Skip to main content

Central Intelligence Agency

See All Stories

Snowden: The CIA has been working “for years” to break iPhone, iPad and Mac security

Site default logo image

cia

Update: One of the approaches suggested – modifying Xcode to inject malware – has now been used, though we don’t at this stage know who was responsible.

The Central Intelligence Agency has conducted “a multi-year, sustained effort to break the security of Apple’s iPhones and iPads,” claims The Intercept, referencing new Snowden leaks of a document from the CIA’s internal wiki system.

A presentation on the attempts, focusing on breaking Apple’s encryption of iOS devices, was said to have been delivered at an annual CIA conference called the Jamboree.

Studying both “physical” and “non-invasive” techniques, U.S. government-sponsored research has been aimed at discovering ways to decrypt and ultimately penetrate Apple’s encrypted firmware. This could enable spies to plant malicious code on Apple devices and seek out potential vulnerabilities in other parts of the iPhone and iPad currently masked by encryption.

One route reportedly taken by the CIA was to create a modified version of Xcode, which would allow it to compromise apps at the point at which they are created … 
Expand
Expanding
Close

Did AntiSec hackers get Apple?

Site default logo image

We’ve heard a few reports in the past that Lulzsec hackers had broken into Apple. Now, however, the WSJ is reporting that the AntiSec hackers that have been joyriding around the internet using SQL injectors to steal username and password have hit Apple’s servers and taken usernames and passwords.

The hackers said in a statement posted to Twitter that they had accessed Apple’s systems due to a security flaw used in software used by the Cupertino, Calif.-based gadget maker and other companies. “But don’t worry,” the hackers said, “we are busy elsewhere.” A spokesman for Apple didn’t immediately respond to a request for comment. The posted information comes as part of a two-month campaign of digital heists targeting corporations including Sony Corp. and AT&T Inc., as well as government agencies such as the U.S. Senate, the Central Intelligence Agency and the Arizona Department of Public Safety.

Specifically, they say  they’ve got the username and passwords from this server:

http://abs.apple.com:8080/ssurvey/survey?id=

While this looks to be a pretty harmless server with only local usernames, previous postings have claimed a much bigger bounty:
Expand
Expanding
Close