British spy agency said to target Apple's iPhone with remote surveillance exploit kit

Posted:
in iPhone edited June 2015
The U.K.'s Government Communications Headquarters has reportedly developed a set of iPhone exploits that can turn Apple's handsets into live, remotely-accessible microphones and GPS trackers, according to new documents from NSA leaker Edward Snowden.

GCHQ Warrior Pride
Source: The Guardian


Slides from a top-secret 2010 presentation published by The Guardian provide a brief glimpse into the capabilities of GCHQ's so-called "Warrior Pride" spy kit, which gives the agency wide-ranging access to infected devices. The revelation comes amidst reports that both GCHQ and the NSA are scouring data transmitted over the internet from smartphone apps such as Google Maps and Twitter to glean personally-identifiable information like age, location, and even sexual orientation.

Warrior Pride is said to come with several plugins --?named as characters from the animated series "The Smurfs" --? which allow agents to control various device systems.

"Dreamy Smurf" allows a device that is seemingly powered down to be covertly activated, "Nosey Smurf" enables eavesdropping via the device's microphone, and "Tracker Smurf" provides high-precision location data. Yet another plugin, "Paranoid Smurf," provides self-protection capabilities for the toolkit.

A fifth plugin -- dubbed "Porus" --?is referred to as providing "kernel stealth" capabilities. This could mean that the spyware is embedded in a manner similar to a rootkit, and might re-install itself automatically after being wiped.

In addition, the slide touts GCHQ's ability to retrieve content like SMS, e-mail, videos, photos, and web history from the device. "If its [sic] on the phone, we can get it," the slide reads.

It is unclear whether the installation of the toolkit requires physical access to a device, as a similar NSA program outed late last year did. It does appear that the GCHQ version is further along --?the slide says Warrior Pride has been ported to the iPhone, while it has yet to be confirmed whether the NSA's variant ever moved past the contemplative stage.
«13

Comments

  • Reply 1 of 51
    just_mejust_me Posts: 590member
    FTW
  • Reply 2 of 51
    steven n.steven n. Posts: 1,225member
    So we are talking iOS 3 exploits here?
  • Reply 3 of 51
    gatorguygatorguy Posts: 23,300member
    Before the arguments over whose ecosystem is more secure even starts it's plain none truly are. Spying on iOS looks to be just as easy as spying on Android or Blackberry or desktops systems.

    Instead of wasting time trying to make this platform look worse than that platform, or claiming this one isn't as leaky at another we should be discussing what should or can be done to minimize it altogether. The spying and data collection hits every OS equally, and apparently none are currently immune.

    Even more concerning and not necessarily related to the NSA: When simply uploading a photo allows location data to be harvested, venues identified, faces matched to names, friends and acquaintances associated with your profile, personal interests revealed, then perhaps it's time to step back a bit and look at what we're really doing to ourselves.
  • Reply 4 of 51
    gatorguygatorguy Posts: 23,300member
    steven n. wrote: »
    So we are talking iOS 3 exploits here?

    Not likely. Instead they've almost assuredly improved their spying capabilities several times over in the 5 years since.
  • Reply 5 of 51
    muppetrymuppetry Posts: 3,331member
    Agency development of these kinds of targeted tools is neither surprising nor nearly as much concern as indiscriminate, widespread data collection. It's their job to have tools available for covert surveillance. The issue is whether they follow legal process in deploying them, and whether said process is reasonable and, in countries that have such a thing, constitutional.
  • Reply 6 of 51
    gustavgustav Posts: 826member
    Quote:

    Originally Posted by Gatorguy View Post





    Not likely.

    Actually, it is likely. This doc is from 2010. That's too long ago. Back then, you could jailbreak your phone by visiting a web page. A lot of these holes have been filled since then. It's likely that very little (if any) of these exploits still work on devices running iOS 7.

  • Reply 7 of 51
    What cracks my nut is this part: "Slides from a top-secret 2010 presentation published by The Guardian... "

    Well if it was that top secret IMHO it will not leak or let alone publish in The Guardian or whatever newspaper.

