or Connect
AppleInsider › Forums › Mobile › iPhone › British spy agency said to target Apple's iPhone with remote surveillance exploit kit
New Posts  All Forums:Forum Nav:

British spy agency said to target Apple's iPhone with remote surveillance exploit kit

post #1 of 46
Thread Starter 
The U.K.'s Government Communications Headquarters has reportedly developed a set of iPhone exploits that can turn Apple's handsets into live, remotely-accessible microphones and GPS trackers, according to new documents from NSA leaker Edward Snowden.

GCHQ Warrior Pride
Source: The Guardian


Slides from a top-secret 2010 presentation published by The Guardian provide a brief glimpse into the capabilities of GCHQ's so-called "Warrior Pride" spy kit, which gives the agency wide-ranging access to infected devices. The revelation comes amidst reports that both GCHQ and the NSA are scouring data transmitted over the internet from smartphone apps such as Google Maps and Twitter to glean personally-identifiable information like age, location, and even sexual orientation.

Warrior Pride is said to come with several plugins --?named as characters from the animated series "The Smurfs" --? which allow agents to control various device systems.

"Dreamy Smurf" allows a device that is seemingly powered down to be covertly activated, "Nosey Smurf" enables eavesdropping via the device's microphone, and "Tracker Smurf" provides high-precision location data. Yet another plugin, "Paranoid Smurf," provides self-protection capabilities for the toolkit.

A fifth plugin -- dubbed "Porus" --?is referred to as providing "kernel stealth" capabilities. This could mean that the spyware is embedded in a manner similar to a rootkit, and might re-install itself automatically after being wiped.

In addition, the slide touts GCHQ's ability to retrieve content like SMS, e-mail, videos, photos, and web history from the device. "If its [sic] on the phone, we can get it," the slide reads.

It is unclear whether the installation of the toolkit requires physical access to a device, as a similar NSA program outed late last year did. It does appear that the GCHQ version is further along --?the slide says Warrior Pride has been ported to the iPhone, while it has yet to be confirmed whether the NSA's variant ever moved past the contemplative stage.
post #2 of 46
FTW
post #3 of 46
So we are talking iOS 3 exploits here?
post #4 of 46
Before the arguments over whose ecosystem is more secure even starts it's plain none truly are. Spying on iOS looks to be just as easy as spying on Android or Blackberry or desktops systems.

Instead of wasting time trying to make this platform look worse than that platform, or claiming this one isn't as leaky at another we should be discussing what should or can be done to minimize it altogether. The spying and data collection hits every OS equally, and apparently none are currently immune.

Even more concerning and not necessarily related to the NSA: When simply uploading a photo allows location data to be harvested, venues identified, faces matched to names, friends and acquaintances associated with your profile, personal interests revealed, then perhaps it's time to step back a bit and look at what we're really doing to ourselves.
Edited by Gatorguy - 1/28/14 at 5:43am
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #5 of 46
Quote:
Originally Posted by Steven N. View Post

So we are talking iOS 3 exploits here?

Not likely. Instead they've almost assuredly improved their spying capabilities several times over in the 5 years since.
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #6 of 46
Agency development of these kinds of targeted tools is neither surprising nor nearly as much concern as indiscriminate, widespread data collection. It's their job to have tools available for covert surveillance. The issue is whether they follow legal process in deploying them, and whether said process is reasonable and, in countries that have such a thing, constitutional.
post #7 of 46
Quote:
Originally Posted by Gatorguy View Post


Not likely.

Actually, it is likely. This doc is from 2010. That's too long ago. Back then, you could jailbreak your phone by visiting a web page. A lot of these holes have been filled since then. It's likely that very little (if any) of these exploits still work on devices running iOS 7.

post #8 of 46
What cracks my nut is this part: "Slides from a top-secret 2010 presentation published by The Guardian... "

Well if it was that top secret IMHO it will not leak or let alone publish in The Guardian or whatever newspaper.

