The CIA has spent almost 10 years trying to breach the security of various Apple devices such as the; iPhone, iPad, and Mac computers in order to install malware onto them.
Revealed in documents released to The Intercept by Edward Snowden, the CIA’s efforts at undermining Apple’s encryption has been announced at an secret annual gathering known as the “Jamboree” which has been taking place since 2006, a year before the first iPhone was released.
According to the documents, the spies have been looking at physical and non-invasive methods of cracking iPhone and iPad security, targeting the essential security keys used to encrypt data stored on the Apple devices. The ultimate goal was to decrypt Apple’s firmware which would allow them to penetrate the devices and surreptitiously plant malware on the phones and tablets without the user’s knowledge.
While the report details the efforts the CIA undertook to crack Apple’s security measures, it or the documents don’t say how successful the efforts were at undermining the security of iPhones, iPads and Macs.
As well as targeting the iPhone and iPad directly, the CIA also claims to have developed a poisoned version of Xcode, the software development tool used by app developers to create the apps sold through Apple’s hugely successful App Store. It is unclear how the CIA managed to get developers to use the poisoned version of Xcode, but it would have allowed the CIA install backdoors into any apps created using their version.
“The modified version of Xcode, the researchers claimed, could enable spies to steal passwords and grab messages on infected devices. Researchers also claimed the modified Xcode could ‘force all iOS applications to send embedded data to a listening post,'” the Intercept report said.
The CIA also looked to breach the security of Apple’s desktop platform, claiming they had successfully modified the OS X updater. If this is true it would allow the CIA to intercept the update mechanism on Apple’s Mac laptops and desktops to install a version of the updated Mac OS X with a keylogger installed.
The research into Apple’s products was presented to CIA agents by researchers from Sandia National Laboratories which is owned by Lockheed Martin, seen as a privatised wing of the US national security state, earning over 80% of its revenue from the US government.
The presentations provided “important information to developers trying to circumvent or exploit new security capabilities,” as well as to “exploit new avenues of attack” the leaked documents claimed.
Apple critical of US government
Apple and Tim Cook have not commented on this specific story, but in the past have been critical of the level of surveillance carried out by government organisations: “Security and privacy are fundamental to the design of all our hardware, software, and services,” Tim Cook said in an open letter last year.
Apple is part of the Reform Government Surveillance coalition which includes Facebook, Google, Twitter and Microsoft and which last year called on the US government to curb the surveillance powers of the NSA and called for more transparency on government data requests.
Matthew Green, an expert on cryptography told The Intercept: “If US products are OK to target, that’s news to me. Tearing apart the products of US manufacturers and potentially putting backdoors in software distributed by unknowing developers all seems to be going a bit beyond ‘targeting bad guys.’ It may be a means to an end, but it’s a hell of a means.”