Subscribe

#AxisOfEasy 147: FBI End-Runs Apple’s Security By Hiring Outside Vendor To Crack iPhone

by on May 26, 2020


Weekly Axis Of Easy #147


 

Last Week’s Quote  was “The press is the hired agent of a monied system, and set up for no other purpose than to tell lies where their interests are involved.”, was Henry B Adams, nobody got it.

This Week’s Quote:  “If privacy is outlawed, only outlaws will have privacy.” …by ???

THE RULES:  No searching up the answer, must be posted to the blog.

The Prize:  First person to post the correct answer gets their next domain or hosting renewal on us.

Podcast:  Axis Of Easy #147

In this issue:
  • Whistleblower: Apple got a pass on pervasive Siri eavesdropping program
  • FBI end-runs Apple’s security by hiring outside vendor to crack iPhone
  • Not the Russians again! Study ascribes 50% of anti-lockdown tweets to ‘bots
  • Silicon Valley firms do business with blacklisted China firms
  • Clubhouse: It’s the newest tech maven “in club” and you’re not in it
  • Texas conducts first jury trial via by videoconference 
  • Your car may be the backdoor into your data
  • eBay runs portscans of your computer checking for backdoors

Whistleblower: Apple got a pass on pervasive Siri eavesdropping program

Back in AxisOfEasy 107 we reported on how Apple contractors were receiving recordings made by Siri that routinely included sensitive conversations such as drug deals and even sex.  One of those contractors has since turned whistleblower because Apple has gotten off quite lightly for the privacy violations, especially under European GDPR standards.

As details of the program emerge it looks like Siri (like pretty well most other personal assistant apps) are always listening, always recording, and in this case, even when Siri was not enabled.

When I review my notes from AoE 107 it looks like one has to make it a point to do this:

Settings -> Privacy -> Analytics & Improvements -> and then turn “Share iPhone Analytics” off.

I’m not sure if this is on auto-magically or if I did this last time when I wrote 107.

FBI end-runs Apple’s security by hiring outside vendor to crack iPhone

Supposedly, Apple is unwavering in their adherence to user privacy in that they won’t assist the FBI in cracking into a suspect’s iPhone, although as we reported back in AxisOfEasy 130, they did drop plans for encrypted backups after the FBI objected, and they did provide the cloud backups to the FBI anyway.

Who needs ‘em?  The FBI has been successfully cracking into suspect phones without Apple’s help by hiring an unnamed, outside cyber-security agency (my money is of NSO Group) to crack into the phones on their own.

“After the government went to federal court to try to dragoon Apple into doing investigators’ job for them, the dispute ended anticlimactically when the government got into the phone itself after purchasing an exploit from an outside vendor the government refused to identify.”

Not the Russians again! Study ascribes over 50% of anti-lockdown tweets to ‘bots

A study from Carnegie Mellon University ascribes over 50% of tweets calling for an end to the widespread coronavirus lockdowns to botnet activity.

“The researchers said they found that among tweets about “reopening America,” 66% came from accounts that were possibly humans using bot assistants to spread their tweets more widely, while 34% came from bots.”

On the CMU presser about the study they add:

‘The research team cannot point to specific entities behind the orchestrated attempts to influence online conversations. “We do know that it looks like it’s a propaganda machine, and it definitely matches the Russian and Chinese playbooks, but it would take a tremendous amount of resources to substantiate that,”‘

I can’t find anything in the released papers that shows examples of the bot activity.  The characteristics they use to determine bot activity include:

“Tweeting more frequently than is humanly possible or appearing to be in one country and then another a few hours later is indicative of a bot”

– although personally I do know a few coders who match that description.

What I did find interesting was the list of “misinformation topics” that the study collated, including:

“drinking hot water will kill the virus”

“having a pneumonia shot will prevent you from getting the disease”

“warmer weather will kill off the SARS-CoV-2 virus”

And, yes, if somebody is tweeting the following, you would be better off dismissing it as a merry prankster or a bot:

“drinking cow urine and applying cow dung on the body can cure coronavirus”

“Kenneth Copeland can cure the virus directly from his TV studio”

“you can kill the virus by holding a blow dryer up to your nose” <- DO NOT TRY THIS AT HOME

A couple items whose presence in the list I did find interesting were:

“It was created in a lab”

“It leaked from the Wuhan Institute of Virology in China”

Given that Western intelligence agencies are actively investigating this possibility, and that Luc Montagnier, who received the 2008 Nobel Prize in Medicine for his discovery of the HIV virus, has stated more than once that COVID-19 had to be modified in a lab.

These latter developments emerged in May, after the date of the last update in the CMU study, so it remains to be seen if entertaining this possibility will continue to be defined as “conspiracy theory” in future studies.

