The NSA, the iPhone and a whole lot of paranoia
With the treasure trove of classified information Edward Snowden procured from the NSA, we're seemingly inundated with more details regarding NSA surveillance efforts every single week.
Last week, the major NSA-related headline centered on the agency's apparent ability to attain complete and unfettered access to Apple's iPhone. The news originally appeared in the German-language Der Spiegel, which detailed how the NSA, through a program called DROPOUTJEEP, has the ability to completely compromise an iPhone, gaining access to the device's camera, contact list, text messages, voicemail and much more.
The top secret document reads in part:
DROPOUTJEEP is a software implant for the Apple iPhone that utilizes modular mission applications to provide specific SIGINT functionality. This functionality includes the ability to remotely push/pull files from the device. SMS retrieval, contact list retrieval, voicemail, geolocation, hot mic, camera capture, cell tower location, etc. Command, control and data exfiltration can occur over SMS messaging or a GPRS data connection. All communications with the implant will be covert and encrypted.
What's more, classified documents indicated that the NSA, in its efforts to compromise the iPhone, enjoyed a 100 percent success rate.
Sounds pretty scary, right?
Exacerbating the matter, security researcher Jacob Appelbaum seemed to imply during a recent speech that Apple may be assisting the NSA in their efforts. The pertinent portion of the video below begins at 44:30.
Do you think Apple helped them build that? I don't know. I hope Apple will clarify that... Here's a problem. I don't really believe that Apple didn't help them. I can't really prove it, but they [the NSA] literally claim that anytime they target an iOS device that it will succeed for implantation.
Either [the NSA] has a huge collection of exploits that work against Apple products, meaning they are hoarding information about critical systems that American companies produce, and sabotaging them, or Apple sabotaged it themselves.
And from there, we were treated to an assortment of misleading headlines and tabloid-esque articles that would otherwise have you believe that the NSA can simply flip on a switch from their headquarters in Fort Meade, Md., and simply "awaken" and compromise any iPhone it so chooses.
For instance, here's how Gizmodo covered the story.
Forbes readers, meanwhile, were greeted with this headline.
Similarly, The Huffington Post ran with a headline that read, "The NSA can use your iPhone to spy on you, expert says."
The HuffPo article reads in part:
Independent journalist and security expert Jacob Appelbaum on Monday told a hacker conference in Germany that the NSA could turn iPhones into eavesdropping tools and use radar wave devices to harvest electronic information from computers, even if they weren't online.
Appelbaum told hundreds of computer experts gathered at Hamburg's Chaos Communications Conference that his revelations about the NSA's capabilities "are even worse than your worst nightmares."
"What I am going to show you today is wrist-slittingly depressing," he said.
Unfortunately, there was a whole lot of context missing from the vast number of articles, which were quick to report on the NSA's ability to seemingly turn iPhones into mobile spy devices on a whim.
First, an important tidbit from the slide detailing DROPOUTJEEP is that compromising targeted iPhones requires physical access to the device. Second, the slide is sourced from information that dates back to August 2007. In other words, the NSA's ability in this regard only refers to the first generation iPhone.
If you look at the document above, you'll note that it states:
The initial release of DROPOUTJEEP will focus on installing the implant via close access methods. A remote capability will be pursued in a future release.
All told, the notion that a government agency, or even a lone individual, can compromise a device in-hand is hardly groundbreaking news. Folks were jailbreaking the iPhone, for example, just months after the device first hit store shelves. And yet, if you glanced at any number of headlines last week, you'd be convinced that every iPhone out in the free world is a sleeping spy device just waiting for the "activate/wake-up" signal from the NSA.
To this point, Steve Wildstrom of Techpinions writes:
But I have no doubts at all about the quality of much of the journalism. The idea that the government can tap into any iPhone anywhere, anytime, makes great clickbait, but sorry reporting. Too many writers, it seems, couldn't be bothered to track the story back to the original sources or even read the NSA document that many plastered on their sites. There's no excuse for this.
Indeed, many of the fear-inducing headlines conveyed information that was completely mismatched when compared to the original Der Spiegel story.
Now in the wake of all of this brouhaha, Apple refuted the notion that they have been working in cahoots with the NSA.
Apple has never worked with the NSA to create a backdoor in any of our products, including iPhone. Additionally, we have been unaware of this alleged NSA program targeting our products. We care deeply about our customers' privacy and security. Our team is continuously working to make our products even more secure, and we make it easy for customers to keep their software up to date with the latest advancements. Whenever we hear about attempts to undermine Apple's industry-leading security, we thoroughly investigate and take appropriate steps to protect our customers. We will continue to use our resources to stay ahead of malicious hackers and defend our customers from security attacks, regardless of who's behind them.
As a final point: Encryption on the iPhone has gotten much stronger since the original iPhone was released back in 2007 and fear-mongering headlines based on an outdated document don't really serve much of a purpose.
That said, there's no telling just what exactly the NSA is capable of today. After all, the agency employs hundreds of insanely smart folks well versed in advanced mathematics and all types of tech-related intelligence. Admittedly, I only bring this up as an excuse to reference what I think is one of the cooler iOS hacks to date. A few years back, security researcher and former NSA analyst Charlie Miller helped discover a text message vulnerability in the iPhone that allowed an attacker to gain complete control of an iPhone merely by sending a text message. How crazy is that?! Incidentally, Miller currently works for Twitter.
