Skip to comments.Apple Denies Working With NSA on iPhone Backdoors
Posted on 01/01/2014 7:36:47 AM PST by Kaslin
Today Apple denied creating backdoors on the iPhone for the NSA to exploit. First let's review some articles that preceded the denial.
Within the last few days came numerous reports NSA Reportedly Has Total Access To The Apple iPhone.
Back in September, Der Spiegel online reported iSpy: How the NSA Accesses Smartphone Data
AppleInsider notes "New documents revealed on Monday show the U.S. National Security Agency has the capability of deploying software implants on Apple's iPhone that grants remote access to on-board assets like SMS messages, location data and microphone audio."
Please consider Der Spiegel article Shopping for Spy Gear: Catalog Advertises NSA Toolbox by Jacob Appelbaum, Judith Horchert and Christian Stöcker.
After years of speculation that electronics can be accessed by intelligence agencies through a back door, an internal NSA catalog reveals that such methods already exist for numerous end-user devices.
According to Juniper Networks' online PR copy, the company's products are "ideal" for protecting large companies and computing centers from unwanted access from outside. They claim the performance of the company's special computers is "unmatched" and their firewalls are the "best-in-class." Despite these assurances, though, there is one attacker none of these products can fend off -- the United States' National Security Agency.
A document viewed by SPIEGEL resembling a product catalog reveals that an NSA division called ANT has burrowed its way into nearly all the security architecture made by the major players in the industry -- including American global market leader Cisco and its Chinese competitor Huawei, but also producers of mass-market goods, such as US computer-maker Dell.
A 50-Page Catalog
These NSA agents, who specialize in secret back doors, are able to keep an eye on all levels of our digital lives -- from computing centers to individual computers, and from laptops to mobile phones. For nearly every lock, ANT seems to have a key in its toolbox. And no matter what walls companies erect, the NSA's specialists seem already to have gotten past them.
This, at least, is the impression gained from flipping through the 50-page document. The list reads like a mail-order catalog, one from which other NSA employees can order technologies from the ANT division for tapping their targets' data. The catalog even lists the prices for these electronic break-in tools, with costs ranging from free to $250,000.
In the case of Juniper, the name of this particular digital lock pick is "FEEDTROUGH." This malware burrows into Juniper firewalls and makes it possible to smuggle other NSA programs into mainframe computers. Thanks to FEEDTROUGH, these implants can, by design, even survive "across reboots and software upgrades." In this way, US government spies can secure themselves a permanent presence in computer networks. The catalog states that FEEDTROUGH "has been deployed on many target platforms."
Some of the equipment available is quite inexpensive. A rigged monitor cable that allows "TAO personnel to see what is displayed on the targeted monitor," for example, is available for just $30. But an "active GSM base station" -- a tool that makes it possible to mimic a mobile phone tower and thus monitor cell phones -- costs a full $40,000.
A second Der Spiegel article takes a look Inside TAO a top-secret National Security Agency team known as Tailored Access Operations.
In January 2010, numerous homeowners in San Antonio, Texas, stood baffled in front of their closed garage doors. They wanted to drive to work or head off to do their grocery shopping, but their garage door openers had gone dead, leaving them stranded. No matter how many times they pressed the buttons, the doors didn't budge. The problem primarily affected residents in the western part of the city, around Military Drive and the interstate highway known as Loop 410.
Fault for the error lay with the United States' foreign intelligence service, the National Security Agency, which has offices in San Antonio. Officials at the agency were forced to admit that one of the NSA's radio antennas was broadcasting at the same frequency as the garage door openers. Embarrassed officials at the intelligence agency promised to resolve the issue as quickly as possible, and soon the doors began opening again.
It was thanks to the garage door opener episode that Texans learned just how far the NSA's work had encroached upon their daily lives.
An internal description of TAO's responsibilities makes clear that aggressive attacks are an explicit part of the unit's tasks. Indeed, TAO specialists have directly accessed the protected networks of democratically elected leaders of countries. They infiltrated networks of European telecommunications companies and gained access to and read mails sent over Blackberry's BES email servers, which until then were believed to be securely encrypted. Achieving this last goal required a "sustained TAO operation," one document states.
