How the CIA has been trying to hack Apple, and steal its secrets, for years

Graham Cluley

SpyingTop secret documents, leaked by NSA whistleblower Edward Snowden, have revealed details of a concerted campaign by US intelligence agencies to find ways of extracting encryption keys used by Apple in its products and snoop upon the activities of millions of users worldwide.

The documents, the existence of which have been disclosed by The Intercept today, reveal attempts to poison Xcode, the free software used by OS X and iOS developers to create apps.

A boobytrapped version of XCode could open a remote backdoor, allowing third parties unauthorised access to Mac computers, or force iOS applications to silently send data from an affected iPad or iPhone to a US intelligence listening post.

The researchers boasted that they had discovered a way to manipulate Xcode so that it could serve as a conduit for infecting and extracting private data from devices on which users had installed apps that were built with the poisoned Xcode. In other words, by manipulating Xcode, the spies could compromise the devices and private data of anyone with apps made by a poisoned developer — potentially millions of people.

Many of the CIA’s projects to find ways of subverting Apple security have been discussed at a secret “Trusted Computing Base Jamboree”, held annually for almost a decade at a Lockheed Martin site in Northern Virginia.

An internal NSA document explains that the “Jamboree” (such a jolly name for something which sounds quite disturbing…) is for “presentations that provide important information to developers trying to circumvent or exploit new security capabilities” to “exploit new avenues of attack.”

The only silver lining is that there is nothing in the leaked information to suggest how successful United States’ intelligence agencies were in cracking Apple’s encryption technology, nor how specific exploits might have been used.

But the leaks do appear to make clear that there has been a concerted effort over many years, predating the launch of the iPhone, to find a way to circumvent Apple security and spy upon its customers.

And this isn’t a fanciful notion, time and time again in recent years details have emerged of the willingness of intelligence agencies to breach and undermind the security of legitimate companies and organisations. The likes of Belgacom, Gemalto and Apple are just the tip of the iceberg.

Against this backdrop, it seems quite understandable that Apple CEO Tim Cook has taken such a hardline against demands for broader covert access to communications, and underlined the company’s belief in privacy:

“None of us should accept that the government or a company or anybody should have access to all of our private information. This is a basic human right. We all have a right to privacy. We shouldn’t give it up. We shouldn’t give in to scare-mongering or to people who fundamentally don’t understand the details.”

For more information about the latest revelations, make sure to read the article in The Intercept: “The CIA campaign to steal Apple’s secrets”

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

One Reply to “How the CIA has been trying to hack Apple, and steal its secrets, for years”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.