Russia has claimed that the NSA hacked iPhones belonging to both Russian citizens and foreign diplomats based in the country.
More than this, it claims that Apple assisted the NSA by providing backdoor access into iPhones …
Expand Expanding Close
The NSA mass surveillance program, which saw the National Security Agency collecting communication records of US citizens without warrant or probable cause, has again been found to be illegal by an appeals court …
Expand Expanding Close
The National Security Agency (NSA) has reportedly told the White House that it no longer sees its phone-surveillance program as worth the effort it requires.
It follows a report last month claiming that the NSA had in fact abandoned the program last year …
The NSA spying program to analyze logs of the domestic calls and texts of US citizens is reportedly no longer in use, and the legislation which made it legal may not be renewed when it expires at the end of the year.
The National Security Agency’s mass monitoring of logs of phone calls and texts relating to US citizens first began in 2006, some five years after the 9/11 attacks. The program was revealed by Edward Snowden in 2013, and was later declared illegal by a federal appeals court …
Update: Edward Snowden has tweeted that the code names are real and would only be known by a cleared insider. The BBC has reported that some of the iOS malware allows ‘the agency to see a target’s location, activate their device’s camera and microphone, and read text communications.’
What makes this look real?
Program & office names, such as the JQJ (IOC) crypt series, are real. Only a cleared insider could know them.— Edward Snowden (@Snowden) March 7, 2017
Wikileaks claims that the U.S. Central Intelligence Agency has a specialized unit within its Center for Cyber Intelligence that is devoted to developing and obtaining zero-day exploits for iOS devices. A zero-day exploit is one unknown to Apple or security researchers, so cannot specifically be protected against.
Despite iPhone’s minority share (14.5%) of the global smart phone market in 2016, a specialized unit in the CIA’s Mobile Development Branch produces malware to infest, control and exfiltrate data from iPhones and other Apple products running iOS, such as iPads. CIA’s arsenal includes numerous local and remote “zero days” developed by CIA or obtained from GCHQ, NSA, FBI or purchased from cyber arms contractors such as Baitshop. The disproportionate focus on iOS may be explained by the popularity of the iPhone among social, political, diplomatic and business elites.
Wikileaks further claims that the CIA recently ‘lost control’ of the majority of the malware used to attack iPhones and iPads …
Retired General Michael Hayden, former head of both the NSA and CIA, told USA Today that while he “trends toward the government” on the ‘master key‘ approach to the San Bernardino case, he thinks Apple is right that there should never be a back door to encryption. His remarks were made as Tim Cook called for the government to drop its demands that Apple help the FBI break into an iPhone.
Hayden went so far as to specifically call out FBI Director Jim Comey in his comments.
In this specific case, I’m trending toward the government, but I’ve got to tell you in general I oppose the government’s effort, personified by FBI Director Jim Comey. Jim would like a back door available to American law enforcement in all devices globally. And, frankly, I think on balance that actually harms American safety and security, even though it might make Jim’s job a bit easier in some specific circumstances.
Comey has repeatedly attacked Apple’s use of strong encryption on iPhones …
Apple and Google have co-signed a letter calling on President Obama to reject any government proposal to allow the government backdoor access to encrypted data on smartphones and other devices. The Washington Post says the letter, due to be delivered today, is signed by more than 140 tech companies, prominent technologists and civil society groups.
The signatories urge Obama to follow the group’s unanimous recommendation that the government should “fully support and not undermine efforts to create encryption standards” and not “in any way subvert, undermine, weaken or make vulnerable” commercial software.
Apple uses end-to-end encryption for iMessages, meaning that Apple has no way to access the data even if presented with a court order. Tim Cook stated last year “it’s encrypted, and we don’t have the key.”
The FBI has been pushing increasingly hard to require tech companies to build in backdoor access to their encryption systems to allow access by law enforcement, even going so far as to say that Apple could be responsible for the death of a child. U.S. Attorney General Eric Holder has also cited child safety as a justification for demanding access to encrypted data.
The letter calling on Obama to reject this argument is also signed by five members of a presidential review group appointed by Obama in 2013 to assess technology policies in the wake of leaks by former intelligence contractor Edward Snowden.
