It’s very likely that all what we’ve learned about the NSA’s spy program is but the tip of the iceberg of the agency’s true capabilities, following yet more revelations published yesterday. Just days after leaked documents from the Ed Snowden treasure trove revealed that the NSA was intercepting laptops ordered online to install spyware and malicious hardware on them, we discover that Apple’s iPhones are just as vulnerable, if not more so.
The revelations were delivered during a talk at the Chaos Communications Congress in Germany by security researcher Jacob Appelbaum, reports the Daily Dot. During the talk, Appelbaum summarized the NSA’s iPhone snooping software known as “DROPOUTJEEP”, in a broader discussion of the agency’s controversial electronic surveillance programs.
DROPOUTJEEP came to Appelbaum’s attention by way of a leaked document dated 2008 that was published in the German magazine Der Spiegal. In the document, DROPOUTJEEP’s basic operational structure and capabilities are detailed, showing that the NSA has the ability to intercept SMS messages, access data stored on the phones, switch the microphone on and off, and locate the phone at any time.
It’s a startling revelation, but one thing we don’t know is how many iPhones have been compromised. Whilst the NSA claims a 100 percent success rate for installing DROPOUTJEEP on iOS devices, the documents suggests that agents need physical contact with the phone to do so.
However, Appelbaum makes the rather ominous accusation that Apple may have been complicit in the development of DROPOUTJEEP, though he tempers his claim by saying he “can’t really prove it”.
“I don’t really believe that Apple didn’t help them,” Appelbaum said. “I can’t really prove it yet, but [the NSA] literally claim that anytime they target an iOS device, that it will succeed for implantation. Either they have a huge collection of exploits that work against Apple products, meaning that they are hoarding information about critical systems that American companies produce and sabotaging them, or Apple sabotaged it themselves. Not sure which one it is. I’d like to believe that since Apple didn’t join the PRISM program until after Steve Jobs died, that maybe it’s just that they write [expletive redacted] software. We know that’s true.”
According to Der Spiegal, the NSA employs its special elite hacking unit known as Tailored Access Operations, or TAO, to intercept and install the software on target devices. Once the spyware is installed, devices are carefully repackaged and sent on their way to their blissfully unaware owners.
Obviously this isn’t the most efficient way of installing DROPOUTJEEP, but the document also suggests that the NSA was pursuing methods of remote installation. It’s not clear if the agency has since developed this capability , or if the exploit it used has since been closed by Apple.
Here’s Appelbaum’s full talk, with the iPhone discussion beginning at around 44 mins.