[Cryptography] "Apple moves to bring iCloud infrastructure in-house predicated by backdoor fears - report"
Kevin W. Wall
kevin.w.wall at gmail.com
Fri Mar 25 01:33:45 EDT 2016
On Wed, Mar 23, 2016 at 11:48 PM, Tom Mitchell <mitch at niftyegg.com> wrote:
> On Wed, Mar 23, 2016 at 5:30 PM, Jerry Leichter <leichter at lrw.com> wrote:
>>
>> From
>> http://appleinsider.com/articles/16/03/23/apple-moves-to-bring-icloud-infrastructure-in-house-predicated-by-backdoor-fears---report....
> ....
>>
>> Apple's multi-year effort to develop its own servers and networking
>> hardware has reportedly been driven in large part by security concerns, as
>> the company worries that supply chain tampering may lead to deeply embedded
>> vulnerabilities which are difficult to find and remediate.
> ...
>>
>> Unfortunately, Apple's worries are not unfounded.
> ...
>>
>> "You can't go take an X-Ray of every computer that hits the floor. You
>> want to make sure there's no extracurricular activity" by building servers
>> in-house, one source told the publication.
>
> Photographing including X-ray imaging is not terribly difficult. Factory
> imaging systems are
> not crazy expensive including X-ray. It is the disassembling and
> reassembling that
> is a PITA.
Why can't Apple automate some low tech solution, like painting all the
connectors, screws, etc. with glitter nail polish and then photographing
it (e.g., http://www.wired.com/2013/12/better-data-security-nail-polish/)?
They ought to be able to distribute the photographs via multiple channels
(e.g., encrypted email, snail mail, FedEx, UPS, etc.) collect all the
images and compare them, and then compare them to the equipment that arrived
to make sure nothing had been opened. I don't "do" large scale hardware so
maybe there's too many ways to open / gain access to the insides of
servers, but it seems like it work work for smaller things like routers,
switches, etc.
The other question that this makes me think of is, if Apple is concerned
about this, are they not also concerned of all those iPhone and iPad parts
manufactured and assembled in China? I mean wasn't supposedly some Chinese
networking equipment manufacturer (Huawei? Netcore? too lazy to look it
up) putting in back doors to their equipment? I would think that that
would really scare the crap out of Apple.
[big snip]
> There are a lot of turtles but if you can inspect and "trust" a couple
> layers of turtles some things are safer,
> depending on the turtle the bad boys sit on.
>
> A room of old SGI or Sun servers with old compilers from old media in a
> locked room could cross
> compile and improve the trust of a number of turtles of type utility and
> compiler.
>
> A binary editor could craft the foundation words of FORTH...
> http://www.eecs.wsu.edu/~hauser/teaching/Arch-F07/handouts/jonesforth.s.txt
> And from there bootstrap a lot more.
Ah, there you go. I think I just found a new excuse to give to my wife
about why I should continue to hang on to my Motorola MC68010 based
AT&T 3B1 and my MIPS R2100 based Digital DECStation 2100 just a while
longer. I'll let you know how that works out. I'm sure she believe it
as much as the zombie apocalypse that I tell her I'm preparing for.
-kevin
--
Blog: http://off-the-wall-security.blogspot.com/ | Twitter: @KevinWWall
NSA: All your crypto bit are belong to us.
More information about the cryptography
mailing list