Top-secret documents obtained by The Intercept indicate researchers working with the CIA have conducted a multi-year sustained effort to break the security of Apple’s iOS operating system and devices.
The security researchers presented their latest tactics and achievements at a secret annual gathering, called the “Jamboree,” where attendees discussed strategies for exploiting security flaws in household and commercial electronics. The conferences have spanned nearly a decade, with the first CIA-sponsored meeting taking place a year before the first iPhone was released.
The researchers sought to crack Apple’s security by targeting essential security keys used to encrypt data stored on Apple’s devices. The U.S. government-sponsored research studied both “physical” and “non-invasive” techniques in an attempt to decrypt and ultimately penetrate Apple’s encrypted firmware.
The CIA declined to comment when reached for comment by The Intercept.
Researchers also claim to have created a modified version of Apple’s proprietary software development tool, Xcode, which could be used to sneak surveillance backdoors into any apps developed using the tool. Xcode, which is distributed free of charge by Apple, is used by developers to create apps for both the iOS and OS X platforms.
The modified version of Xcode could allegedly allow spies to steal passwords and intercept messages on infected devices. Researchers also claimed the modified Xcode could “force all iOS applications to send embedded data to a listening post.” It is not clear how the CIA intended to get developers to install the corrupted version of Xcode to their Macs.
The same researchers also claim they successfully modded the OS X updater, an app used to deliver updates to Mac computers, to install a “keylogger.”
Apple and other tech companies have long resisted pressure from law enforcement and other government agencies who want the companies to build in backdoors to allow the agencies to bypass security on computers and mobile devices. Apple CEO Tim Cook has taken a very visible stand for privacy as a core company policy, publicly criticizing the actions of U.S. law enforcement and intelligence agencies.
(Via MacRumors)
