1Password app, AgileBits, Apple, Daring Fireball, Edward Snowden, Encryption, iOS 7.0.4, iOS 7.0.5, iOS 7.0.6, iPhone J.D. Blog, Jeff Goldberg, Jeff Richardson, John Gruber, NSA, PRISM Documents, Security Updates
Apple Fixes Security Flaw In iOS, Perhaps Thanks To Snowden?, by Jeff Richardson, iPhone J.D. Blog
Apple releases minor security updates for the iPhone and iPad from time to time. When folks ask me if they should upgrade, I virtually always say yes. Why not have an iPhone that is more secure, and less likely to be hacked by bad guys? So this past Friday afternoon when Apple released iOS 7.0.6 and said that it was a security update, I updated my devices but otherwise did not think much of it. (And no, you did not miss an update if, like me, you went from iOS 7.0.4 to 7.0.6; 7.0.5 was only released for iPhones sold in China.)
But over the weekend, there were two posts about this update by John Gruber of Daring Fireball (Post 1, Post 2) that I thought were pretty interesting. According to PRISM documents leaked by Edward Snowden, the NSA gained the ability to intercept encrypted iPhone traffic in October of 2012, and that’s apparently right after the bug fixed by iOS 7.0.6 was introduced. As Gruber notes, this could mean all sorts of things. It could mean that someone at Apple intentionally added a backdoor for the NSA. Or it could mean that someone at Apple made a simple coding mistake but the NSA found out about it and exploited it.
Or it could just be a big coincidence, but there is at least a chance that Apple has now found and fixed a security bug that had been exploited by the NSA. . . .