If it seems these days like no gadget, website, service or function is safe from the data trolling of the U.S. National Security Administration, you are probably right. Even your iPhone is no barrier to the depths of the NSA’s capabilities, according to a new report.
Security researcher Jacob Applebaum gave a talk at the 30th Chaos Communication Congress in Hamburg, Germany yesterday outlining how the NSA has had the capability to break into an iPhone and siphon off of all the communications and activity on the device since 2008. German publication Der Spiegel also has its own extensive report showing that the NSA has a program called DROPOUTJEEP that is the codename of the iPhone hack.
In addition to the iPhone hack, the NSA has a unit called TAO—Tailored Access Operations—that has the primary duty of intercepting and bugging hardware (phones, laptops, servers) that various reports have stated HP and Cisco servers. Basically, the NSA can get at whatever it wants just about anywhere it wants. Der Spiegel also reports that the NSA has successfully tapped undersea fiber optics cables running from Europe, through the Middle East to Asia.
The iPhone hack stated by the documents in 2008 says that the NSA would need to have physical access to a device to be able to install its spyware. Once the spyware was in place, the NSA would have access to just about everything on the iPhone. The document said that a remote hack (one that doesn’t need physical access) was in the works for the future.
Applebaum from his talk at the 30th Chaos Communication Congress (via YouTube video):
SMS, contact list retrieval, voicemail, hot microphone, camera capture, cell tower location. You think Apple helped them with that? I don’t know. I hope Apple will clarify that. Here’s the problem. I don’t really believe that Apple didn’t help them. I can’t really prove it. They literally claim that any time they target an iOS device that it will succeed for implantation. Either they have a huge collection of exploits that will work against Apple products, meaning that they are hoarding information about critical systems that American companies produce and sabotaging them, or Apple sabotaged it themselves. Not sure which one it is. I’d like to believe that since Apple didn’t join the PRISM program until after Steve Jobs died, that maybe it’s just that they write shitty software. We know that’s true.
Here is Applebaum's talk. The iPhone bit starts around 44:30:
Apple provided this response to technology publication a variety of technology publications this morning:
Apple has never worked with the NSA to create a backdoor in any of our products, including iPhone. Additionally, we have been unaware of this alleged NSA program targeting our products. We care deeply about our customers’ privacy and security. Our team is continuously working to make our products even more secure, and we make it easy for customers to keep their software up to date with the latest advancements. Whenever we hear about attempts to undermine Apple’s industry-leading security, we thoroughly investigate and take appropriate steps to protect our customers. We will continue to use our resources to stay ahead of malicious hackers and defend our customers from security attacks, regardless of who’s behind them.
Since the documents are from 2008, the extent of the NSA’s iPhone-snooping capability is not fully known. It may have had a working remote hack by this time. It may not and Apple may have closed the loop on this particular hardware bug that allowed the NSA in through the iPhones back door. The specifics actually do not matter quite as much because we have seen that the NSA, through one fashion or another, will get the information that it is looking for.
Time To Get Angry?
The Internet community, privacy experts, media and technology giants like Google, Facebook and Microsoft are all up in arms about NSA data mining and snooping. With each successive leak from the Edward Snowden files, every new report about the NSA’s clandestine activities (with each one seemingly more extreme than the last), the rhetoric raises and the saber rattling ensues.
The problem here is that the U.S. public doesn’t seem to care. The American public’s distrust of the government runs so deep that each successive NSA scandal is met with a collective shrug. The U.S. public has been watching crime scene investigation, police and spy dramas on television and film for so long that when they learn this activity is happening in real life, they give an apathetic nod. The constant news cycle where every tidbit of information is more dramatic than the last has desensitized the public to what is one of the biggest ongoing impactful stories of the century.
But they do love their iPhones.
The iPhone is consistently one of the most searched keywords on the Internet every year. People want to know when it is coming out, what new features it has, what bugs it needs to squash, how it compares to older iPhones and the top Android smartphones. Americans are enamored with Apple and the iPhone and have been since 2007.
Will the American public finally get say “I’m angry as hell and I’m not going to take it anymore!” when they learn that the U.S. government has had the ability to track everything on its most beloved gadget since almost the iPhone’s inception? Will this be the straw that finally spurs the public into an outraged shrill, demanding reform from the U.S. government to shape up the NSA once and for all?
The iPhone is the most personal of consumer devices. People seemingly have intimate relationships with their iPhones. Will learning that the NSA can violate that personal relationship and their privacy all at once might lead them to the outraged indignation that the Technorati have been craving? Maybe but probably not. People will continue to think, “Oh, that is stuff that happens to somebody else” and continue to watch their CSI shows, blissfully aware but purposefully ignorant that the foundations of their freedom are being put to the test.