The CIA Has Been Hacking Your iPhone

The Central Intelligence Agency has secretly attempted for years to crack the security protections on a number of Apple products, including the iPhone and iPad, according to newly revealed documents from Edward Snowden.
CIA spies have been at work for nearly a decade to thwart the encryption standards on Apple’s devices, the classified files published Tuesday by The Intercept show.
At an annual CIA conference known as “Jamboree” and dating back to 2006, contracted researchers have tried to devise strategies for how to break through the security baked into electronics built by Apple, Microsoft, and other U.S. technology companies. A prime goal has been to build so-called surveillance backdoors that would allow for government snooping without the knowledge of the company.
The documents detail efforts by researchers to exploit Xcode, Apple’s popular app-developing software, so they could infect and extract private user data on devices that installed the “poisoned” version. “In other words, by manipulating Xcode, the spies could compromise the devices and private data of anyone with apps made by a poisoned developer—potentially millions of people,” The Intercept reported.
Additionally, the Snowden documents suggest that a compromised Xcode could be manipulated to create a “remote backdoor” allowing covert access to the contents of an Apple product. The hijacked software could also be used to impersonate targeted app developers, route any iPhone or iPad iOS application data through a government “listening post,” and disable key security protections.
It is not clear from the Snowden documents how successful these efforts to break Apple’s encryption protocols have been.
The revelations come amid a public push by senior government officials to convince tech companies not to deploy “unbreakable” encryption technologies. President Obama, Attorney General Eric Holder, FBI Director James Comey, and others have warned in recent months that efforts by Apple and Google to create too-tough-to-crack encryption protocols on their mobile devices could stifle law-enforcement investigations and jeopardize national security.
But while other intelligence agencies have been vocal about their encryption concerns, the CIA has remained largely silent on the matter. Last week, CIA Director John Brennan ordered a sweeping reorganization of his agency, a shift that includes a major refocus on digital spying. Brennan has defended the change as vital for the CIA to continue fulfilling its mission, although some have expressed concern the spy agency may be neglecting its more traditional intelligence-gathering capabilities.
The new revelations come just a day after Apple regaled technophiles in Silicon Valley with a “special event” in which CEO Tim Cook demoed the new Apple Watch. The forthcoming Internet-connected wearable has drawn some intrigue from lawmakers and regulators in Washington over its use and storage of personal data, such as health biometrics.
Privacy groups and number of lawmakers, such as Democrat Sen. Ron Wyden, have warned that forcing U.S. tech companies to build backdoors into their products does untold economic damage to Silicon Valley and gives overseas competitors an easy attack line. Such vulnerabilities, they contend, also jeopardizes national security by giving countries like China and Russia an easier way to conduct cyberattacks and access U.S. data.
“I’m a strong believer in strong encryption,” Obama said during an interview with Re/code last month during a White House-led summit held at Stanford University. “But I am sympathetic to law enforcement because I know the kind of pressure they’re under to keep us safe. And it’s not as black-and-white as it’s sometimes portrayed.”
Cook, who has pushed back strongly on government attempts to undermine encryption, spoke earlier at that same conference. In a brief speech, he laid out a forceful defense for digital privacy, likening it to a human right that can “make the difference between life and death.”  Defenseone  http://ow.ly/KfH1D

 

« Some Email Truths for Hillary Clinton
Snowden: New Zealand Spying on Pacific Islands »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Synovum

Synovum

Synovum was formed with the intention to provide high quality advice, consultancy, training and project management services to clients in all sectors of industry.

CERT.BY

CERT.BY

The National Computer Emergency Response Team of the Republic of Belarus.

Kymatio

Kymatio

Kymatio are pioneers in Artificial Intelligence applied to adaptive staff strengthening, cultural change and predictive internal risk analysis.

National Cybersecurity Society (NCSS) - USA

National Cybersecurity Society (NCSS) - USA

The National Cybersecurity Society is a non-profit organization focused on providing cybersecurity education, awareness and advocacy to small businesses.

Stratejm

Stratejm

Stratejm, a Next Generation Managed Security Services Provider, brings innovation and thought leadership to the fight against cyber criminals.

Spin Technology

Spin Technology

SpinOne is a SaaS data protection platform designed to monitor, secure, and back up your G Suite and O365 data, improve compliance, and reduce IT costs.

Privafy

Privafy

Privafy helps mobile service providers, IoT manufactures , and enterprises redefine the way they protect Data-in-Motion.

ChaosSearch

ChaosSearch

ChaosSearch is a massively scalable ELK-compatible log analysis platform delivered as a fully managed service with high-performance and low cost.

Xopero Software

Xopero Software

Xopero Software develops a comprehensive range of professional tools for protecting and restoring critical business data.

WithSecure

WithSecure

WithSecure (formerly F-Secure Business) is your reliable cyber security partner, providing outcome-based cyber security that protects and enables operations.

Winmill Software

Winmill Software

Winmill is a technology services company that provides expert consulting services in Application Development, Application Security and Cyber Security.

Intelligent CloudCare

Intelligent CloudCare

Intelligent CloudCare, a division of IPS, is a full IT Services provider serving the needs of SMBs in the metropolitan New York City region.

DruvStar

DruvStar

DruvStar provides B2B cybersecurity around threat management to strengthen businesses across attack vectors.

Daisy Corporate Services

Daisy Corporate Services

Daisy is one of the largest providers of communications and IT solutions across the UK, with a portfolio spanning unified communications, cloud, cyber security and resilience.

ThreatER

ThreatER

ThreateER (formerly ThreatBlockr / Bandura Cyber) is a cybersecurity platform that provides active network defense by automating the discovery, enforcement, and analysis of cyber threats at scale.

CyberNINES

CyberNINES

CyberNINES is a business specializing in helping US Department of Defense contractors become compliant and attest to federal cybersecurity regulation requirements.