Spooks bragged at secret meeting about planting backdoors and key stroke loggers
Source: STEVE WATSON |
Newly released documents obtained via NSA whistleblower Edward Snowden have revealed that the CIA attempted for a decade to gain access to data on Apple’s i devices as part of the intelligence establishment’s continued mass spying program.
“Studying both ‘physical’ and “non-invasive” techniques, U.S. government-sponsored research has been aimed at discovering ways to decrypt and ultimately penetrate Apple’s encrypted firmware,” The Intercept report by Glenn Greenwald states.
The CIA set its sights on accessing user data on iPhones and iPads all over the globe, according to the documents, as well as attempting to introduce backdoors to the devices, in order to monitor them at will.
“This could enable spies to plant malicious code on Apple devices and seek out potential vulnerabilities in other parts of the iPhone and iPad currently masked by encryption.” the report notes.
Within the documents, CIA researchers brag that they have found a way to introduce surveillance backdoors into practically every mobile application downloaded via the Apple App Store.
The spooks say that they did this by creating a modified version of the Xcode integrated development environment, which is a Apple’s proprietary suite of tools used to develop software for OS X and iOS.
“The modified version of Xcode, the researchers claimed, could enable spies to steal passwords and grab messages on infected devices. Researchers also claimed the modified Xcode could “force all iOS applications to send embedded data to a listening post.” It remains unclear how intelligence agencies would get developers to use the poisoned version of Xcode.”
The CIA hackers also boasted that they had managed to modify Apple’s OS X updater, which is used to automatically update software and programs on Apple computers. The agents claimed that they had successfully installed a “keylogger” via the OS X updater, meaning keystrokes from users could be logged and analysed.
“The Intelligence Community (IC) is highly dependent on a very small number of security flaws, many of which are public, which Apple eventually patches,” the CIA researchers noted during a secret presentation.
The documents note that the CIA began the surveillance effort in 2006, while the first iPhone was still in development. The spooks bragged about the inroads they were making in 2011 at an event known as “Jamboree,” a hush hush confab for the “intelligence” community held at a Lockheed Martin facility inside an executive office park in northern Virginia.
“Lockheed Martin’s role in these activities should not be surprising given its leading role in the national surveillance state,” says William Hartung, director of the Arms and Security Project at the Center for International Policy. “It is the largest private intelligence contractor in the world, and it has worked on past surveillance programs for the Pentagon, the CIA and the NSA. If you’re looking for a candidate for Big Brother, Lockheed Martin fits the bill.”
Last year, an admission by Apple that a “bug” in its operating system had left devices open to potential hacking had experts questioning whether the security hole was intentional, in order to allow the NSA backdoor access as part of its mass spying program.
Apple acknowledged that a “goto fail” command in the company’s SecureTansport protocol had left iPhones, iPads, and MacBooks vulnerable to data intercept on networks and wireless connections. Anyone who had knowledge of the security flaw, could have accessed secure data, Apple noted.
A separate Snowden leak, around the same time one year ago, revealed that the NSA had infiltrated iPhones with a program known as DROPOUT JEEP, which allowed the agency access to text messages, voicemails and other personal data.
Apple has vehemently denied having knowledge of the NSA’s activities. “Apple has never worked with the NSA to create a backdoor in any of our products, including iPhone,” Apple said in a January 2014 statement. “Additionally, we have been unaware of this alleged NSA program targeting our products. We care deeply about our customers’ privacy and security.” The company is yet to comment on the latest developments.
The latest revelations also come on the heels of a report revealing that the NSA and the British GCHQ successfully compromised the internal network of the world’s largest SIM card manufacturer, allowing them to gain access to millions of encryption keys for mobile phones around the world.