CIA spends years trying to break Apple’s security

By

The CIA is gunning for Apple's security. Photo: Spy vs. Spy
The CIA is gunning for Apple's security. Photo: Spy vs. Spy

The CIA has been been involved in a multi-year effort to crack iOS security, according to new information provided to The Intercept by whistleblower Edward Snowden. The attempts have been the focal point of multiple yearly CIA conferences called “The Jamboree.”

Among the possible solutions proposed include a means of “whacking” Xcode, the software used to create apps for iOS and Macs. Researchers claimed they had discovered a means by which Xcode could be manipulated to allow devices to be infected, so as to allow for the extraction of private data — thereby creating a “remote backdoor” that would disable core security features and allow undetected access to Apple devices.

“The Intelligence Community (IC) is highly dependent on a very small number of security flaws, many of which are public, which Apple eventually patches,” the researchers noted in the abstract for a 2011 presentation at the Jamboree. Another presentation focused on possible hardware hacks for Apple devices.

The Jamboree events go back to 2006, just before the iPhone was launched. In the years since, various talks have focused on different ways to break iOS security. A common area of interest was the various flaws exposed by the jailbreak community, which government organizations attempted to leverage before Apple could step in to patch them.

Apple is far from alone in being targeted as a smartphone maker. Rather, the security of Apple devices serves as a “worst case scenario” for would-be government eavesdroppers. In other words, if the iPhone and iPad can be compromised — with their state-of-the-art security in terms of both software and hardware — then no company’s device is safe.

Tim Cook has been outspoken about disagreeing with National Security Agency surveillance.

“I want to be absolutely clear that we have never worked with any government agency from any country to create a backdoor in any of our products or services,” he said last September, when Apple’s new privacy policy was announced. “We have also never allowed access to our servers. And we never will. None of us should accept that the government or a company or anybody should have access to all of our private information. This is a basic human right. We all have a right to privacy. We shouldn’t give it up. We shouldn’t give in to scare-mongering.”