British spy agency said to target Apple's iPhone with remote surveillance exploit kit
The U.K.'s Government Communications Headquarters has reportedly developed a set of iPhone exploits that can turn Apple's handsets into live, remotely-accessible microphones and GPS trackers, according to new documents from NSA leaker Edward Snowden.
Source: The Guardian
Slides from a top-secret 2010 presentation published by The Guardian provide a brief glimpse into the capabilities of GCHQ's so-called "Warrior Pride" spy kit, which gives the agency wide-ranging access to infected devices. The revelation comes amidst reports that both GCHQ and the NSA are scouring data transmitted over the internet from smartphone apps such as Google Maps and Twitter to glean personally-identifiable information like age, location, and even sexual orientation.
Warrior Pride is said to come with several plugins --?named as characters from the animated series "The Smurfs" --? which allow agents to control various device systems.
"Dreamy Smurf" allows a device that is seemingly powered down to be covertly activated, "Nosey Smurf" enables eavesdropping via the device's microphone, and "Tracker Smurf" provides high-precision location data. Yet another plugin, "Paranoid Smurf," provides self-protection capabilities for the toolkit.
A fifth plugin -- dubbed "Porus" --?is referred to as providing "kernel stealth" capabilities. This could mean that the spyware is embedded in a manner similar to a rootkit, and might re-install itself automatically after being wiped.
In addition, the slide touts GCHQ's ability to retrieve content like SMS, e-mail, videos, photos, and web history from the device. "If its [sic] on the phone, we can get it," the slide reads.
It is unclear whether the installation of the toolkit requires physical access to a device, as a similar NSA program outed late last year did. It does appear that the GCHQ version is further along --?the slide says Warrior Pride has been ported to the iPhone, while it has yet to be confirmed whether the NSA's variant ever moved past the contemplative stage.
Source: The Guardian
Slides from a top-secret 2010 presentation published by The Guardian provide a brief glimpse into the capabilities of GCHQ's so-called "Warrior Pride" spy kit, which gives the agency wide-ranging access to infected devices. The revelation comes amidst reports that both GCHQ and the NSA are scouring data transmitted over the internet from smartphone apps such as Google Maps and Twitter to glean personally-identifiable information like age, location, and even sexual orientation.
Warrior Pride is said to come with several plugins --?named as characters from the animated series "The Smurfs" --? which allow agents to control various device systems.
"Dreamy Smurf" allows a device that is seemingly powered down to be covertly activated, "Nosey Smurf" enables eavesdropping via the device's microphone, and "Tracker Smurf" provides high-precision location data. Yet another plugin, "Paranoid Smurf," provides self-protection capabilities for the toolkit.
A fifth plugin -- dubbed "Porus" --?is referred to as providing "kernel stealth" capabilities. This could mean that the spyware is embedded in a manner similar to a rootkit, and might re-install itself automatically after being wiped.
In addition, the slide touts GCHQ's ability to retrieve content like SMS, e-mail, videos, photos, and web history from the device. "If its [sic] on the phone, we can get it," the slide reads.
It is unclear whether the installation of the toolkit requires physical access to a device, as a similar NSA program outed late last year did. It does appear that the GCHQ version is further along --?the slide says Warrior Pride has been ported to the iPhone, while it has yet to be confirmed whether the NSA's variant ever moved past the contemplative stage.
Comments
Instead of wasting time trying to make this platform look worse than that platform, or claiming this one isn't as leaky at another we should be discussing what should or can be done to minimize it altogether. The spying and data collection hits every OS equally, and apparently none are currently immune.
Even more concerning and not necessarily related to the NSA: When simply uploading a photo allows location data to be harvested, venues identified, faces matched to names, friends and acquaintances associated with your profile, personal interests revealed, then perhaps it's time to step back a bit and look at what we're really doing to ourselves.
Not likely. Instead they've almost assuredly improved their spying capabilities several times over in the 5 years since.
Not likely.
Actually, it is likely. This doc is from 2010. That's too long ago. Back then, you could jailbreak your phone by visiting a web page. A lot of these holes have been filled since then. It's likely that very little (if any) of these exploits still work on devices running iOS 7.
