The Central Intelligence Agency (CIA) has been trying to compromise iOS devices for a number of years, a report claims. Documents leaked by whistleblower Edward Snowden reveal that a secret annual conference called the “Trusted Computing Base Jamboree” was used to discuss various ways to exploit security in consumer devices and electronics, including iPads and iPhones, as part of ongoing attempts by intelligence agencies to use consumer devices for surveillance.
The research presented at the Jamboree has dealt with both “physical” and “non-invasive” techniques to compromise devices, reports The Intercept, including decrypting and penetrating Apple’s firmware. In theory, this would allow security agencies enough access to try and find more vulnerabilities they can use to their advantage.
Researchers from Sandia National Laboratories revealed their research at the CIA-sponsored event but did not advise how successful they were in defeating Apple’s security mechanisms, the documents state. It is unknown whether any exploits were being used by intelligence agencies, though the information does show that great lengths have already been taken to try and get Apple’s encryption keys.
In an abstract of the 2011 presentation, researchers admit the “Intelligence Community is Highly dependent on a very small number of security flaws, many of which are public, which Apple eventually patches.”
The following year, a talk called “Strawhorse: Attacking the MacOS and iOS Software Development Kit” discussed how Xcode had been manipulated so that private data could be extracted from apps created using the poisoned development kit. Rather than attacking iOS directly, the technique instead attacked the app development process, and in turn the apps themselves.
The list of potential tasks apps created within the modified Xcode could perform is short, but powerful. On Mac, backdoors could be built into applications to provide remote access. For iOS devices, an app developer’s private key could be secretly embedded into iOS apps, allowing hackers to impersonate their chosen developer, while another could force apps to feed data back to an intelligence “listening post.” The ability to “disable core security features” is also claimed.
While the main action of the Jamboree dealt with Apple, other tech companies were also put under close scrutiny by researchers. Microsoft’s BitLocker and the Trusted Platform Module were attacked by researchers, with some apparent level of success. Researchers claimed they were able to extract BitLocker encryption keys in 2010, potentially allowing for the collection or adjustment of protected data.
