The Central Intelligence Agency (CIA), aided by British intelligence, has spent nearly a decade trying to compromise the security of Apple iPhones and iPads, two of the most popular mobile devices on the planet, according to documents revealed by former NSA contractor Edward Snowden.
The Intercept reports that the CIA’s security experts went after security keys used for encryption on Apple’s devices and an attempted crack of Xcode, a development tool used to create most iOS applications. The CIA’s efforts would enable them to steal users’ passwords and communications.
According to the leaked documents, the CIA researchers also said they could force an Apple mobile device to deliver a keylogger to laptop and desktop computers in order to record all keystrokes on the device, a tool commonly used by hackers to steal passwords and sensitive financial data.
You can read the documents here.
https://twitter.com/csoghoian/status/575202243894452224
At secret CIA conference, researchers claimed they successfully compromised Microsoft's BitLocker http://t.co/ngUCFKOy7w
— jeremy scahill (@jeremyscahill) March 10, 2015
https://twitter.com/mattyglesias/status/575236598125613056
The efforts to crack the iPhone’s security started in 2006, a year before the product was released to the public.
The actual success of the CIA’s programs is not clear. For instance, although CIA researchers claimed to create a “poisoned” version of Xcode, no one is sure how they would get developers to actually use it. With that in mind, independent security researchers are surely on the look out to see if the CIA found a way to do so.
So now the race is on to find compromised Xcode distributions (and apps built from them) in the wild. https://t.co/2vij4lOb1t
— matt blaze (@mattblaze) March 10, 2015
The CIA hasn’t commented on the story. Apple also hasn’t commented, but CEO Tim Cook has spoken extensively about privacy and security in recent months.
“I want to be absolutely clear that we have never worked with any government agency from any country to create a backdoor in any of our products or services,” Cook wrote last year. “We have also never allowed access to our servers. And we never will.”
The leaked documents come from a presentation at “the jamboree,” an annual event where security exploits are shown off in secret to fellow members of the intelligence community.
“If US products are OK to target, that’s news to me,” Matthew Green of the Information Security Institute at John Hopkins University told the Intercept.
“If I were Tim Cook, I’d be furious,” ACLU technologist Chris Soghoian told the Intercept. “If Apple is mad at the intelligence community, and they should be, they should put their lawyers to work. Lawsuits speak louder than words.”
If you think Tim Cook was mad at the US govt before, I imagine he is now doing his best Samuel L. Jackson impression.
— Eva (@evacide) March 10, 2015
H/T The Intercept | Photo via MIKI Yoshihito (´???)/Flickr (CC BY 2.0)