Many in the tech industry have pointed out that, aside from the obvious concerns over government intrusion into the private lives of its citizens, any backdoor used by the government could potentially be discovered and exploited by hackers and foreign governments.
Apple is one of ten tech giants to once again call on the US Government not to reauthorize the Patriot Act in its current form. The Act expires on 1st June unless it is renewed by Congress. Apple was joined by AOL, Dropbox, Evernote, Facebook, Google, LinkedIn, Microsoft, Twitter and Yahoo.
In an open letter to President Obama, NSA Director Admiral Rogers and other prominent government figures, the companies urge Congress to end the bulk collection of communications metadata–the logs that determine how and when ordinary citizens contact each other.
The letter says that mass surveillance must end, and that a revised bill must contain mechanisms to ensure that future government surveillance is both transparent and accountable …
Expand
Expanding
Close
Update: One of the approaches suggested – modifying Xcode to inject malware – has now been used, though we don’t at this stage know who was responsible.
The Central Intelligence Agency has conducted “a multi-year, sustained effort to break the security of Apple’s iPhones and iPads,” claims The Intercept, referencing new Snowden leaks of a document from the CIA’s internal wiki system.
A presentation on the attempts, focusing on breaking Apple’s encryption of iOS devices, was said to have been delivered at an annual CIA conference called the Jamboree.
Studying both “physical” and “non-invasive” techniques, U.S. government-sponsored research has been aimed at discovering ways to decrypt and ultimately penetrate Apple’s encrypted firmware. This could enable spies to plant malicious code on Apple devices and seek out potential vulnerabilities in other parts of the iPhone and iPad currently masked by encryption.
One route reportedly taken by the CIA was to create a modified version of Xcode, which would allow it to compromise apps at the point at which they are created …
Expand
Expanding
Close
The Chinese government has removed several prominent US tech companies, including Apple, from its list of approved vendors for state purchases, Reuters reported today. The change is hardly unexpected following the government’s response to accusations several years ago that the US National Security Administration had been using backdoors in Apple products to spy on users.
We learned earlier this week that Tim Cook would be speaking at a White House cybersecurity summit today, and it now appears he will be the only tech CEO to do so. USNews is reporting that CEOs of other top tech companies all declined President Obama’s invitation, sending lower-ranking execs in their place.
Unlike Apple’s Cook, other top executives at key Silicon Valley companies declined invitations to the summit. Facebook’s Mark Zuckerberg, Yahoo’s Marissa Mayer and Google’s Larry Page will not attend amid the ongoing concerns about government surveillance. Facebook spokesman Jay Nancarrow said Zuckerberg is unavailable to attend and that Chief Security Officer Joe Sullivan will speak during a panel at the event.
It’s believed other CEOs consider refusing to take part to be the best way to express their objections to increased government surveillance of electronic communications, while Cook takes the opposite view: that it is important to speak up in defence of user privacy …
Expand
Expanding
Close
Apple and the government have long been engaged in a bitter war of words over encryption and security practices employed in Apple’s iOS devices, but a new Wall Street Journal report indicates that the Department of Justice is really starting to take the rhetoric to the next level.
According to the Journal, a DOJ official actually told Apple executives during a meeting last month that in the future the Cupertino company could eventually be directly responsible for the death of a child.
Expand
Expanding
Close
Bloomberg reports that groups representing Apple, Google, Facebook and other high profile tech companies are lobbying to pass a new bill that attempts to limit NSA spying of email and communications of their users. The report says the groups are “pushing the Senate to pass legislation limiting National Security Agency spying before the Republican majority takes control of the chamber.” The news comes ahead of the Senate vote on the new bill scheduled for Nov. 18 and an upcoming Republican controlled Congress taking over in January:
Expand
Expanding
Close
Just as Apple published a new letter from Tim Cook and an update on privacy and security policies, a new report points to evidence the company has recently received new government demands for user data under the Patriot Act. GigaOM reports that language previously included in Apple’s Transparency Reports noting the company had “never received an order under Section 215 of the USA Patriot Act” has since been removed. That could signal, according to the report, Apple’s involvement with controversial National Security Agency programs that demand data from companies:
Expand
Expanding
Close
The first clip of part two of Tim Cook’s interview with Charlie Rose has posted tonight with a segment on Apple and privacy. In the interview, Cook discussed the privacy of user data using Apple services as Apple has mentioned in the past.
