[Cryptography] "Apple moves to bring iCloud infrastructure in-house predicated by backdoor fears - report"

Wed Mar 23 20:30:41 EDT 2016

From http://appleinsider.com/articles/16/03/23/apple-moves-to-bring-icloud-infrastructure-in-house-predicated-by-backdoor-fears---report

It's a big pro-Apple site, but the "insider news" is often true.  (They were among the first to find and describe Apple's secret car efforts.)  How real *this* is, I can't say.
                                                        -- Jerry

By AppleInsider Staff	
Wednesday, March 23, 2016, 09:16 am PT (12:16 pm ET)

Apple's multi-year effort to develop its own servers and networking hardware has reportedly been driven in large part by security concerns, as the company worries that supply chain tampering may lead to deeply embedded vulnerabilities which are difficult to find and remediate.

[Removed picture with the following text underneath:  National Security Agency personnel are shown delicately opening a Cisco box to add malware to the device within after intercepting it during shipping.]

Apple's fears center around the possibility that infrastructure equipment could be intercepted by third parties between the time it leaves the manufacturer and the time it arrives at Apple's datacenters, according to The Information. The company believes that malicious actors could be adding new or modified components that would enable unauthorized access.

This fear is said to have been a primary driver of the company's strategy to move as much infrastructure design as possible in-house. The gargantuan size of such a task — Apple's cloud services serve tens of billions of requests each day — has led to delays in reducing its reliance on outside service providers like Google and Amazon.

Unfortunately, Apple's worries are not unfounded.

While it may never be known who the targets were, information revealed by NSA leaker Edward Snowden revealed the existence of government programs designed to do exactly the thing Apple fears. 

The National Security Agency's Tailored Operations Access unit was, and may still be, tasked withredirecting shipments of servers and routers headed for targeted organizations to government facilities. The packages would be opened, compromised firmware installed, and then the packages re-sealed and delivered. 

One NSA manager described the program as "some of the most productive operations in TAO because they pre-position access points into hard target networks around the world."

Photos which accompanied the leaks showed intelligence agency workers modifying Cisco gear, infuriating the networking giant. Cisco later announced that it would address shipments to empty houses to avoid government tracking.

"We ship [boxes] to an address that's has nothing to do with the customer, and then you have no idea who ultimately it is going to," Cisco security chief John Stewart said at last year's CiscoLive 2015 conference.

"When customers are truly worried... it causes other issues to make [interception] more difficult in that [agencies] don't quite know where that router is going, so it's very hard to target - you'd have to target all of them. There is always going to be inherent risk."

Apple is said to have gone to extreme lengths to verify the integrity of products it receives, even comparing photographs of motherboards with explanations of each component and its function. 

"You can't go take an X-Ray of every computer that hits the floor. You want to make sure there's no extracurricular activity" by building servers in-house, one source told the publication.