make this as easy as possible.
In the wake of the theft of private images from several prominent celebrities, many people are rightly wondering whether how vulnerable their data is. The answer appears to be “very,” and if you use Apple, the following article from Slate may leave you seething with a sense of anger and betrayal.
David Auerbach wrote the following for Slate. Read it and weep:
In the wake of the theft of the private data and photos of dozens of celebrities, there is at least one major culprit. Not the alleged leakers, though obviously they’re to blame, but the company that has most prominently overstated its security in the first place: Apple.
What is clear is that Apple has had a known security vulnerability in its iCloud service for months and has been careless about protecting its users. Apple patched this vulnerability shortly after the leak, so even if we’re not sure of exactly how the photos got hacked, evidently Apple thinks it might have had something to do with it. Whether or not this particular vulnerability was used to gather some of the photos—Apple is not commenting, as usual, but the ubiquity and popularity of Apple’s products certainly point to the iCloud of being a likely source—its existence is reason enough for users to be deeply upset at their beloved company for not taking security seriously enough. Here are five reasons why you should not trust Apple with your nude photos or, really, with any of your data.
1. The vulnerability is Security 101 stuff.
Up until Monday, Apple had a significant and known brute-force vulnerability in its Find My iPhone service, where you type in your Apple ID and password on your computer in order to locate your iPhone on a map. Most services that use passwords, from Facebook to Google to banks, will lock your account or at least throttle logon attempts after a certain number of failed access tries to prevent a person who is not you from making endless guesses at common passwords. Apple itself will do this in most places—but not through its Find My iPhone service, where hackers are allowed unlimited attempts at guessing passwords. You can endlessly try password after password as quick as you like. Once a correct Apple ID password is confirmed through Find My iPhone, a hacker then has access to your iCloud account.
2. The vulnerability was publicly known since May.
A Russian security group called HackApp released iBrute, a proof-of-concept tool to exploit this vulnerability, on Aug. 30. But don’t blame them, because the celebrity hacking probably took place quite a while before that. The Register publicized the lack of any sort of limit on iCloud logon attempts in May, and Apple did nothing about it, giving hackers plenty of time to bash away at accounts. Even after iBrute was publicly released, Apple didn’t patch the vulnerability until Sept. 1 and did nothing to secure accounts in the meantime.
3. Apple defaults users into the cloud.
Clouds are wispy and ephemeral, the very opposite of secure, so why would you want to store anything in them? No one particularly does: Cloud storage has been forced on users because it suits tech companies, not because it’s what’s best for consumers. But Apple makes it very hard not to store photos in its cloud, nude or otherwise. Camera Roll automatically backs up photos (all photos) to the cloud by default, and Apple makes it difficult for average users to change the default. It’s worked. And it’s too bad, because whatever you store on the cloud has far less legal and security protection than what’s on your own computer. Even deleting photos from your phone doesn’t delete them from the cloud, as security expert Nik Cubrilovic pointed out on Twitter. (The American Civil Liberties Union’s Christopher Soghoian has wisely suggested a “private photo” feature that doesn’t upload certain photos to the cloud.)* Defaulting to the cloud is like checking baggage on an airline: People might look through your stuff, and even steal it. And like the airlines, Apple’s liability is strictly limited by the extremely generous (to Apple) agreement you sign when you purchase any of its products.
4. Apple does not encourage two-factor authentication.
Two-factor authentication, in which physical possession of a particular device (like a phone) is necessary to log in to an account, is one of the most common and effective supplements to the problematic security of regular passwords. Google, Yahoo, Facebook, Twitter, and many other services offer two-factor, though rarely by default. Still, as the Daily Dot writes, “For reasons that defy all logic, Apple makes it extraordinarily difficult to enable two-step verification,” making users wait three days just to turn it on. (In other words, if you had found out about the vulnerability on Aug. 30, you couldn’t have protected yourself until Sept. 2.) Apple barely publicizes its two-factor authentication and has not encouraged users to adopt it. Apple controls the default user experience for its products, and it has the responsibility for that default to be reasonably secure—which it currently is not.
