[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

iOS' hidden surveillance system



https://gist.github.com/iosecure/357e724811fe04167332ef54e736670d

I came across this github gist about surveillance on iOS and macOS. Given
certain Snowden documents and other leaks, it is quite clear agencies
worldwide are interested in linking unique device identifiers to real
people and their activities in real time, so I consider the point about
Apple's forced UDID/UUID activation system even on non-cellular devices
valid.

Also the point on Apple's activation server being hosted on Akamai is
definitely interesting, especially given CloudFlare's recent "CloudBleed"
bug (https://news.ycombinator.com/item?id=13718752;
https://bugs.chromium.org/p/project-zero/issues/detail?id=1139).

Akamai is of course probably already legally backdoored by multiple
agencies worldwide, but given their scale you have to wonder what issues
are hiding in there, especially since you also have to factor in potential
security issues caused by Akamai's third party partners (Akamai subhosts
on ISP/IXP peering partner servers).

I'm not affiliated with the author, but just thought I'd share.