Jacob "@ioerror" Applebaum recently presented on a catalog of NSA exploits leaked online that outlines the various tools the NSA uses for spying.
While nearly all of the tools and programs listed are upsetting. DROPOUTJEEP is of particular interest to Apple customers.
DROPOUTJEEP is a software implant for the Apple iPhone that utilizes modular mission applications to provide specific SIGINT functionality. This functionality includes the ability to remotely push/pull files from the device, SMS retrieval, contact list retrieval, voicemail, geolocation, hot mic, camera capture, cell tower location, etc. Command, control, and data exfiltration can occur over SMS messaging or a GPRS data connection. All communications with the implant will be covert and encrypted.
Notably, the first version of DROPOUTJEEP had to be installed via close access; however, remote installation was in the works.
The initial release of DROPOUTJEEP will focus on installing the implant via close access methods. A remote installation capability will be pursued for a future release.
The NSA claims in their QUANTUMTHEORY documents that every attempt to implant iOS will always succeed. This leads Applebaum to question whether Apple assisted them in installing this backdoor:
"They literally claim that anytime they target an iOS device that it will succeed for implantation. Either they have a huge collection of exploits that work against Apple products, meaning that they are hoarding information about critical systems that American companies produce and sabotaging them, or Apple sabotaged it themselves. Not sure which one it is. I'd like to believe that since Apple didn't join the PRISM program until after Steve Jobs died, that maybe it's just that they write shitty software. We know that's true."
Apple has yet to comment on the matter but we'll let you know as soon as any more news breaks. Please follow iClarified on Twitter, Facebook, Google+, or RSS for updates and let us know what you think of this in the comments!
Read More [via Samuel]