Having Fun at Microsoft's Expense
One example of the sheer creativity with which the TAO spies approach their work can be seen in a hacking method they use that exploits the error-proneness of Microsoft's Windows. Every user of the operating system is familiar with the annoying window that occasionally pops up on screen when an internal problem is detected, an automatic message that prompts the user to report the bug to the manufacturer and to restart the program. These crash reports offer TAO specialists a welcome opportunity to spy on computers.
When TAO selects a computer somewhere in the world as a target and enters its unique identifiers (an IP address, for example) into the corresponding database, intelligence agents are then automatically notified any time the operating system of that computer crashes and its user receives the prompt to report the problem to Microsoft. An internal presentation suggests it is NSA's powerful XKeyscore spying tool that is used to fish these crash reports out of the massive sea of Internet traffic.
The automated crash reports are a "neat way" to gain "passive access" to a machine, the presentation continues. Passive access means that, initially, only data the computer sends out into the Internet is captured and saved, but the computer itself is not yet manipulated. Still, even this passive access to error messages provides valuable insights into problems with a targeted person's computer and, thus, information on security holes that might be exploitable for planting malware or spyware on the unwitting victim's computer.
NSA Intercepts Packages to Install Bugs
The NSA does not stop there. The Verge reports NSA intercepts laptops purchased online to install spy malware before routing to the customer.
OK, but what is Apple's, Google's, and Microsoft's response as to whether backdoors are purposely built into the phones and computers?
Apple Denies Working With NSA
Today, Techcrunch reports Apple Says It Has Never Worked With NSA To Create iPhone Backdoors, Is Unaware Of Alleged DROPOUTJEEP Snooping Program.
Apple has contacted TechCrunch with a statement about the DROPOUTJEEP NSA program that detailed a system by which the organization claimed it could snoop on iPhone users.
Apple says that it has never worked with the NSA to create any backdoors that would allow that kind of monitoring, and that it was unaware of any programs to do so.
Here is the full statement from Apple:
Apple has never worked with the NSA to create a backdoor in any of our products, including iPhone. Additionally, we have been unaware of this alleged NSA program targeting our products. We care deeply about our customers privacy and security. Our team is continuously working to make our products even more secure, and we make it easy for customers to keep their software up to date with the latest advancements. Whenever we hear about attempts to undermine Apples industry-leading security, we thoroughly investigate and take appropriate steps to protect our customers. We will continue to use our resources to stay ahead of malicious hackers and defend our customers from security attacks, regardless of whos behind them.
The statement is a response to a report in Der Spiegel Sunday that detailed a Tailored Access Operations (TAO) unit within the NSA that is tasked with gaining access to foreign computer systems in order to retrieve data to protect national security.
Among these options was a program called DROPOUTJEEP a program by which the NSA could theoretically snoop on any Apple iPhone with 100% success. The documents were dated 2008, implying that these methods were for older devices. Still, the programs detailed capabilities are worrisome.
Researcher and hacker Jacob Applebaum the co-author of the articles, coinciding with a speech he gave at a conference about the programs pointed out that the 100% success rate claimed by the NSA was worrisome as it implied cooperation by Apple. The statement from the company appears to preclude that cooperation.
This year has been an eventful one for NSA spying program revelations. Apple joined a host of large companies that denied that they had been willing participants in the PRISM data collection system but later revelations of the MUSCULAR program indicated that the NSA could get its hands on data by monitoring internal company server communications anyway. This spurred targets like Google and Yahoo to implement internal encryption.
Operations Muscular and Prism
Inquiring minds may also be interested in these Tech Crunch articles.
Operation "Muscular": NSA Infiltrates Google And Yahoo Networks
Operation "Prism": Google, Facebook, Dropbox, Yahoo, Microsoft, Paltalk, AOL And Apple Deny Participation In NSA PRISM Surveillance Program
Reflections on NSA Gag Orders
Unfortunately, the NSA has made it difficult or even impossible for companies to comment on precisely what the NSA requires of them.
Clearly these gag orders makes backdoor denials at least somewhat suspicious.
Apples Files Suit
On November 5, Tech Crunch reported Apple Files With U.S. Government For More Information Request Transparency As It Releases First Report.
