Apple says it was unaware of NSA's iPhone spying, vows to defend customers' privacy

Posted:
in iPhone edited January 2014
Apple on Tuesday reacted to news that the U.S. National Security Agency has worked on iPhone spyware to remotely monitor users, saying it has not cooperated with the agency on such projects and was not previously aware of those attempts.

DROUPOUTJEEP
Section of leaked DROUPOUTJEEP document. (Click for full page) | Source: Der Spiegel


In an official company statement provided to AllThingsD, Apple vowed to use its resources "to stay ahead of malicious hackers and defend our customers from security attacks, regardless of who's behind them." The statement came after new documents showed the NSA has the capability of deploying software implants on the iPhone to grant access to onboard assets such as text messages, location data, and even microphone audio.

While Apple was previously unaware of the NSA's spyware, the company said it's constantly working to make its products more secure. The iPhone maker said that any reports about potential security issues on its products prompt Apple to "thoroughly investigate and take appropriate steps" in order to protect its customers.

The statement also declared Apple's product security as "industry-leading," and boasted that great effort is placed on making it easy for customers to be able to easily keep their software up to date. To that end, the most recent data from Apple shows that 78 percent of iPhone, iPad and iPod touch users are using iOS 7, the company's latest mobile operating system.

The leaked documents reveal that the NSA's iPhone-targeting spyware program is called "DROPOUTJEEP," and it began in 2008. Capabilities of the software include the interception of SMS text messages, access to onboard data, microphone activation, and approximate positioning via cell tower location.

The NSA boasts a 100 percent success rate in implanting its spyware on iOS devices, but the leaked documents suggest that physical contact with a target phone is required to implant the software.

Apple's full statement in response is included below.
Apple has never worked with the NSA to create a backdoor in any of our products, including iPhone. Additionally, we have been unaware of this alleged NSA program targeting our products. We care deeply about our customers' privacy and security. Our team is continuously working to make our products even more secure, and we make it easy for customers to keep their software up to date with the latest advancements. Whenever we hear about attempts to undermine Apple's industry-leading security, we thoroughly investigate and take appropriate steps to protect our customers. We will continue to use our resources to stay ahead of malicious hackers and defend our customers from security attacks, regardless of who's behind them.
«1345

Comments

  • Reply 1 of 84
    muppetrymuppetry Posts: 3,331member

    As has been pointed out many times, it's not surprising, not an indication of poor security on the iOS, and not evidence of collusion by Apple that it was, and probably still is, possible to install spyware on an iPhone if one has physical access.

  • Reply 2 of 84
    So the NSA created spyware - like a keylogger on a desktop computer - which must be hacked into the iPhone. This means the iPhone has to be jailbroken by the NSA first before installation of the spyware.

    Luckily, the NSA needs physical contact with the iPhone to do this. It doesn't have a virus that can attach itself to the iPhone.
  • Reply 3 of 84
    We know nothing, yeah...

    It reminds me of our president, he knew nothing as well about NSA spying, no clue about IRS targeting groups, learned about Benghazi from the news...
  • Reply 4 of 84
    Man, is the NSA stuff so advanced that none of the industry-leading security advocates can see this stuff at work in the wild? Not even Charlie Miller can sniff out this stuff? It seems he would've encountered some strange process/app/utility running somewhere during one of his scans of iPhones/iPads at work, to the point that it would've aroused his curiosity.

    But, again, maybe the NSA stuff is so ahead of its time that not even top security researchers can "see" it.

    Scary.
  • Reply 5 of 84
    muppetrymuppetry Posts: 3,331member
    Quote:

    Originally Posted by gabberattack View Post



    We know nothing, yeah...



    It reminds me of our president, he knew nothing as well about NSA spying, no clue about IRS targeting groups, learned about Benghazi from the news...

     

    I suggest that you take your political rants to AppleOutsider, where they belong.

  • Reply 6 of 84
    We know nothing, yeah...

    It reminds me of our president, he knew nothing as well about NSA spying, no clue about IRS targeting groups, learned about Benghazi from the news...

    Well I don't necessarily agree with your quote above, but this administration certainly didn't know much about IT project management & web application development...
  • Reply 7 of 84

    I see Apple Insider has driven into the hell pit of greed via advertisements :(

  • Reply 8 of 84
    There has been NSA code all though out iOS from the start. It goes back through all OS X and even Nextstep. There is the NSA's rray, lert, nimation and many more. Most of the code seems be one sort of National Security something or other.
  • Reply 9 of 84
    I see Apple Insider has driven into the hell pit of greed via advertisements :(

    Someone has to pay for this site.
  • Reply 10 of 84
    gatorguygatorguy Posts: 24,176member
    jameskatt2 wrote: »
    So the NSA created spyware - like a keylogger on a desktop computer - which must be hacked into the iPhone. This means the iPhone has to be jailbroken by the NSA first before installation of the spyware.

    Luckily, the NSA needs physical contact with the iPhone to do this. It doesn't have a virus that can attach itself to the iPhone.