We’re not reading your email, we’re not reading your iMessages. If the government laid a subpoena on us to get your iMessages, we can’t provide it. It’s encrypted and we don’t have the key.
Cook also discussed how Apple’s approach to Apple Pay, its new mobile payment system, emphasizing that Apple is in the business of selling iPhones, not user information like other companies. Cook commented strongly that he is “offended” by the practices of some other companies. The shot at Google, which Cook stated is his idea of Apple’s competition in the part one with Charlie Rose, was mentioned similarly during last week’s iPhone event. Cook also discussed earlier privacy issues involving “server backdoors” and Edward Snowden. You can view the new clip below…
Last month Apple confirmed that it would soon beef up encryption for iCloud email following a report detailing security flaws in major email services. While Apple previously encrypted emails sent between its own iCloud customers, now the company has enabled encryption for emails in transit between iCloud and third-party services for me.com and mac.com email addresses.
The change is documented on Google’s transparency website that shows the percentage of emails encrypted in transit for both inbound and outbound email exchanges (pictured below):
Expand
Expanding
Close
The WSJ reports that the state-run China Central TV has described the iPhone as a “national security concern” due to its location-tracking capabilities.
In its national noon broadcast, state-run China Central Television criticized the “frequent locations” function in Apple’s iOS 7 mobile operating system, which tracks and records the time and location of the owner’s movements. The report quoted researchers who said that those with access to that data could gain knowledge of the broader situation in China or “even state secrets” …
CEOs from massive tech companies like Apple, AOL Facebook, Microsoft and Google recently issued an open letter to the US Senate regarding the growing concerns about internet surveillance. Normally competitors, this unusual alliance agrees that change is needed and that the version of the USA Freedom Act that recently passed through the US House of Representatives needs some work.
Apple’s association with the United States National Security Agency may once again put the company in the spotlight as Germany begins to investigate the agency’s recent activity. According to a report by The Wall Street Journal, members of a German parliamentary commission want the heads of a number of US-based tech companies, including Apple, to participate in their investigation of the NSA’s involvement in monitoring German officials.
Apple, for its part, has denied direct involvement with PRISM program and repeatedly said it has not allowed the government to have direct access to its servers.
Expand
Expanding
Close
Yesterday we reported on new leaked docs from Edward Snowden reported by The New York Times and others that detailed secret NSA and GCHQ programs used to siphon data from popular smartphone apps on both iOS and Android. While Apple and Google have yet to respond to the reports, today one of the main developers singled out in the claims has. Rovio, maker of the popular Angry Birds game that was mentioned several times in the reports, today posted a response on its website.
The developer confirms that it in no way works with NSA, GCHQ or any other government organization to provide data about users, but it does point to third-party advertising networks as a possibility of the leaks:
The alleged surveillance may be conducted through third party advertising networks used by millions of commercial web sites and mobile applications across all industries. If advertising networks are indeed targeted, it would appear that no internet-enabled device that visits ad-enabled web sites or uses ad-enabled applications is immune to such surveillance. Rovio does not allow any third party network to use or hand over personal end-user data from Rovio’s apps.
Referring to the third-party advertising networks, Rovio CEO Mikael Hed said the company would have to “re-evaluate working with these networks if they are being used for spying purposes.”
Angry Birds wasn’t the only app specifically mentioned in the leaked docs, however. The reports claim the NSA program is capable of intercepting information ranging from location, age, and sex of users to address books, buddy lists, phone logs, geographic data and more from various mobile apps and third-party ad networks. Twitter, Google Maps, Facebook and others were also specifically mentioned in yesterday’s reports.
Just a few days later after Apple CEO Tim Cook expressed his thoughts about the NSA and data collection transparency, Apple has posted an update to its website with new information regarding account data requests. The company’s press release comes as US Department of Justice comes to a settlement with technology companies over how they are allowed to disclose information about government data requests.
