backtop


Print

From efforts to break encryption to Trojans, leak suggest that CIA is engaging in digital war against America's most valuable company

The U.S. Central Intelligence Agency (CIA) has invested time and resources into a "multi-year, sustained effort" to compromise encryption that keeps Apple iPhones and iPads secure from prying eyes.

The information was unveiled by former NSA contractor Edward Snowden in a leak to The Intercept. The release will likely only further strain the current rocky relationship between the US government and US tech companies.  Apple was a member of the government's PRISM surveillance program, but has since increasingly shut out government surveillance and focused on improving user security. 

There is growing concern related to the US government's digital efforts to compromise encryption [Image Source: Gizmodo]

According to the latest leak, US government security researchers from the CIA and sister agencies shared their hacking tricks during a secret annual conference called "Jamboree."  Recent conferences showcased an increasing focus on Apple's Xcode, with agencies look for flaws in the app that could allow for the creation backdoors in iOS apps. 

One strategy concocted by CIA hackers involved the creation of a Trojan version of Xcode which would be distributed online posing as Apple's official app.  The resulting IDE would look just like Apple's and would create working iOS apps, but would also secretly inject malware into the developers apps.

Not surprisingly, cybersecurity researchers were shocked by the disclosure, with open discussions and debates taking place on Twitter and Facebook.  It seems likely that Apple stated that it would implement new security audits to prevent this type of activity in the future.

Knowledge of the reality that the CIA is trying to hack and sabotage Apple's iOS has heighted already significant privacy fears.  Experts fear that the US government may have used its attacks on Apple to harvest usernames, passwords, and account information, while disabling security features and intercepting communications.

Apple is butting heads with the US government. [Image Source: The Kernel]

Here is what Matthew Green, cryptography expert at the Johns Hopkins University’s Information Security Institute said (via The Intercept):

If US products are OK to target, that’s news to me.  Tearing apart the products of US manufacturers and potentially putting backdoors in software distributed by unknowingly developers all seems to be going a bit beyond 'targeting the bad guys.'  It may be a means to an end, but it’s a hell of a means.

It’s unknown how successful the CIA – and other US departments were – when it came to breaching security protocols.  However, there is great concern of possible abuse if a backdoor is found, even while trying to target specific criminals or terrorists.

iSpy
[Image Source: The Intercept]

Christopher Soghoian, the principal technologist for the American Civil Liberties Union (ACLU), condemned the U.S. government's growing habit of attacking American firms, stating: 

The US government is prioritizing its own offensive surveillance needs over the cybersecurity of the millions of Americans who use Apple products.  If US government-funded researchers can discover these flaws, it is quite likely that Chinese, Russian and Israeli researchers can discover them, too.  By quietly exploiting these flaws rather than notifying Apple, the US government leaves Apple’s customers vulnerable to other sophisticated governments.

The US government is desperate to gain access to smartphones and other mobile devices, with FBI Director James Comey previously saying mobile encryption could "lead us to a very dark place."  The FBI claims that if corporations protect their users from its goal of limitless surveillance, citizens might be able to better disguise crimes.  It argues due process is a small sacrifice for its vision of "national security."

The NSA and GCHQ, the UK intelligence agency, have targeted smartphone exploits in their effort to collect personal information on mobile users.

Sources: The Intercept, via Gizmodo, via ZDNet





"We can't expect users to use common sense. That would eliminate the need for all sorts of legislation, committees, oversight and lawyers." -- Christopher Jennings













botimage
Copyright 2017 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki