CIA Stories March 10
CIA Stories March 9
Update: AP reports that Wikileaks has decided to address the first problem by giving tech companies details of the tools.
The WSJ reports that Apple engineers are working to address the remaining iOS exploits reportedly used by the CIA, but they and other tech companies are being hampered by two factors. The first is lack of any access to the code itself.
Apple engineers quickly began calling colleagues to bring them up to speed on the data dump and to coordinate the company’s response to this new security threat, according to a person familiar with the situation […]
Companies now find themselves in a difficult position: They believe that at least two organizations have access to hacking code that exploits their products — the CIA and WikiLeaks — but neither one is sharing this software …
CIA Stories March 7
Update: Edward Snowden has tweeted that the code names are real and would only be known by a cleared insider. The BBC has reported that some of the iOS malware allows ‘the agency to see a target’s location, activate their device’s camera and microphone, and read text communications.’
Wikileaks claims that the U.S. Central Intelligence Agency has a specialized unit within its Center for Cyber Intelligence that is devoted to developing and obtaining zero-day exploits for iOS devices. A zero-day exploit is one unknown to Apple or security researchers, so cannot specifically be protected against.
Despite iPhone’s minority share (14.5%) of the global smart phone market in 2016, a specialized unit in the CIA’s Mobile Development Branch produces malware to infest, control and exfiltrate data from iPhones and other Apple products running iOS, such as iPads. CIA’s arsenal includes numerous local and remote “zero days” developed by CIA or obtained from GCHQ, NSA, FBI or purchased from cyber arms contractors such as Baitshop. The disproportionate focus on iOS may be explained by the popularity of the iPhone among social, political, diplomatic and business elites.
Wikileaks further claims that the CIA recently ‘lost control’ of the majority of the malware used to attack iPhones and iPads …
CIA Stories March 11, 2016
CIA Stories February 22, 2016
Retired General Michael Hayden, former head of both the NSA and CIA, told USA Today that while he “trends toward the government” on the ‘master key‘ approach to the San Bernardino case, he thinks Apple is right that there should never be a back door to encryption. His remarks were made as Tim Cook called for the government to drop its demands that Apple help the FBI break into an iPhone.
Hayden went so far as to specifically call out FBI Director Jim Comey in his comments.
In this specific case, I’m trending toward the government, but I’ve got to tell you in general I oppose the government’s effort, personified by FBI Director Jim Comey. Jim would like a back door available to American law enforcement in all devices globally. And, frankly, I think on balance that actually harms American safety and security, even though it might make Jim’s job a bit easier in some specific circumstances.
Comey has repeatedly attacked Apple’s use of strong encryption on iPhones …
CIA Stories March 10, 2015
Update: One of the approaches suggested – modifying Xcode to inject malware – has now been used, though we don’t at this stage know who was responsible.
The Central Intelligence Agency has conducted “a multi-year, sustained effort to break the security of Apple’s iPhones and iPads,” claims The Intercept, referencing new Snowden leaks of a document from the CIA’s internal wiki system.
A presentation on the attempts, focusing on breaking Apple’s encryption of iOS devices, was said to have been delivered at an annual CIA conference called the Jamboree.
Studying both “physical” and “non-invasive” techniques, U.S. government-sponsored research has been aimed at discovering ways to decrypt and ultimately penetrate Apple’s encrypted firmware. This could enable spies to plant malicious code on Apple devices and seek out potential vulnerabilities in other parts of the iPhone and iPad currently masked by encryption.
One route reportedly taken by the CIA was to create a modified version of Xcode, which would allow it to compromise apps at the point at which they are created … expand full story