The NSA could access almost all data stored on an iPhone, including location, text messages and contact lists – including the ability to activate both microphone and camera, according to a presentation by security researcher Jacob Appelbaum at the Chaos Communication Conference in Hamburg, Germany.

Appelbaum showed what he said were leaked NSA documents in which the agency claimed to have a “100 percent success rate” at installing spyware on iPhones. The documents date back to 2008, at which point the NSA needed physical access to an iPhone to install the spyware, but a remotely-installable version was said at the time to be in development.

Even needing physical access to the phone was seemingly not a barrier to the NSA … 

An earlier leak described an NSA team known as Tailored Access Operations, whose job was to intercept technology shipments between supplier and customer in order to install spyware and reseal the packaging in a way that would be undetectable to the recipient. Reportedly the NSA could even install spyware in the firmware of hard drives, so that even reformatting the drive would not protect it.

Appelbaum says it is unclear whether Apple cooperated in allowing the exploit on which the spyware relies.

Either [the NSA] have a huge collection of exploits that work against Apple products, meaning they are hoarding information about critical systems that American companies produce, and sabotaging them, or Apple sabotaged it themselves.

Do you think Apple helped them with that? I hope Apple will clarify that.

Given the age of the documents, it is also unknown whether the exploit used still exists in current iPhones. It has been pointed out that back in 2008 iPhones did not have any kind of encryption, and all apps ran as root.

Apple previously denied granting access to its servers, though it was suggested that the denials by Apple and others appeared to have been carefully and consistently worded.

Apple and other tech companies wrote an open letter asking for the NSA’s powers to be limited, and asking to be allowed to provide greater transparency regarding any legally-required cooperation with the NSA. Tim Cook and other top tech execs subsequently had two meetings with President Obama to discuss the issue (among other things), the second of which took place earlier this month.

Via The Daily Dot via TechMeme

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

6 Responses to “NSA had almost total access to iPhones, including microphone & camera, says security researcher”

  1. let’s be fair here. if you put aside bashing apple and some bad jokes about its “writing extremely bad software”, applebaum has just told that if having physical access, any iphone can be turned into a surveillance device. as much as that.

    wow, what a surprise, considering any jailbreak is done exactly the same way.

    let’s face it, this is not apple’s wrong doing, it is just the fact of life. later in the same lecture applebaum describes how any computer can be compromised if nsa has a physical access to it.

    the bare fact is: with computing, if gained physical access, any device can be compromised. what a revelation, really, from a great security expert. :-/

    • Prowl Home says:

      You might want to change the title to “UNTIL 2008 THE NSA ONCE HAD…”

      Utterly misleading title.

      • Ben Lovejoy says:

        “Given the age of the documents, it is also unknown whether the exploit used still exists in current iPhones. It has been pointed out that back in 2008 iPhones did not have any kind of encryption, and all apps ran as root.”

        The iPhone was certainly an easier target in 2008, but given the sophistication required to insert spyware into hard drive firmware, it would be naive to imagine that the NSA cannot tackle much tougher targets today.

  2. and by the way, the title is out of context, hence wrong and misleading. boo, 9to5mac

  3. Hmm. If a bad actor has PHYSICAL ACCESS TO INSTALL MALWARE ON YOUR DEVICE it can do a lot of things. This should be news to no one. This is not isolated to Apple products. I don’t know why this is a story. Oh. Right. The iPhone name appears in the headline. Silly me.

  4. He would just say that would he not …

    non-news …

    policeman’s helmet comes to mind, and why they are pointed …