Jump to content
Aerosol

CIA Has Been Hacking iPhone and iPad Encryption Security Since 2006

Recommended Posts

Posted

cia-spying-apple-hacking.jpg

Security researchers at the Central Intelligence Agency (CIA) have worked for almost decade to target security keys used to encrypt data stored on Apple devices in order to break the system.

Citing the top-secret documents obtained from NSA whistleblower Edward Snowden, The Intercept blog reported that among an attempt to crack encryption keys implanted into Apple's mobile processor, the researchers working for CIA had created a dummy version of Xcode.

CIA’s WEAPON TO HACK APPLE DEVICES

Xcode is an Apple’s application development tool used by the company to create the vast majority of iOS apps. However using the compromised development software, CIA, NSA or other spies agencies were potentially allowed to inject surveillance backdoor into programs distributed on Apple's App Store.

In addition, the custom version of Xcode could also be used to spy on users, steal passwords, account information, intercept communications, and disable core security features of Apple devices.

The latest documents from the National Security Agency’s internal systems revealed that the researchers’ work was presented at its 2012 annual gathering called the "Jamboree" -- CIA sponsored secretive event which has run for nearly a decade -- at a Lockheed Martin facility in northern Virginia.

KEYLOGGER FOR MAC COMPUTERS

According to the report, "essential security keys" used to encrypt data stored on Apple’s devices have become a major target of the research team.

Overall, the U.S. government-sponsored researchers are seeking ways to decrypt this data, as well as penetrate Apple's firmware, using both "physical" and "non-invasive" techniques.

In addition to this, the security researchers also presented that how they successfully modified the OS X updater -- a program used to deliver updates to laptop and desktop computers -- in an attempt to install a "keylogger" on Mac computers.

HACKING ENCRYPTION KEYS

Another presentation from 2011 showed different techniques that could be used to hack Apple's Group ID (GID) -- one of the two encryption keys that Apple places on its iPhones.

One of the techniques involved studying the electromagnetic emissions of the GID and the amount of power used by the iPhone’s processor in order to extract the encryption key, while a separate method focused on a "method to physically extract the [Apple's] GID key."

ccording to Matthew Green, a cryptography expert at Johns Hopkins University’s Information Security Institute, "Tearing apart the products of U.S. manufacturers and potentially putting backdoors in software distributed by unknowing developers all seems to be going a bit beyond ‘targeting bad guys.’ It may be a means to an end, but it’s a hell of a means." - See more at: CIA Has Been Hacking iPhone and iPad Encryption Security Since 2006 - Hacker News

Although the documents do not specify how successful or not these surveillance operations have been against Apple, it once again provoke the ongoing battle between spy agencies and tech companies, as well as the dishonesty of the US government.

'SPIES GONNA SPY'

On one hand, where President Barack Obama criticized China for forcing tech companies to install security backdoors for the purpose of government surveillance. On the other hand, The Intercept notes that China is just following America's lead, that’s it.

"Spies gonna spy," said Steven Bellovin, a computer science professor at Columbia University and former chief technologist for the FTC. "I’m never surprised by what intelligence agencies do to get information. They’re going to go where the info is, and as it moves, they’ll adjust their tactics. Their attitude is basically amoral: whatever works is OK."

We have already reported about NSA and GCHQ’s various surveillance programs including PRISM, XkeyScore, DROPOUTJEEP, and many more.

Source

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...