NSA Spyware Allegedly Gives Backdoor Access to iPhones

This is a discussion on NSA Spyware Allegedly Gives Backdoor Access to iPhones within the iPhone News forums, part of the Apple News category; The U.S. National Security Agency has spyware designed to grant backdoor access to the iPhone specifically, according to leaked documents shared by high-profile security researcher ...

Results 1 to 7 of 7
  1. #1
    Administrator
    Join Date
    Jul 2011
    Location
    Northern Michigan
    Posts
    25,446
    Member #
    1529
    Liked
    316 times

    NSA Spyware Allegedly Gives Backdoor Access to iPhones



    The U.S. National Security Agency has spyware designed to grant backdoor access to the iPhone specifically, according to leaked documents shared by high-profile security researcher Jacob Appelbaum and German publication Der Spiegel.

    While speaking at the Chaos Communication Congress in Germany, Appelbaum shared his knowledge of “DROPOUTJEEP,” a top-secret NSA program that can intercept an iPhone’s SMS messages, contacts, location, camera, and microphone.

    Appelbaum, who has close ties to Wikileaks and NSA whistleblower Edward Snowden, prefaced his presentation at the conference by saying that his findings are ”wrist-slitting depressing.” A 50-page catalog from the NSA reveals the organization’s backdoor tools for a host of companies, including well-known names like Cisco and Dell.


    The iPhone’s backdoor is explained in a leaked NSA document:

    “DROPOUT JEEP is a software implant for the Apple iPhone that utilizes modular mission applications to provide specific SIGINT functionality. This functionality includes the ability to remotely push/pull files from the device. SMS retrieval, contact list retrieval, voicemail, geolocation, hot mic, camera capture, cell tower location, etc. Command, control and data exfiltration can occur over SMS messaging or a GPRS data connection. All communications with the implant will be covert and encrypted.”





    What is perhaps more alarming than the hack itself is the NSA’s claim that it will always succeed with installing the spyware on any iPhone. Physical access is needed now to install the spyware, but a version that can be remotely installed is in the works. It has been reported that the NSA has covertly intercepted hardware shipments before they arrive to their destinations in order to implant spyware.

    “Do you think Apple helped them build that?” asked Appelbaum during his talk. “I don’t know. I hope Apple will clarify that… Here’s a problem: I don’t really believe that Apple didn’t help them. I can’t really prove it, but they [the NSA] literally claim that anytime they target an iOS device, that it will succeed for implantation.

    Either they have a huge collection of exploits that work against Apple products, meaning that they are hoarding information about critical systems that American companies produce and sabotaging them, or Apple sabotaged it themselves. Not sure which one it is. I’d like to believe that since Apple didn’t join the PRISM program until after Steve Jobs died, that maybe it’s just that they write shitty software.”

    To be clear, this news doesn’t mean that Apple has indeed worked with the NSA on a backdoor for the iPhone like Appelbaum implies. But the NSA is confident it has a foolproof backdoor that gives a scary amount of access to someone’s iPhone.

    After The Washington Post exposed the NSA’s PRISM program, Apple joined a group of other tech companies seeking for the NSA to be more transparent about its surveillance tactics. Tim Cook recently a joined a number of other executives to discuss the issue with President Obama.

    You can watch Appelbaum’s full talk below, but the iPhone-related stuff doesn’t come up until about 44 minutes in:







    12-30-13

    Source

  2. Ads

    Posts
    Many

  3. #2
    Administrator
    Join Date
    Jul 2011
    Location
    Northern Michigan
    Posts
    25,446
    Member #
    1529
    Liked
    316 times

    Apple goes on the defensive against NSA iPhone spying allegations


    Yesterday we reported on a presentation by security researcher Jacob Appelbaum that reportedly showed leaked NSA documents in which the agency claimed to have a “100 percent success rate” at installing spyware on iPhones. Following those accusations, Apple has officially responded in a statement provided to TechCrunch:

    Apple has never worked with the NSA to create a backdoor in any of our products, including iPhone. Additionally, we have been unaware of this alleged NSA program targeting our products. We care deeply about our customers’ privacy and security. Our team is continuously working to make our products even more secure, and we make it easy for customers to keep their software up to date with the latest advancements. Whenever we hear about attempts to undermine Apple’s industry-leading security, we thoroughly investigate and take appropriate steps to protect our customers. We will continue to use our resources to stay ahead of malicious hackers and defend our customers from security attacks, regardless of who’s behind them.





    12-31-13

    9to5mac.com

  4. #3
    Administrator
    Join Date
    Jul 2011
    Location
    Northern Michigan
    Posts
    25,446
    Member #
    1529
    Liked
    316 times

    Yikes: NSA can turn on your iPhone’s camera, mic without you knowing



    The National Security Agency (NSA) has apparently able to hack the iPhone since 2008, according to a Der Spiegel interactive report that looks at the NSA’s various tools used for spying purposes. One particularly interesting tool, codenamed “DROPOUTJEEP,” is an implant that was first used to compromise the first-generation iPhone and was able to send various data stored on the phone to the agency, including text messages, address book contacts, geolocation and voicemail. Furthermore, the software could activate the microphone of the iPhone, turn on the camera and take pictures and retrieve cell tower location.

