CIA has waged 'secret campaign' to crack Apple's iOS security - report
Classified documents released by whistleblower Edward Snowden reveal that the Central Intelligence Agency has been engaged in a multi-year coordinated effort to crack the security of Apple's iOS platform, which powers and protects the iPhone and iPad.
Details on the CIA's efforts apparently come from an annual, secret agency meeting dubbed "The Trusted Computing Base Jamboree," where the latest progress was apparently revealed. Documents from that meeting were obtained by Snowden, and then provided to The Intercept.
In it, researchers from the U.S. government's "Sandia National Laboratories" are revealed to have allegedly targeted security keys on iOS in an effort to crack the platform and obtain user data. The agency is said to have looked into both physical methods, where access to the device is required, as well as remote efforts.
As part of the CIA's work, the agency is said to have created a modified version of Apple's Xcode developer tools. By "whacking" this software, security researchers were allegedly able to "sneak surveillance backdoors into any apps or programs created using the tool."
It was said that the CIA's cracked version of Xcode could allow the agency to obtain passwords, messages and other information from an infected device. The "whacked" Xcode could also disable core security features on Apple devices.
The CIA's efforts have also apparently targeted Apple's OS X platform for the Mac, as the documents claim the agency has modified Apple's updater tool to install a "keylogger."
It's unclear just how successful the CIA has been at truly penetrating iOS devices in the wild, or exactly how its research has been applied. Law enforcement officials, including the FBI Director James Comey, have decried the fact that encrypted data on an iPhone or iPad is not accessible, which, in Comey's words, allows users to "place themselves above the law."
Unsurprisingly, the CIA's annual "Jamboree" meetings have also delved into the security of other popular platforms. In particular, the documents released by Snowden also show Microsoft's BitLocker encryption system has been a target of CIA researchers.
Snowden has claimed for years that the U.S. National Security Agency has the capability of deploying software implants on the iPhone that could provide remote access to information like SMS text messages, location data, and microphone audio. The whistleblower also said earlier this year that he refuses to use an iPhone over spying concerns.
Apple, for its part, has vehemently defended itself, saying it has not cooperated in any government spying efforts and that it places its users' privacy above all else. In a statement issued in 2013, the company said it uses its resources "to stay ahead of malicious hackers and defend our customers from security attacks, regardless of who's behind them."
Details on the CIA's efforts apparently come from an annual, secret agency meeting dubbed "The Trusted Computing Base Jamboree," where the latest progress was apparently revealed. Documents from that meeting were obtained by Snowden, and then provided to The Intercept.
In it, researchers from the U.S. government's "Sandia National Laboratories" are revealed to have allegedly targeted security keys on iOS in an effort to crack the platform and obtain user data. The agency is said to have looked into both physical methods, where access to the device is required, as well as remote efforts.
As part of the CIA's work, the agency is said to have created a modified version of Apple's Xcode developer tools. By "whacking" this software, security researchers were allegedly able to "sneak surveillance backdoors into any apps or programs created using the tool."
It was said that the CIA's cracked version of Xcode could allow the agency to obtain passwords, messages and other information from an infected device. The "whacked" Xcode could also disable core security features on Apple devices.
The CIA's efforts have also apparently targeted Apple's OS X platform for the Mac, as the documents claim the agency has modified Apple's updater tool to install a "keylogger."
It's unclear just how successful the CIA has been at truly penetrating iOS devices in the wild, or exactly how its research has been applied. Law enforcement officials, including the FBI Director James Comey, have decried the fact that encrypted data on an iPhone or iPad is not accessible, which, in Comey's words, allows users to "place themselves above the law."
Unsurprisingly, the CIA's annual "Jamboree" meetings have also delved into the security of other popular platforms. In particular, the documents released by Snowden also show Microsoft's BitLocker encryption system has been a target of CIA researchers.
Snowden has claimed for years that the U.S. National Security Agency has the capability of deploying software implants on the iPhone that could provide remote access to information like SMS text messages, location data, and microphone audio. The whistleblower also said earlier this year that he refuses to use an iPhone over spying concerns.
Apple, for its part, has vehemently defended itself, saying it has not cooperated in any government spying efforts and that it places its users' privacy above all else. In a statement issued in 2013, the company said it uses its resources "to stay ahead of malicious hackers and defend our customers from security attacks, regardless of who's behind them."
Comments
Jesus Christ what's going on with the human race. Those who are meaning to protect us are as bad as those who attack us. Fear, fear, fear fear.