Well if it was that top secret IMHO it will not leak or let alone publish in The Guardian or whatever newspaper.
Having said that, i don't want to discredit the validity of the article, because i know for sure that if a secret agency wants to get into your phone, house, car etc...with all their resources for sure they will succeed. So no worries! %uD83D%uDE03
I don't see the basis for that comment. One could equally say that Apple has almost assuredly improved iOS security in the five years since. And similarly for other operating systems too. We have no way of knowing the current state of this contest.
I know how badly some of you want to trust Apple, and even crazier, want to trust the gov, but that's not the real world.
Unless Apple, Google, MS and other OS providers were aware of the NSA spying and all the ways it was being accomplished I personally think it's ridiculous to assume that the holes they were using are all closed by happenstance. We're just now becoming aware of how pervasive it is, with both Apple and Google claiming they had no idea themselves.
Random, paranoid assertions. It would be better to stick to the known facts, even though they are somewhat sparse, rather than inventing your own.
What cracks my nut is this part: "Slides from a top-secret 2010 presentation published by The Guardian... "
Well if it was that top secret IMHO it will not leak or let alone publish in The Guardian or whatever newspaper.
I seriously doubt that anyone outside of the organization to which the document was intentional provided cares whether or not it is stamped "Top Secret" or not. In fact, such a designation is much like any law prohibiting a given action or behavior - it does not change the actions of the person who does not want to violate it and only provides for punitive measures for those who do. The secret is only maintained so long as all those who receive the information agree to keep the secret - and in this case - only those who agreed to keep the secret are directly affected by the punitive measures against revealing the secret. The newspaper never agreed with anyone to distinguish between secret, top secret, non-secret, and Victoria's Secret - meaning that any punitive measures against the newspaper would have to be for violation of other laws and not directly for not maintaining a secret to which they never agreed in the first place.
I seriously doubt that anyone outside of the organization to which the document was intentional provided cares whether or not it is stamped "Top Secret" or not. In fact, such a designation is much like any law prohibiting a given action or behavior - it does not change the actions of the person who does not want to violate it and only provides for punitive measures for those who do. The secret is only maintained so long as all those who receive the information agree to keep the secret - and in this case - only those who agreed to keep the secret are directly affected by the punitive measures against revealing the secret. The newspaper never agreed with anyone to distinguish between secret, top secret, non-secret, and Victoria's Secret - meaning that any punitive measures against the newspaper would have to be for violation of other laws and not directly for not maintaining a secret to which they never agreed in the first place.
Hmm...i think you're splitting hairs right now. Even so, you missed my point: If a secret agency has a very very important SECRET (let's say the Vatican has in it's archives the Vault of Heaven) or whatever important artifact or document, then for sure they will keep it secret, safe and out of reach from population. They simply have the power to do so.
My 02
It depends. The problem of protecting classified information goes up with quantity and access. It's impossible to guarantee the competence and loyalty of everyone with access, and history is littered with examples of leaks, both deliberate and inadvertent.
"The alleged surveillance may be conducted through third party advertising networks used by millions of commercial web sites and mobile applications across all industries. If advertising networks are indeed targeted, [B]it would appear that no internet-enabled device that visits ad-enabled web sites or uses ad-enabled applications is immune to such surveillance.[/B] Rovio does not allow any third party network to use or hand over personal end-user data from Rovio’s apps."
http://www.rovio.com/en/news/press-releases/450/rovio-does-not-provide-end-user-data-to-government-surveillance-agencies/
FWIW Millennial Media has been mentioned in connection with the story. In an unusually timed announcement yesterday their CEO and founder tendered his resignation, effective immediately.
http://articles.baltimoresun.com/2014-01-27/business/bs-bz-millennial-media-palmieri-20140127_1_ceo-paul-palmieri-millennial-media-jumptap
EDIT: In the 23 different tracking ad providers working in AppleInsider at the moment I don't see Millennial Media.