    All NSA-iPhone communications would be “covert and encrypted,” meaning that the target would likely be unaware of what’s going on. According to the document obtained by Der Spiegel, “command, control and data exfiltration can occur over SMS messaging or a GPRS data connection.” Furthermore, the initial DROPOUTJEEP would “focus on installing the implant via close access methods” with remote installations to be “pursued for a future release.” The documents presented by the publication do not specify whether following iPhone models were similarly hacked by the agency.

    However, the leaked materials show that the NSA had various other mobile-related spying “products” that worked with other smart devices:

    GOPHERSET – an implant for GSM SIM cards to pull phone book, SMS and log files for incoming and outgoing calls
    MONKEYCALENDAR – attack software that forces a SIM card to transmit geolocation data via covert SMS messages
    TOTECHASER – an implant hidden in a satellite phone running Windows CE that transmits data via hidden SMS messages
    TOTEGHOSTLY – an implant that enables full remote control on Windows Mobile phones offering data download and upload capabilities
    PICASSO – modified GSM handsets that collect user data, audio data while also tracking the location of the handset

    These are only a few of the NSA’s smart spying programs that can be used to spy on targets. In similar reports, Der Spiegel mentioned a 50-page catalog of such digital tools developed by the NSA, and revealed that the NSA can intercept laptops and other products mid-shipping to install spy malware on them. Furthermore, the NSA can reportedly hack a wireless network from eight miles away.

    An image of the document that reportedly describes DROPOUTJEEP follows below.







    12-31-13

    Source

  5. #4
    Administrator
    Join Date
    Jul 2011
    Location
    Northern Michigan
    Posts
    25,446
    Member #
    1529
    Liked
    316 times

    NSA isn’t content with current spying powers, wants quantum computer



    The National Security Agency (NSA) is apparently developing its own quantum computer that will be able to crack most types of encryption, reveal documents provided by NSA whistleblower Edward Snowden to The Washington Post. The agency’s spying efforts and tech tools used to obtain sensitive information from targets have been detailed in many recent reports, but it looks like the NSA is not happy with its current spying capabilities. The agency is working on a “cryptologically useful quantum computer” part of a $79.7 million research program called “Penetrating Hard Targets.”

    Quantum computers use quantum bits, or qubits, which can be simultaneously zero and one, instead of binary bits (zeros and ones). Thus, a quantum computer could perform some computations faster than regular computers, such as breaking the RSA encryption used by many online services.

    However, to build such a computer capable of breaking RSA encryption, a quantum computer would need hundreds of thousands of qubits. According to the document, by the end of September the NSA expected to have some “building blocks,” the Washington Post writes, “which it described in a document as “dynamical decoupling and complete quantum control on two semiconductor qubits.”

    In addition to packing enough qubits, a quantum computer also needs to be safely protected from external influences. “Quantum computers are extremely delicate,“ professor of electrical engineering and the director of the Center for Quantum Information Science and Technology at the University of Southern California Daniel Lidar said. “So if you don’t protect them from their environment, then the computation will be useless.”

    Quantum computing is also a cause for concern for the NSA, as other entities that would gain such capabilities would also be able to spy on other parties, NSA included. “The application of quantum technologies to encryption algorithms threatens to dramatically impact the U.S. government’s ability to both protect its communications and eavesdrop on the communications of foreign governments,” the leaked internal document said.

    The NSA is not the only party interested in quantum computing, as other researchers are studying the matter. Associate professor of electrical engineering and computer science at the Massachusetts Institute of Technology Scott Aaronson believes that the agency can’t be “far ahead of the open world [in quantum computing] without anybody knowing it.”

    A second project called “Owning the Net” and detailed in the documents reportedly uses quantum research to support “the creation of quantum-based attacks on encryptions like RSA,” the publication writes.

    The following video from Veritasium explains how a quantum computer would work.







    1-3-14

    Source

  6. #5
    Administrator
    Join Date
    Jul 2011
    Location
    Northern Michigan
    Posts
    25,446
    Member #
    1529
    Liked
    316 times

    NSA says tech giants knew about its spying efforts



    The NSA on Wednesday said “unequivocally” that U.S. tech giants were “fully aware” of the agency’s data collecting operations, The Guardian reports, even though tech companies denied having any knowledge of the Prism program, or helping the NSA in any way. In fact, since the Edward Snowden leaks hit papers and the Internet, tech companies have tried to reassure customers that their privacy is very important to them by either enabling encryption for their online services, asking the government to allow them to disclose the volume and type of data they share with the agencies, and/or campaigning against the NSA’s bulk data collection efforts.