5. Two-factor authentication wouldn’t have worked anyway.
Even if you were a celebrity who had enabled two-factor authentication, it wouldn’t have helped in this case because Apple doesn’t enforce two-factor authentication for iCloud logons even if you have it turned on, as was reported by Ars Technica all the way back in May of 2013. Apple primarily uses two-factor to prevent credit card purchases, not to protect the privacy of your data.
At this point, I want to highlight two previously published articles:
Apple’s Massive Security Flaw: NSA Exploit or an Honest Mistake?
Apple Directors Overrule and Reject Shareholder Proposal to Protect User Privacy
But sure, go ahead and camp out for 19 days for that iPhone 6.
“You’ve got young enlisted guys, 18 to 22 years old,” Snowden said. “They’ve suddenly been thrust into a position of extraordinary responsibility where they now have access to all of your private records. In the course of their daily work they stumble across something that is completely unrelated to their work in any sort of necessary sense. For example, an intimate nude photo of someone in a sexually compromising position. But they’re extremely attractive.
“So what do they do? They turn around in their chair and show their co-worker. The co-worker says: ‘Hey that’s great. Send that to Bill down the way.’ And then Bill sends it to George and George sends it to Tom. And sooner or later this person’s whole life has been seen by all of these other people. It’s never reported. Nobody ever knows about it because the auditing of these systems is incredibly weak. The fact that your private images, records of your private lives, records of your intimate moments have been taken from your private communications stream from the intended recipient and given to the government without any specific authorization without any specific need is itself a violation of your rights. Why is that in a government database?”
“It’s routine enough, depending on the company that you keep, it could be more or less frequent. These are seen as the fringe benefits of surveillance positions.”
Because terrorism…
Full Slate article here.
- 20335 reads
- Printer-friendly version
- Send to friend
- advertisements -



It is for the greater good. NOW SHUT UP AND EAT YOUR SOUP!
The Apple iPhone 6: Better backdoors for everyone.
More people are trying to short Apple stock given the new product line coming out next week.
Yet another yawn.
If you think Apple has security problems, Android is far worse. Android will be the backbone of the zombie botnets of the future.
Yeah, apple's security is so awful blah blah. Yet, almost all malware is on android:
http://www.malaysiaitfair.com.my/wp-content/uploads/2013/12/card1-mobile...
Exploit that operating system for 500
Is Apple A Victim Of Corporate Sabotage, Economic Terrorism And/Or Financial Warfare?
One more time, people: If it is in the least manner connected to the ethernet, it is essentially vulnerable, hackable, readable, subject to modification, deletion, redaction and is just plain not private or safe.
What doesn't anybody get about publicly displaying sensitive personal information to the entire world?
The biggest security flaw for any computer device lies between the keyboard and the chair.
It won't be long before some idiot(s) decide to use a computer connected to the Internet for ICBM launch systems.
Then no one will know who it was exactly that put that ICBM into orbit with a nuclear warhead.
The Internet is less secure than a filing cabinet with no lock.
Mmmk, Apple's lax security is simply a lesser of two evils, where in either case an owner of the phone could get 'raped'.
WTF.
Guys, you should check out new finnish phone maker Jolla, which was formed by old Nokia MeeGo engineers making the native linux OS.
Now they have made Linux os phone themselves http://jolla.com/ . It will be soon available in USA also AFAIK.
From wiki:
"Jolla Oy[1] (sometimes referred to as Jolla Ltd.) is an independent designer and developer of various mobile devices[2] as well as their open Sailfish OS and Mer Core open sourceprojects.[3] Headquartered in Helsinki, Finland, Jolla has Research and Development (R&D) sites in Helsinki and Tampere, an office in Hong Kong, and they are establishing R&D operations in China.
