New data provided to The Intercept by Edward Snowden shows that the United States Central Intelligence Agency (CIA) had a secret initiative with a single goal: to hack into Apple’s iOS-powered devices for snooping on end users. Details of the CIA’s campaign were provided through leaked paperwork from an intelligence conference called “Trusted Computing Base Jamboree,” held in Virginia at Lockheed Martin where the methods of attacks were discussed by, among others, security researchers from Sandia National Laboratories.
One way the CIA planned to attack Apple devices was through Apple’s Xcode software. The Intercept said that CIA hackers developed a modified version of Xcode that “could sneak surveillance backdoors into any apps or programs created using the tool.” Then, anyone who used those applications would be susceptible to CIA tapping. In fact, the applications would automatically send all sorts of data back to the CIA, including all data that passed through the application, which often includes private information such as an end user’s location. It was a pretty detailed plan, here’s how The Intercept explained how powerful the special version of Xcode could be for the CIA and its partners:
— “Entice” all Mac applications to create a “remote backdoor” allowing undetected access to an Apple computer.
— Secretly embed an app developer’s private key into all iOS applications. (This could potentially allow spies to impersonate the targeted developer.)
— “Force all iOS applications” to send data from an iPhone or iPad back to a U.S. intelligence “listening post.”
— Disable core security features on Apple devices.
Unfortunately, the data revealed by The Intercept doesn’t explain if the CIA and its hacking partners were able to tap into end-user’s phones using the Xcode method. It did say that the targeting of Apple’s products goes back as far as 2006, before Apple even introduced its first iPhone. We do know, however, that the CIA also hacked into databases owned by Gemalto, one of the world’s largest providers of SIM cards. That’s, of course, in addition to PRISM, the intelligence community’s so-called “backdoor” into U.S. tech companies.
Apple and Google have worked hard to strengthen the security of iOS and Android, respectively, sometimes angering the intelligence community while doing so. Hit the source for The Intercept‘s full report.