The NSA may be responsible for iOS 7’s biggest security vulnerability

Apple iOS 7 Security Flaw NSA

Apple released the latest update for iOS 7 last Friday after a vulnerability was discovered in the SSL connection verification, an exploit which could potentially allow hackers to access your encrypted data. Worryingly, this exploit appears to have been around for quite some time. John Gruber gathered the evidence over at Daring Fireball and has come to a startling conclusion — the NSA might have something to do with the bug.

According to a tweet from Jeffery Grossman, this vulnerability has been present in the software since iOS 6. Based on the leaked PowerPoint document which exposed PRISM, Apple and its devices were added to the NSA program in October 2012, just one month after the release of iOS 6. Whether or not the NSA planted the exploit itself, Gruber believes there is a chance the government agency was aware of it and took advantage of it to gain access to private information.

“Once the bug was in place, the NSA wouldn’t even have needed to find the bug by manually reading the source code,” wrote Gruber. “All they would need are automated tests using spoofed certificates that they run against each new release of every OS. Apple releases iOS, the NSA’s automated spoofed certificate testing finds the vulnerability, and boom, Apple gets “added” to PRISM.”

Of the many conspiracy theories that have cropped up since the NSA backlash began, this is definitely not the most improbable.

Source:
Daring Fireball
blog comments powered by Disqus