Having said that, i don't want to discredit the validity of the article, because i know for sure that if a secret agency wants to get into your phone, house, car etc...with all their resources for sure they will succeed. So no worries! %uD83D%uDE03
post #9 of 46
Quote:
Originally Posted by Gatorguy View Post

Quote:
Originally Posted by Steven N. View Post

So we are talking iOS 3 exploits here?

Not likely. Instead they've almost assuredly improved their spying capabilities several times over in the 5 years since.

I don't see the basis for that comment. One could equally say that Apple has almost assuredly improved iOS security in the five years since. And similarly for other operating systems too. We have no way of knowing the current state of this contest.
post #10 of 46
Sooner or later people will come out of denial and will understand that these reports are WAY understated and only a small part of the overall story. Every smartphone in the world, especially the iPhone, can be invisibly hacked and can be used to spy on the owner.

I know how badly some of you want to trust Apple, and even crazier, want to trust the gov, but that's not the real world.
post #11 of 46
Quote:
Originally Posted by Gustav View Post

Actually, it is likely. This doc is from 2010. That's too long ago. Back then, you could jailbreak your phone by visiting a web page. A lot of these holes have been filled since then. It's likely that very little (if any) of these exploits still work on devices running iOS 7.

Unless Apple, Google, MS and other OS providers were aware of the NSA spying and all the ways it was being accomplished I personally think it's ridiculous to assume that the holes they were using are all closed by happenstance. We're just now becoming aware of how pervasive it is, with both Apple and Google claiming they had no idea themselves.
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #12 of 46
Imagine being Snowden, some of the most powerful covert dangerous spies on earth hate you. F"%k that
post #13 of 46
Quote:
Originally Posted by pmz View Post

Sooner or later people will come out of denial and will understand that these reports are WAY understated and only a small part of the overall story. Every smartphone in the world, especially the iPhone, can be invisibly hacked and can be used to spy on the owner.

I know how badly some of you want to trust Apple, and even crazier, want to trust the gov, but that's not the real world.

Random, paranoid assertions. It would be better to stick to the known facts, even though they are somewhat sparse, rather than inventing your own.
post #14 of 46
Quote:
Originally Posted by AndreiD View Post

What cracks my nut is this part: "Slides from a top-secret 2010 presentation published by The Guardian... "

Well if it was that top secret IMHO it will not leak or let alone publish in The Guardian or whatever newspaper.

 

I seriously doubt that anyone outside of the organization to which the document was intentional provided cares whether or not it is stamped "Top Secret" or not. In fact, such a designation is much like any law prohibiting a given action or behavior - it does not change the actions of the person who does not want to violate it and only provides for punitive measures for those who do. The secret is only maintained so long as all those who receive the information agree to keep the secret - and in this case - only those who agreed to keep the secret are directly affected by the punitive measures against revealing the secret. The newspaper never agreed with anyone to distinguish between secret, top secret, non-secret, and Victoria's Secret - meaning that any punitive measures against the newspaper would have to be for violation of other laws and not directly for not maintaining a secret to which they never agreed in the first place. 

post #15 of 46
Quote:
Originally Posted by lilgto64 View Post
 

 

I seriously doubt that anyone outside of the organization to which the document was intentional provided cares whether or not it is stamped "Top Secret" or not. In fact, such a designation is much like any law prohibiting a given action or behavior - it does not change the actions of the person who does not want to violate it and only provides for punitive measures for those who do. The secret is only maintained so long as all those who receive the information agree to keep the secret - and in this case - only those who agreed to keep the secret are directly affected by the punitive measures against revealing the secret. The newspaper never agreed with anyone to distinguish between secret, top secret, non-secret, and Victoria's Secret - meaning that any punitive measures against the newspaper would have to be for violation of other laws and not directly for not maintaining a secret to which they never agreed in the first place. 

