NSA worked on iPhone spyware to remotely monitor users, leaked documents show
New documents revealed on Monday show the U.S. National Security Agency has the capability of deploying software implants on Apple's iPhone that grants remote access to on-board assets like SMS messages, location data and microphone audio.
In a talk at the Chaos Communications Congress in Germany, security researcher Jacob Appelbaum summarized the NSA's iPhone-targeting spyware program called "DROPOUTJEEP" as part of a broader discussion dealing with the agency's controversial electronic surveillance initiative, reports The Daily Dot.
As it pertains to Apple's smartphone, the findings -- concurrently published by German magazine Der Spiegel -- are limited to a single top secret document dating back to 2008. The page details DROPOUTJEEP's basic operational structure and capabilities, which include the interception of SMS messages, access to on-board data, microphone activation and approximate positioning via cell tower location. All communication takes place covertly over SMS or GPRS data protocols.
While a startling revelation, DROPOUTJEEP's proliferation within the iPhone community is largely unknown. The NSA boasts a 100 percent success rate for implanting the spyware on iOS devices, Appelbaum said, but the document suggests physical contact with a target phone is required to implant the surreptitious software. In practice, the method is likely similar to a consumer jailbreak looking for root device access.
To this point, Appelbaum alludes to complicit involvement by Apple, but tempers his -- so far baseless -- allegation with "I can't really prove it."
A more efficient delivery mechanism is remote installation, something the NSA said was being "pursued for future release." Once again, it is unknown if the agency moved forward with such a system in the intervening five years since the document was first issued.
Video of Appelbaum's talk with iPhone discussion starting at around 44:30:
In a talk at the Chaos Communications Congress in Germany, security researcher Jacob Appelbaum summarized the NSA's iPhone-targeting spyware program called "DROPOUTJEEP" as part of a broader discussion dealing with the agency's controversial electronic surveillance initiative, reports The Daily Dot.
As it pertains to Apple's smartphone, the findings -- concurrently published by German magazine Der Spiegel -- are limited to a single top secret document dating back to 2008. The page details DROPOUTJEEP's basic operational structure and capabilities, which include the interception of SMS messages, access to on-board data, microphone activation and approximate positioning via cell tower location. All communication takes place covertly over SMS or GPRS data protocols.
While a startling revelation, DROPOUTJEEP's proliferation within the iPhone community is largely unknown. The NSA boasts a 100 percent success rate for implanting the spyware on iOS devices, Appelbaum said, but the document suggests physical contact with a target phone is required to implant the surreptitious software. In practice, the method is likely similar to a consumer jailbreak looking for root device access.
To this point, Appelbaum alludes to complicit involvement by Apple, but tempers his -- so far baseless -- allegation with "I can't really prove it."
Der Spiegel asserts specialized NSA Tailored Access Operations (TAO) teams intercept incoming device shipments, carefully open packages and install spyware before sending the "bugged" units along to end users.I don't really believe that Apple didn't help them," Appelbaum said. "I can't really prove it yet, but [the NSA] literally claim that anytime they target an iOS device, that it will succeed for implantation. Either they have a huge collection of exploits that work against Apple products, meaning that they are hoarding information about critical systems that American companies produce and sabotaging them, or Apple sabotaged it themselves. Not sure which one it is. I'd like to believe that since Apple didn't join the PRISM program until after Steve Jobs died, that maybe it's just that they write [expletive redacted] software. We know that's true.
A more efficient delivery mechanism is remote installation, something the NSA said was being "pursued for future release." Once again, it is unknown if the agency moved forward with such a system in the intervening five years since the document was first issued.
Video of Appelbaum's talk with iPhone discussion starting at around 44:30:
Comments
Der Spiegel asserts specialized NSA Tailored Access Operations (TAO) teams intercept incoming device shipments, carefully open packages and install spyware before sending the bugged units along to end users.
