Apple sits between a rock and a hard spot. The company wants to tout its privacy and security capabilities wherever it can, but it’s a message that cannot be made too loud or too obvious, because that alone will attract attacks upon said privacy and security. At the same time, most of Apple’s major technology competitors– Google and Microsoft come to mind– make billions by culling personal information from their users to help add to their massive annual profits.
Since most of what Apple makes in revenue and profits comes the old fashioned way– by selling hardware– you can see the company sitting in a good position to benefit from the growing paranoia about privacy and security.
Enter the Chinese and backdoors.
Last year a gazillion security cameras and DVR’s were used to cripple parts of the interwebs thanks to an easily accessed backdoor to the devices. Now there’s word that a Chinese manufacturer of IoT devices (internet of things; which means anything connected to the internet that isn’t a Mac or PC, smartphone, or tablet) purposely inserted an easily compromised backdoor into a gazillion devices.
It gets complicated and there is plenty of techspeak to decipher about this instance, but it’s also safe to say this event likely is a mere tip of the iceberg.
Device manufacturers like backdoors because it makes it easier to administer upgrades and fix problems emasse. But it also means anyone with knowledge of the backdoor can probe a gazillion devices to find the ones with such an entryway and then do whatever they choose to compromise a product.
A backdoor is a method, often secret, of bypassing normal authentication in a product, computer system, cryptosystem or algorithm etc. Backdoors are often used for securing unauthorized remote access to a computer, or obtaining access to plaintext in cryptographic systems.
A backdoor may take the form of a hidden part of a program, a separate program (e.g. Back Orifice may subvert the system through a rootkit), or may be a hardware feature. Although normally surreptitiously installed, in some cases backdoors are deliberate and widely known. These kinds of backdoors might have “legitimate” uses such as providing the manufacturer with a way to restore user passwords.
Plenty of techspeak there, too, and it’s complicated at times, but at the basic level it means someone somewhere may have access to devices you connect to the internet; that home security cam is an example, and so is the front door lock that opens with an iPhone or Watch app.
See the problem?
Every week we read of some device somewhere, a member of the IoT, that has been compromised and used to cause mischief on the interwebs. Does anyone think these are the only ones that occur? Of course not.
This is where Apple needs to rise to the occasion with HomeKit devices that are secure– at least as secure as our Macs, iPhones, and iPads– and not accessible to outside forces by way of a backdoor or any other hacking scheme. It’s a good opportunity for Apple to promote what it does best– the enclosed, walled-garden, curated ecosystem which is beginning to look more and more like a safe haven these days.