CIA campaign to break iPhone security unmasked

By

Attempted to subvert development tools.

CIA operatives have worked for nearly a decade to break the security protecting Apple phones and tablets, documents obtained from NSA whistleblower Edward Snowden and leaked to The Intercept have revealed.

CIA campaign to break iPhone security unmasked

The documents suggest US government researchers created a malicious version of XCode, Apple's freely downloadable software application development tool, to create surveillance backdoors into programs distributed on Apple's App Store.

A subverted version of Xcode could be used to steal passwords and messages from compromised devices. Furthermore, it could "force all iOS applications to send embedded data to a listening post", the researchers from the government funded Sandia Labs claimed.

Apple's OS X desktop operating system was also targeted by the CIA - the documents said researchers modified the software update function so it would install keyboard logging malware.

However the documents, which covered a period from 2006 to 2013, stopped short of proving whether developers had been tricked into using the malicious version of XCode.

Nor do they show that US intelligence researchers had succeeded in breaking Apple's encryption, which secures user data stored on devices and communications.

The leaked documents related to an annual, secret CIA conference called the Trusted Computing Base Jamboree, held at defence contractor Lockheed Martin's offices in northern Virginia.

Efforts to break into Apple products by government security researchers started as early as 2006, a year before Apple introduced its first iPhone. They continued through the launch of the iPad in 2010 and beyond, The Intercept said.

The US government, aided by British intelligence researchers, was also working at the same time to hack "secure communications products, both foreign and domestic" including Google Android phones, the report said.

Silicon Valley technology companies have in recent months sought to restore trust among consumers around the world that their products have not become tools for widespread government surveillance of citizens.

Last September, Apple strengthened encryption methods for data stored on iPhones, saying the changes meant the company no longer had any way to extract customer data on the devices, even if a government ordered it to with a search warrant.

Shortly afterwards, Google also said it would employ stronger encryption tools.

Both companies said the moves were aimed at protecting the privacy of users, partly a response to widescale US government spying on internet users as revealed by Snowden in 2013.

An Apple spokesman pointed to public statements by CEO Tim Cook on privacy, but declined to comment further.

"I want to be absolutely clear that we have never worked with any government agency from any country to create a backdoor in any of our products or services," Cook wrote in a statement on privacy and security published last year. "We have also never allowed access to our servers. And we never will."

World leaders including US President Barack Obama and British Prime Minister David Cameron have expressed concern that turning such privacy-enhancing tools into mass market features could prevent governments from tracking militants planning attacks.

An unnamed US intelligence official confirmed to CNBC that the attempts at cracking Apple's security had taken place.

"That's what we do. CIA collects information overseas, and this is focused on our adversaries, whether they be terrorists or other adversaries," the official said.

However, the official said the operation was not specifically directed at Apple, Microsoft or other companies, rather was a general effort by intelligence agencies to gain access to information adversaries may have stored on their mobile devices.

Got a news tip for our journalists? Share it with us anonymously here.
Tags:

Most Read Articles

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack

Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"

International Criminal Court hit by cyber attack

International Criminal Court hit by cyber attack

Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks

Log In

  |  Forgot your password?