Hmm...i think you're splitting hairs right now. Even so, you missed my point: If a secret agency has a very very important SECRET (let's say the Vatican has in it's archives the Vault of Heaven) or whatever important artifact or document, then for sure they will keep it secret, safe and out of reach from population. They simply have the power to do so. 

 

My 02 :)

post #16 of 46
Quote:
Originally Posted by AndreiD View Post

Quote:
Originally Posted by lilgto64 View Post

 

I seriously doubt that anyone outside of the organization to which the document was intentional provided cares whether or not it is stamped "Top Secret" or not. In fact, such a designation is much like any law prohibiting a given action or behavior - it does not change the actions of the person who does not want to violate it and only provides for punitive measures for those who do. The secret is only maintained so long as all those who receive the information agree to keep the secret - and in this case - only those who agreed to keep the secret are directly affected by the punitive measures against revealing the secret. The newspaper never agreed with anyone to distinguish between secret, top secret, non-secret, and Victoria's Secret - meaning that any punitive measures against the newspaper would have to be for violation of other laws and not directly for not maintaining a secret to which they never agreed in the first place. 
Hmm...i think you're splitting hairs right now. Even so, you missed my point: If a secret agency has a very very important SECRET (let's say the Vatican has in it's archives the Vault of Heaven) or whatever important artifact or document, then for sure they will keep it secret, safe and out of reach from population. They simply have the power to do so. 

My 02 1smile.gif

It depends. The problem of protecting classified information goes up with quantity and access. It's impossible to guarantee the competence and loyalty of everyone with access, and history is littered with examples of leaks, both deliberate and inadvertent.
post #17 of 46
Rovio, one of the app providers mentioned in yesterdays' report has issued a statement, a portion of it sayin:

"The alleged surveillance may be conducted through third party advertising networks used by millions of commercial web sites and mobile applications across all industries. If advertising networks are indeed targeted, it would appear that no internet-enabled device that visits ad-enabled web sites or uses ad-enabled applications is immune to such surveillance. Rovio does not allow any third party network to use or hand over personal end-user data from Rovio’s apps."
http://www.rovio.com/en/news/press-releases/450/rovio-does-not-provide-end-user-data-to-government-surveillance-agencies/

FWIW Millennial Media has been mentioned in connection with the story. In an unusually timed announcement yesterday their CEO and founder tendered his resignation, effective immediately.
http://articles.baltimoresun.com/2014-01-27/business/bs-bz-millennial-media-palmieri-20140127_1_ceo-paul-palmieri-millennial-media-jumptap

EDIT: In the 23 different tracking ad providers working in AppleInsider at the moment I don't see Millennial Media.
Edited by Gatorguy - 1/28/14 at 6:41am
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #18 of 46
Quote:
Originally Posted by AndreiD View Post
 

Hmm...i think you're splitting hairs right now. Even so, you missed my point: If a secret agency has a very very important SECRET (let's say the Vatican has in it's archives the Vault of Heaven) or whatever important artifact or document, then for sure they will keep it secret, safe and out of reach from population. They simply have the power to do so. 

 

My 02 :)

 

Quote:
Originally Posted by muppetry View Post


It depends. The problem of protecting classified information goes up with quantity and access. It's impossible to guarantee the competence and loyalty of everyone with access, and history is littered with examples of leaks, both deliberate and inadvertent.

 

That was my point - "the power" that you refer to is only as effective as the weakest link in the group of human beings who are entrusted with that responsibility. The fact that it is designated a secret has no power in and of itself but rather only has power provided that any and all individuals who have or are given access agree that the secret should be maintained. So it is in the best interest of the organization to do everything they can to ensure that the people and policies and security measures in place to guard that secret are commensurate with the importance of that secret. 

Since the newspaper journalist, editor, etc never agreed to abide by any designation of secrecy on any military document then it is not a contradiction of any sort for them to publish a document marked as such. Depending on the nature of the secret and the impact or effect it might have on the population or safety of troops etc should provide some guidance to the news organization to make a decision as to whether or not sharing such information is a wise thing to do and whether or not there is any value in making such information public. 

