NSA has cracked the iPhone, claims researcher

News by Steve Gold

The US National Security Agency (NSA) has been accused of effectively reverse engineering/recoding the iPhone for surveillance purposes.

Apple and the NSA have spent most of this week issuing denials surrounding claims that almost all forms of iPhone communications can be eavesdropped as a matter of routine by the NSA.

The accusations came from Jacob Appelbaum, a privacy advocate and security researcher, who was speaking at the 30th Chaos Computer Club conference in Germany in late December. He claims to have analysed some of the leaked NSA documents from Edward Snowden about `Operation Dropjeep,' which includes a hidden iOS program that can be planted on an iPhone.

The hidden code - which requires physical access to the handset to implant (although the NSA is working on a remote hack, says the researcher) - peruses the handset's data, collating text messages and geo-location data from nearby cellular base stations. The code effectively turns the iPhone into a cellular version of the so-called infinity bug that was designed by spy agencies in the 1960s and 1970s to remotely monitor a landline telephone handset.

In his Chaos Computer Club presentation, Appelbaum said: "Basically the NSA wants to be able to spy on you. And if they have ten different options for spying on you that you know about, they have 13 ways of doing it and they do all 13. So that's a pretty scary thing.

“Their goal is to have total surveillance of everything that they are interested in,” he added.

“There really is no boundary to what they want to do. There is only sometimes a boundary between what they are funded to be able to do, and the amount of things they are able to do at scale; they seem to just do those things without thinking too much without it.”

Appelbaum went on to allege that the Dropjeep code has been designed to interface with a custom rogue cellular base station - operated by the NSA - to allow easy harvesting of data from the iPhone handset.

Whilst it is easy to dismiss Appelbaum's claims as embellishment of the many leaked documents from former NSA analyst Edward Snowden, SCMagazineUK.com notes that his claims build on those of security writer Glenn Greenwald. When giving evidence to the European Parliament's Committee on Civil Liberties and Home Affairs recently, Greenwald asserted that the ultimate goal of the NSA is to “eliminate individual privacy worldwide.”

The researcher's comments also parallel a presentation made on remote Android handset surveillance in July 2012 by Rik Ferguson, Trend Micro's senior security evangelist, in which he revealed how easy it is code up a remote access application for Android smartphones - a process he told this writer took him "a couple of hours" one morning.

According to independent security analyst Graham Cluley - who has worked for Sophos and many other security vendors over the last three decades - Appelbaum's claims do not mean that the NSA has complete control of your iPhone, noting that the widely circulated document from Edward Snowden dates back to 2008 and points out that the NSA's TAO (Tailored Access Operations) hacking unit requires physical access to your iPhone in order to plant spyware on it.

"Now, it may be that they have since found unpatched vulnerabilities in iOS to install the spyware onto targeted devices remotely, and – one presumes – not told Apple about those security holes, but that's not what the leaked documents say," he said, adding that it sounds as though everything that America has accused the Chinese of attempting in the way of cyber espionage, the US government has also been doing against American users and companies.

According to Der Spiegel's report on the Chaos Computer Club conference it is not just the Apple iPhone that the NSA'a TAO division has successfully compromised, as hardware from other vendors - including those from Juniper Networks, has also been cracked by the NSA.

SCMagazineUS.com quotes a Juniper spokesperson as saying that the company works actively to address any possible exploit paths, such as those identified at the Chaos Computer Club conference.

"[We] are committed to maintaining the integrity and security of our products. We are also committed to the responsible disclosure of security vulnerabilities, and if necessary, will work closely with customers to implement any mitigation steps,” said the spokesperson.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews