The NSA eavesdrops on the iPhone with ease, says security researcher

Update: Apple has made a statement disavowing any knowledge of the exploit or collusion with the NSA.

Security researcher Jacob Appelbaum claims to have discovered what he describes as "an iPhone backdoor" exploited by the National Security Agency (NSA). Appelbaum discussed the exploit during a speech he gave at this week's Chaos Communication Congress in Hamburg, Germany, according to The Daily Dot.

According to a leaked document, The software, called DROPOUTJEEP, enables users to push and pull files to and from the device, retrieve SMS message, retrieve contact list data, voicemail, geolocation data, captures camera images, and more, as well as enable a "hot mic" - a microphone that will transmit audio without the user's knowledge or consent.

"You think Apple helped them with that?" asked Appelbaum. "I don't know. I hope Apple will clarify that. I think it's really important that Apple doesn't. Here's the problem: I don't really believe that Apple didn't help them. I can't prove it yet, but they [the NSA] literally claim that any time they target an iOS device, that it will succeed for implantation."

"Either they [the NSA] have a huge collection of exploits that work against Apple products, meaning that they are hoarding information about critical systems that American companies produce, and sabotaging them, or Apple sabotaged it themselves," said Appelbaum.

"Not sure which one it is; I'd like to believe that since Apple didn't join the PRISM program until after Steve Jobs died, that maybe it's just they write...that they write shitty software. We know that's true," he said, to laughter and applause from the audience.

Appelbaum, who goes under the Twitter nickname @ioerror, is a core member of the Tor project - free software designed to enable online anonymity by directing traffic through thousands of Internet relays. Appelbaum has fallen under the Department of Justice's scrutiny and has represented Julian Assange's WikiLeaks organization at past conferences.

Some of Appelbaum's revelations were also posted in an article published by German news magazine Der Spiegel.

Appelbaum discusses the iPhone exploit at around the 44 minute and 30 second mark in the video embedded above.

In June, Apple published its Commitment to Customer Privacy (opens in new tab):

"Two weeks ago, when technology companies were accused of indiscriminately sharing customer data with government agencies, Apple issued a clear response: We first heard of the government’s 'Prism' program when news organizations asked us about it on June 6. We do not provide any government agency with direct access to our servers, and any government agency requesting customer content must get a court order."

Appelbaum's allegations are an entirely different situation, however: this would enable the NSA to eavesdrop on iPhone users without any knowledge or cooperation with Apple. Appelbaum's snide commentary about the quality of Apple's programming notwithstanding, it's a troubling development, if true.

Update: Apple provided a statement disavowing knowledge of any such exploit, and also disavowing any collusion with the NSA. They said in part:

Whenever we hear about attempts to undermine Apple’s industry-leading security, we thoroughly investigate and take appropriate steps to protect our customers. We will continue to use our resources to stay ahead of malicious hackers and defend our customers from security attacks, regardless of who’s behind them.