In a world where we criticize the media for hiding the truth or flat out lying it can be good to see the truth the whole truth and nothing but the truth come out. On the other hand - I don't think every secret but of info should be made public. 

Even when you talk about something like the stealth aircraft in the US military - as cool as they are to know about I do wonder if their full effectiveness is diminished by no longer being as secret as they once were. Although some details such as the true max speed of the SR71 Blackbird are still classified, it seems to me that if less info was available that they could be more effective. Then again, basing your mission profiles on what you think is still secret from the opposing force is risky. 

post #19 of 46
Quote:
Originally Posted by AndreiD View Post
 

Hmm...i think you're splitting hairs right now. Even so, you missed my point: If a secret agency has a very very important SECRET (let's say the Vatican has in it's archives the Vault of Heaven) or whatever important artifact or document, then for sure they will keep it secret, safe and out of reach from population. They simply have the power to do so. 

 

My 02 :)

Like how the NSA has kept its secrets out of the public eye?

post #20 of 46
Quote:
Originally Posted by lilgto64 View Post
 
Quote:
Originally Posted by AndreiD View Post
 

Hmm...i think you're splitting hairs right now. Even so, you missed my point: If a secret agency has a very very important SECRET (let's say the Vatican has in it's archives the Vault of Heaven) or whatever important artifact or document, then for sure they will keep it secret, safe and out of reach from population. They simply have the power to do so. 

 

My 02 :)

 

Quote:
Originally Posted by muppetry View Post


It depends. The problem of protecting classified information goes up with quantity and access. It's impossible to guarantee the competence and loyalty of everyone with access, and history is littered with examples of leaks, both deliberate and inadvertent.

 

That was my point - "the power" that you refer to is only as effective as the weakest link in the group of human beings who are entrusted with that responsibility. The fact that it is designated a secret has no power in and of itself but rather only has power provided that any and all individuals who have or are given access agree that the secret should be maintained. So it is in the best interest of the organization to do everything they can to ensure that the people and policies and security measures in place to guard that secret are commensurate with the importance of that secret. 

Since the newspaper journalist, editor, etc never agreed to abide by any designation of secrecy on any military document then it is not a contradiction of any sort for them to publish a document marked as such. Depending on the nature of the secret and the impact or effect it might have on the population or safety of troops etc should provide some guidance to the news organization to make a decision as to whether or not sharing such information is a wise thing to do and whether or not there is any value in making such information public. 

In a world where we criticize the media for hiding the truth or flat out lying it can be good to see the truth the whole truth and nothing but the truth come out. On the other hand - I don't think every secret but of info should be made public. 

Even when you talk about something like the stealth aircraft in the US military - as cool as they are to know about I do wonder if their full effectiveness is diminished by no longer being as secret as they once were. Although some details such as the true max speed of the SR71 Blackbird are still classified, it seems to me that if less info was available that they could be more effective. Then again, basing your mission profiles on what you think is still secret from the opposing force is risky. 

 

I don' t disagree with your comments, but on that general subject it's important to keep in mind the distinction between classification to prevent others from obtaining or duplicating acknowledged capabilities, and classification to hide unacknowledged capabilities in order to protect mission. Different considerations apply.

post #21 of 46
Quote:
Originally Posted by Gatorguy View Post

Before the arguments over whose ecosystem is more secure even starts it's plain none truly are. Spying on iOS looks to be just as easy as spying on Android or Blackberry or desktops systems.

Instead of wasting time trying to make this platform look worse than that platform, or claiming this one isn't as leaky at another we should be discussing what should or can be done to minimize it altogether. The spying and data collection hits every OS equally, and apparently none are currently immune.

Even more concerning and not necessarily related to the NSA: When simply uploading a photo allows location data to be harvested, venues identified, faces matched to names, friends and acquaintances associated with your profile, personal interests revealed, then perhaps it's time to step back a bit and look at what we're really doing to ourselves.

