CIA 'tried to crack security of Apple devices'

Uploaded on 2015-03-13 in INTELLIGENCE--USA, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

The agency tried to create dummy version of development software that would allow it to insert surveillance back doors into apps

The CIA led sophisticated intelligence agency efforts to undermine the encryption used in Apple phones, as well as insert secret surveillance back doors into apps, top-secret documents published by the Intercept online news site have revealed.
The newly disclosed documents from the National Security Agency’s internal systems show surveillance methods were presented at its secret annual conference, known as the “jamboree”.
The most serious of the various attacks disclosed at the event was the creation of a dummy version of Apple’s development software Xcode, which is used by developers to create apps for iOS devices.
The modified version of Xcode would allow the CIA, NSA or other agencies to insert surveillance backdoors into any app created using the compromised development software. The revelation has already provoked a strong backlash among security researchers on Twitter and elsewhere, and is likely to prompt security audits among Apple developers.
The latest revelations of sustained hacking efforts against Apple devices are set to further strain already difficult relations between the technology company and the US government.
Apple had previously been a partner in the Prism programme, in effect a legal backdoor to obtain user information by the NSA and its allies, but in the wake of the Snowden revelations it has stepped up efforts to protect user privacy, including introducing end-to-end encryption on iMessages.
Tim Cook, the CEO of Apple, warned Barack Obama in public remarks this month that history had shown “sacrificing our right to privacy can have dire consequences”.
 
Other efforts showcased at the intelligence agency jamboree included a means of introducing keylogger software – which records and transmits every stroke a compromised user types – into systems through Apple’s software update tool on its laptop and desktop computers.
Analysts were also exploring a sophisticated approach to breaking encryption on individual devices using the activity pattern of its processor while it is encrypting data, known as a “side channel” attack, as part of a bid to gain further access to the core software the devices run.
The presentation notes revealed by the Intercept suggested that at the time of the presentation in March 2012 the technique had not yet been successful in extracting the key.
US academics and security researchers have questioned the legality of the CIA’s efforts to attack Apple’s security.
“If US products are OK to target, that’s news to me,” Matthew Green of the Information Security Institute at John Hopkins University told the Intercept.
“Tearing apart the products of US manufacturers and potentially putting back doors in software distributed by unknowing developers all seems to be going a bit beyond ‘targeting bad guys’. It may be a means to an end, but it’s a hell of a means.”
The exploits revealed by the Intercept are the latest in a long list of stories disclosing intelligence agency activities against Apple and its platforms. In January 2014, the Guardian disclosed a variety of exploits being used by the UK intelligence agency GCHQ and the NSA against mobile phones.
These included bids to extract personal information from data transmitted by apps including Angry Birds, as well as a range of capabilities to activate remotely the microphone on iPhones and Android devices – a project codenamed Nosey Smurf. Guardian http://ow.ly/KfGB1

« GCHQ Spying Wasn't Illegal, it Just ‘Lacked Transparency’…
Europe Could See Beginning Of Two-Tier Internet »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

RISA

RISA

RISA solutions help to secure networks, improve overall network security, and achieve government regulatory compliance.

Information Security Media Group (ISMG)

Information Security Media Group (ISMG)

Information Security Media Group is the world’s largest media organization devoted solely to information security and risk management.

Wallix

Wallix

Wallix is a software company offering privileged access management solutions for enterprises, public organizations and cloud service providers

Quaynote Communications

Quaynote Communications

Quaynote Communications is a specialist conference and communications company focused primarily on the maritime, yachting, aviation and security industries.

Cyacomb

Cyacomb

Cyacomb (formerly Cyan Forensics) provides digital forensics software to help police forces find evidence on computers many times faster than before.

Securicon

Securicon

Securicon provides expert consulting for application, system and network security.

CyberInsureOne

CyberInsureOne

At CyberInsureOne, we break down the complex world of cyber insurance, and connect you with providers that can give you and your company peace of mind.

German Israeli Partnership Accelerator (GIPA)

German Israeli Partnership Accelerator (GIPA)

GIPA is based on two pillars: it is an incubator aimed at young academics and a program to transfer cybersecurity expertise to corporate partners.

Stamus Networks

Stamus Networks

Stamus Networks offers Scirius Security Platform solutions that marry real-time network traffic data with enhanced Suricata intrusion detection (IDS) and an advanced analytics engine.

Nominet

Nominet

Nominet's cyber division offers network detection and response services to governments and enterprises worldwide.

SecureStream Technologies

SecureStream Technologies

SecureStream Technologies have built the IoT SafetyNet - the Network Security Analytics platform to Eliminate Security Threats, Guarantee Privacy, Ensure Compliance, Simply & Easily.

Debevoise & Plimpton

Debevoise & Plimpton

Debevoise & Plimpton LLP is a premier law firm with market-leading practices in areas including Data Strategy & Security.

CloudWave

CloudWave

CloudWave, the expert in healthcare data security, provides cloud, cybersecurity, and managed services to healthcare organizations.

MyTurn Career LLC

MyTurn Career LLC

Looking for a rewarding career in cybersecurity? Explore a wide range of cybersecurity jobs and opportunities in this rapidly evolving field.

Ever Nimble

Ever Nimble

Ever Nimble are award-winning experts in IT support, cybersecurity, and cloud technology. Our proactive approach will enhance your security and protect you from cyber security threats.

Syteca

Syteca

Syteca is specifically designed to secure organizations against threats caused by insiders. It provides full visibility and control over internal risks.