    NSA general counsel Rajesh De said while testifying before the Privacy and Civil Liberties Oversight Board that “all communications content and associated metadata harvested by the NSA under a 2008 surveillance law occurred with the knowledge of the companies,” whether it was the “Internet collection program known as Prism and for the so-called ‘upstream’ collection or communications moving across the Internet.”

    When some tech companies said they never heard about the term “Prism,” they weren’t lying as the term was “was an internal government term that as the result of leaks became the public term.” However, tech companies must have known the actual process behind Prism no matter what its name was. “Collection under this program was a compulsory legal process, that any recipient company would receive,” De said. “All 702 collection is pursuant to court directives, so [tech companies] have to know,” he added.

    Section 702 was passed in 2008, allowing the NSA to “collect phone, email, Internet and other communications content when one party to the communication is reasonably believed to be a non-American outside the United States.” The data collected under Prism can be stored for five years, while communications taken directly from the Internet for two years.





    3-21-14

    Source

  7. #6
    Administrator
    Join Date
    Jul 2011
    Location
    Northern Michigan
    Posts
    25,446
    Member #
    1529
    Liked
    316 times

    Apple details iOS diagnostics capabilities in answer to 'backdoor' services



    In what appears to be a response to allegations of installing "backdoor" services with the intent to harvest data from iOS devices, Apple on Tuesday posted to its website an explanation of three diagnostics capabilities built in to the mobile OS.

    As listed in the support document, Apple goes over three iOS services, explaining how they work and why they exist, possibly in an attempt to address accusations that it installs backdoor services in cahoots with government agencies looking to surveil device owners.

    The services detailed were mentioned by forensic scientist and iOS hacker Jonathan Zdziarski in a recent talk at the HOPE/X conference in New York. Zdziarski highlighted certain suspicious iOS background assets that appeared to serve no diagnostics purposes, but could potentially be exploited by law enforcement agencies or malicious hackers to steal sensitive personal data from iOS devices.

    In the support document, Apple addresses three of these services — coincidentally listed in the same order as presented by Zdziarski in his slide deck — explaining how each works and its intended use as a diagnostics tool for developers or IT professionals.


    From Apple's support document:

    com.apple.mobile.pcapd

    pcapd supports diagnostic packet capture from an iOS device to a trusted computer. This is useful for troubleshooting and diagnosing issues with apps on the device as well as enterprise VPN connections. You can find more information at developer.apple.com/library/ios/qa/qa1176.

    com.apple.mobile.file_relay

    file_relay supports limited copying of diagnostic data from a device. This service is separate from user-generated backups, does not have access to all data on the device, and respects iOS Data Protection. Apple engineering uses file_relay on internal devices to qualify customer configurations. AppleCare, with user consent, can also use this tool to gather relevant diagnostic data from users' devices.

    com.apple.mobile.house_arrest

    house_arrest is used by iTunes to transfer documents to and from an iOS device for apps that support this functionality. This is also used by Xcode to assist in the transfer of test data to a device while an app is in development.

    In addition, Apple points readers in the direction of documents explaining data syncing and the "Trust this computer" iOS feature that protects against data extraction from an unknown Mac or PC.

    While the document answers for three services questioned by Zdziarski, the hacker brought up many more, including those with the potential to seemingly bypass iOS backup encryption to serve up data from a user's address book, capture pictures from social media feeds, install spyware using available enterprise tools and more.

    For its part, Apple responded to the allegations in a statement issued on Monday, saying diagnostic functions in iOS are designed to thwart any compromise of user privacy and security.

    "As we have said before, Apple has never worked with any government agency from any country to create a backdoor in any of our products of services," Apple said.

    The company added that users must first unlock their device and agree to trust a connected computer before transferring over diagnostics data, a point reiterated in today's support document.





    7-23-14

    Source

  8. #7
    Junior Member
    Join Date
    Jul 2014
    Location
    London
    Posts
    1
    Member #
    7582
    so this spying via iphone is all true then

Remove Ads

Ads

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Similar Threads

  1. NSA intercepts laptop deliveries to install spyware
    By sparkyscott21 in forum Off-Topic
    Replies: 0
    Last Post: 12-30-2013, 12:51 PM
  2. Replies: 0
    Last Post: 05-22-2013, 11:03 AM
  3. Replies: 0
    Last Post: 05-20-2013, 11:53 AM
  4. iPhone 4 allegedly combusts while charging overnight
    By sparkyscott21 in forum Apple Forums Member News Depot
    Replies: 0
    Last Post: 03-21-2012, 07:57 PM
  5. British network allegedly warns Apple again not to use 'iTV' name
    By sparkyscott21 in forum Uk Dedicated Apple forum
    Replies: 1
    Last Post: 02-14-2012, 10:52 AM

Contact Us
Back to top