dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
16047

Link Logger
MVM
join:2001-03-29
Calgary, AB

1 recommendation

Link Logger

MVM

Russia wants Apple and SAP to prove that their software isn't used for spyin

quote:
Russia has been extra-sensitive to technological threats to its government as of late, and that's clearer than ever in the wake of a new government proposal. Communication Minister Nikolai Nikiforov has suggested that Apple and SAP should hand over their source code to prove that it doesn't have "undeclared capabilities" for spying on Russian agencies. In other words, he doesn't want to give the NSA free rein just because an official brought an iPhone to work. While he isn't certain as to whether or not institutions will keep using products whose code remains a secret, there's an implication that Apple and SAP may be locked out of government contracts if Putin and crew believe there's too much of a risk. Much of that business could go to Microsoft, which has been cooperating with Russia since 2003.
»www.engadget.com/2014/07 ··· ap-code/

Interesting would be an understatement.

Blake

Snowy
Lock him up!!!
Premium Member
join:2003-04-05
Kailua, HI

3 recommendations

Snowy

Premium Member

I'm sure Apple keeps a clean copy somewhere.

Krisnatharok
PC Builder, Gamer
Premium Member
join:2009-02-11
Earth Orbit

Krisnatharok to Link Logger

Premium Member

to Link Logger
Hand over their source code? lol

Chubbzie
join:2014-02-11
Greenville, NC
Hitron CDA3
(Software) OpenBSD + pf

Chubbzie to Link Logger

Member

to Link Logger
Uggghhh, just get a team to decompile/disassemble the questionable devices and verify its capabilities. As noted, its not like Apple or SAP couldn't falsify their source code for protective measures.

I'm guessing we'll soon see the compartmentalization of all software based on location by various govs and military.

Blackbird
Built for Speed
Premium Member
join:2005-01-14
Fort Wayne, IN

3 recommendations

Blackbird to Link Logger

Premium Member

to Link Logger
quote:
... Communication Minister Nikolai Nikiforov has suggested that Apple and SAP should hand over their source code to prove that it doesn't have "undeclared capabilities" for spying on Russian agencies.
I'd be more than a little surprised if the Russians didn't already have the source code... or could get it by "unconventional" means if they didn't.
quote:
....there's an implication that Apple and SAP may be locked out of government contracts if Putin and crew believe there's too much of a risk. Much of that business could go to Microsoft, which has been cooperating with Russia since 2003.
And there's the real reason behind the move. And it's not the "risk"... it's the 'squeeze'. Nothing ever changes in the land of the oligarchs, other than the titles and the "isms".

DownTheShore
Pray for Ukraine
Premium Member
join:2003-12-02
Beautiful NJ

2 recommendations

DownTheShore to Link Logger

Premium Member

to Link Logger
Keep throwing up those smokescreens, Vladimir. Classic distraction technique.

Are the software companies now to be his "Jews"?

...plus ça change, plus c'est la même chose...

Link Logger
MVM
join:2001-03-29
Calgary, AB

Link Logger to Blackbird

MVM

to Blackbird
Have other countries requested and received source code from Apple or SAP for inspection purposes (ie is Russia request really that unique)?

Blake

StuartMW
Premium Member
join:2000-08-06

1 recommendation

StuartMW to Link Logger

Premium Member

to Link Logger
FYI having the "source code", by itself, is almost useless IMO. One must have the build tools (compiler, linkers etc) so that one can verify that the same executable(s) can be built.

I've had to do this quite a few times in my career. It is not necessarily a simple thing to do. One time a (recently fired) coworker had at least 10 copies of source code on his PC (in different folders) none of which built the same binary as the one he'd released to manufacturing the week before. Fun times!
HELLFIRE
MVM
join:2009-11-25

HELLFIRE to Link Logger

MVM

to Link Logger
...there must be some pretty bored and/or insomniac people over there if Russia expects the source code to be handed over for "review."

Heck, back in school ANY review of my code for bugs (much less security issues) put me to sleep [/sarcasm]

Regards

Chubbzie
join:2014-02-11
Greenville, NC

Chubbzie to Link Logger

Member

to Link Logger
Here ya go Russia. You can go ahead and get a few bits of the source before Apple even responds, lol:

»www.opensource.apple.com/
sparky007
join:2011-08-25
Phoenix, AZ

1 recommendation

sparky007 to Link Logger

Member

to Link Logger


If were Apple and SAP.. I would basically say "Nope.. Can't prove that. Were pulling all sales and support from Russia. Bye Bye..."