Nokia, after rapidly losing marketshare in the smartphone market, decided to create a new operating system based on Linux, naming it Maemo. After merging with Intel's Moblin project (also an open source Linux system), the project was renamed MeeGo. On 7 February 2011, Nokia chose to concentrate on Windows Phone for the high-end smartphones, stopping development of their MeeGo-based handsets.[citation needed]
In October 2011, many of the MeeGo team left Nokia to form Jolla, utilizing funding from Nokia's "Bridge" program which helps establish and support start-up companies formed by ex-Nokia employees.[4][5][6]"
Edit: From Sailfish OS wiki:
Privacy[edit]Responding to privacy concerns in light of the PRISM spying program that came to light in summer 2013, a company representative said the US National Security Agency (NSA) would have no access to Jolla's servers. "Jolla servers are not in US, so we are not subject to any US rules or regulations regarding disclosing information."[11] Many see in this the Sailfish OS and Jolla's smartphone advantage over other operating systems like Windows, Android or iOS, which are from companies that allegedly grant secret services wide access to user data.[who?]
I'm getting a Jolla for these reasons.
The NSA will just get the host country to spy for it. Washington will put pressure on that government until they relent or participate.
I don't know. Finland strikes me as a small but fiercely independent sort of country.
Android is easier to create and upload Malware. Open source is ALWAYS vulnerable. That is why I am shocked so many people have droids. Most people can't use a pc, except for turning it on and opening a web browser, and certainly wouldn't be able to decipher malware from legit apps. I went with Apple because Droid is a mess. Open source usually is. One App can mess your phone up with its inefficient code because there are no checks in place such as the Apple store. There are no police for the Droid apps.
Anyone who uses a cloud service should know their data can be hacked or stolen. You don't control the infrastructure or security of it. The data can also be subpenaed by the police or confiscated in mass by the police.
James_Cole Yeah, apple's security is so awful blah blah. Yet, almost all malware is on android
----
Same could be said for windows vs apple. Apple lost and it is repeating the same situation. They are both open to attacks of various kinds. Windows, like android, is the most used. Thus it gets attacked more. But who won the OS war? Not Apple.
Same could be said for windows vs apple. Apple lost and it is repeating the same situation. They are both open to attacks of various kinds. Windows, like android, is the most used. Thus it gets attacked more. But who won the OS war? Not Apple.
Apple doesn't sell / license their iOS... and microsoft didn't make personal computers to run win on.
AAPL 592.6B > GOOG 400.4B > MSFT 378.3B
Amerikan domestication at its finest.
Trust defines a sheeple.
And "sheeple" defines a smug, childish, pretentious post. Please don't do that again.
Fuck Apple and the Hedgie Hotels that own it.
But who gives a shit, algos don't read ZH
But who gives a shit, algos don't read ZH.
Yeah but they post here. Some of the shit posted by the trolls is so retarded that it has to be a bot.
..... Trailer Park Bots.........
.........after Riki got his grade 10 the park was never the same.......
Obama is great. Obama is best. Follow Obama. Praise Obama.
Hallelujah
But the iPhone 6 and the iTime smartwatch!!!
Who cares about having your junk and your girlfriend's tits exposed to everyone when you can have the ultimate status symbol with a fruit logo.
It isn't about using the phone, it's about being seen with it.
Apple should just call the iCloud iSnap and just have your pics and vids automatically posted to youporn. Then the iPay system can automatically deposit the advertising click revenue directly into your bank account.
Fuck, just gave Apple the idea to shoot their stock to $10k a share, plus give the FTC content for the next 20 years, go long Kleenex and Jergens.
the operating system
mindless material consumerism
elemental extensions of the central nervous system
virtual vacuums of inter-exchange
silent symphonies of devolution
WHAT MUST BE UNDERSTOOD IS THAT THERE ARE TOO MANY ASS-LICKERS IN THE USA WHO HAVE BOLIXED UP OUR ENTIRE COUNTRY AND YOU MAY AS WELL SAY THE ENTIRE WORLD, THE WHOLE BALL OF WAX AND SHEBANG! WHY? WHO VOTED FOR THE RICH A$$HOLES WHO ARE MAKING ALL OF OUR LIVES TOTALLY MISERABLE AND TURNING OUR SOCIETY INTO A GLOBAL PLANTATION? CERTAINLY NOT YOURS TRULY, AND IF I HAD ANY SAY I WOULD LINE THESE PATHETIC JERK OFF ARTISTS AGAINST THE WALL AND GUN THEM DOWN WITH AN AK47!!!