    Having said that, i don't want to discredit the validity of the article, because i know for sure that if a secret agency wants to get into your phone, house, car etc...with all their resources for sure they will succeed. So no worries! %uD83D%uDE03
  • Reply 8 of 51
    muppetrymuppetry Posts: 3,331member
    gatorguy wrote: »
    steven n. wrote: »
    So we are talking iOS 3 exploits here?

    Not likely. Instead they've almost assuredly improved their spying capabilities several times over in the 5 years since.

    I don't see the basis for that comment. One could equally say that Apple has almost assuredly improved iOS security in the five years since. And similarly for other operating systems too. We have no way of knowing the current state of this contest.
  • Reply 9 of 51
    pmzpmz Posts: 3,433member
    Sooner or later people will come out of denial and will understand that these reports are WAY understated and only a small part of the overall story. Every smartphone in the world, especially the iPhone, can be invisibly hacked and can be used to spy on the owner.

    I know how badly some of you want to trust Apple, and even crazier, want to trust the gov, but that's not the real world.
  • Reply 10 of 51
    gatorguygatorguy Posts: 23,300member
    gustav wrote: »
    Actually, it is likely. This doc is from 2010. That's too long ago. Back then, you could jailbreak your phone by visiting a web page. A lot of these holes have been filled since then. It's likely that very little (if any) of these exploits still work on devices running iOS 7.

    Unless Apple, Google, MS and other OS providers were aware of the NSA spying and all the ways it was being accomplished I personally think it's ridiculous to assume that the holes they were using are all closed by happenstance. We're just now becoming aware of how pervasive it is, with both Apple and Google claiming they had no idea themselves.
  • Reply 11 of 51
    Imagine being Snowden, some of the most powerful covert dangerous spies on earth hate you. F"%k that
  • Reply 12 of 51
    muppetrymuppetry Posts: 3,331member
    pmz wrote: »
    Sooner or later people will come out of denial and will understand that these reports are WAY understated and only a small part of the overall story. Every smartphone in the world, especially the iPhone, can be invisibly hacked and can be used to spy on the owner.

    I know how badly some of you want to trust Apple, and even crazier, want to trust the gov, but that's not the real world.

    Random, paranoid assertions. It would be better to stick to the known facts, even though they are somewhat sparse, rather than inventing your own.
  • Reply 13 of 51
    lilgto64lilgto64 Posts: 1,147member
    Quote:

    Originally Posted by AndreiD View Post



    What cracks my nut is this part: "Slides from a top-secret 2010 presentation published by The Guardian... "



    Well if it was that top secret IMHO it will not leak or let alone publish in The Guardian or whatever newspaper.

     

    I seriously doubt that anyone outside of the organization to which the document was intentional provided cares whether or not it is stamped "Top Secret" or not. In fact, such a designation is much like any law prohibiting a given action or behavior - it does not change the actions of the person who does not want to violate it and only provides for punitive measures for those who do. The secret is only maintained so long as all those who receive the information agree to keep the secret - and in this case - only those who agreed to keep the secret are directly affected by the punitive measures against revealing the secret. The newspaper never agreed with anyone to distinguish between secret, top secret, non-secret, and Victoria's Secret - meaning that any punitive measures against the newspaper would have to be for violation of other laws and not directly for not maintaining a secret to which they never agreed in the first place. 

  • Reply 14 of 51
    Quote:

    Originally Posted by lilgto64 View Post

     

     

    I seriously doubt that anyone outside of the organization to which the document was intentional provided cares whether or not it is stamped "Top Secret" or not. In fact, such a designation is much like any law prohibiting a given action or behavior - it does not change the actions of the person who does not want to violate it and only provides for punitive measures for those who do. The secret is only maintained so long as all those who receive the information agree to keep the secret - and in this case - only those who agreed to keep the secret are directly affected by the punitive measures against revealing the secret. The newspaper never agreed with anyone to distinguish between secret, top secret, non-secret, and Victoria's Secret - meaning that any punitive measures against the newspaper would have to be for violation of other laws and not directly for not maintaining a secret to which they never agreed in the first place. 


