NSA hacks iPhones, Android, Blackberrys: report

By on
NSA hacks iPhones, Android, Blackberrys: report

Is IPsec standard safe?

The US National Security Agency is able to access user data from Apple iPhones, Blackberries and Google Android devices, according to secret documents sighted by German media.

Spiegel sighted NSA documents that claim the spy bureau had working groups targeting data held on smartphones, and that these have succeeded in compromising devices from leading manufacturers.

According to the documents sighted by the German news organisation, there is no mass surveillance of smartphones by US security agencies. Instead, individuals are targeted on a case by case basis, and the surveillance takes place without the smartphone makers' knowledge.

Presently, the NSA is able to access much of the personal data stored on smartphones. This includes a user's contact list, text messages, notes as well as geographic location information, Spiegel reported.

The documents mention a specific example where the NSA was able to hack in to a person's computer by means of an iPhone set up to sync with it.

Blackberry devices and its email service, which until now was thought to be secure, could also be compromised by the NSA and its United Kingdom counterpart, the Government Ccommunications Headquarters.

However, Blackberry spokespeople told Spiegel that there was no backdoor in its platform but would not otherwise comment on alleged government surveillance of telecommunications traffic.

The revelations of smartphone surveillance capabilites come after last week's leaks by former NSA contractor Edward Snowden that showed the agency has made a concerted effort to circumvent and undermine encryption protocols commonly used to secure data traffic.

Internet giants Microsoft and Yahoo expressed deep concern over security agencies' efforts to subvert encryption and authentication protocols, saying they could be abused. 

"We are unaware of and do not participate in such an effort, and if it exists, it offers substantial potential for abuse. Yahoo zealously defends our users' privacy and responds to government requests for data only after considering every applicable objection and in accordance with the law," Yahoo said in a statement.

In response to news of the NSA allegedly tampering with security protocols, a Democrat congressman, Rush Holt, has tabled a bill in the US House of Representatives that would ban the agency from introducing backdoors or degrading commonly-used encryption.

The NSA sought in 1994 to introduce the so-called Clipper chip encryption device for use in computers and telecommunications quipment, with the government holding the unscrambling key in escrow. 

Civil liberties groups opposed the Clipper chip, which would make it possible for agencies that obtained the decryption key from the government to listen in on communications, and the device was not adopted by manufacturers.

Which protocols are broken?

Meanwhile, cryptographers are trying to understand which, if any protocols, the NSA has managed to compromise.

One of the founders of the Electronic Frontier Foundation, John Gilmore, noted that the NSA took part in and led the Internet Engineering Task Force (IETF) committee developing the Internet Protocol Security (IPsec) standard.

IPsec is a suite of protocols used to authenticate traffic, and also to encrypt data packets for end-to-end security. It is commonly used for virtual private networking (VPN) secure communications applications.

Gilmore said that committee participants with NSA connections would suggest measures that reduced privacy or security for the IPsec standard, and also retained a way for the protocol to specify that no encryption is appled.

The final IPsec standard became "incredibly complicated" Gilmore said, to the point that it was very difficult to analyse and also unusable as a drop-in privacy improvement due to major deployment problems.

NSA employees also lied to the IETF standards committees claiming US export controls banned debating secure cellphone encryption protocols with non-Americans in attendance, according to Gilmore.

Gilmore said current cellphone encryption for voice packets was easily breakable along with that used for the control channel.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.

Most Read Articles

Log In

  |  Forgot your password?