USCC, Nokia and Apple respond to backdoor allegations

tl;dr: "No comment. But we don't provide backdoor access." --Apple & Nokia.

On the 6th of this month I wrote about a catastrophic geopolitical mess in the making. Documents uncovered during a successful hack of the India Military servers allegedly claimed RIM, Nokia and Apple had provided the Indian Military with backdoor access to cellular communication over their devices in exchange for presence in the Indian market. A little background on the developments:

  • Hacker group Lords of Dharamraja claims to have hacked Indian Military servers
  • LoD says they accessed Norton's source code on the servers (quite likely an escrow account)
  • Symantec acknowledges their source code might be compromised via a 3rd party source
  • Alleged documents from the Indian Military containing communications between members of the USCC surface on the web

It was this set of documents that mentioned the existence of a backdoor surveillance system built with help from RIM, Nokia and Apple. It took the web a while but the story slowly got picked up by several news outlets. Reuters and India's leading newspaper Times of India reached out to the parties involved and here are the responses:

USCC spokesman Jonathan Weston to Reuters:

We are aware of these reports and have contacted relevant authorities to investigate the matter. We are unable to make further comments at this time

He has not denied the emails, something that Reuters has pointed out as too. It's only fair that USCC takes some time to verify internally. (I did a quick web search for the USCC members named in the documents and they checked out as members of the USCC.)

Corporate Communications Senior Director at Apple, Alan Hely told Times of India:

[...] But I can deny that backdoor access was provided [...]

Nokia:

The company takes the privacy of customers and their data seriously and is committed to comply with all applicable data protection and privacy laws.

RIM made no comment, much like representatives of Apple and Nokia who avoided commenting on this particular incident. I was not expecting anything different as a response from these companies. While the chances of Nokia and RIM providing some sort of access to security agencies is plausible, it is the mention of Apple in the documents that has me skeptical.