A more efficient delivery mechanism is remote installation, something the NSA said is being "pursued for future release." Once again, it is unknown if the agency moved forward with such a system in the intervening five years since the document was first issued.
Video of Appelbaum's talk with iPhone discussion starting at around 44:30:
Why is half the article crossed out?
You have no proof of anything. You can't prove a negative.
Can't wait for the headlines: Apple allegedly works with NSA to hack iPhones.
Then in paragraph 7: we have no proof.
[IMG ALT=""]http://forums.appleinsider.com/content/type/61/id/36735/width/350/height/700[/IMG]
I'd say you are using either the HTML or markup strikethrough in your quoted reply. If that was in the originally posted article it's no there now.
It's up for me but even if it was down I have a problem believing that this article being posted on AI would in any way directly cause Apple to all of a sudden take down their forum in order to only now clean out any comments related to the NSA.
edit: I also just did a quick search and found plenty of NSA related discussions on Apple's forums.
He may be a worm (no idea, really) but his comment is stated as a belief which implies a conviction or opinion in the absences of hard evidence. That's perfectly acceptable as stated even if his reasoning turns out to be unethical.
Rather than depend on the snippet that AI chose to quote you should take the time to listen to exactly what he had to say. It wasn't quite the damning accusations of a complicit Apple that they might appear to be.
um ... this doc is 5 years old! i think maybe that is just too out of date to matter now.
whatever the NSA is doing/trying to do has no doubt become a lot more sophisticated since then. and iOS security has also advanced greatly. none of use really has any idea what is happening now.
where are those hacker geniuses when you need them to figure stuff like this out?
It was down for more then hour, then all Dropout Jeep articles were missing. I made that screenshot myself when posting reply here.
Whether Apple helped or not, the NSA required physical access. As for Android, I'm sure the NSA doesn't need physical access. Android is like Windows--designed and built for malware and surreptitious monitoring.
The only search I see that is showing missing discussions are ones that contain Dropout Jeep, not simply Jeep or any general discussions about NSA and security. What does that mean? Given Apple's long history of curating their discussion boards there is no way we can discern an answer.
As for the site being down are you certain it came down to remove these threads? Why would they call attention to themselves to remove a handful of discussions? This isn't like a new product release where they bring down the store helps advertise. Plus they haven't had to do that in the past to her rid of threads.
It's on the internet so this has to be true. /s
Whether Apple helped or not, the NSA required physical access. As for Android, I'm sure the NSA doesn't need physical access. Android is like Windows--designed and built for malware and surreptitious monitoring.
This has nothing to do with Apple versus Android.
It's on the internet, so it has to be false. /s
Aside: is it still called Ad Hominum if it's the internet?
So OF COURSE the iPhone release on China Mobile is a flop.
So OF COURSE AAPL is actually just a "front" for the NSA.
So OF COURSE iPhones are clearly NSA monitoring devices.
So OF COURSE Chromebook is decimating Apple laptop sales.
Countdown to story that iPhone fingerprint scanner forwards your fingerprint to NSA in, 3-2-1...
Some people never learn.
(and Wall St thanks you for that fact)
There's just less than 3 weeks till AAPL blowout earnings report.
So OF COURSE the iPhone release on China Mobile is a flop.
So OF COURSE AAPL is actually just a "front" for the NSA.
So OF COURSE iPhones are clearly NSA monitoring devices.
So OF COURSE Chromebook is decimating Apple laptop sales.
Countdown to story that iPhone fingerprint scanner forwards your fingerprint to NSA in, 3-2-1...
Some people never learn.
(and Wall St thanks you for that fact)
They have my fingerprints already so I don't care. The problem is what happens if somebody else than NSA gets access to this malware. Government and criminals go hand in hand...
They have my fingerprints already so I don't care. The problem is what happens if somebody else than NSA gets access to this malware. Government and criminals go hand in hand...
Absolutely nothing to do with my point; but that's ok.