    Hmm...i think you're splitting hairs right now. Even so, you missed my point: If a secret agency has a very very important SECRET (let's say the Vatican has in it's archives the Vault of Heaven) or whatever important artifact or document, then for sure they will keep it secret, safe and out of reach from population. They simply have the power to do so. 

     

    My 02 :)

  • Reply 15 of 51
    muppetrymuppetry Posts: 3,331member
    andreid wrote: »
    lilgto64 wrote: »
     

    I seriously doubt that anyone outside of the organization to which the document was intentional provided cares whether or not it is stamped "Top Secret" or not. In fact, such a designation is much like any law prohibiting a given action or behavior - it does not change the actions of the person who does not want to violate it and only provides for punitive measures for those who do. The secret is only maintained so long as all those who receive the information agree to keep the secret - and in this case - only those who agreed to keep the secret are directly affected by the punitive measures against revealing the secret. The newspaper never agreed with anyone to distinguish between secret, top secret, non-secret, and Victoria's Secret - meaning that any punitive measures against the newspaper would have to be for violation of other laws and not directly for not maintaining a secret to which they never agreed in the first place. 
    Hmm...i think you're splitting hairs right now. Even so, you missed my point: If a secret agency has a very very important SECRET (let's say the Vatican has in it's archives the Vault of Heaven) or whatever important artifact or document, then for sure they will keep it secret, safe and out of reach from population. They simply have the power to do so. 

    My 02 :)

    It depends. The problem of protecting classified information goes up with quantity and access. It's impossible to guarantee the competence and loyalty of everyone with access, and history is littered with examples of leaks, both deliberate and inadvertent.
  • Reply 16 of 51
    gatorguygatorguy Posts: 23,300member
    Rovio, one of the app providers mentioned in yesterdays' report has issued a statement, a portion of it sayin:

    "The alleged surveillance may be conducted through third party advertising networks used by millions of commercial web sites and mobile applications across all industries. If advertising networks are indeed targeted, [B]it would appear that no internet-enabled device that visits ad-enabled web sites or uses ad-enabled applications is immune to such surveillance.[/B] Rovio does not allow any third party network to use or hand over personal end-user data from Rovio’s apps."
    http://www.rovio.com/en/news/press-releases/450/rovio-does-not-provide-end-user-data-to-government-surveillance-agencies/

    FWIW Millennial Media has been mentioned in connection with the story. In an unusually timed announcement yesterday their CEO and founder tendered his resignation, effective immediately.
    http://articles.baltimoresun.com/2014-01-27/business/bs-bz-millennial-media-palmieri-20140127_1_ceo-paul-palmieri-millennial-media-jumptap

    EDIT: In the 23 different tracking ad providers working in AppleInsider at the moment I don't see Millennial Media.
  • Reply 17 of 51
    lilgto64lilgto64 Posts: 1,147member
    Quote:

    Originally Posted by AndreiD View Post

     

    Hmm...i think you're splitting hairs right now. Even so, you missed my point: If a secret agency has a very very important SECRET (let's say the Vatican has in it's archives the Vault of Heaven) or whatever important artifact or document, then for sure they will keep it secret, safe and out of reach from population. They simply have the power to do so. 

     

    My 02 :)


     

    Quote:
    Originally Posted by muppetry View Post





    It depends. The problem of protecting classified information goes up with quantity and access. It's impossible to guarantee the competence and loyalty of everyone with access, and history is littered with examples of leaks, both deliberate and inadvertent.

     

    That was my point - "the power" that you refer to is only as effective as the weakest link in the group of human beings who are entrusted with that responsibility. The fact that it is designated a secret has no power in and of itself but rather only has power provided that any and all individuals who have or are given access agree that the secret should be maintained. So it is in the best interest of the organization to do everything they can to ensure that the people and policies and security measures in place to guard that secret are commensurate with the importance of that secret. 

    Since the newspaper journalist, editor, etc never agreed to abide by any designation of secrecy on any military document then it is not a contradiction of any sort for them to publish a document marked as such. Depending on the nature of the secret and the impact or effect it might have on the population or safety of troops etc should provide some guidance to the news organization to make a decision as to whether or not sharing such information is a wise thing to do and whether or not there is any value in making such information public. 

