A report released on Tuesday by The Intercept asserted that researchers within the Central Intelligence Agency (CIA) have been engaged in a “multi-year, sustained effort” to sabotage the security of Apple’s iPhones and iPads, using a variety of methods including creating dummy software targeted towards developers and attempting to crack Apple’s encryption keys. The Intercept based its report on documents provided by NSA whistleblower Edward Snowden.
According to The Intercept, the researchers discussed ways to exploit security flaws of the devices at a secret annual meeting called the Trusted Computing Base Jamboree. It is claimed that the researchers created a modified version of Xcode, Apple’s development software that is used to create apps. The modified version of Xcode would let the CIA, NSA and other agencies to access apps created by developers using the modified software:
“The researchers boasted that they had discovered a way to manipulate Xcode so that it could serve as a conduit for infecting and extracting private data from devices on which users had installed apps that were built with the poisoned Xcode. In other words, by manipulating Xcode, the spies could compromise the devices and private data of anyone with apps made by a poisoned developer — potentially millions of people.”
The Intercept reported that the researchers had also made efforts to utilize keylogging software, which would record every stroke typed by a user affected by the software.
The documents provided by Snowden do not specify that the CIA’s efforts to break into Apple devices have been successful. The CIA and NSA have not yet responded to The Intercept’s report.
“Spies gonna spy,” Steven Bellovin, a former U.S. Federal Trade Commission chief technologist who is now a professor at Columbia University, told The Intercept. “I’m never surprised by what intelligence agencies do to get information. They’re going to go where the info is, and as it moves, they’ll adjust their tactics. Their attitude is basically amoral: whatever works is OK.”
According to The Intercept, government agencies have desired the continuous ability to “bypass security tools built into wireless devices.” Apple’s CEO, Tim Cook, made a pledge last year to protect the privacy of Apple users, especially from all government agencies. On Apple’s website, Cook wrote that “I want to be absolutely clear that we have never worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers. And we never will.”
Apple declined to respond to the report from The Intercept, and instead referred the publication to the company’s previous privacy statements.