Today, Apple has released its first ever report on government information requests, detailing exact numbers of account information and data requests internationally. The report highlights how restrictive the rules are for Apple in the US, as only ranges of 1,000 are represented there.
[Mish note: the link does not work. Three possibilities - I highly doubt the first: Either the link was in error, Apple took it down for its own reasons, or the NSA forced Apple to take it down. Tech Crunch has some of the details.]
Apple also specifies the exact FBI letters and requests that it had to comply with. In the report, Apple goes into detail about what it would like to see changed about the process.
This report provides statistics on requests related to customer accounts as well as those related to specific devices. We have reported all the information we are legally allowed to share, and Apple will continue to advocate for greater transparency about the requests we receive, the report states. At the time of this report, the U.S. government does not allow Apple to disclose, except in broad ranges, the number of national security orders, the number of accounts affected by the orders, or whether content, such as emails, was disclosed.
Open Letter on Government Surveillance
Recently AOL, Apple, Facebook Google LinkedIn, Microsoft, Twitter, and Yahoo sent an Open Letter on Global Government Surveillanceseeking reforms that would limit government authority to collect user information.
Will anything come of it? I highly doubt it.
Celebrate the new year: 1984 is here.
Apple lets them in the side door.
Maybe denial IS a river in Egypt after all!
Of course they will deny it, but I have a hard time believing the NSA could so completely control their phone without some level of cooperation, at least from a former engineer of the Iphone software.
Well Apple, you have two equally unpalatable choices here. Either you admit to helping the NSA, or you admit that hackers can install software and access your phone’s and users data without their consent. It isn’t that big of a deal Apple. We all sort of suspected one or both of these have been happening, not just to you though. I’m sure Android based phones are no better in this regard. Windows based phones are probably worse.
Understatement of the year!
Hard to believe Apple's denial - - only a fool would trust NSA's willingness to tell the truth.
Birth pangs of a police state.
I can't see how they could do this physically in time. My daughter just purchased a laptop and it only took two days to get here without special shipping. They would need whole factories dedicated to the purpose to handle the pipeline that fast unless they were already present in the assembly and testing process, which I doubt.
Now, I could see it if their hacks were already embedded in Windows, Linux, Mac OS, or even the ROM inside the processors, all of which would be a lot easier to do. In that case, nobody should be fingering Apple.
This is looking like it is going to be disastrous for American electronics manufacturing. Nobody wants a pre-hacked device.
I just don’t see why NSA would bother with this when they can simply tap the fiber at major phone transmission line nodes. As far as I know, every call ends up on fiber somewhere in the world.
Birth pangs of a police state.
Hmmm! It seems to me we're looking at the throes of adolescence, not birth pangs.
The world needs a cheap, open source, open hardware smartphone. That baseband firmware is just the devils playground. It would be nice to have an encrypted local area walkie talkie function on an open source phone wouldn’t it!? For instance, you could communicate between phones in a mall without interfacing with the cell system at all. Kids could communicate with friends around their school in the same way.
Also, a cheap bluetooth unit that has encryption would be useful as an accessory for smart phones...it needs perfect-forward-secrecy enabled. They would still collect the meta data, but not the audio.
Not so fast. That would only change *who* compromises it, not *if*. One of the likely benefactors would be the PRC, given their record.
The PRC has deeper hooks into the supply chain(versus those alleged of the NSA). In addition, the PRC also has been known to compromise machines after the fact. All one would be doing is exchanging Scylla for Charybdis.
Now if one could assume that a device has a random possibility of arriving pre-hacked by some government-backed entity, who would you rather have it be - if somebody? I don't want my devices arriving pre-hacked, but I sure would not mind having the PRC out of my stuff as much as you'd want the NSA out of yours.
The only long-term benefit I see of this is some increase in the average user's proficiency with computer/information security. It won't be perfect (as they're average users), but it will be better than nothing.
The “backdoor” is built into the in the hardware/firmware NOT the software .... Former iPod/iPhone chip designer.
Disagree. There is money to be made in offering a secure communications system.
And the NSA denies it spies on US citizens. Nothing to worry about.
Apple is as Liberal as they get, and Liberals always say the opposite of what they mean.