Hmm...i think you're splitting hairs right now. Even so, you missed my point: If a secret agency has a very very important SECRET (let's say the Vatican has in it's archives the Vault of Heaven) or whatever important artifact or document, then for sure they will keep it secret, safe and out of reach from population. They simply have the power to do so.
My 02
It depends. The problem of protecting classified information goes up with quantity and access. It's impossible to guarantee the competence and loyalty of everyone with access, and history is littered with examples of leaks, both deliberate and inadvertent.
That was my point - "the power" that you refer to is only as effective as the weakest link in the group of human beings who are entrusted with that responsibility. The fact that it is designated a secret has no power in and of itself but rather only has power provided that any and all individuals who have or are given access agree that the secret should be maintained. So it is in the best interest of the organization to do everything they can to ensure that the people and policies and security measures in place to guard that secret are commensurate with the importance of that secret.
Since the newspaper journalist, editor, etc never agreed to abide by any designation of secrecy on any military document then it is not a contradiction of any sort for them to publish a document marked as such. Depending on the nature of the secret and the impact or effect it might have on the population or safety of troops etc should provide some guidance to the news organization to make a decision as to whether or not sharing such information is a wise thing to do and whether or not there is any value in making such information public.
In a world where we criticize the media for hiding the truth or flat out lying it can be good to see the truth the whole truth and nothing but the truth come out. On the other hand - I don't think every secret but of info should be made public.
Even when you talk about something like the stealth aircraft in the US military - as cool as they are to know about I do wonder if their full effectiveness is diminished by no longer being as secret as they once were. Although some details such as the true max speed of the SR71 Blackbird are still classified, it seems to me that if less info was available that they could be more effective. Then again, basing your mission profiles on what you think is still secret from the opposing force is risky.
Hmm...i think you're splitting hairs right now. Even so, you missed my point: If a secret agency has a very very important SECRET (let's say the Vatican has in it's archives the Vault of Heaven) or whatever important artifact or document, then for sure they will keep it secret, safe and out of reach from population. They simply have the power to do so.
My 02
Like how the NSA has kept its secrets out of the public eye?
Hmm...i think you're splitting hairs right now. Even so, you missed my point: If a secret agency has a very very important SECRET (let's say the Vatican has in it's archives the Vault of Heaven) or whatever important artifact or document, then for sure they will keep it secret, safe and out of reach from population. They simply have the power to do so.
My 02
It depends. The problem of protecting classified information goes up with quantity and access. It's impossible to guarantee the competence and loyalty of everyone with access, and history is littered with examples of leaks, both deliberate and inadvertent.
That was my point - "the power" that you refer to is only as effective as the weakest link in the group of human beings who are entrusted with that responsibility. The fact that it is designated a secret has no power in and of itself but rather only has power provided that any and all individuals who have or are given access agree that the secret should be maintained. So it is in the best interest of the organization to do everything they can to ensure that the people and policies and security measures in place to guard that secret are commensurate with the importance of that secret.
Since the newspaper journalist, editor, etc never agreed to abide by any designation of secrecy on any military document then it is not a contradiction of any sort for them to publish a document marked as such. Depending on the nature of the secret and the impact or effect it might have on the population or safety of troops etc should provide some guidance to the news organization to make a decision as to whether or not sharing such information is a wise thing to do and whether or not there is any value in making such information public.
In a world where we criticize the media for hiding the truth or flat out lying it can be good to see the truth the whole truth and nothing but the truth come out. On the other hand - I don't think every secret but of info should be made public.
Even when you talk about something like the stealth aircraft in the US military - as cool as they are to know about I do wonder if their full effectiveness is diminished by no longer being as secret as they once were. Although some details such as the true max speed of the SR71 Blackbird are still classified, it seems to me that if less info was available that they could be more effective. Then again, basing your mission profiles on what you think is still secret from the opposing force is risky.
I don' t disagree with your comments, but on that general subject it's important to keep in mind the distinction between classification to prevent others from obtaining or duplicating acknowledged capabilities, and classification to hide unacknowledged capabilities in order to protect mission. Different considerations apply.
Very intelligent and levelheaded comment. I agree.