A statement from the DOJ explains the agreement will allow “detailed disclosures about the number of national security orders and requests issued to communications providers, and the number of customer accounts targeted under those orders and requests including the underlying legal authorities.” Due to these new guidelines, Apple has now been able to report FISA and National Security Letters separate from law enforcement requests as show in its graphics above and below. It also notes the new data released today replaces the U.S. data from its Feb. 5 2013 Report on Government Information Requests.
Apple CEO Tim Cook said in a recent interview that he would push congress for more transparency regarding controversial surveillance programs and how companies can disclose information related to information requests. At the time, Cook said that there was much the company couldn’t speak about due to gag orders:
New documents leaked by Edward Snowden and reported by The New York Times, The Guardian and ProPublica detail how the NSA and its British counterpart can collect users’ personal data through smartphone apps. The reports specifically mention popular apps like Angry Birds, Twitter, Google Maps and Facebook and claim the NSA is capable of intercepting information ranging from location, age, and sex of users to address books, buddy lists, phone logs, geographic data and more:
The N.S.A. and Britain’s Government Communications Headquarters were working together on how to collect and store data from dozens of smartphone apps by 2007, according to the documents, provided by Edward J. Snowden, the former N.S.A. contractor. Since then, the agencies have traded recipes for grabbing location and planning data when a target uses Google Maps, and for vacuuming up address books, buddy lists, phone logs and the geographic data embedded in photos when someone sends a post to the mobile versions of Facebook, Flickr, LinkedIn, Twitter and other services.
At least one of the app developers, Rovio, is not surprisingly unaware of any of the activity mentioned in the documents, but it will be up to the app developers, Apple, and Google to address the issue and clarify for users if their personal data is safe. In a recent interview with ABC, Apple CEO Tim Cook commented on the controversy over surveillance programs and promised he would press congress for more transparency:
Expand
Expanding
Close
[youtube=https://www.youtube.com/watch?v=janYipFwV34]
Yesterday we posted some excerpts from an ABC interview with Apple CEO Tim Cook and other executives that officially aired on the network last night. In the interview, Cook is joined by Apple’s Apple Senior VP Craig Federighi and Apple software VP Bud Tribble to talk about the 30th anniversary of Mac, the new made-in-America Mac Pro, iWatch (iRing?), secrecy at Apple and the recent NSA surveillance controversies.
Cook on NSA surveillance programs:
Number one, we need to be significantly more transparent. We need to say what data is being given, how many people it affects, how many accounts are affected, we need to be clear. And we have a gag order on us right now so we can’t say those things… .Much of what has been said isn’t true. There is no backdoor. The government doesn’t have access to our servers. They would have to cart us out in a box for that, and that just will not happen. We feel that strongly about it.
Cook didn’t say much that we didn’t already see in the excerpts, but you can check out the full uncut interview from ABC above.
http://www.youtube.com/watch?v=b0w36GAyZIA#t=270
Yesterday we reported on a presentation by security researcher Jacob Appelbaum that reportedly showed leaked NSA documents in which the agency claimed to have a “100 percent success rate” at installing spyware on iPhones. Following those accusations, Apple has officially responded in a statement provided to TechCrunch:
Apple has never worked with the NSA to create a backdoor in any of our products, including iPhone. Additionally, we have been unaware of this alleged NSA program targeting our products. We care deeply about our customers’ privacy and security. Our team is continuously working to make our products even more secure, and we make it easy for customers to keep their software up to date with the latest advancements. Whenever we hear about attempts to undermine Apple’s industry-leading security, we thoroughly investigate and take appropriate steps to protect our customers. We will continue to use our resources to stay ahead of malicious hackers and defend our customers from security attacks, regardless of who’s behind them.
The leaked NSA documents detailed in Appelbaum’s presentation above and first released on German news site Der Spiegel claimed an NSA program called DROPOUTJEEP allowed officials to access almost all data stored on an iPhone, including location, text messages, contact lists, and the device’s microphone and camera. The reports claimed the NSA needed physical access to devices to install the spyware– something it could accomplish by intercepting online shipments– but a version that could be remotely installed was reportedly in development. Apple’s statement today seems to address Appelbaum’s accusation (below) that Apple might have had prior knowledge of the program:
Expand
Expanding
Close
