The CIA Has Been Hacking Your iPhone

Uploaded on 2015-03-18 in NEWS-Cybersecurity News, INTELLIGENCE--USA, FREE TO VIEW

The Central Intelligence Agency has secretly attempted for years to crack the security protections on a number of Apple products, including the iPhone and iPad, according to newly revealed documents from Edward Snowden.
CIA spies have been at work for nearly a decade to thwart the encryption standards on Apple’s devices, the classified files published Tuesday by The Intercept show.
At an annual CIA conference known as “Jamboree” and dating back to 2006, contracted researchers have tried to devise strategies for how to break through the security baked into electronics built by Apple, Microsoft, and other U.S. technology companies. A prime goal has been to build so-called surveillance backdoors that would allow for government snooping without the knowledge of the company.
The documents detail efforts by researchers to exploit Xcode, Apple’s popular app-developing software, so they could infect and extract private user data on devices that installed the “poisoned” version. “In other words, by manipulating Xcode, the spies could compromise the devices and private data of anyone with apps made by a poisoned developer—potentially millions of people,” The Intercept reported.
Additionally, the Snowden documents suggest that a compromised Xcode could be manipulated to create a “remote backdoor” allowing covert access to the contents of an Apple product. The hijacked software could also be used to impersonate targeted app developers, route any iPhone or iPad iOS application data through a government “listening post,” and disable key security protections.
It is not clear from the Snowden documents how successful these efforts to break Apple’s encryption protocols have been.
The revelations come amid a public push by senior government officials to convince tech companies not to deploy “unbreakable” encryption technologies. President Obama, Attorney General Eric Holder, FBI Director James Comey, and others have warned in recent months that efforts by Apple and Google to create too-tough-to-crack encryption protocols on their mobile devices could stifle law-enforcement investigations and jeopardize national security.
But while other intelligence agencies have been vocal about their encryption concerns, the CIA has remained largely silent on the matter. Last week, CIA Director John Brennan ordered a sweeping reorganization of his agency, a shift that includes a major refocus on digital spying. Brennan has defended the change as vital for the CIA to continue fulfilling its mission, although some have expressed concern the spy agency may be neglecting its more traditional intelligence-gathering capabilities.
The new revelations come just a day after Apple regaled technophiles in Silicon Valley with a “special event” in which CEO Tim Cook demoed the new Apple Watch. The forthcoming Internet-connected wearable has drawn some intrigue from lawmakers and regulators in Washington over its use and storage of personal data, such as health biometrics.
Privacy groups and number of lawmakers, such as Democrat Sen. Ron Wyden, have warned that forcing U.S. tech companies to build backdoors into their products does untold economic damage to Silicon Valley and gives overseas competitors an easy attack line. Such vulnerabilities, they contend, also jeopardizes national security by giving countries like China and Russia an easier way to conduct cyberattacks and access U.S. data.
“I’m a strong believer in strong encryption,” Obama said during an interview with Re/code last month during a White House-led summit held at Stanford University. “But I am sympathetic to law enforcement because I know the kind of pressure they’re under to keep us safe. And it’s not as black-and-white as it’s sometimes portrayed.”
Cook, who has pushed back strongly on government attempts to undermine encryption, spoke earlier at that same conference. In a brief speech, he laid out a forceful defense for digital privacy, likening it to a human right that can “make the difference between life and death.”  Defenseone  http://ow.ly/KfH1D

 

« Some Email Truths for Hillary Clinton
Snowden: New Zealand Spying on Pacific Islands »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Prosperon Networks

Prosperon Networks

Prosperon Networks support SMB to Enterprise networks through the provisioning of network monitoring software, customisation, consultancy and installation.

Resilient Information Systems Security (RISS)

Resilient Information Systems Security (RISS)

RISS is a research group is in the Department of Computing at Imperial College London.

Tukan IT

Tukan IT

Tukan IT provides a data classification and protection solution.

Assured Information Security (AIS)

Assured Information Security (AIS)

AIS is committed to providing our customers with critical information security products, services, and training. We support diverse needs throughout business and industry.

Silicon:SAFE

Silicon:SAFE

Silicon:SAFE develops impenetrable hardware solutions that prevent bulk data theft during a cyber-attack.

Vicarius

Vicarius

Vicarius’ mission is to revolutionize vulnerability management from problem detection to proactive problem resolution.

ThreatAware

ThreatAware

Total visibility of your business cybersecurity. Monitoring, management and compliance for your cybersecurity tools, people and processes from one easy to use dashboard.

Digital Magics

Digital Magics

Digital Magics is an incubator for innovative startups which offer content and services with high technological value. Areas of focus include IoT, Enterprise Software, AI, Industry 4.0 and Blockchain.

Netacea

Netacea

Netacea provides a revolutionary bot management solution that protects websites, mobile apps and APIs from malicious attacks such as scraping, credential stuffing and account takeover.

Skudo

Skudo

Skudo is dedicated to creating innovative best-in-class solutions that protect data exchange with the highest level of security and privacy.

Jisc

Jisc

Jisc is a membership organisation working in partnership with the UK’s research and education communities to develop the digital technologies they need to teach, discover and thrive.

Cyber Chasse

Cyber Chasse

Cyber Chasse is an IT consulting and staffing company offering a full range of cybersecurity solutions, contract staffing services and online training courses.

Indian Cyber Security Solutions (ICSS)

Indian Cyber Security Solutions (ICSS)

Indian Cyber Security Solutions is an Enterprise Cyber Security Platforms company offering Cyber Security & Technical Education and Compliance & Penetration Testing Services.

Cyber Unicorns

Cyber Unicorns

Cyber Unicorns is a cyber security consultancy created to help drive cyber security outcomes in the small to medium-sized business space.

NetAlly

NetAlly

NetAlly network test solutions help engineers and technicians better deploy, manage, maintain, and secure today’s complex wired and wireless networks.

Hurricane Labs

Hurricane Labs

Hurricane Labs is a managed security services provider (MSSP) that focuses on Splunk.