Another batch of classified documents from former NSA contractor Edward Snowden have recently been released, exposing yet more shameful and illegal activity by the U.S. intelligence community. According to top-secret documents from Edward Snowden reviewed by The Intercept, the Central Intelligence Agency has been conducting a sustained effort to break the security of Apple’s iPhones and iPads for several years.
The new documents show that national security intelligence researchers are working to break the security keys used to encrypt data stored on Apple’s devices that the company uses to provide mobile security to hundreds of millions of Apple customers world wide. Focusing on both both “physical” and “non-invasive” methods, U.S. government-sponsored efforts have been trying to develop ways to decrypt and penetrate the iPhone maker’s encrypted firmware. Of note, the Snowden documents did not confirm that U.S. intelligence had managed to compromise Apple’s security.
The CIA declined to comment when asked by The Intercept for feedback on this story. Apple also declined comment.
As reported by ValueWalk, NSA secret leaker Edward Snowden avoids Apple products at all costs. His lawyer said that Snowden believes that Apple may have put a secret backdoor that allows the company or the government to spy on users. Given today’s revelations, maybe Snowden was really more worried about the government having compromised the security of Apple devices.
The NSA Jamboree focused on Apple
U.S. government cybersecurity research efforts to target Apple’s products were presented at an annual CIA-sponsored conference known as the “Jamboree.” In a 2012 seminar, Sandia Labs made a presentation titled “Strawhorse: Attacking the MacOS and iOS Software Development.” The lecture illustrated how a comprised version of Xcode makes it possible to get access to iPhone and iPad data, or create “backdoors” on Mac computers, as well as turn off key security features on Apple devices. Exactly how the agencies planned to get developers to use the comprised software code was not specified.
Another presentation illustrated that a hacked OS X updater could be used to install keyloggers on Mac computers. A 2011 presentation examined various methods that could be used to hack Apple’s Group ID (one of the two encryption keys on Apple mobile devices). One method scanned and broke down the electromagnetic emissions of the GID to extract the encryption key, while the other described a “method to physically extract the GID key.”
The recently released Snowden documents also showed that some presentations at the CIA Jamborees focused on other technology firms, including at least one session on Microsoft’s BitLocker encryption system, which is used widely on Windows-based laptop and desktop computers.
Statement from academic cybersecurity experts
“If U.S. products are OK to target, that’s news to me,” Matthew Green, a cryptographer at Johns Hopkins University’s Information Security Institute explained to The Intercept. “Tearing apart the products of U.S. manufacturers and potentially putting backdoors in software distributed by unknowing developers all seems to be going a bit beyond ‘targeting bad guys.’ It may be a means to an end, but it’s a hell of a means.”
“Spies gonna spy,” noted Steven Bellovin, a computer science professor at Columbia University and former chief technologist for the FTC. “I’m never surprised by what intelligence agencies do to get information. They’re going to go where the info is, and as it moves, they’ll adjust their tactics. Their attitude is basically amoral: whatever works is OK.”
The fact that the CIA has been working hard for years to undermine the security of Apple devices comes as Apple and other technology companies are vocally fighting back against pressure from both U.S. and U.K. government officials to allow intelligence to more easily access their devices. Law enforcement agencies are requesting that the firms not rollback the government’s ability to bypass security tools built into devices today. Of note, Apple’s CEO Tim Cook has taken a particularly strong stand for privacy as a core corporate and cultural value, and has sharply criticized U.S. law enforcement and intelligence agencies on a number of occasions.
The Intercept also notes just a few months ago U.S. President Barack Obama criticized China for forcing tech firms to install security backdoors designed to enable government surveillance. Somewhat ironically, it turns out that China is really only following America’s lead on public surveillance.