Update: One of the approaches suggested – modifying Xcode to inject malware – has now been used, though we don’t at this stage know who was responsible.
The Central Intelligence Agency has conducted “a multi-year, sustained effort to break the security of Apple’s iPhones and iPads,” claims The Intercept, referencing new Snowden leaks of a document from the CIA’s internal wiki system.
A presentation on the attempts, focusing on breaking Apple’s encryption of iOS devices, was said to have been delivered at an annual CIA conference called the Jamboree.
Studying both “physical” and “non-invasive” techniques, U.S. government-sponsored research has been aimed at discovering ways to decrypt and ultimately penetrate Apple’s encrypted firmware. This could enable spies to plant malicious code on Apple devices and seek out potential vulnerabilities in other parts of the iPhone and iPad currently masked by encryption.
One route reportedly taken by the CIA was to create a modified version of Xcode, which would allow it to compromise apps at the point at which they are created …
The modified version could slip CIA code into any apps created by developers.
The modified version of Xcode, the researchers claimed, could enable spies to steal passwords and grab messages on infected devices. Researchers also claimed the modified Xcode could “force all iOS applications to send embedded data to a listening post.”
However, as Xcode is distributed direct by Apple, it “remains unclear” how they would switch developers to the compromised version.
While most of the presentation focused on iOS, the CIA presenters also claimed to have created a rogue version of the OS X updater, which would install a keylogger on Macs.
Unsurprisingly, the CIA refused to comment on the report, and Apple pointed to its numerous statements on its stance on security and privacy.
Apple last year created a new security page on its website, Tim Cook writing a letter stressing the company’s commitment to data privacy. Cook was also the only tech CEO to speak at a White House cybersecurity summit, taking an uncompromising line in refusing to cooperate with government demands to weaken security.
History has shown us that sacrificing our right to privacy can have dire consequences […] we risk our way of life.
Apple was one of a number of tech companies to last year lobby the government to curb NSA data-collection.
FTC: We use income earning auto affiliate links. More.
Technology that frustrates the NSA, pleases the Aeron.
Is this article correct? Is it the CIA or the NSA? I wasn’t aware the CIA was involved in this type of program.
CIA is the report
I remember reading a white paper issued by the NSA about how to setup OS X Server to be secure and they used lots of Macs because of being able to not get hacked.
There was also another article a long time ago where the FBI had problems with getting into Macs that the criminals would use and they’d have to send them to a specialist in computer forensics in Canada and they weren’t always successful in getting access to the data on the hard drive. The article said that criminals should use Macs if they want their data secure. I kind of laughed about that one. It was written in tongue in cheek.
yeah, it probably does take years for them to figure out how to do, but it only takes hours to break Windows and Android. :-)
Google would just handle them the access to Android devices :D
Not that they have to, every 10 yo can write malicious code for Android…
True.
Why anyone would trust this same government to do anything beneficial for its citizens makes no sense.
Yea, why would we trust a government that has been doing these kinds of tactics for 70 years and all we’ve got to show for it was bankrupting the USSR by 1979 which caused the end of the cold war and prevented World War III. Not to mention the decimation of the MOB. The Chicago Outfit went years without boss because of the high tech surveillance on them 24×7.
Surprised? Im not !
im not surprised. in fact i think its bullshit. 9 to 5 mac has excellent reporting, but i think this report is misleading. One of the best hackers in the world worked for NSA for years. Want to know what his specialty was? Hacking IOS/MAC. I find it hard to believe that the NSA or CIA can’t find someone to fill his shoes. just my $.02.
“However, as Xcode is distributed direct by Apple, it “remains unclear” how they would switch developers to the compromised version.” – Yeah big puzzle for all of us!
Would it be worth having a CIA that *wasn’t* working on how to break every kind of computer security?
One of the most egregious point of contention I have with the current news kerfuffle over Hillary Clinton’s e-mail use, is that, if the US Government really wanted her e-mails, they simply have to grab them — legally or illegally. Between the CIA, FBI and the NSA, how could there be any doubt that they already have all of her digital correspondence. I mean, didn’t ewe just hear about the USA spying on heads of State’s cell phones and e-mail? I suppose the Government will not be forthcoming though in light of the negative impact such a revelation would bring. Nonetheless, I am certain that her e-mails are already in the hands of these agencies. I suspect all the fuss is more about politics than about her e-mail. I wonder why our news outlets are spending so much time on this pointless argument.