Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

CIA has waged 'secret campaign' to crack Apple's iOS security - report

Last updated

Classified documents released by whistleblower Edward Snowden reveal that the Central Intelligence Agency has been engaged in a multi-year coordinated effort to crack the security of Apple's iOS platform, which powers and protects the iPhone and iPad.

Details on the CIA's efforts apparently come from an annual, secret agency meeting dubbed "The Trusted Computing Base Jamboree," where the latest progress was apparently revealed. Documents from that meeting were obtained by Snowden, and then provided to The Intercept.

In it, researchers from the U.S. government's "Sandia National Laboratories" are revealed to have allegedly targeted security keys on iOS in an effort to crack the platform and obtain user data. The agency is said to have looked into both physical methods, where access to the device is required, as well as remote efforts.

As part of the CIA's work, the agency is said to have created a modified version of Apple's Xcode developer tools. By "whacking" this software, security researchers were allegedly able to "sneak surveillance backdoors into any apps or programs created using the tool."

It was said that the CIA's cracked version of Xcode could allow the agency to obtain passwords, messages and other information from an infected device. The "whacked" Xcode could also disable core security features on Apple devices.

The CIA's efforts have also apparently targeted Apple's OS X platform for the Mac, as the documents claim the agency has modified Apple's updater tool to install a "keylogger."

It's unclear just how successful the CIA has been at truly penetrating iOS devices in the wild, or exactly how its research has been applied. Law enforcement officials, including the FBI Director James Comey, have decried the fact that encrypted data on an iPhone or iPad is not accessible, which, in Comey's words, allows users to "place themselves above the law."

Unsurprisingly, the CIA's annual "Jamboree" meetings have also delved into the security of other popular platforms. In particular, the documents released by Snowden also show Microsoft's BitLocker encryption system has been a target of CIA researchers.

Snowden has claimed for years that the U.S. National Security Agency has the capability of deploying software implants on the iPhone that could provide remote access to information like SMS text messages, location data, and microphone audio. The whistleblower also said earlier this year that he refuses to use an iPhone over spying concerns.

Apple, for its part, has vehemently defended itself, saying it has not cooperated in any government spying efforts and that it places its users' privacy above all else. In a statement issued in 2013, the company said it uses its resources "to stay ahead of malicious hackers and defend our customers from security attacks, regardless of who's behind them."



130 Comments

ireland 17436 comments · 18 Years

Jesus Christ what's going on with the human race. Those who are meaning to protect us are as bad as those who attack us. Fear, fear, fear fear.

 

**** them.

mike1 3437 comments · 10 Years

Just the same game of cat and mouse that's been going on for millenia.

foregoneconclusion 2857 comments · 12 Years

Why is Sandia National Laboratories in quotes? That's not a secret organization. 

flabber 97 comments · 12 Years

I feel the same way… I mean, this isn't about catching criminals or extremists anymore. They clearly want to know everything from everybody (and their mom), without having to justify their way of going about it. To be honest, after everything Snowden has made public, and after Obama promised to change things regarding privacy, I'm starting to develop an intense distrust toward any government. There's just no good enough reason for any government or CIA-(type) of agency to spy on every citizen in the world. 99,99% haven't even done anything noteworthy to validate this kind of privacy breach, and of the 0,01% that actually hás done something, half of them are not stupid enough to use normal phones but rather use encrypted messaging services (in Holland we have a Blackphone, where éverything is encrypted from end-to-end for example).

 

If the extremists aren't causing problems, it's our own government. Tax increasement anyone? I mean, the government has to get the funds to do this kind of shady business from somewhere don't they?