    In a world where we criticize the media for hiding the truth or flat out lying it can be good to see the truth the whole truth and nothing but the truth come out. On the other hand - I don't think every secret but of info should be made public. 

    Even when you talk about something like the stealth aircraft in the US military - as cool as they are to know about I do wonder if their full effectiveness is diminished by no longer being as secret as they once were. Although some details such as the true max speed of the SR71 Blackbird are still classified, it seems to me that if less info was available that they could be more effective. Then again, basing your mission profiles on what you think is still secret from the opposing force is risky. 

  • Reply 18 of 51
    Quote:
    Originally Posted by AndreiD View Post

     

    Hmm...i think you're splitting hairs right now. Even so, you missed my point: If a secret agency has a very very important SECRET (let's say the Vatican has in it's archives the Vault of Heaven) or whatever important artifact or document, then for sure they will keep it secret, safe and out of reach from population. They simply have the power to do so. 

     

    My 02 :)


    Like how the NSA has kept its secrets out of the public eye?

  • Reply 19 of 51
    muppetrymuppetry Posts: 3,331member
    Quote:

    Originally Posted by lilgto64 View Post

     
    Quote:
    Originally Posted by AndreiD View Post

     

    Hmm...i think you're splitting hairs right now. Even so, you missed my point: If a secret agency has a very very important SECRET (let's say the Vatican has in it's archives the Vault of Heaven) or whatever important artifact or document, then for sure they will keep it secret, safe and out of reach from population. They simply have the power to do so. 

     

    My 02 :)


     

    Quote:
    Originally Posted by muppetry View Post





    It depends. The problem of protecting classified information goes up with quantity and access. It's impossible to guarantee the competence and loyalty of everyone with access, and history is littered with examples of leaks, both deliberate and inadvertent.

     

    That was my point - "the power" that you refer to is only as effective as the weakest link in the group of human beings who are entrusted with that responsibility. The fact that it is designated a secret has no power in and of itself but rather only has power provided that any and all individuals who have or are given access agree that the secret should be maintained. So it is in the best interest of the organization to do everything they can to ensure that the people and policies and security measures in place to guard that secret are commensurate with the importance of that secret. 

    Since the newspaper journalist, editor, etc never agreed to abide by any designation of secrecy on any military document then it is not a contradiction of any sort for them to publish a document marked as such. Depending on the nature of the secret and the impact or effect it might have on the population or safety of troops etc should provide some guidance to the news organization to make a decision as to whether or not sharing such information is a wise thing to do and whether or not there is any value in making such information public. 

    In a world where we criticize the media for hiding the truth or flat out lying it can be good to see the truth the whole truth and nothing but the truth come out. On the other hand - I don't think every secret but of info should be made public. 

    Even when you talk about something like the stealth aircraft in the US military - as cool as they are to know about I do wonder if their full effectiveness is diminished by no longer being as secret as they once were. Although some details such as the true max speed of the SR71 Blackbird are still classified, it seems to me that if less info was available that they could be more effective. Then again, basing your mission profiles on what you think is still secret from the opposing force is risky. 


     

    I don' t disagree with your comments, but on that general subject it's important to keep in mind the distinction between classification to prevent others from obtaining or duplicating acknowledged capabilities, and classification to hide unacknowledged capabilities in order to protect mission. Different considerations apply.

  • Reply 20 of 51
    chipsychipsy Posts: 287member
    gatorguy wrote: »
    Before the arguments over whose ecosystem is more secure even starts it's plain none truly are. Spying on iOS looks to be just as easy as spying on Android or Blackberry or desktops systems.

    Instead of wasting time trying to make this platform look worse than that platform, or claiming this one isn't as leaky at another we should be discussing what should or can be done to minimize it altogether. The spying and data collection hits every OS equally, and apparently none are currently immune.

    Even more concerning and not necessarily related to the NSA: When simply uploading a photo allows location data to be harvested, venues identified, faces matched to names, friends and acquaintances associated with your profile, personal interests revealed, then perhaps it's time to step back a bit and look at what we're really doing to ourselves.

    Very intelligent and levelheaded comment. I agree.
Sign In or Register to comment.