CIA has waged 'secret campaign' to crack Apple's iOS security - report

Posted:
in iPhone edited March 2015
Classified documents released by whistleblower Edward Snowden reveal that the Central Intelligence Agency has been engaged in a multi-year coordinated effort to crack the security of Apple's iOS platform, which powers and protects the iPhone and iPad.




Details on the CIA's efforts apparently come from an annual, secret agency meeting dubbed "The Trusted Computing Base Jamboree," where the latest progress was apparently revealed. Documents from that meeting were obtained by Snowden, and then provided to The Intercept.

In it, researchers from the U.S. government's "Sandia National Laboratories" are revealed to have allegedly targeted security keys on iOS in an effort to crack the platform and obtain user data. The agency is said to have looked into both physical methods, where access to the device is required, as well as remote efforts.

As part of the CIA's work, the agency is said to have created a modified version of Apple's Xcode developer tools. By "whacking" this software, security researchers were allegedly able to "sneak surveillance backdoors into any apps or programs created using the tool."

It was said that the CIA's cracked version of Xcode could allow the agency to obtain passwords, messages and other information from an infected device. The "whacked" Xcode could also disable core security features on Apple devices.

The CIA's efforts have also apparently targeted Apple's OS X platform for the Mac, as the documents claim the agency has modified Apple's updater tool to install a "keylogger."




It's unclear just how successful the CIA has been at truly penetrating iOS devices in the wild, or exactly how its research has been applied. Law enforcement officials, including the FBI Director James Comey, have decried the fact that encrypted data on an iPhone or iPad is not accessible, which, in Comey's words, allows users to "place themselves above the law."

Unsurprisingly, the CIA's annual "Jamboree" meetings have also delved into the security of other popular platforms. In particular, the documents released by Snowden also show Microsoft's BitLocker encryption system has been a target of CIA researchers.

Snowden has claimed for years that the U.S. National Security Agency has the capability of deploying software implants on the iPhone that could provide remote access to information like SMS text messages, location data, and microphone audio. The whistleblower also said earlier this year that he refuses to use an iPhone over spying concerns.

Apple, for its part, has vehemently defended itself, saying it has not cooperated in any government spying efforts and that it places its users' privacy above all else. In a statement issued in 2013, the company said it uses its resources "to stay ahead of malicious hackers and defend our customers from security attacks, regardless of who's behind them."
«134567

Comments

  • Reply 1 of 130
    irelandireland Posts: 17,798member

    Jesus Christ what's going on with the human race. Those who are meaning to protect us are as bad as those who attack us. Fear, fear, fear fear.

     

    **** them.

  • Reply 2 of 130
    mike1mike1 Posts: 3,275member

    Just the same game of cat and mouse that's been going on for millenia.

  • Reply 3 of 130
    This Government can burn
  • Reply 4 of 130

    Why is Sandia National Laboratories in quotes? That's not a secret organization. 

  • Reply 5 of 130
    flabberflabber Posts: 100member

    I feel the same way… I mean, this isn't about catching criminals or extremists anymore. They clearly want to know everything from everybody (and their mom), without having to justify their way of going about it. To be honest, after everything Snowden has made public, and after Obama promised to change things regarding privacy, I'm starting to develop an intense distrust toward any government. There's just no good enough reason for any government or CIA-(type) of agency to spy on every citizen in the world. 99,99% haven't even done anything noteworthy to validate this kind of privacy breach, and of the 0,01% that actually hás done something, half of them are not stupid enough to use normal phones but rather use encrypted messaging services (in Holland we have a Blackphone, where éverything is encrypted from end-to-end for example).

     

    If the extremists aren't causing problems, it's our own government. Tax increasement anyone? I mean, the government has to get the funds to do this kind of shady business from somewhere don't they?

  • Reply 6 of 130
    macvictamacvicta Posts: 346member
    No surprise.
  • Reply 7 of 130
    Quote:

    Originally Posted by Lord Amhran View Post



    This Government can burn

    It didn't start under this government.

     

    That said, I do agree that the US government -- the executive, the judiciary, and most especially the Congress -- is on the verge of becoming this great country's greatest adversary.

  • Reply 8 of 130
    Above the law, no going through personal communications and individual devices without cause or warrant is "above the law" Some people seem to have selective memory when it comes to the oath they took stating they would uphold the constitution, it's not just when it's convenient for enforcement agencies. They seem to think they are the KGB and this is the USSR where everything you did was monitored, nothing was private, and laws were followed when they were convenient.
  • Reply 9 of 130
    irelandireland Posts: 17,798member
    Quote:

    Originally Posted by MacVicta View Post



    I see that selecting text in Safari is still a huge pain in the ass verging on impossible with iOS 8.2. "It just works."



    Wow, completely unrelated.

