Skip to main content

NSA had almost total access to iPhones, including microphone & camera, says security researcher

[youtube=http://www.youtube.com/watch?v=b0w36GAyZIA&start=270]

The NSA could access almost all data stored on an iPhone, including location, text messages and contact lists – including the ability to activate both microphone and camera, according to a presentation by security researcher Jacob Appelbaum at the Chaos Communication Conference in Hamburg, Germany.

Appelbaum showed what he said were leaked NSA documents in which the agency claimed to have a “100 percent success rate” at installing spyware on iPhones. The documents date back to 2008, at which point the NSA needed physical access to an iPhone to install the spyware, but a remotely-installable version was said at the time to be in development.

Even needing physical access to the phone was seemingly not a barrier to the NSA … 

An earlier leak described an NSA team known as Tailored Access Operations, whose job was to intercept technology shipments between supplier and customer in order to install spyware and reseal the packaging in a way that would be undetectable to the recipient. Reportedly the NSA could even install spyware in the firmware of hard drives, so that even reformatting the drive would not protect it.

Appelbaum says it is unclear whether Apple cooperated in allowing the exploit on which the spyware relies.

Either [the NSA] have a huge collection of exploits that work against Apple products, meaning they are hoarding information about critical systems that American companies produce, and sabotaging them, or Apple sabotaged it themselves.

Do you think Apple helped them with that? I hope Apple will clarify that.

Given the age of the documents, it is also unknown whether the exploit used still exists in current iPhones. It has been pointed out that back in 2008 iPhones did not have any kind of encryption, and all apps ran as root.

Apple previously denied granting access to its servers, though it was suggested that the denials by Apple and others appeared to have been carefully and consistently worded.

Apple and other tech companies wrote an open letter asking for the NSA’s powers to be limited, and asking to be allowed to provide greater transparency regarding any legally-required cooperation with the NSA. Tim Cook and other top tech execs subsequently had two meetings with President Obama to discuss the issue (among other things), the second of which took place earlier this month.

Via The Daily Dot via TechMeme

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

  1. varera (@real_varera) - 10 years ago

    let’s be fair here. if you put aside bashing apple and some bad jokes about its “writing extremely bad software”, applebaum has just told that if having physical access, any iphone can be turned into a surveillance device. as much as that.

    wow, what a surprise, considering any jailbreak is done exactly the same way.

    let’s face it, this is not apple’s wrong doing, it is just the fact of life. later in the same lecture applebaum describes how any computer can be compromised if nsa has a physical access to it.

    the bare fact is: with computing, if gained physical access, any device can be compromised. what a revelation, really, from a great security expert. :-/

    • Prowl Home - 10 years ago

      You might want to change the title to “UNTIL 2008 THE NSA ONCE HAD…”

      Utterly misleading title.

      • Ben Lovejoy - 10 years ago

        “Given the age of the documents, it is also unknown whether the exploit used still exists in current iPhones. It has been pointed out that back in 2008 iPhones did not have any kind of encryption, and all apps ran as root.”

        The iPhone was certainly an easier target in 2008, but given the sophistication required to insert spyware into hard drive firmware, it would be naive to imagine that the NSA cannot tackle much tougher targets today.

  2. varera (@real_varera) - 10 years ago

    and by the way, the title is out of context, hence wrong and misleading. boo, 9to5mac

  3. e. w. parris (@ewparris) - 10 years ago

    Hmm. If a bad actor has PHYSICAL ACCESS TO INSTALL MALWARE ON YOUR DEVICE it can do a lot of things. This should be news to no one. This is not isolated to Apple products. I don’t know why this is a story. Oh. Right. The iPhone name appears in the headline. Silly me.

  4. Vernon de Silva - 10 years ago

    He would just say that would he not …

    non-news …

    policeman’s helmet comes to mind, and why they are pointed …

Author

Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!


Ben Lovejoy's favorite gear