Thur, January 2, 2014
Subject: NSA using Apple's iPhone to remotely access sensitive information
New documents revealed on Monday show the U.S. National Security Agency has the capability of deploying software implants on Apple's iPhone that grants remote access to on-board assets like SMS messages, location data and microphone audio.
Section of leaked DROUPOUTJEEP document. Source: Der Spiegel
In a talk at the Chaos Communications Congress in Germany, security researcher Jacob Appelbaum summarized the NSA's iPhone-targeting spyware program called "DROPOUTJEEP" as part of a broader discussion dealing with the agency's controversial electronic surveillance initiative, reports The Daily Dot.
As it pertains to Apple's smartphone, the findings — concurrently published by German magazine Der Spiegel — are limited to a single top secret document dating back to 2008. The page details DROPOUTJEEP's basic operational structure and capabilities, which include the interception of SMS messages, access to on-board data, microphone activation and approximate positioning via cell tower location. All communication takes place covertly over SMS or GPRS data protocols.
While a startling revelation, DROPOUTJEEP's proliferation within the iPhone community is largely unknown. The NSA boasts a 100 percent success rate for implanting the spyware on iOS devices, Appelbaum said, but the document suggests physical contact with a target phone is required to implant the surreptitious software. In practice, the method is likely similar to a consumer jailbreak looking for root device access.
To this point, Appelbaum alludes to complicit involvement by Apple, but tempers his — so far baseless — allegation with "I can't really prove it."
I don't really believe that Apple didn't help them," Appelbaum said. "I can't really prove it yet, but [the NSA] literally claim that anytime they target an iOS device, that it will succeed for implantation. Either they have a huge collection of exploits that work against Apple products, meaning that they are hoarding information about critical systems that American companies produce and sabotaging them, or Apple sabotaged it themselves. Not sure which one it is. I’d like to believe that since Apple didn’t join the PRISM program until after Steve Jobs died, that maybe it’s just that they write [expletive redacted] software. We know that's true.
Der Spiegel asserts specialized NSA Tailored Access Operations (TAO) teams intercept incoming device shipments, carefully open packages and install spyware before sending the "bugged" units along to end users.
A more efficient delivery mechanism is remote installation, something the NSA said was being "pursued for future release." Once again, it is unknown if the agency moved forward with such a system in the intervening five years since the document was first issued.
Video of Appelbaum's talk with iPhone discussion starting at around 44:30:
Apple on Tuesday reacted to news that the U.S. National Security Agency has worked on iPhone spyware to remotely monitor users, saying it has not cooperated with the agency on such projects and was not previously aware of those attempts.
Section of leaked DROUPOUTJEEP document. | Source: Der Spiegel
In an official company statement provided to AllThingsD, Apple vowed to use its resources "to stay ahead of malicious hackers and defend our customers from security attacks, regardless of who's behind them." The statement came after new documents showed the NSA has the capability of deploying software implants on the iPhone to grant access to onboard assets such as text messages, location data, and even microphone audio.
While Apple was previously unaware of the NSA's spyware, the company said it's constantly working to make its products more secure. The iPhone maker said that any reports about potential security issues on its products prompt Apple to "thoroughly investigate and take appropriate steps" in order to protect its customers.
The statement also declared Apple's product security as "industry-leading," and boasted that great effort is placed on making it easy for customers to be able to easily keep their software up to date. To that end, the most recent data from Apple shows that 78 percent of iPhone, iPad and iPod touch users are using iOS 7, the company's latest mobile operating system.
The leaked documents reveal that the NSA's iPhone-targeting spyware program is called "DROPOUTJEEP," and it began in 2008. Capabilities of the software include the interception of SMS text messages, access to onboard data, microphone activation, and approximate positioning via cell tower location.
The NSA boasts a 100 percent success rate in implanting its spyware on iOS devices, but the leaked documents suggest that physical contact with a target phone is required to implant the software.
Apple's full statement in response is included below.
Apple has never worked with the NSA to create a backdoor in any of our products, including iPhone. Additionally, we have been unaware of this alleged NSA program targeting our products. We care deeply about our customers' privacy and security. Our team is continuously working to make our products even more secure, and we make it easy for customers to keep their software up to date with the latest advancements. Whenever we hear about attempts to undermine Apple's industry-leading security, we thoroughly investigate and take appropriate steps to protect our customers. We will continue to use our resources to stay ahead of malicious hackers and defend our customers from security attacks, regardless of who's behind them.
Tags: 7.0, apple, apple spying, appleinsider, appleinsider.com, Area 51, cotrrupt government, drones, FBI, fraud, Freedom of Speech, government corruption, Insider Trading, iOS 7.0, iphone, iphone firmware, iphone software, ns, NSA, nsa secrets, Obama, president, President George Bush, remotely access, spywear, uncovered