  • Reply 10 of 130
    sirozhasirozha Posts: 801member

    If the CIA cracks the encryption, some university professor in Stanford will invent a new encryption protocol that will be orders of magnitude more secure. This is an old game that spy agencies have been engaged in for centuries. It would be much more troubling if the FSB were working on cracking the AES based encryption, which I'm sure they are, because we would not know for many years if they have cracked it and continued utilizing it as though it were still uncracked. 

  • Reply 11 of 130
    MacProMacPro Posts: 19,718member
    ireland wrote: »

    Wow, completely unrelated.

    Obviously a CIA code cracker frustrated with his job... :D
  • Reply 12 of 130
    herbivoreherbivore Posts: 132member
    So, which developers are using the modified version of XCode. And how do we know if the malicious code with the backdoor has been installed in our devices? I might just have to purchase an iPhone and leave as is without installing any third party apps.
  • Reply 13 of 130
    analogjackanalogjack Posts: 1,073member

    I feel that Apple has the integrity and capacity to keep ahead of this game. 

  • Reply 14 of 130
    Quote:

    Originally Posted by flabber View Post

     

    I feel the same way… I mean, this isn't about catching criminals or extremists anymore. They clearly want to know everything from everybody (and their mom), without having to justify their way of going about it. 


     

    Clearly? What's the proof of that? The article certainly doesn't provide any evidence that the interest in cracking iOS security is not national security related. People need to abandon the conflation and focus on actual proof of abuse. Do you think a hacker that tries to crack security is definitely guilty of trying to do something nefarious without proof?

  • Reply 15 of 130
    lkrupplkrupp Posts: 10,557member
    Quote:

    Originally Posted by Lord Amhran View Post



    This Government can burn



    And then what? Will YOU be in the ruling class after the government burns?

  • Reply 16 of 130
    MacProMacPro Posts: 19,718member
    analogjack wrote: »
    I feel that Apple has the integrity and capacity to keep ahead of this game. 

    Perhaps the US military and Government agencies should be using OS X and iOS exclusively then there might be less of this type of story: http://www.washingtontimes.com/news/2014/mar/13/f-35-secrets-now-showing-chinas-stealth-fighter/?page=all
  • Reply 17 of 130
    flabberflabber Posts: 100member
    Quote:

    Originally Posted by foregoneconclusion View Post

     

     

    Clearly? What's the proof of that? The article certainly doesn't provide any evidence that the interest in cracking iOS security is not national security related. People need to abandon the conflation and focus on actual proof of abuse. Do you think a hacker that tries to crack security is definitely guilty of trying to do something nefarious without proof?


     

    Where's the proof that it's not? There just isn't any good reason to go this far, júst for a póssible chance to catch a part of the 0,01% that we call extremists. And this is not some hacker doing some hacking to prove that a company needs to put more work into making it's software more secure. It's a government agency that's deliberately hacking company's products in order to spy on it's citizens. There has never been any proof that doing these things will make any noticeable difference, or that it will result in a noticeable safer environment. They will always be too late since there are always nutcases who don't use phones, but a deep fryer converted to a bomb for example. 

  • Reply 18 of 130
    lkrupplkrupp Posts: 10,557member
    Quote:
    Originally Posted by flabber View Post

     

    I'm starting to develop an intense distrust toward any government. 


     

    Good for you. You should never have trusted the government in the first place. The U.S. founding fathers didn’t trust government either. That’s why the Bill of Rights is in the Constitution. Government should be treated as a sort of necessary evil to be kept on a tight leash. But that’s not how it has evolved since 1776. Today there are millions upon millions of citizens whose very existence is dependent on the government and some say that’s just dandy and what government is supposed to do. No it’s not.

     

    It’s pretty much too late for us now. All this outrage over privacy and government snooping will NOT translate into ANYTHING at the ballot box. The same actors will be re-elected. Why? Because too many of us are beholding to that same government for food, housing, jobs, education. We are not the same “people” we were 200 years ago. We are no longer self-sufficient, we are no longer industrious, we are no longer independent. We are now the slaves to the government we swore we would never be.

     

    So go ahead and rage, complain, decry the evil government, anonymously on the Internet. Then turn around and gleefully accept your government benefits and demand even more of them. 

     

    The government doesn’t care how many guns we have in our homes. They don’t need to. They have us right where they want us, totally dependent on them for survival. 

  • Reply 19 of 130
    xixoxixo Posts: 450member
    lkrupp wrote: »

    And then what? Will YOU be in the ruling class after the government burns?

    You're dreaming if you think you're currently in the ruling class.

    Let's see if they can "hack" a pitchfork.
  • Reply 20 of 130
    isteelersisteelers Posts: 738member
    It didn't start under this government.

    That said, I do agree that the US government -- the executive, the judiciary, and most especially the Congress -- is on the verge of becoming this great country's greatest adversary.

    No it didn't start under this government, but it gets progressively worse with each administration. And it will never stop. Governments will never pass new laws that give them less power.
Sign In or Register to comment.