Read: https://www.cs.cmu.edu/news/nearly-half-twitter-accounts-discussing-%E2%80%98reopening-america%E2%80%99-may-be-bots

 

Silicon Valley firms do business with blacklisted China firms

In October of 2019 the U.S created a blacklist including some of the largest Artificial Intelligence companies in China, accusing them of being complicit in human rights abuses going on in that country. (That list also contains Huawei).

The rationalization behind the list was that

“these entities have been implicated in human rights violations and abuses in the implementation of China’s campaign of repression, mass arbitrary detention, and high-technology surveillance against Uighurs, Kazakhs, and other members of Muslim minority groups”

TopVPN report has claimed that numerous Silicon Valley tech giants, including Microsoft, Google and Amazon are providing essential services that power these companies.  CNBC, (when reporting on this citing Top10VPN and not linking to their original report) reached out to all three for comment and received no replies.

Read: https://www.cnbc.com/2020/05/23/amazon-google-microsoft-reportedly-providing-web-services-to-blacklisted-china-firms.html

(Maybe if you’re an American customer of one of these companies you could open a support ticket asking them why they are violating US sanctions while facilitating human rights abuses abroad. )

Clubhouse:  It’s the newest tech maven “in club” and you’re not in it

After Jesse mentioned Clubhouse in our most recent AxisOfEasy Salon podcast, I decided to look into it.  Clubhouse is the ultra-elite social media network that the cool kids of Silicon Valley are scrambling to get onto.  It is apparently a voice chat system, where people can spontaneously pop into discussion rooms or just hit their contacts up and start yaking, no calendar invite required.

I know this is exactlywhat I’ve been pining for:  a way for people to just barge in on my workflow and start jabbering at me without an appointment.  Sadly, I have not been invited to Clubhouse.

Texas conducts first jury trial via by videoconference

With jury trials being on hold throughout the USA because of Coronavirus, Reuters reports on how Texas is trying something new and allowing the jury in a civil case to hear testimony via Zoom.  It’s an insurance dispute in Collin County, Texas and lawyers there already conducted jury selection via Zoom last week.

“More than two dozen potential jurors logged in by smartphone, laptop and tablet for jury selection, which was streamed live on YouTube here with a judge occasionally providing tech advice on how to best use their devices.”

The trial is thought to be the first conducted this way, it is something called “a summary jury trial”, where they hear a condensed version of the case in one day and then deliver a non-binding verdict.  Apparently.

Your car may be the backdoor into your data

Your car is quickly becoming a potential weak spot to harvest your data because you routinely pair your smartphone with it, even temporarily with rentals.  The problem began to come to light in an earlier article about a security researcher who was buying used Tesla infotainment systems off eBay and finding that they were arriving with the previous owner’s data still on the device.

The situation is of course, not confined to Teslas, it affects all cars with onboard infotainment systems that you habitually pair your phone with.

It’s important, especially with rentals, to factory reset the infotainment systems before relinquishing or returning them.

Read: https://insideevs.com/news/419525/tesla-data-leak-personal-info-ebay/

eBay runs portscans of your computer checking for backdoors

Speaking of eBay, the folks over at BleepingComputer noticed that when they visited eBay, something on the eBay side initiated a portscan of their computer. Closer inspection of the eBay website source code revealed the presence of a javascript file called “check.js” which ran a scan against 14 ports on your computer, all of which are ports commonly known to be associated with backdoors and Remote Access Tools (RATs).

To be clear, this is a fraud prevention tactic, they don’t want to let you log into your account if your doing so from an infected or hacked computer.  It makes a certain amount of sense, I think we experimented with something similar many years ago when there was one particularly bad infection going around.

It’s unclear what happens should they actually find those ports open, as they could mean almost anything, and not necessarily a compromised machine.

This week on AxisOfEasy.com:

We did our 5th AxisOfEasy Cyber-Salon, with Charles Hugh Smith, Jesse Hirsh and myself wondering “Will the Great Opt-Out be able to Scale” and other interesting topics (including the structural inequality of Mad Magazine’s Spy Vs. Spy)

Listen:  https://axisofeasy.com/podcast/axisofeasy-salon-5-will-the-great-opt-out-be-able-to-scale/

Please help us get the word out, if you like AxisOfEasy, forward a copy to your friends and colleagues or leave us a review on iTunes, Stitcher or Spotify.

3 responses to “#AxisOfEasy 147: FBI End-Runs Apple’s Security By Hiring Outside Vendor To Crack iPhone”

  1. Avatar phs3 says:

    Re the quote: Sounds like Phil Zimmerman.

  2. Avatar Sam Childs says:

    If privacy is outlawed, only outlaws will have privacy – The answer is Phil Zimmermann

  3. Avatar marcello says:

    re: the quote

    I’d say Nassim Nicholas Taleb

    (or Camus, but I doubt you’d go that far back)

Leave a Reply

Your email address will not be published. Required fields are marked *

Ledger Nano X - The secure hardware wallet