A new piece on The Intercept, following on a secret, annual, CIA-sponsored hacker "Jamboree" devoted to "exploiting security flaws in household and commercial electronics," suggests that U.S. spies have been intent on cracking the security guarding our iPads and iPhones for years now. The CIA declines to comment, but does this surprise anyone?
Last October, Wired published a piece titled "Apple's iPhone Encryption Is a Godsend, Even If Cops Hate It," discussing how previous version of the operating system's security encryption were made even stronger for personal information with iOS 8 something that the market would simply demand as Apple introduces more and more highly personal stuff to their app array, like health data.
The leaked report from the conference does not state clearly how successful the teams have been in their "physical" and "non-invasive" attempts to penetrate Apple's crypto, but it sounds like they've made in-roads. There's this, for instance:
The security researchers also claimed they had created a modified version of Apple’s proprietary software development tool, Xcode, which could sneak surveillance backdoors into any apps or programs created using the tool. Xcode, which is distributed by Apple to hundreds of thousands of developers, is used to create apps that are sold through Apple’s App Store.
The modified version of Xcode, the researchers claimed, could enable spies to steal passwords and grab messages on infected devices. Researchers also claimed the modified Xcode could “force all iOS applications to send embedded data to a listening post.” It remains unclear how intelligence agencies would get developers to use the poisoned version of Xcode.
The Intercept notes that the Trusted Computing Base Jamboree has been going on since 2006, the year before the first iPhone was release. But as Wired pointed out, these debates about crypto backdoors and whether the government agencies deserved a right to them go back to the Clinton Administration of the mid-'90s.
There is perhaps a new precedent being set, here, though, according to Matthew Green, a cryptography expert from Johns Hopkins. "If U.S. products are OK to target, that’s news to me," he says. "Tearing apart the products of U.S. manufacturers and potentially putting backdoors in software distributed by unknowing developers all seems to be going a bit beyond ‘targeting bad guys.’ It may be a means to an end, but it’s a hell of a means."
Apple CEO Tim Cook said last September, with the release of iOS 8, "None of us should accept that the government or a company or anybody should have access to all of our private information. This is a basic human right. We all have a right to privacy. We shouldn’t give it up."
So, you can expect Apple has gotten their legal team on this already.