Very intelligent and levelheaded comment. I agree.
post #22 of 46
Quote:
Originally Posted by pmz View Post

Sooner or later people will come out of denial and will understand that these reports are WAY understated and only a small part of the overall story. Every smartphone in the world, especially the iPhone, can be invisibly hacked and can be used to spy on the owner.

I know how badly some of you want to trust Apple, and even crazier, want to trust the gov, but that's not the real world.

The report is outdated. These remote exploits are all possible with jailbreaks and open source software. In 2010, iOS had a remote PDF jailbreak exploit that was fixed.

Since then, iOS and Mac security have beefed up significantly. It's now sandboxes everywhere compared to 2010. It will continue to be a cat and mouse game as Apple rewrite their software frequently.

But the NSA is resourceful. If they can't do it remotely, they will try to gain physical access to your devices. It doesn't have to be a phone. They can pick the easier ones to start.

If they can't get to your devices, they will try to sieve the network traffic, or target the servers at the same time.
Edited by patsu - 1/28/14 at 7:44am
post #23 of 46
Quote:
Originally Posted by Gatorguy View Post

Rovio, one of the app providers mentioned in yesterdays' report has issued a statement, a portion of it sayin:

"The alleged surveillance may be conducted through third party advertising networks used by millions of commercial web sites and mobile applications across all industries. If advertising networks are indeed targeted, it would appear that no internet-enabled device that visits ad-enabled web sites or uses ad-enabled applications is immune to such surveillance. Rovio does not allow any third party network to use or hand over personal end-user data from Rovio’s apps."
http://www.rovio.com/en/news/press-releases/450/rovio-does-not-provide-end-user-data-to-government-surveillance-agencies/

FWIW Millennial Media has been mentioned in connection with the story. In an unusually timed announcement yesterday their CEO and founder tendered his resignation, effective immediately.
http://articles.baltimoresun.com/2014-01-27/business/bs-bz-millennial-media-palmieri-20140127_1_ceo-paul-palmieri-millennial-media-jumptap

EDIT: In the 23 different tracking ad providers working in AppleInsider at the moment I don't see Millennial Media.

Those are different mechanism altogether from the jailbreak, rootkit type exploit.

They are more like user tracking in popular social networks today. Users are already volunteering a lot of location, preferences and relationship data to feed their favorite services. They only need to intercept the network and servers to get more info.

If the users sets the preferences to stop cookie or any form of tracking, the OS, app and service providers have to stop doing so.
post #24 of 46
Quote:
Originally Posted by patsu View Post


If the users sets the preferences to stop cookie or any form of tracking, the OS, app and service providers have to stop doing so.

Why? At least in the US it's not illegal to ignore "Do Not Track" and many do.
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #25 of 46
Quote:
Originally Posted by Gatorguy View Post

Why? At least in the US it's not illegal to ignore "Do Not Track" and many do.

Ah, then it is piece of cake for NSA to track you. ^_^

They don't even need to jailbreak your phone to track your activities online. Everything has been harvested by the ads people on the server side. And big and small companies share data between each other.
post #26 of 46
Three year old doc which means that it may have been invalidated by iOS 5 etc.

And likely requires either physical access to a non passcoded device. Or for said device to be jailbroken to allow for side loading and the user to install the exploit themselves through some kind of Trojan horse move.

A non tech's thoughts on Apple stuff 

(She's family so I'm a little biased)

Reply

A non tech's thoughts on Apple stuff 

(She's family so I'm a little biased)

Reply
post #27 of 46
Quote:
Originally Posted by Gatorguy View Post

Unless Apple, Google, MS and other OS providers were aware of the NSA spying and all the ways it was being accomplished I personally think it's ridiculous to assume that the holes they were using are all closed by happenstance. We're just now becoming aware of how pervasive it is, with both Apple and Google claiming they had no idea themselves.

