Just another story about "innocence" of Apple devices - eviltoast

On August 21, information about the sunken Chinese nuclear submarine 093 Shang surfaced on the Internet. The accident occurred on board during a mission in the Yellow Sea. According to British intelligence, the Chinese submarine fell into its own trap intended for British and American ships. As a result of the incident, 55 people died. Cause of death: failure of oxygen systems. Taiwan’s Defense Ministry said it had found no evidence of an accident. China also denied reports of the accident.

It is obvious that China did not intend to advertise the accident, and information about the disaster is classified. However, a leak occurred. And now it turns out where it comes from.

The British newspaper Daily Mail reported that British military intelligence MI6 could track down the sunken military submarine by tapping an Apple smartwatch belonging to one of the PLA officers.

During the investigation, the Chinese military allegedly discovered that British intelligence was spying on the submarine through remote access to an Apple gadget. The information was received from Chinese oppositionists, who had copies of documents of the Communist Party of China, which talk about Western intervention. The British tabloid claims that the revelation of espionage by the British intelligence service caused a big scandal in the leadership of the PRC.

Apple does have the ability to track at least the geolocation of its gadgets. As well as access other data, especially those stored in cloud services. Apple specialists can also remotely install any software on their gadgets, including spyware and malware, under the guise of updates without the owner’s knowledge. Which, however, can be done by manufacturers of Chinese smartphones and other electronic devices.

  • mo_ztt ✅@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    arrow-down
    1
    ·
    edit-2
    1 year ago

    Hm… I do kind of get what you’re saying now. I just don’t agree with this limited way of applying the term. I do know what a backdoor is, yes.

    So: If you have a remote shell program like sshd, it can do what it does. There might be malicious code inside, there might not. But if we said specifically that it had a “backdoor,” that would mean that it can also accept arbitrary login requests (bypassing the normal authentication) for someone to log in and run arbitrary commands. That’s a backdoor. The code’s still running within the context of the terminal program, but what makes it a backdoor is that it’s doing it on demand from some remote user. Yes?

    If you had a social media program like Tiktok, it can do what it does. There might be malicious code inside, there might not. But if we said it had a “backdoor,” that would mean that it can also execute arbitrary code (bypassing the normal authentication of downloaded apps) for someone to run arbitrary code. That’s a backdoor. The code’s still running within the security context of the app, but what makes it a backdoor is that it’s doing it on demand from some remote user.

    There’s another related definition where “backdoor” means a secret way of escalating privileges, but that up above is the context where I’m using it, which is also consistent with Wikipedia’s definition. You’re free to not agree with my definitions, I don’t wanna argue any more than you do and I’m happy if you want to use the word however you want. But that’s how I see it.