Well, well, well, what have we here? Hackers have gained access to internal documents from the Indian Military (shared on the web), and in it, it is revealed that RIM, Nokia, and Apple have added backdoors to their mobile software (BlackBerry, S40 (supposedly), and iOS) which the Indian Military’s intelligence service then used to spy on the US-China Economic and Security Review Commission (the USCC). The backdoors were added by RIM, Nokia, and Apple in exchange for Indian market presence.
The documents in question were uncovered by the same Indian hacking group who managed to leak Symantec source code, and it’s all pretty damning. Further adding to the damning nature is the fact that the document contains portions of emails sent by USCC employees, demonstrating that the backdoors do actually work.
This shouldn’t come as a surprise. About 18 months ago, the Indian government threatened to ban the BlackBerry because RIM wouldn’t provide the government with access to its services. What might be a surprise to some, however, is that Apple and Nokia are apparently also providing a backdoor into their mobile operating systems.
Of course, it’s not really a surprise. It’s easy to deduce that if the Indian government forces the backdoor upon RIM as a condition to sell BlackBerries in the country, it would impose the same conditions upon others – such as Apple and Nokia. Since we’re looking at closed source software here, there’s really no way to properly check for the backdoors, other than through reverse engineering.
Android isn’t mentioned, but the document does state “RIM, Nokia, Apple etc.”, indicating others are involved as well. When it comes to Android, the backdoor wouldn’t be in the open source AOSP, but the Indian government could, say, demand HTC, Samsung, and so on to install a bit of spyware onto their Android devices which provides the same backdoor. It could also be hiding in the closed Google applications (say, the Market), or even in the baseband processor.
All this, of course, vindicates what I wrote only a few days ago: open source is important, as it allows developers to check for backdoors in the software we’re all using – and do something about it. Even if you could find the backdoor in iOS through, say, network monitoring, you still wouldn’t be able to do much about it.
We’re talking India now, but it wouldn’t surprise me in the slightest if European governments and the US are employing similar backdoors. While we often condemn the US government for trampling all over civil rights and liberties, Europe is far more trigger happy with, say, wiretapping than the US is.
It just goes to show: blind trust in a company is stupid. Plain stupid.