Source: The Daily Dot

Peter Cohen
  • I bet CrackBerry is going to have a field day with this. I guess it's a good thing %99.999 of my conversations are boring and and of no threat to national security.
  • Haha but 0.001 percent are a threat?
  • Just to stop the flame wars before they begin -- Applebaum did not single out iOS, as he talked about the NSA going after many platforms in the course of going through the documents. iOS got a second slide to emphasize the NSA's outrageously confident claim, which could suggest either that the NSA is fantastically more talented than Apple, or that Apple assisted. His "shitty software" cheap shot was still out of bounds, though.
  • It's worth singling Apple out because we all want to believe our iOS devices are really, truly secure. Doing them puts the squeeze on them to address and, hopefully, fix it. We just can't know that for sure if we can't read every bit of source code. The same goes for Windows (and it's mobile OS). With Android one can scrutinize the code, at least. Still, sometimes I wonder if Google or it's OEMs do insert their own back doors separate from AOSP. As for the "shitty software cheap shot," it's a joke, not to mention a joke among hackers talking about huge gaping security holes. (It made me chuckle, personally.)
  • For a guy who believes in open source anonymity, iOS is shitty software. It's all relative.
  • I'm a contributor on a half-dozen or so projects myself, and anonymous here :). I'd call Apple's control freakery shitty, but not the software itself. But without access to the innards, that's just my opinion, and you know what they say about opinions... But the comment was still out of bounds because it detracts from his point -- it gives pro-Apple folks something to feed their persecution complex, and gives anti-Apple folks a chance to feel superior,. It will drown his previous, important, point - - that if the NSA claims are true, some large companies may either be incompetent or working against their companies interests -- in fanboyism all around.
  • I meant, the speaker seems to believe in it, not me.
  • If true. I want to see numbers of units infected, methods of infection etc. before I take the bait. It seems to be a bit too far fetched for me to believe it on face value. Why is it that anything related to the NSA is taken as truth, without any type of fact checkin? We are all so gullible, we believe anything in a blog these days. And use that as a source.
  • If true, it would be 100% of units. It's built in to the core OS according to him, unless I read it wrong.
  • Well certainly I regret transferring my plans to take over the world onto my iPhone. Great! I have to start all over now! Sent from the iMore App
  • +1! Too funny Sent from the iMore App
  • Interesting. Who is not spying if it's not hackers it's the government. As long as it's for protecting the country. I have no problem. Sent from the iMore App
  • Someone needs to read some Ben Franklin.
  • Since we have documentation on everything from NSA employees spying on their potential dates to blackmailing political opponents with their browsing (yes, porn) habits, to several incidents of corporate spying for connected businesses, you should have a problem. One cannot expect, for such power to be wielded perfectly, unchecked, by imperfect humans.
  • The date of the NSA report was 10/08 (that seems to be overlooked as we are talking about an exploit over 5 years old) and they claim they can control the iPhone via SMS or GPRS. If such claims are true, I find it incredulous that shi**y coding would allow remote execution of code via SMS. That said, I'm sure there is are old ROM/phones laying around for some hacker to verify this claim.
  • There is no need for verification of this concept; Charlie Miller found one way to enable arbitrary code execution on an iPhone from a crafted SMS message back in 2009. He worked with Apple to identify and fix it, and presumably that specific vector is closed. That does not mean every bit of "sh**y coding" is gone.
  • This sounds like something that a denizen of platforms other than Apple would say because they hate Apple and want to do maximum damage.
  • great, does that mean I don't have to passcode my phone now?
  • Watch the presentation. As summarized in the earlier comment, iOS was mentioned for two minutes in a larger presentation, getting slightly more time than Solaris did. There is no specific persecution here.
  • Not sure why this surprises anyone. If there is tech, there is someone who can hack it. If someone can hack it, the US Government can hack it too.
  • Waiting for a response from Apple...
  • So, why is everyone freaking out about this? Did you seriously not think that every world Gov't is spying on their people? I actually talk to people, and if they think that I am so much of a threat, that they are spying on me, which is 1 out of 300,000,000, I WOULD WANT THEM TO. If I was a terrorist, would you say "Oh no, he needs his technological privacy!", or would you be rational, and milk it to get every little bit of data from me?
  • To paraphrase Miss Scarlet, "Terrorism is just a red herring." ... But this is how it really happened...
  • A highly underrated movie.
  • Sure, until you mistakenly get targeted because the government misinterpreted something you say, or you mention the name of a friend who happens to have the same name as a suspected terrorist. Next time you are denied airline travel because a misinterpreted conversation put you on the no-fly list, tell us all about privacy having nothing to do with freedom, and that it's fine. Do you also not see the potential for abuse, here? What's happening today is atrocious, and people are fine with it, in the name "keeping us safe" from a statistically tiny terrorist threat. How cowardly.
  • Never underestimate the cluelessness of the masses! The Sheeple will gladly give up all their freedom to feel "safe". If anyone thinks this stuff is being done to "protect" them, they have a LOT to learn!
  • They are not spying on 1 out of 300,000,000. The administration claims they are not "collecting" data on the other 299,999,999, because they have redefined the word "collecting" to mean "access specific contents." Collecting and storing the data, and analyzing the metadata, does not count as "collected," according to the NSA. In other words, they have, somewhere, every phone number you have called (or has called you), every address which has sent (or received) email, every website you have visited, and so on, and can use that to assemble a very detailed picture of who boovish is, but they do not count information as "collected" on boovish because they have not read the contents of any particular email. They have that at the ready to be queried as well, but do not need to use it in virtually all cases because the metadata reveals enough. The eff's essay on James Clapper's testimony and the redefinition of these words may be helpful:
  • And people wondered why the Secret Service said the President couldn't have an iPhone. Sent from the iMore App
  • Here's a new write up mentioning BB as well.
  • “You have zero privacy anyway… Get over it."
    - Scott McNealy, CEO Sun Microsystems, in 1999
  • We are revoking all your freedoms, get over it..:roll eyes:
  • I am a very big apple fan, love what they do and their eco-system, but even I have to admit I was shocked at this. I generally disregarded the talks about NSA hacking as only relevant to people still running windows 98, no updates, firewall off etc. Seeing that they have working hacks (well, as of 2008) that can access an iPhone, and enable pretty much anything, and live monitor, including cam and mic, use exploits in all common desktop operating systems, i admit i'm a little worried now. And as for him singling out Apple, yes it could be a low blow somewhat, BUT, Apple market their devices as secure and safe. I'm PRAYING the exploit documented in 2008 was simply a bug that was fixed, but that comment.... '100% success rate'..... you can't claim that without some extra information or help..... I'll be watching any new NSA findings closely.
  • Did we ever have privacy to begin with?
  • Now I know what "other" means in iTunes when my iPhone is connected! Sent from the iMore App
  • I think you can hack anything... IF you have physical access to it. Sent from the iMore App
  • I read an article this morning about the catalog of tech that the NSA has and it was 4 years old. Among them was a bootloader that could be loaded onto an Android device. So singling out Apple is just for effect and attention. The competition using this as a way to bash iOS users is just stupid because like the saying goes "People who live in a glass house shouldn't throw stones". Am I concerned about it not really. But not because I think it's something not to be concerned about. I'm not concerned because the alternative is to stay away from technology and in this day that is impossible. I wish they would be held accountable but the truth is they wont be. There will be exploits shitty software or not, using an opinion as fact is just stupid, if there weren't exploits Jailbreak, Rooting would have died long ago.