Link Logger
MVM
join:2001-03-29
Calgary, AB

Link Logger

MVM

said by sparky007:

Were pulling all sales and support from Russia

And certainly that is an option, but given how the NSA has been operating I doubt that Russia will be the only country asking for code. I bet the Germans have some concerns about their own SAP given the spying and such that the NSA has been doing in Germany. Certainly Microsoft would be happy if Apple and SAP removed themselves from various markets as apparently the Russians have looked over their code and feel its not NSA tweaked.

Perhaps a better question would be, why wouldn't they reveal their source code? Has Russia started selling their own version of Windows yet?

Blake

Snowy
Lock him up!!!
Premium Member
join:2003-04-05
Kailua, HI

1 recommendation

Snowy

Premium Member

said by Link Logger:

Has Russia started selling their own version of Windows yet?

No way they could compete with the street vendors selling the same product.
EdmundGerber
join:2010-01-04

EdmundGerber to sparky007

Member

to sparky007
said by sparky007:



If were Apple and SAP.. I would basically say "Nope.. Can't prove that. Were pulling all sales and support from Russia. Bye Bye..."

Maybe that will be in the next round of sanctions. No more iPhone for you Vlad and entourage...

Link Logger
MVM
join:2001-03-29
Calgary, AB

1 recommendation

Link Logger

MVM

And no doubt some Russians would be disappointed that they couldn't get an iPhone, but I'm pretty sure any coder would be dancing in the street if you told them they couldn't use SAP

Blake
iknow_t
join:2012-05-03

iknow_t to Link Logger

Member

to Link Logger
if "undeclared capabilities" for spying on Russian agencies" was added, it would only be for a smoke screen, one of many, to keep the Russians thinking they found the real spy devices.. they haven't..

Astyanax
Premium Member
join:2002-11-14
Melbourne, FL

Astyanax to Link Logger

Premium Member

to Link Logger
This is the same country whose intelligence ministries are going back to typewriters.

Link Logger
MVM
join:2001-03-29
Calgary, AB

Link Logger

MVM

They aren't the only ones thinking about using typewriters again, for example the Germans

»www.dailymail.co.uk/news ··· ies.html

I wonder if there is a SAP module for that?

Blake
fartness (banned)
Donald Trump 2016
join:2003-03-25
Look Outside

fartness (banned) to Link Logger

Member

to Link Logger
1. Is it a fact that the NSA or other US Government agencies are spying on the Russians via iphones?
2. How would Russia get the source code?
3. Does Apple polygraph their employees with "top secret" access to the behind the scenes "stuff" (ie. source code, etc.)? Russia could easily slip someone a few hundred thousand for their "cooperation".
4. What does Apple do to ensure that Russia's CIA equivalent hasn't planted a mole inside of Apple who works for them? Our own CIA has mechanisms in place to make sure this doesn't happen to them, but I'm sure it still does. Seems Apple might be up there but not quite CIA-class.
fartness

fartness (banned)

Member

Also an interesting read from here:
»travel.state.gov/content ··· sia.html

"Personal Privacy: Travelers should be aware that in 1995, the Russian Federal Law on Operational Search Activity passed, in conjunction with Order No. 130 by the Minister of Information Technology and Communications (July 25, 2000), the "System for Operative Investigative Activities." Commonly known as "SORM," this law permits the monitoring, retention and analysis of all data that traverses Russian communications networks, including fax transmissions, telephone calls, internet browsing, and e-mail messaging. U.S. citizens should be cognizant of this law when using any of these means of communication."

Link Logger
MVM
join:2001-03-29
Calgary, AB

Link Logger to fartness

MVM

to fartness
I would agree with you that it would be very difficult if not impossible to hide 'spy' code when so many people work on it, but people flamed me when I suggested this when folks were/are flaming Microsoft about having 'spy' code embedded.

Blake

Snowy
Lock him up!!!
Premium Member
join:2003-04-05
Kailua, HI

Snowy

Premium Member

said by Link Logger:

I would agree with you that it would be very difficult if not impossible to hide 'spy' code when so many people work on it, ...

What's your definition of 'spy' code?

