The NSA could access almost all data stored on an iPhone, including location, text messages and contact lists – including the ability to activate both microphone and camera, according to a presentation by security researcher Jacob Appelbaum at the Chaos Communication Conference in Hamburg, Germany.
Appelbaum showed what he said were leaked NSA documents in which the agency claimed to have a “100 percent success rate” at installing spyware on iPhones. The documents date back to 2008, at which point the NSA needed physical access to an iPhone to install the spyware, but a remotely-installable version was said at the time to be in development.
Even needing physical access to the phone was seemingly not a barrier to the NSA …
An earlier leak described an NSA team known as Tailored Access Operations, whose job was to intercept technology shipments between supplier and customer in order to install spyware and reseal the packaging in a way that would be undetectable to the recipient. Reportedly the NSA could even install spyware in the firmware of hard drives, so that even reformatting the drive would not protect it.
Appelbaum says it is unclear whether Apple cooperated in allowing the exploit on which the spyware relies.
Either [the NSA] have a huge collection of exploits that work against Apple products, meaning they are hoarding information about critical systems that American companies produce, and sabotaging them, or Apple sabotaged it themselves.
Do you think Apple helped them with that? I hope Apple will clarify that.
Given the age of the documents, it is also unknown whether the exploit used still exists in current iPhones. It has been pointed out that back in 2008 iPhones did not have any kind of encryption, and all apps ran as root.
Apple and other tech companies wrote an open letter asking for the NSA’s powers to be limited, and asking to be allowed to provide greater transparency regarding any legally-required cooperation with the NSA. Tim Cook and other top tech execs subsequently had two meetings with President Obama to discuss the issue (among other things), the second of which took place earlier this month.
FTC: We use income earning auto affiliate links. More.