Newly leaked documents reveal that the Central Intelligence Agency (CIA) has been conducting a multi-year sustained effort to hack the security of Apple iPhones and iPads, reports The Intercept.
By targeting essential security keys used to encrypt data stored on Apple’s devices, the researchers have sought to thwart the company’s attempts to provide mobile security to hundreds of millions of Apple customers across the globe. Studying both “physical” and “non-invasive” techniques, U.S. government-sponsored research has been aimed at discovering ways to decrypt and ultimately penetrate Apple’s encrypted firmware. This could enable spies to plant malicious code on Apple devices and seek out potential vulnerabilities in other parts of the iPhone and iPad currently masked by encryption.
Security researchers for the CIA present their tactics and achievements at a secret annual meeting called the 'Jamboree'. Attendees of the event discuss strategies for exploiting security flaws in household and commercial electronics. The first meeting took place a year before the original iPhone was released.
Notably, the CIA has created a modified version of Xcode that can sneak backdoors into apps built using the tool. Xcode is used by nearly all developers that submit applications to the Apple App Store. Researchers claim that the modified Xcode could "force all iOS applications to send embedded data to a listening post."
CIA researchers also modified the OS X updater program used to deliver software updates. The modified updater installs a keylogger.
These revelations come as the FBI has been pushing Congress to pass laws mandating that companies give the government access to data on devices through a "back door." Apple CEO Tim Cook recently spoke at a White House Summit on Cybersecurity and Consumer Protection defending the company's use of encryption. Cook has said that the threat of terrorism should not scare citizens into giving up their privacy.
"None of us should accept that the government or a company or anybody should have access to all of our private information. This is a basic human right. We all have a right to privacy. We shouldn't give it up. We shouldn't give in to scare-mongering or to people who fundamentally don’t understand the details."
Apple declined to comment on the story. You can find many more details in the full report linked below.
Read More [via Rob]
By targeting essential security keys used to encrypt data stored on Apple’s devices, the researchers have sought to thwart the company’s attempts to provide mobile security to hundreds of millions of Apple customers across the globe. Studying both “physical” and “non-invasive” techniques, U.S. government-sponsored research has been aimed at discovering ways to decrypt and ultimately penetrate Apple’s encrypted firmware. This could enable spies to plant malicious code on Apple devices and seek out potential vulnerabilities in other parts of the iPhone and iPad currently masked by encryption.
Security researchers for the CIA present their tactics and achievements at a secret annual meeting called the 'Jamboree'. Attendees of the event discuss strategies for exploiting security flaws in household and commercial electronics. The first meeting took place a year before the original iPhone was released.
Notably, the CIA has created a modified version of Xcode that can sneak backdoors into apps built using the tool. Xcode is used by nearly all developers that submit applications to the Apple App Store. Researchers claim that the modified Xcode could "force all iOS applications to send embedded data to a listening post."
CIA researchers also modified the OS X updater program used to deliver software updates. The modified updater installs a keylogger.
These revelations come as the FBI has been pushing Congress to pass laws mandating that companies give the government access to data on devices through a "back door." Apple CEO Tim Cook recently spoke at a White House Summit on Cybersecurity and Consumer Protection defending the company's use of encryption. Cook has said that the threat of terrorism should not scare citizens into giving up their privacy.
"None of us should accept that the government or a company or anybody should have access to all of our private information. This is a basic human right. We all have a right to privacy. We shouldn't give it up. We shouldn't give in to scare-mongering or to people who fundamentally don’t understand the details."
Apple declined to comment on the story. You can find many more details in the full report linked below.
Read More [via Rob]