A leaked 2008 United States National Security Agency document says the NSA could gather a vast array of data from compromised iPhones. The document, leaked by by German magazine Der Spiegel and security researcher Jacob Appelbaum, says the NSA could install special software onto iPhones as part of a program called DROPOUTJEEP.
DROPOUTJEEP is a software implant for the Apple iPhone that utilizes modular mission applications to provide specific SIGINT functionality. This functionality includes the ability to remotely push/pull files from the device. SMS retrieval, contact list retrieval, voicemail, geolocation, hot mic, camera capture, cell tower location, etc. Command, control and data exfiltration can occur over SMS messaging or a GPRS data connection. All communications with the implant will be covert and encrypted.
Back in 2008, the NSA claimed a 100% success rate in installing the software on phones it was able to gain physical access to. It is unknown if the spy agency has since improved its software to allow it to be installed remotely, or via social engineering, a possibility that was mentioned in the documents.
While it is also possible that Apple has since closed the security holes the NSA was using, Applebaum, in a talk at the Chaos Communication Congress this weekend, said he believes that Apple assisted the NSA in its spying effort, although he cannot prove that, and he hopes that Apple will clarify whether they do or do not assist the NSA in their efforts.
In addition, he says the iPhones were not the only devices targeted by the NSA, as they had also cracked a number of devices running both Android and BlackBerry operating systems.
A separate report indicates that the NSA and other spy agencies have intercepted shipping packages containing new devices being shipped to specific targets and have installed spy software on those devices before sending them back on their way.
The portion of Appelbaum’s talk that refers to the iPhone begins at 44:30 in the video below.
