On August 21, information about the sunken Chinese nuclear submarine 093 Shang surfaced on the Internet. The accident occurred on board during a mission in the Yellow Sea. According to British intelligence, the Chinese submarine fell into its own trap intended for British and American ships. As a result of the incident, 55 people died. Cause of death: failure of oxygen systems. Taiwan’s Defense Ministry said it had found no evidence of an accident. China also denied reports of the accident.

It is obvious that China did not intend to advertise the accident, and information about the disaster is classified. However, a leak occurred. And now it turns out where it comes from.

The British newspaper Daily Mail reported that British military intelligence MI6 could track down the sunken military submarine by tapping an Apple smartwatch belonging to one of the PLA officers.

During the investigation, the Chinese military allegedly discovered that British intelligence was spying on the submarine through remote access to an Apple gadget. The information was received from Chinese oppositionists, who had copies of documents of the Communist Party of China, which talk about Western intervention. The British tabloid claims that the revelation of espionage by the British intelligence service caused a big scandal in the leadership of the PRC.

Apple does have the ability to track at least the geolocation of its gadgets. As well as access other data, especially those stored in cloud services. Apple specialists can also remotely install any software on their gadgets, including spyware and malware, under the guise of updates without the owner’s knowledge. Which, however, can be done by manufacturers of Chinese smartphones and other electronic devices.

  • nottheengineer@feddit.de
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    Downloading and running binaries isn’t anything to worry about. Many apps do that to circumvent the update delays that apple and google put in place.

    Browsers also download and run code from any website you visit. The security measures make sure that this code can’t just do anything, just like on android.

    • mo_ztt ✅@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      2
      ·
      edit-2
      1 year ago

      Many apps do that to circumvent the update delays that apple and google put in place.

      Source?

      Browsers also download and run code from any website you visit.

      Accurate, yes.

      The security measures make sure that this code can’t just do anything, just like on android.

      Lol can I send you an Android binary to run which has the ability to use your camera and microphone and read your text messages, files, and contacts? Like Tiktok does. Don’t worry, it can’t just do anything.

      So the argument isn’t that downloading a running a new binary will somehow give Tiktok new capabilities within the security model that weren’t there for the previous code. The argument is that (a) the security measures in place are way too weak and (b) the ability for any individual device to download and run new custom functionality on-demand enables someone to add new functionality to any individual device, outside the main channel of updates for everyone’s devices. What do you think the word “backdoor” means, if not that?

      • nottheengineer@feddit.de
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        Ripped right from wikipedia: “A backdoor is a typically covert method of bypassing normal authentication or encryption in a computer, product […].”

        Given you can’t be arsed to google that on your own, I don’t see s point in arguing.

        • mo_ztt ✅@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          1
          ·
          edit-2
          1 year ago

          Hm… I do kind of get what you’re saying now. I just don’t agree with this limited way of applying the term. I do know what a backdoor is, yes.

          So: If you have a remote shell program like sshd, it can do what it does. There might be malicious code inside, there might not. But if we said specifically that it had a “backdoor,” that would mean that it can also accept arbitrary login requests (bypassing the normal authentication) for someone to log in and run arbitrary commands. That’s a backdoor. The code’s still running within the context of the terminal program, but what makes it a backdoor is that it’s doing it on demand from some remote user. Yes?

          If you had a social media program like Tiktok, it can do what it does. There might be malicious code inside, there might not. But if we said it had a “backdoor,” that would mean that it can also execute arbitrary code (bypassing the normal authentication of downloaded apps) for someone to run arbitrary code. That’s a backdoor. The code’s still running within the security context of the app, but what makes it a backdoor is that it’s doing it on demand from some remote user.

          There’s another related definition where “backdoor” means a secret way of escalating privileges, but that up above is the context where I’m using it, which is also consistent with Wikipedia’s definition. You’re free to not agree with my definitions, I don’t wanna argue any more than you do and I’m happy if you want to use the word however you want. But that’s how I see it.