Apple are tax cheats like Bono in U2, Marc Rich and other tax cheat scum.
They sell overprices crapware filled with spy ware shit.
These break ins and other BS really can F=up companies. Ask Target. BUt anyway - F Apple and all their smug liberal employees. F em.
Seems like Amerikans like to have the crap no matter what. DUMB SHEEPLES , so much inbreeding has yielded in the tru pussification.
I am loving this. The retards who worship at the Apple altar are all upset because their Apple crapware is wide open to hacking and is filled with spyware.
The smug and shitty condescending attitudes of Apple consumers and liberal Apple employes makes me laugh. Hey retards - Enjoy your Apple spyware shit sandwich.
There are a good many things about apple that i truly hate but the one thing i do not miss with the other assholeware - reloading hard drives constantly and always always fighting off viruses trojans worms and just the general MS-BS ....... Linux showed some promise but too thin to be of much use leaving only Microsoft based bullshit and anyone so stupid to defend that pile of shit is simply beyond the retarded event horizon........ closely approximated as division by zero retarded if you get my drift......
Please do not take my disgust and disdain from iApple crapware as an endorsement for Bill Gates Mengle. Microshaft is probably worse. For all Jobs many faults and for being an AH - he seemed far more decent person than Gates-Buffet and Balmer.
Rakshas
Take a look at http://elementaryos.org/ LUNA - Ubuntu Based - Nice Interface.
They are in beta for their newest os -
It’s been exactly one year since the release of the second version of elementary OS. On this, the day of our Lunaversary, we’re proud to make the first beta of elementary OS Freya publicly available for developers and testers.
http://elementaryos.org/journal
LUNA has been around a while.
Cost, whatever you like or free.
Does take some learning.
NOT uniquely american by any stretch..... everywhere I go UK, Thailand, Vietnam, Singapore Canada US Ozzie the majority seem to like their iCrap
sent from my MacBook Air via iPhone 5s configured for hotspot
......... BAAAA BAAAAAA
7 billion people need to understand that Goldman Sachs is in the process of killing them.
Long live Linux.
Give a shit about privacy? Then don't give your data to .com or .gov.
I chuckle when someone sends me a link to a petition hosted by the Whitehouse. Then I click delete.
I chuckle when someone asks me why I don't use Facebook, or Dropbox, or Google Drive. Then I call them a shitbird.
I don't have many friends.
whoa
all caps dude
Because crony capitalism.
Security through obscurity doesn't work when your products are the most popular on the planet
(dumbshits).
White Hat buddy of mine used Apple when they were not ubiquitous.
"Everyone goes after Gates, since almost everyone is on his OS."
So, Apple is a victim of their own success to a point.
You are trading convenience for security. I would love to have access to my trade account, bank, etc on my old smart phone (I dumped it for a BB). The risk outweighs the reward.
We used to bust somebody once/month at a secret research base I worked at for having a wireless access point. People just get lazy. The Russians bought a facility near the base and had a huge "vacuum cleaner" antenna array on the top of some tall structures on their property. We waited and one night when we knew they were active we burned them up with an electronic counterattack. They pulled more tricks and we pulled tricks. The point is not the fact we successfully defended against them. The point is they diverted out resources to fight in our own back yard.
The Russkies are smart guys; ours are too, but do not underestimate Ivan. You do so at your own peril. Tsiolkovsky was the first scientist to actually figure out rocket motors, before Goddard, and he was just one of their Brainiacs.
Today, as business guy, I would prefer to do business with them than fight. I am sure their guys feel the same. Everyone wins in tough competition for business; everyone loses in War.
******
Everyone can crow about how ISIS got created. The politics at this point are superfluous. They need to be destroyed. Russia could assist the US if we were not engaged in the political horse hockey over Ukraine. Two battalions of US Spec Ops and two battalions of Speznaz could wipe these guys out in a week with air support. A unified command with Russian and American officers would be 100% unstoppable.
