Researchers at the CIA have been trying for years to break the security of Apple iPhone and iPads, according to the latest top secret documents leaked onto the Internet.
CIA’s ongoing efforts to spy on iPhones
The researchers apparently described their latest tactics at a secret (not so secret now, is it?) annual meeting called the Jamboree, where the attendees discussed how to exploit security flaws in commercial electronic devices. The conferences have been going on for nearly a decade, with the first one taking place one year before the original iPhone was released in 2007.
The methods include targeting security keys that are used to encrypt data on Apple devices, helping the researchers attempt to break the mobile security on hundreds of millions of Apple products around the world. The government sponsored research aimed to discover ways to decrypt Apple’s encrypted firmware, enabling spies to place malicious code on devices and identify other vulnerabilities in the iPhone and iPad.
The researchers also claim to have created a modified version of Apple’s development software called Xcode, which would be able to place backdoors in any apps created using the tool. Xcode is used by thousands of developers, to create apps sold via the App Store.
It’s claimed that the modified version of Xcode could enable the government to steal passwords and obtain messages on infected devices. The modified Xcode would also force all iOS apps to send data to a secret listening post. What is not clear however, is how the agency would get developers to use the poisoned version of Xcode rather than the real one, which is simply obtained for free from Apple’s Mac App Store.
The CIA has also apparently successfully modified the OS X updater for the Mac, which is used to deliver updates to computers, in order to install a keylogger.
Aside from Apple, other presentations at the CIA conference have targeted Apple’s competitors, such as Microsoft’s BitLocker encryption, which is widely used by versions of Windows.
The fact that the CIA is trying to defeat smartphone security comes as the tech giants are under pressure to weaken the security of their products. Law enforcement agencies want the companies to help governments to be able to bypass the security built into wireless devices. Apple CEO Tim Cook, more than any other corporate executive, has taken a stand for privacy, while criticising the actions of law enforcement and intelligence agencies.
“If U.S. products are OK to target, that’s news to me,” says Matthew Green, a cryptography expert at Johns Hopkins University’s Information Security Institute. “Tearing apart the products of U.S. manufacturers and potentially putting backdoors in software distributed by unknowing developers all seems to be going a bit beyond ‘targeting bad guys.’ It may be a means to an end, but it’s a hell of a means.”