iSPY: Covert CIA Decryption Campaign Targets Apple’s iOS

by Matt Klassen on March 18, 2015

For years Apple has trumpeted its stalwart privacy protocols, often going as far as to claim that its iOS operating system is far more resistant to malware than other competing platforms. While this may actually be true what many actually hear when Apple boasts about its unmatched security is that iOS is invulnerable to such external threats, but seeing the latest documents released by whistle-blower Edward Snowden, that simply isn’t true.

According to a report published in The Intercept, “Researchers working with the Central Intelligence Agency have conducted a multi-year, sustained effort to break the security of Apple’s iPhones and iPads,” findings based on high-level top secret documents leaked by Snowden. The research findings are then shared at a secret cloak-and-dagger gathering called the “Jamboree,” where security analysts brainstorm on “strategies for exploiting security flaws in household and commercial electronics.”

By studying a variety of techniques for cracking Apple devices, the aim of the covert research is to decrypt and ultimately crack Apple’s heavily encrypted firmware, possibly allowing spies to plant malicious code on Apple gadgets and/or to discover “potential vulnerabilities” in certain parts of the iPhone or iPad currently hidden by encryption.

While this revelation that the CIA is systematically targeting Apple’s vaunted unbreakable iOS really comes as no surprise, it’ll be interesting to see how the Cupertino company responds, likely redoubling its efforts—as others have done—to prevent Big Brother from snooping around its phones and tablets.

The news that the CIA, like the NSA before it, has waged a secret war against the security protocols of consumer electronics comes as tech company’s like Apple are vehemently resisting pressure from both the US and UK governments to actually lower the security of their products. The concern from a law enforcement perspective is that such uncrackable encryption provides the criminal element a safe haven, one that allows terrorists and other such ne’er-do-wells to operate in secret.

But the problem is that many are questioning the brazen, and not to mention illegal, means the CIA and NSA are clearly employing in their attempts to control and monitor the flow of mobile data, meaning many are questioning the justification of such projects, even if the goal of protecting us against terrorism is certainly laudable.

“If U.S. products are OK to target, that’s news to me,” says Matthew Green, a cryptography expert at Johns Hopkins University’s Information Security Institute. “Tearing apart the products of U.S. manufacturers and potentially putting backdoors in software distributed by unknowing developers all seems to be going a bit beyond ‘targeting bad guys.’ It may be a means to an end, but it’s a hell of a means.”

Until this report many had thought Apple products were resistant to such governmental intrusion, although given that iOS is “generally considered to be the most secure smartphone operating system,” it instantly becomes a “very attractive, very large target,” Eric Cowperthwaite, vice president for advanced security and strategy at Core Security, told TechNewsWorld.

“If you crack Apple, then you have the ability to get inside the phones of a major portion of the market,” said Cowperthwaite, adding that, “In the long run, this stuff we see happening with the CIA, NSA, Chinese security agencies and many others polluting the security of these various ecosystems is really bad for trust and for security.”

In the end it is disconcerting to read that US government-sponsored researchers are studying both “physical” and “non-invasive” techniques to decrypt and penetrate mobile encryption, as such a revelation has far reaching ramifications for enterprise and personal security. The irony of the situation is, however, that such efforts to break mobile security will likely be counter-productive, as it will undoubtedly encourage Apple and its tech brethren to redouble their efforts at bolstering security while likely irreparably damaging public trust in such government agencies.

Did you like this post ? TheTelecomBlog.com publishes daily news, editorial, thoughts, and controversial opinion – you can subscribe by: RSS (click here), or email (click here).

Written by: Matt Klassen. www.digitcom.ca. Follow TheTelecomBlog.com by: RSS, Twitter, Facebook, or YouTube.

Comments on this entry are closed.

Previous post:

Next post: