Was Apple security ‘flaw’ actually a NSA backdoor?

<snip>

Last week, Apple announced that it had discovered a majority security flaw in its OS operating system. The flaw, called “Gotofail,” allowed hackers or other actors — including spies — to access to theoretically secure data transmitted through wireless connections or along a shared network. Such data included that sent through SSL, a method employed by websites to protect credit card numbers and other personal information when establishing a connection between a customer and a merchant’s point of sale.

The flaw was a simple one, a mistake in a line of code. Just an “if” clause, nested deep within lines of code.

Over the weekend, coding experts examined the timeline of the NSA’s penetration of Apple’s data and the date the flaw first emerged. They made a curious discovery: that the flaw appeared in Apple’s code just a month before the NSA internally reported success in hacking Apple. Fortune’s Phillip Elmer-DeWitt reports:

* Sept. 24, 2012: iOS 6.0 is released
* Oct. 2012: Apple is added to the NSA’s list of penetrated servers
* Dec. 1, 2012 to May 31, 2013: Apple receives 4,000 to 5,000 requests about 9,000 to
10,000 accounts and devices. (Per “Apple’s Commitment to Customer Privacy“.)

One coder, Dancing Fireball‘s John Gruber, got down to the nitty gritty. Taking great pains to note the evidence was circumstantial, he nevertheless drew attention to the following facts. 1) The flaw first emerged in iOS 6.0, 2) iOS 6.0 was released publicly on Sept. 24, 2012, and 3) Snowden’s NSA slide has the agency tapping into Apple’s customers a month later.

<snip>

http://www.rawstory.com/rs/2014/02/24/speculation-emerges-apple-security-flaw-may-be-tied-to-nsa-spying/