Any sort of exploit in iOS that the NSA etc might use are the same sort of thing that jailbreak developers might use. So no it wouldn't be happenstance so much as Apple trying to cure rabies and 'accidentally' cured cancer as well

A non tech's thoughts on Apple stuff 

(She's family so I'm a little biased)

Reply

A non tech's thoughts on Apple stuff 

(She's family so I'm a little biased)

Reply
post #28 of 46
Those 'always on' connected location services rather than more standard Airplane mode GPS services are no Secret Service.
Those added beacons mean location services are ultra important to the future of Apple, secret or no secret services.

I'm still sort of waiting to see a cursing email when Apple truncated that user lifetime location database on the iPhone.
post #29 of 46
Well this can't be right. Everyone knows that the US is the only country that ever spies on anyone and that they've only been doing it for the last couple of years.
post #30 of 46
Quote:
Originally Posted by patsu View Post

Ah, then it is piece of cake for NSA to track you. ^_^

They don't even need to jailbreak your phone to track your activities online. Everything has been harvested by the ads people on the server side. And big and small companies share data between each other.

Yup, a lotta sharing going on. You're getting there.
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #31 of 46
Originally Posted by AppleInsider View Post
GCHQ Warrior Pride

 

I’d forgotten how butt-wipingly ugly a presentation slide could be. Someone needs to splurge and pay the $20 for Keynote.

post #32 of 46

Apple and Samsung may have vastly improved the security on their devices.  But how secure are the facilities when phone components are designed, manufactured, or assembled?  These have to be tempting targets.  What's to stop an Apple (or a contractor) engineer, who's really a covert agent, from compromising the chip, ROM, or something?  Or compromising core software at the source where its written?  I don't think it would be difficult for a major intelligence agency to infiltrate any tech company they've targeted.  Especially with so much to gain.  We already know the NSA has actively tried to compromise encryption standards (and who knows what else) - right at the source.  Going to the source may be the emerging strategy.

post #33 of 46

In 5 years when we find out that NSA and GCHQ had remote access to IOS-7 all along, we won't care because we'll all believe that IOS-9 is leaps and bounds ahead of  IOS-7 in terms of security.

post #34 of 46
Quote:
Originally Posted by Apres587 View Post
 

Apple and Samsung may have vastly improved the security on their devices.  But how secure are the facilities when phone components are designed, manufactured, or assembled?  These have to be tempting targets.  What's to stop an Apple (or a contractor) engineer, who's really a covert agent, from compromising the chip, ROM, or something?  Or compromising core software at the source where its written?  I don't think it would be difficult for a major intelligence agency to infiltrate any tech company they've targeted.  Especially with so much to gain.  We already know the NSA has actively tried to compromise encryption standards (and who knows what else) - right at the source.  Going to the source may be the emerging strategy.

 

Welp, what's to stop tainted components in your router, PC and [drum roll~] servers ?

[EDIT: Incidentally, this is why I'm very curious about a US designed and built Mac Pro]

 

If you want to look at human vulnerability, it won't be just Samsung and Apple. People running Google, Microsoft, Amazon, Facebook, etc. services can be tempted, fooled or threatened too. There are even richer user data in those environments, nicely analyzed and profiled.

 

Snowden himself is a great example of an inside "threat".

 

Quote:
Originally Posted by patpatpat View Post
 

In 5 years when we find out that NSA and GCHQ had remote access to IOS-7 all along, we won't care because we'll all believe that IOS-9 is leaps and bounds ahead of  IOS-7 in terms of security.


It's always a cat and mouse game. In a connected world, when there are easier ways to get the same data, then NSA or the bad guys will go there first.

 

If Apple do it right, iOS9 should indeed be ahead of iOS7. I doubt they will throw their hands up. Doesn't make sense.


Edited by patsu - 1/28/14 at 10:00am
post #35 of 46
Quote:
Originally Posted by Gatorguy View Post

Unless Apple, Google, MS and other OS providers were aware of the NSA spying and all the ways it was being accomplished I personally think it's ridiculous to assume that the holes they were using are all closed by happenstance. We're just now becoming aware of how pervasive it is, with both Apple and Google claiming they had no idea themselves.

