Apple devices have been the targets of a years-long campaign by the CIA to crack device security and surveil users’ data, according to documents leaked by NSA whistle-blower Edward Snowden.
The Intercept reports CIA security researchers have explored multiple avenues for infiltrating iPhones and iPads, including trying to crack Apple’s mobile processor encryption keys and compromise Xcode — the Apple tool used to build the bulk of iOS applications sold on Apple’s App Store. The platform has been distributed to hundreds of thousands of third-party app developers worldwide.
CIA’s modified Xcode could plant secret backdoors into apps created with the tool, allowing the agency to silently slip through and surveil data, according to the report.
The leaked documents come amid a recent push by the FBI and other law enforcement to force Apple into granting the government backdoor access to its new default encryption standard announced last fall, which Apple CEO Tim Cook explained not even Apple employees can access.
It also follows President Obama’s criticism of China earlier this month for demanding foreign manufacturers build mandatory back doors into electronic devices exported to China. As the Intercept points out, China is merely following in the U.S.’s footsteps.
Agency researchers reportedly share their progress at an annual gathering called the “Trusted Computing Base Jamboree,” where they’ve been getting together since a year before Apple released its first iPhone to discuss exploits for infiltrating consumer electronics for surveillance. The conference is held in a Lockheed Martin-owned facility in Virginia.
Researchers from Sandia Labs, which is owned by a subsidiary of Lockheed, gave a presentation at Jamboree in 2012 titled, “Strawhorse: Attacking the MacOS and iOS Software Development,” in which they explained the Xcode hack, another to create “remote backdoors” in Mac computers and means to disable Apple security features.
Additional presentations described a plan to plant a keylogger — a program that records all of the keys typed on a keyboard — on Macs through a tampered version of OS X updater, and others to compromise one of the two primary methods of Apple mobile encryption — Apple’s Group ID (GID). The agency proposed surveilling the electromagnetic emissions of the GID to uncover the key, as well as another method “to physically extract” it.
Other presentations explored hacking Apple competitors like Microsoft — specifically the company’s BitLocker encryption used on PCs running premium editions of Windows.
The documents do not explain how the agency would distribute the compromised version of Xcode to app developers, nor do they clearly document any successful hacks against Apple.
“If U.S. products are OK to target, that’s news to me,” Matthew Green, a cryptography expert at Johns Hopkins University’s Information Security Institute, said in The Intercept report. “Tearing apart the products of U.S. manufacturers and potentially putting backdoors in software distributed by unknowing developers all seems to be going a bit beyond ‘targeting bad guys.’ It may be a means to an end, but it’s a hell of a means.”
The report comes on the heels of an announcement by CIA Director John Brennan last week about major forthcoming inner-agency reorganization, designed in part to significantly expand the CIA’s cyber-intelligence efforts.
“Spies gonna spy,” Steven Bellovin, a Columbia University professor and former chief technologist for the Federal Trade Commission, told The Intercept. “I’m never surprised by what intelligence agencies do to get information. They’re going to go where the info is, and as it moves, they’ll adjust their tactics. Their attitude is basically amoral: whatever works is OK.”