    What you've seen mentioned so far are the capabilities they had 5 years ago. I imagine they've greatly improved their techniques :\ over the past few years. If they still need physical access to plant NSA spyware I'd be a little surprised.
  • Reply 11 of 84
    Aren't these revelations from Der Spiegel also derived from the Snowden leaks? If so, Snowden himself, or Glen Greenwald should be able to confirm.

    Ah, yes... Confirmation. It all derives from Snowden: http://en.m.wikipedia.org/wiki/Global_surveillance_disclosure

    These news organizations must be analyzing these 2.5 million documents in a piecemeal, coordinated way.
  • Reply 12 of 84
    muppetrymuppetry Posts: 3,331member
    Quote:

    Originally Posted by Gatorguy View Post

     
    Quote:

    Originally Posted by jameskatt2 View Post



    So the NSA created spyware - like a keylogger on a desktop computer - which must be hacked into the iPhone. This means the iPhone has to be jailbroken by the NSA first before installation of the spyware.



    Luckily, the NSA needs physical contact with the iPhone to do this. It doesn't have a virus that can attach itself to the iPhone.




    What you've seen mentioned so far are the capabilities they had 5 years ago. I imagine they've greatly improved their techniques image over the past few years. If they still need physical access to plant NSA spyware I'd be a little surprised.

     

    Obviously it can't be ruled out, but going from an established capability (inserting code with physical access) to inserting code without physical access, on any reasonably secure operating system, is more than just improved technique.  It's a fundamental jump in capability, and one that has not been demonstrated on OS X or iOS, so I'd be more surprised if they can do that.

  • Reply 13 of 84
    Quote:
    Originally Posted by SpamSandwich View Post





    Someone has to pay for this site.

    Well yes, but the degree to which nearly every corner of the internet has transformed into a Googlized advertising greed machine depresses me greatly. To see AI following down that path is unsettling and sad. Some advertising? OK.  Plastering the site? You tell me.. How many people does AI employ?  I haven't been here in probably two years.. it's amazing to witness the transformation. 

  • Reply 14 of 84
    patsupatsu Posts: 430member
    Quote:
    Originally Posted by muppetry View Post

     

     

    Obviously it can't be ruled out, but going from an established capability (inserting code with physical access) to inserting code without physical access, on any reasonably secure operating system, is more than just improved technique.  It's a fundamental jump in capability, and one that has not been demonstrated on OS X or iOS, so I'd be more surprised if they can do that.

     


     

    iOS has also beefed up its security significantly since 2008 (iOS 1.x/2.0). 

     

    Apple controls the whole stack, including the walled garden and physical I/O connectors. NSA will have to tailor its techniques for Apple in general.

     

    Last year, I was frustrated by some of the security mechanisms. Now I am starting to be thankful. Goddamn it, NSA.

  • Reply 15 of 84
    Well yes, but the degree to which nearly every corner of the internet has transformed into a Googlized advertising greed machine depresses me greatly. To see AI following down that path is unsettling and sad. Some advertising? OK.  Plastering the site? You tell me.. How many people does AI employ?  I haven't been here in probably two years.. it's amazing to witness the transformation. 

    I can accept advertising for a free service. It's the many times they have written compensated advertising disguised as stories that really angered and dismayed me. I include affiliate advertising links among those offenses. You either gain credibility by divulging those financial ties or become a complete joke.
  • Reply 16 of 84
    Quote:

    Originally Posted by SolipsismX View Post



    There has been NSA code all though out iOS from the start. It goes back through all OS X and even Nextstep. There is the NSA's rray, lert, nimation and many more. Most of the code seems be one sort of National Security something or other.

    You sir have won the internets award which will be posted on-the-line

  • Reply 17 of 84
    You sir have won the internets award which will be posted on-the-line

    Can I watch the award presentation via the Twitters?
  • Reply 18 of 84
    Quote:

    Originally Posted by Boogerman2000 View Post

     

    Well yes, but the degree to which nearly every corner of the internet has transformed into a Googlized advertising greed machine depresses me greatly. To see AI following down that path is unsettling and sad. Some advertising? OK.  Plastering the site? You tell me.. How many people does AI employ?  I haven't been here in probably two years.. it's amazing to witness the transformation. 




    It's called "Ad Block" and it does wonders ;)

  • Reply 19 of 84
    solipsismx wrote: »
    There has been NSA code all though out iOS from the start. It goes back through all OS X and even Nextstep. There is the NSA's rray, lert, nimation and many more. Most of the code seems be one sort of National Security something or other.

    Please say more?
  • Reply 20 of 84
    When will these lowlifes realize that they run the risk of destroying the overseas sales of some of our most successful, dynamic parts of the economy? Don't these idiots get that!?

    Add to this, eviscerating our Constitution (violation of the fourth amendment, without which, the first, second and fifth amendments mean nothing), and one has to wonder, what exactly are we protecting with this kind of state overreach?
Sign In or Register to comment.