Unfortunately, with the current US Administration, do not count on there being any common sense available to go around. They are owned by characters out for their own interests, not ours.
Russia could assist the US if we were not engaged in the political horse hockey over Ukraine.
WTF? Rewind to almost exactly a year ago. The Obama-USA wanted to bomb Syria who was fighting the USSA's ISIS. The Syrians probably have had 100,000 people killed by ISIS and the USSA was making Syria out to be the bad guy. The USSA, Saudis and other scum backing this underestimated the Syrian's bravery and ability to fight back.
This is Johnny McCain's ISIS. He did photo ops and shout outs with them along with Soros scheming on the Ukraine. Syria - one year ago. The Russian's lined up 8 Russian naval ships between Syria and the US Navy. The US would have to fire their Tomahawks over the Russian fleet and everyone of those cruise missiles would have been shot down.
ISIS is a western gang. I guess you believe the fake beheadings as well. ISIS is run out of Virginia.
Beghanzi was about the USA arming ISIS with weapons used to destroy Libya in that illegal proxy war. They were being repositioned to fight Syria. The last people the ambassador saw was a Turkish agent/ambassador and Turkey is 100% behind taking out Syria. Turkey's leadership are faux muslims like the House of Saud.
Get a clue.
The current US Administration? Every part of the US govt is supporting Obama including Congress, the judiciary, the Pentagon, SPEC OPs, intel and the military. They are all on the same team. No one in .gov is standing up for the Constitution and American citizens. Wake up.
Horse hockey in the Ukraine? This is the USSA trying to put a NATO base at Russia's front door after the USA said they would never do that and signed an agreemnt to that effect.
Oh and just today - the US media that had been demonizing Syria and saying nice things about Syria attacking ISIS.
http://www.nydailynews.com/news/world/syria-bombs-isis-training-camp-art...
Amazing the incredible corruption and manipulation by the media. This is McCain and the NeoCon, Dems and Obama's ISIS.
Here we are. John McCain with ISIS. Remember his Admiral father ordered F-4 Phantoms racing to aid the USS Liberty to break off and return to their carrier.
The first ship to provide the USS Liberty with aid was Russian not the US Navy. The amnesty McCain klan has been selling out Americans for decades.
http://4.bp.blogspot.com/-UjdAcc6i2EQ/U7tmipA94bI/AAAAAAAAT9U/iWH4-slTY2...
Freddie, the idea is Idealistic, not what we are actually faced with.
Did you not read the last sentence in the post?
So, I will repeat: If we did not have the skuldugerry going on, this stuff would not be happening.
You have been reading my posts for years, I expected a bit more thought.
If we did not have the skuldugerry?
This is all they do in DC. These dual citizens running the USA are destroying the USA and all these other countries including European countries. This chaos is by design. They are evil psychopathic murderers.
"As for data, info, storage, if you don't own or control both ends of the security involved, it is not secure."
I.e. Apple, Google, Micro$oft, Hushmail assurances of "security" are worth the paper they are printed on.
An American, not US subject.
This is a residual Steve Jobs who was after all first and foremost a media guy not a computer guy.
"Is the happenstance meeting really happenstance?" and all the other timothy Leary-esque "mischief making as life" stuff. Apple fought the hardest against surveillance because in my view they had a proprietary business view of using said data to create "close encounters of any kind." And of course all of this would be a curiosity to that oddity of odds "the thinking human."
We're letting a machine dictate our daily happenings...why not a little happenstance then? And of course "it was all in good fun until so and so had his phone drive him off the edge of the Grand Canyon without even realizing it. Just lightly tapping the brakes before he and his honey plunged 12,000 feet to a fiery demise all because Google Maps said this was you "take it easy route"."
The cloud is yet another way to disintermediate from its owner, intentional or not, the next trending valuable commodity: information. I can't help but to see the parallels to the current financial system.
#timestamp this that those that don't directly control their personal information stand to lose it all in a time of great need, such as when AWS goes down, as it has shown to do so.
The cloud as a back-up may be fine if it's truly secure, but never depend on it should you need to retrieve your information, such as for medical or other personal reasons in a time of need. There are other 'air gap' ways to protect and retain your information.
For anyone not privy to the reference, google "the fappening"
However, it's a stupid waste of time. All the celebs involved are ugly as shit.
And you might not want to do that from your office computer...
All my apple products are set up to provide false, deceptive, misleading or disinformation and obfuscate anyone trying to buy, sell, monitor or profile any of my information. This also provides me the ability to create a unique identifier within each data set shared so I know exact who obtained what and how when ever I get contacted.
And I only use the icloud to store worms, viruses, trojan horses and porn. Go ahead and hack away.
Uses up your bandwidth, too.
But look, seriously, if you're a hot movie starlet with paparazzi everywhere, your agent or someone with a brain should look after your brand and tell you not to put that stuff on your friggin' phone, splurge on a $300 camera and turn off the wifi. Anything that touches the Internet is gonna be stolen - and that includes sexting texting phone messages. So my outrage at this is about zero. Friggin' cloud anyway. Friggin' smart phones.
Never let a good chrisis good to waste. Apple will request bio scaning the 1st step to mark of the beast, needing a mark to buy, sell and do business
"But if you're not doing anything wrong you have nothing to worry about." No one with a brain ever said.
If you have given your data to someone else to hold you only have their assurances that they have secured it.
And here's the thing. Security is hard. Computer security is harder still, there are lots and lots of moving parts in any system. Security is expensive and very very inconvenient so it's in the interest of the 3rd party to give you assurances, take your money and then not really give a shit about security, if at all possible.
2nd point. If you don't want people to have it, don't put it online at all.
Thats the rub with these pictures of "the stars" --they are all about others seeing them--- why wouldn't they put their pictures on an easily hackable device----its all bulshit.
using Icloud is optional. I've had an Iphoney for a year and have never used the Icloud service. It's optional and NOT installed by default as the article says.
However Apple should be to blame for not revealing the security breach earlier...this is going to cost them when the Iphoney 6 is released.
No no your doing it all wrong. The idea is to take the knowledge add use it to your advantage. Embrace the cloud, and the hackers. Give them everything they think they want. If one was smart about it, one might create a completely inaccurate profile of misinformation, as someone above mentioned, designed to misdirect and obfuscate. Just like in the bedroom, it is the Sub, not the Dom, who is ultimately in control.
Which reminds me I need to go snap a few shots of my fresh Pedazzling
I like your thinking.
I'm also thinking of leaving my modem unsecured so anyone can log in on my internet (in hotel mode) just to obfuscate the source of traffic on my connection.
I want my shit on my damn computer. Take your cloud and shove it up your ass. Eventually they will want to own the browser and you pay them a few cents everytime you open it to look on the net. ESAD! Anyone with even a smidgen of common sense knows icloud is a scam, if fact the Woz stated his concerns one time publically.
either don't use cloud or upload a bunch of useless crap onto it. get it through your head, once something is out there, it's out there.
Off topic but I posted this yesterday on a thread that was dying. Hunting season and A&M Football has begun so I'll be out-of-pocket most weekends.
"It is better to take refuge in the LORD than to trust in man" Psalm 118
Read Revelations for God's truth, He knows.
Warning: Prophecy can only be understood by believers.
So if you still deny God, read John. Your still among the living so there is still HOPE.
"Just as man is destined to die once, and after that to face judgment" Heb
"Why, you do not even know what will happen tomorrow. What is your life? You are a mist that appears for a little while and then vanishes." James
God tells it like it is, with no evil or hate in Him.
Apple products, bilking iDiots since 1983!?!?
The only game in security is keeping the spouse out of your account. Other than that, there is no security. The admins can look at everything. It’s a tick-box.
But Apple will keep your fingerprints safe...
Until someone 3D prints some Millie Cyrus fingerprints and puts them on a rape victim...
A modern E-Jack the Ripper comes to mind.
HomObamma has scewwed Apple too.
As well as all other US IT cos.
Do not buy any American products.