Off the top of my head...
GPS
Microphone
Camera
Builtin SMTP server
Kill switch
Installed apps monitoring

Activity/Event logs:
Email activity
URL browsing events
Voice memos
Calendar events
SMS activity
Call logs...

There's no need to hide this stuff.
It's almost a standard feature list.
Code-wise the ability to remotely interact with the feature list is all that's needed

Considering the compartmentalization of code in something as complex as iOS it makes hiding the ability to remotely control the feature list very doable, IMO

Link Logger
MVM
join:2001-03-29
Calgary, AB

Link Logger

MVM

Well then we must all be spies as these are features that consumers want. Not exactly my definition of 'spy' code as I was thinking more nefarious hidden functionality code like intentional back doors etc, ie code I wouldn't want the average Joe to know was in there.

Blake

ashrc4
Premium Member
join:2009-02-06
australia

ashrc4 to Link Logger

Premium Member

to Link Logger
Russia thinks it can be trusted with the source code.....interesting.
gnome84
join:2014-04-12
Saint Paul, MN

gnome84 to Link Logger

Member

to Link Logger
The tech industry isn't what it used to be imho

Very left brain arguments going on here. I suppose kaspersky knows about the backdoors in windows 7.

Snowy
Lock him up!!!
Premium Member
join:2003-04-05
Kailua, HI

1 recommendation

Snowy to Link Logger

Premium Member

to Link Logger
said by Link Logger:

... I was thinking more nefarious hidden functionality code like intentional back doors etc, ...

Your use of the word 'intentional' indicates that back doors can be present but unknown to the coders.
If an obscure, unseen back door can happen unintentionally - it can happen intentionally.

It's a sure bet that none of the Stuxnet coders brought a 'can't be done' attitude to the test bench.
iknow_t
join:2012-05-03

iknow_t to Link Logger

Member

to Link Logger
this is silly, ECHELON captures the traffic anyway.. »en.wikipedia.org/wiki/ECHELON
Nanaki (banned)
aka novaflare. pull punches? Na
join:2002-01-24
Akron, OH

Nanaki (banned) to sparky007

Member

to sparky007
Yeh greedy apple deciding to not sell their stuff to some one. Nope that will not happen. Unless the us says stop apple will continue to sell.
Nanaki

Nanaki (banned) to Link Logger

Member

to Link Logger
But blake didn't you know that microsoft is evil and apple is devine? I mean come on now who is it that sues the people who developed tech that they use for "steeling their design for a home button"? Oh damn wait that was apple who sued samsung who is at least in part responsible for the touch on all touch screen devices them and synaptic. So yeh nvm.

But yep i actually remember the flames etc from back then. I mean yeesh talk about not having a clue. Lets see here what was it you made again hmm something about traffic analysys if i recall. /s So if any one here is qualified to say that it would be very difficult for a company to hide this or that when it relates to traffic such as spy software phoning home i think you do qualify.

With that said how ever we do know that things like carrier iq are installed on many if not all carrier branded android devices. This was at least in part discovered by looking at the traffic from phones. We also know that at least some of this code exists on iphone but is off by default unless you choose to send the data for trouble shooting. How ever what else might apple ios be hiding in it's closed source?
Nanaki

Nanaki (banned) to iknow_t

Member

to iknow_t
I would so not use wikipedia for information on that. If ever there was something that wikipedia is useless for it is this sort of thing. I always take wiki articles with a heavy does of salt. Any one with a account and half a brain can edit those things and no one bothers to honestly check what is put up.

What i don't get is why the gov would bother creating any thing to gather store and sift trafic. All they really need to do is hack in to the isps cell phone etc providers network and use already existing infrastructure to do most if not all the same. Every url you visit every thing you download is saved on your isps servers (at least the meta data file names etc)In some cases isps "cache" entire webpages and feed those to their customers via caching proxy. This can be any thing including entire multi gig files.

I set up a smooth wall squid proxy and some other stuff on a old comp some years back and had it "cache" every file web page etc etc i ever visisted. Other than the fact i ran out of hd space it worked just fine. I literally had what amounted to a mirror of my entire networks file downloads on my server. Basically i was raid mirroring on a networked computer. With much more storage avail today it honestly might be worth having a server in house to do exactly that. Save a copy of all downloads. Then once a week dump to the cloud.

But going off track here things like echelon seem just a tremendous waste of time and resources vs using existing infrastructure provided by isps and paid for by the very people who you may want to spy on.