Just another story about "innocence" of Apple devices - eviltoast

On August 21, information about the sunken Chinese nuclear submarine 093 Shang surfaced on the Internet. The accident occurred on board during a mission in the Yellow Sea. According to British intelligence, the Chinese submarine fell into its own trap intended for British and American ships. As a result of the incident, 55 people died. Cause of death: failure of oxygen systems. Taiwan’s Defense Ministry said it had found no evidence of an accident. China also denied reports of the accident.

It is obvious that China did not intend to advertise the accident, and information about the disaster is classified. However, a leak occurred. And now it turns out where it comes from.

The British newspaper Daily Mail reported that British military intelligence MI6 could track down the sunken military submarine by tapping an Apple smartwatch belonging to one of the PLA officers.

During the investigation, the Chinese military allegedly discovered that British intelligence was spying on the submarine through remote access to an Apple gadget. The information was received from Chinese oppositionists, who had copies of documents of the Communist Party of China, which talk about Western intervention. The British tabloid claims that the revelation of espionage by the British intelligence service caused a big scandal in the leadership of the PRC.

Apple does have the ability to track at least the geolocation of its gadgets. As well as access other data, especially those stored in cloud services. Apple specialists can also remotely install any software on their gadgets, including spyware and malware, under the guise of updates without the owner’s knowledge. Which, however, can be done by manufacturers of Chinese smartphones and other electronic devices.

  • nottheengineer@feddit.de
    link
    fedilink
    arrow-up
    1
    arrow-down
    1
    ·
    1 year ago

    US tech is backdoored just as hard as chinese stuff. None of the companies involved need to know when and for what the government uses backdoors, so they generally don’t.

    • mo_ztt ✅@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      1
      ·
      edit-2
      1 year ago

      I don’t really know, any more than you do, but I assume that this is true yes. There’s a whole fascinating story to be written about it. This story isn’t it. Among other things, blaming Apple for that situation when they’ve explicitly told the US government to get fucked in re its surveillance requests when they had no reason to, is obviously misleading to the reader and unfair to Apple.

      (Actually I’d take issue with “just as hard as Chinese stuff,” since Tiktok is more explicitly malicious than pretty much any other category of compromised software, which is saying quite a lot. But in general I agree with you.)

        • mo_ztt ✅@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          1
          ·
          1 year ago

          According to this guy, that’s exactly what it is – he claimed that at least on the Android version, it’s got functionality to download arbitrary new binaries and start running them when instructed to by its central servers. That’s alongside other worrying things like always-on location tracking and storage, code injection to any web site you visit through their browser, and perusal of all your contacts and messages.

          I remember seeing the same thing claimed in more authoritative analyses of the thing, but for some reason I can’t find them now, so we have to take it with a grain of salt I guess. But in my mind (based on my memory of reading things like the link above) it’s extremely maliciously designed.

          • nottheengineer@feddit.de
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            Downloading and running binaries isn’t anything to worry about. Many apps do that to circumvent the update delays that apple and google put in place.

            Browsers also download and run code from any website you visit. The security measures make sure that this code can’t just do anything, just like on android.

            • mo_ztt ✅@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              arrow-down
              2
              ·
              edit-2
              1 year ago

              Many apps do that to circumvent the update delays that apple and google put in place.

              Source?

              Browsers also download and run code from any website you visit.

              Accurate, yes.

              The security measures make sure that this code can’t just do anything, just like on android.

              Lol can I send you an Android binary to run which has the ability to use your camera and microphone and read your text messages, files, and contacts? Like Tiktok does. Don’t worry, it can’t just do anything.

              So the argument isn’t that downloading a running a new binary will somehow give Tiktok new capabilities within the security model that weren’t there for the previous code. The argument is that (a) the security measures in place are way too weak and (b) the ability for any individual device to download and run new custom functionality on-demand enables someone to add new functionality to any individual device, outside the main channel of updates for everyone’s devices. What do you think the word “backdoor” means, if not that?

              • nottheengineer@feddit.de
                link
                fedilink
                arrow-up
                1
                ·
                1 year ago

                Ripped right from wikipedia: “A backdoor is a typically covert method of bypassing normal authentication or encryption in a computer, product […].”

                Given you can’t be arsed to google that on your own, I don’t see s point in arguing.

                • mo_ztt ✅@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  2
                  arrow-down
                  1
                  ·
                  edit-2
                  1 year ago

                  Hm… I do kind of get what you’re saying now. I just don’t agree with this limited way of applying the term. I do know what a backdoor is, yes.

                  So: If you have a remote shell program like sshd, it can do what it does. There might be malicious code inside, there might not. But if we said specifically that it had a “backdoor,” that would mean that it can also accept arbitrary login requests (bypassing the normal authentication) for someone to log in and run arbitrary commands. That’s a backdoor. The code’s still running within the context of the terminal program, but what makes it a backdoor is that it’s doing it on demand from some remote user. Yes?

                  If you had a social media program like Tiktok, it can do what it does. There might be malicious code inside, there might not. But if we said it had a “backdoor,” that would mean that it can also execute arbitrary code (bypassing the normal authentication of downloaded apps) for someone to run arbitrary code. That’s a backdoor. The code’s still running within the security context of the app, but what makes it a backdoor is that it’s doing it on demand from some remote user.

                  There’s another related definition where “backdoor” means a secret way of escalating privileges, but that up above is the context where I’m using it, which is also consistent with Wikipedia’s definition. You’re free to not agree with my definitions, I don’t wanna argue any more than you do and I’m happy if you want to use the word however you want. But that’s how I see it.