The CIA has been attempting for nearly a decade to break into the security of Apple's devices the iPhone, iPad and Mac PCs. Researchers from the agency are targeting security keys that are used to encrypt stored data on the devices, making them vulnerable to malware that they plan to secretly install.
The CIA's numerous efforts to undermine Apple's encryption were disclosed at a secret meeting known as the "Jamboree." This event has been occurring each year since 2006, just one year prior to the release of the first generation of the iPhone.
Details on the CIA's breaching attempts were revealed in documents released by whistleblower Edward Snowden to The Intercept. According to documents, CIA spies have been using physical and non-invasive methods in cracking the security of the iPhone and iPad. The main goal was to decrypt Apple's firmware, which would eventually allow them to gain access to the devices and install malware on them without users' knowledge.
However, one method of attack, which is perhaps the most serious, involved the creation of a dummy version of Xcode, an Apple development software. This is the same software that developers use in creating apps for iOS devices.
Once the Xcode has been modified and compromised, it makes it easier for the CIA and other agencies to install surveillance backdoors onto any app.
The extent of the attack brought by a compromised version of the Xcode was discussed in a talk that was presented by researchers from Sandia Labs in 2012. Entitled "Strawhorse: Attacking the MacOS and iOS Software Development," the presentation showed how a compromised Xcode would give access to data in the iPhone and iPad and be siphoned off. It also showed how it was easy to establish "remote backdoors" on Mac PCs and disable the security features on a number of Apple devices once the Xcode becomes vulnerable.
"If U.S. products are OK to target, that's news to me," said Matthew Green, a cryptography expert at the Information Security Institute of Johns Hopkins University.
He added that when products of U.S. manufacturers are torn apart and backdoors are placed in the software that will be distributed without the knowledge of developers, it is deemed as something that goes a little beyond targeting the real bad guys.
"It may be a means to an end, but it's a hell of a means," said Green.
The revealed documents do not specify the success rate of the methods that were used by the CIA. There were also no details on some of the hacks that were purportedly carried out by the CIA and other intelligence agencies from the U.S.
Photo: Marco Pakoeningrat I Flickr