**** them.
Just the same game of cat and mouse that's been going on for millenia.
Why is Sandia National Laboratories in quotes? That's not a secret organization.
I feel the same way… I mean, this isn't about catching criminals or extremists anymore. They clearly want to know everything from everybody (and their mom), without having to justify their way of going about it. To be honest, after everything Snowden has made public, and after Obama promised to change things regarding privacy, I'm starting to develop an intense distrust toward any government. There's just no good enough reason for any government or CIA-(type) of agency to spy on every citizen in the world. 99,99% haven't even done anything noteworthy to validate this kind of privacy breach, and of the 0,01% that actually hás done something, half of them are not stupid enough to use normal phones but rather use encrypted messaging services (in Holland we have a Blackphone, where éverything is encrypted from end-to-end for example).
If the extremists aren't causing problems, it's our own government. Tax increasement anyone? I mean, the government has to get the funds to do this kind of shady business from somewhere don't they?
This Government can burn
It didn't start under this government.
That said, I do agree that the US government -- the executive, the judiciary, and most especially the Congress -- is on the verge of becoming this great country's greatest adversary.
I see that selecting text in Safari is still a huge pain in the ass verging on impossible with iOS 8.2. "It just works."
Wow, completely unrelated.
If the CIA cracks the encryption, some university professor in Stanford will invent a new encryption protocol that will be orders of magnitude more secure. This is an old game that spy agencies have been engaged in for centuries. It would be much more troubling if the FSB were working on cracking the AES based encryption, which I'm sure they are, because we would not know for many years if they have cracked it and continued utilizing it as though it were still uncracked.
Obviously a CIA code cracker frustrated with his job...
I feel that Apple has the integrity and capacity to keep ahead of this game.
I feel the same way… I mean, this isn't about catching criminals or extremists anymore. They clearly want to know everything from everybody (and their mom), without having to justify their way of going about it.
Clearly? What's the proof of that? The article certainly doesn't provide any evidence that the interest in cracking iOS security is not national security related. People need to abandon the conflation and focus on actual proof of abuse. Do you think a hacker that tries to crack security is definitely guilty of trying to do something nefarious without proof?
This Government can burn
And then what? Will YOU be in the ruling class after the government burns?
Perhaps the US military and Government agencies should be using OS X and iOS exclusively then there might be less of this type of story: http://www.washingtontimes.com/news/2014/mar/13/f-35-secrets-now-showing-chinas-stealth-fighter/?page=all
Clearly? What's the proof of that? The article certainly doesn't provide any evidence that the interest in cracking iOS security is not national security related. People need to abandon the conflation and focus on actual proof of abuse. Do you think a hacker that tries to crack security is definitely guilty of trying to do something nefarious without proof?
Where's the proof that it's not? There just isn't any good reason to go this far, júst for a póssible chance to catch a part of the 0,01% that we call extremists. And this is not some hacker doing some hacking to prove that a company needs to put more work into making it's software more secure. It's a government agency that's deliberately hacking company's products in order to spy on it's citizens. There has never been any proof that doing these things will make any noticeable difference, or that it will result in a noticeable safer environment. They will always be too late since there are always nutcases who don't use phones, but a deep fryer converted to a bomb for example.
I'm starting to develop an intense distrust toward any government.
Good for you. You should never have trusted the government in the first place. The U.S. founding fathers didn’t trust government either. That’s why the Bill of Rights is in the Constitution. Government should be treated as a sort of necessary evil to be kept on a tight leash. But that’s not how it has evolved since 1776. Today there are millions upon millions of citizens whose very existence is dependent on the government and some say that’s just dandy and what government is supposed to do. No it’s not.
It’s pretty much too late for us now. All this outrage over privacy and government snooping will NOT translate into ANYTHING at the ballot box. The same actors will be re-elected. Why? Because too many of us are beholding to that same government for food, housing, jobs, education. We are not the same “people” we were 200 years ago. We are no longer self-sufficient, we are no longer industrious, we are no longer independent. We are now the slaves to the government we swore we would never be.
So go ahead and rage, complain, decry the evil government, anonymously on the Internet. Then turn around and gleefully accept your government benefits and demand even more of them.
The government doesn’t care how many guns we have in our homes. They don’t need to. They have us right where they want us, totally dependent on them for survival.
You're dreaming if you think you're currently in the ruling class.
Let's see if they can "hack" a pitchfork.
No it didn't start under this government, but it gets progressively worse with each administration. And it will never stop. Governments will never pass new laws that give them less power.