The CIA Has Been Hacking Your iPhone

Uploaded on 2015-03-18 in NEWS-Cybersecurity News, INTELLIGENCE--USA, FREE TO VIEW

The Central Intelligence Agency has secretly attempted for years to crack the security protections on a number of Apple products, including the iPhone and iPad, according to newly revealed documents from Edward Snowden.
CIA spies have been at work for nearly a decade to thwart the encryption standards on Apple’s devices, the classified files published Tuesday by The Intercept show.
At an annual CIA conference known as “Jamboree” and dating back to 2006, contracted researchers have tried to devise strategies for how to break through the security baked into electronics built by Apple, Microsoft, and other U.S. technology companies. A prime goal has been to build so-called surveillance backdoors that would allow for government snooping without the knowledge of the company.
The documents detail efforts by researchers to exploit Xcode, Apple’s popular app-developing software, so they could infect and extract private user data on devices that installed the “poisoned” version. “In other words, by manipulating Xcode, the spies could compromise the devices and private data of anyone with apps made by a poisoned developer—potentially millions of people,” The Intercept reported.
Additionally, the Snowden documents suggest that a compromised Xcode could be manipulated to create a “remote backdoor” allowing covert access to the contents of an Apple product. The hijacked software could also be used to impersonate targeted app developers, route any iPhone or iPad iOS application data through a government “listening post,” and disable key security protections.
It is not clear from the Snowden documents how successful these efforts to break Apple’s encryption protocols have been.
The revelations come amid a public push by senior government officials to convince tech companies not to deploy “unbreakable” encryption technologies. President Obama, Attorney General Eric Holder, FBI Director James Comey, and others have warned in recent months that efforts by Apple and Google to create too-tough-to-crack encryption protocols on their mobile devices could stifle law-enforcement investigations and jeopardize national security.
But while other intelligence agencies have been vocal about their encryption concerns, the CIA has remained largely silent on the matter. Last week, CIA Director John Brennan ordered a sweeping reorganization of his agency, a shift that includes a major refocus on digital spying. Brennan has defended the change as vital for the CIA to continue fulfilling its mission, although some have expressed concern the spy agency may be neglecting its more traditional intelligence-gathering capabilities.
The new revelations come just a day after Apple regaled technophiles in Silicon Valley with a “special event” in which CEO Tim Cook demoed the new Apple Watch. The forthcoming Internet-connected wearable has drawn some intrigue from lawmakers and regulators in Washington over its use and storage of personal data, such as health biometrics.
Privacy groups and number of lawmakers, such as Democrat Sen. Ron Wyden, have warned that forcing U.S. tech companies to build backdoors into their products does untold economic damage to Silicon Valley and gives overseas competitors an easy attack line. Such vulnerabilities, they contend, also jeopardizes national security by giving countries like China and Russia an easier way to conduct cyberattacks and access U.S. data.
“I’m a strong believer in strong encryption,” Obama said during an interview with Re/code last month during a White House-led summit held at Stanford University. “But I am sympathetic to law enforcement because I know the kind of pressure they’re under to keep us safe. And it’s not as black-and-white as it’s sometimes portrayed.”
Cook, who has pushed back strongly on government attempts to undermine encryption, spoke earlier at that same conference. In a brief speech, he laid out a forceful defense for digital privacy, likening it to a human right that can “make the difference between life and death.”  Defenseone  http://ow.ly/KfH1D

 

« Some Email Truths for Hillary Clinton
Snowden: New Zealand Spying on Pacific Islands »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Cypress Semiconductor

Cypress Semiconductor

Cypress is a semiconductor design and manufacturing company providing embedded devices for secure IoT applications.

General Dynamics Information Technology (GDIT)

General Dynamics Information Technology (GDIT)

General Dynamics IT delivers cyber security services to defend critical information and infrastructure.

Deductive Labs

Deductive Labs

Deductive Labs consulting services help customers with their technology, security and automation challenges.

Norwegian Business & Industry Security Council (NSR)

Norwegian Business & Industry Security Council (NSR)

NSR is a member organization serving the Norwegian business sector in an advisory capacity on matters relating to crime and security including cyber.

Applied Science and Technology Research Institute Company Limited (ASTRI)

Applied Science and Technology Research Institute Company Limited (ASTRI)

ASTRI's mission is to enhance Hong Kong’s competitiveness in technology-based industries through applied research in areas including Security & Data Sciences which encompasses cybersecurity.

Indeed

Indeed

Indeed is a worldwide employment-related search engine for job listings covering job types in all industries, including cybersecurity.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Kratikal

Kratikal

Kratikal provides a complete suite of manual and automated security testing services.

AlertFusion

AlertFusion

AlertFusion is a platform that makes security operations more effective. It complements existing tools and technologies, unifies operations, enhances process maturity and drives efficiencies.

Data Privacy Office (DPO)

Data Privacy Office (DPO)

Data Privacy Office is a company that specializes in privacy and personal data protection, following the highest standards in its sector.

BriskInfosec Technology & Consulting

BriskInfosec Technology & Consulting

BriskInfosec provides information security services, products and compliance solutions to our customers.

Matrixforce

Matrixforce

Matrixforce is a vetted IT support provider that uses the patented Delta Method of streamlining technology for financial and professional service firms to reduce complexity and avoid risk.

BIRD Cyber

BIRD Cyber

BIRD Cyber is a program to promote collaboration on cybersecurity and emerging technologies aimed at enhancing the cyber resilience of critical infrastructure.

Silent Push

Silent Push

Silent Push maps all internet-facing infrastructure with searchable, advanced attributes, generating early indicators of potential threats that are tailored to your environment.

Epic Machines

Epic Machines

Epic Machines is a Value Added Reseller and Managed Security Services provider offering Security Transformation using Cloud-native solutions to commercial and government markets.

SafeBase

SafeBase

Safebase provide the infrastructure for Trust Communication. Our Trust Center enables Security and Sales teams to share and automate access to security, compliance, and privacy information.