The CIA Has Been Hacking Your iPhone

The Central Intelligence Agency has secretly attempted for years to crack the security protections on a number of Apple products, including the iPhone and iPad, according to newly revealed documents from Edward Snowden.
CIA spies have been at work for nearly a decade to thwart the encryption standards on Apple’s devices, the classified files published Tuesday by The Intercept show.
At an annual CIA conference known as “Jamboree” and dating back to 2006, contracted researchers have tried to devise strategies for how to break through the security baked into electronics built by Apple, Microsoft, and other U.S. technology companies. A prime goal has been to build so-called surveillance backdoors that would allow for government snooping without the knowledge of the company.
The documents detail efforts by researchers to exploit Xcode, Apple’s popular app-developing software, so they could infect and extract private user data on devices that installed the “poisoned” version. “In other words, by manipulating Xcode, the spies could compromise the devices and private data of anyone with apps made by a poisoned developer—potentially millions of people,” The Intercept reported.
Additionally, the Snowden documents suggest that a compromised Xcode could be manipulated to create a “remote backdoor” allowing covert access to the contents of an Apple product. The hijacked software could also be used to impersonate targeted app developers, route any iPhone or iPad iOS application data through a government “listening post,” and disable key security protections.
It is not clear from the Snowden documents how successful these efforts to break Apple’s encryption protocols have been.
The revelations come amid a public push by senior government officials to convince tech companies not to deploy “unbreakable” encryption technologies. President Obama, Attorney General Eric Holder, FBI Director James Comey, and others have warned in recent months that efforts by Apple and Google to create too-tough-to-crack encryption protocols on their mobile devices could stifle law-enforcement investigations and jeopardize national security.
But while other intelligence agencies have been vocal about their encryption concerns, the CIA has remained largely silent on the matter. Last week, CIA Director John Brennan ordered a sweeping reorganization of his agency, a shift that includes a major refocus on digital spying. Brennan has defended the change as vital for the CIA to continue fulfilling its mission, although some have expressed concern the spy agency may be neglecting its more traditional intelligence-gathering capabilities.
The new revelations come just a day after Apple regaled technophiles in Silicon Valley with a “special event” in which CEO Tim Cook demoed the new Apple Watch. The forthcoming Internet-connected wearable has drawn some intrigue from lawmakers and regulators in Washington over its use and storage of personal data, such as health biometrics.
Privacy groups and number of lawmakers, such as Democrat Sen. Ron Wyden, have warned that forcing U.S. tech companies to build backdoors into their products does untold economic damage to Silicon Valley and gives overseas competitors an easy attack line. Such vulnerabilities, they contend, also jeopardizes national security by giving countries like China and Russia an easier way to conduct cyberattacks and access U.S. data.
“I’m a strong believer in strong encryption,” Obama said during an interview with Re/code last month during a White House-led summit held at Stanford University. “But I am sympathetic to law enforcement because I know the kind of pressure they’re under to keep us safe. And it’s not as black-and-white as it’s sometimes portrayed.”
Cook, who has pushed back strongly on government attempts to undermine encryption, spoke earlier at that same conference. In a brief speech, he laid out a forceful defense for digital privacy, likening it to a human right that can “make the difference between life and death.”  Defenseone  http://ow.ly/KfH1D

 

« Some Email Truths for Hillary Clinton
Snowden: New Zealand Spying on Pacific Islands »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Versasec

Versasec

Versasec is a leader in identity and access management, providing customers with security solutions for managing digital identities.

Tubitak

Tubitak

Tubitak is the scientific and technological research council of Turkey. Areas of research include information technology and security.

AEI Cybersecurity

AEI Cybersecurity

AEI brings together companies, Research Centres, Universities, and other organizations interested in promoting new cybersecurity technologies.

Norwegian Center for Information Security (NorSIS)

Norwegian Center for Information Security (NorSIS)

NorSIS) is an independent organization that works to increase knowledge and understanding of information security for businesses and individuals.

Ingalls Information Security

Ingalls Information Security

Ingalls Information Security provides network security, monitoring and forensics.

Cyber London (CyLon)

Cyber London (CyLon)

CyLon is a leading cyber security accelerator and seed investment programme. We help entrepreneurs from across the globe to build cyber security businesses, raise investment, and develop partnerships.

GreyCastle Security

GreyCastle Security

GreyCastle Security is a leading cybersecurity services provider dedicated exclusively to cybersecurity and the practical management of cybersecurity risks.

Invensity

Invensity

INVENSITY is an interdisciplinary technology and innovation consulting company. Centres of excellence include Cyber Security and Data Privacy.

Optra Security

Optra Security

Optra Security specializes in information security with a focus on Application Security.

CybExer Technologies

CybExer Technologies

CybExer provide an on-premise, easily deployable solution for complex technical cyber security exercises based on experience in military grade ranges.

Krypsis

Krypsis

Krypsys is an information security company with a focus on helping you defend your information and data against emerging security threats.

LOGbinder

LOGbinder

LOGbinder eliminates blind spots in security intelligence for endpoints and applications.

Canopius Group

Canopius Group

Canopius is a global specialty lines insurance and reinsurance company and one of the top 10 insurers in the Lloyd’s insurance market.

Panther Labs

Panther Labs

Panther’s mission is to make security monitoring fast, flexible and scalable for all security teams.

MedSec

MedSec

MedSec is the only company of its type focused solely on cybersecurity for hospitals and medical device manufacturers, offering both a cybersecurity software solution and consulting services.

Axians

Axians

Axians supports its customers in their digital transformation journey. We offer ICT solutions and services in areas including Enterprise Networks and Cybersecurity.