Who said anything about happenstance? It's not like tha NSA has secret exploits that no other hacker can figure out for themselves. In four years there has been numerous security fixes, architectural changes, and OS updates. And there are audits going on constantly. I'd be amazed if any of toes exploits still worked, and it's getting harder and harder to find new ones.
Quote:
Originally Posted by Apres587 View Post

Apple and Samsung may have vastly improved the security on their devices.  But how secure are the facilities when phone components are designed, manufactured, or assembled?  These have to be tempting targets.  What's to stop an Apple (or a contractor) engineer, who's really a covert agent, from compromising the chip, ROM, or something?  Or compromising core software at the source where its written?  I don't think it would be difficult for a major intelligence agency to infiltrate any tech company they've targeted.  Especially with so much to gain.  We already know the NSA has actively tried to compromise encryption standards (and who knows what else) - right at the source.  Going to the source may be the emerging strategy.

While such scenarios are possible, source code is audited, as are chip designs. One would have to place a lot of covert agents in a lot of key positions for this to be plausible.
post #36 of 46
Quote:
Originally Posted by Gatorguy View Post

Not likely. Instead they've almost assuredly improved their spying capabilities several times over in the 5 years since.

It is 100% likely. This is from 2010. So we are talking iOS 3 or so for the exploits in this slide.
post #37 of 46
Quote:
Originally Posted by Gatorguy View Post

Unless Apple, Google, MS and other OS providers were aware of the NSA spying and all the ways it was being accomplished I personally think it's ridiculous to assume that the holes they were using are all closed by happenstance. We're just now becoming aware of how pervasive it is, with both Apple and Google claiming they had no idea themselves.

All of these companies were quite aware of holes in their OS by the hundreds of exploits (root kits and jailbreaks) presented by hackers. There is little doubt the NSA uses the same basic exploits and must find new ones every time Apple and Google close a hole. And yes, many exploits can be closed by happenstance.
post #38 of 46
Quote:
Originally Posted by patpatpat View Post
 

In 5 years when we find out that NSA and GCHQ had remote access to IOS-7 all along, we won't care because we'll all believe that IOS-9 is leaps and bounds ahead of  IOS-7 in terms of security.

 

While I agree with what you're getting at, there isn't much need for the NSA to backdoor iOS 7.  Apple is already on board with the PRISM program and willingly hands over information.

post #39 of 46
Quote:
Originally Posted by patsu View Post


The report is outdated. These remote exploits are all possible with jailbreaks and open source software. In 2010, iOS had a remote PDF jailbreak exploit that was fixed.

Since then, iOS and Mac security have beefed up significantly. It's now sandboxes everywhere compared to 2010. It will continue to be a cat and mouse game as Apple rewrite their software frequently.

But the NSA is resourceful. If they can't do it remotely, they will try to gain physical access to your devices. It doesn't have to be a phone. They can pick the easier ones to start.

If they can't get to your devices, they will try to sieve the network traffic, or target the servers at the same time.

 

Another point, how is that Snowdon did't and couldn't release the latest spying activities through exploits on the smartphones. 

 

Whatever he had released are dated years back and nothing current.

post #40 of 46
Quote:
Originally Posted by AdamC View Post

Another point, how is that Snowdon did't and couldn't release the latest spying activities through exploits on the smartphones. 

Whatever he had released are dated years back and nothing current.

I don't think we know if he can't or instead just hasn't. . . yet. The information has been trickling out for weeks now. I'm guessing we haven't seen nearly all of it with much more to come.
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: iPhone
  • British spy agency said to target Apple's iPhone with remote surveillance exploit kit
AppleInsider › Forums › Mobile › iPhone › British spy agency said to target Apple's iPhone with remote surveillance exploit kit