Report: CIA spies have been trying to hack Apple's iPhone security for years

Researchers at the Central Intelligence Agency have spent years trying to crack the security and encryption technology of Apple (NASDAQ: AAPL) iPhones and iPads as part of an effort remotely steal information off of those devices, according to a report from The Intercept.

The report, citing documents provided by former National Security Agency analyst Edward Snowden, said that the CIA security researchers claimed they had created a modified version of Apple's proprietary software development tool, known as Xcode, in order to place surveillance backdoors into any apps or programs created using Xcode. The report said that Xcode is distributed by Apple to hundreds of thousands of developers and is used to create apps that are sold through Apple's App Store.

According to the documents, the modified version of Xcode could let spies steal passwords and get messages off of devices. The researchers also claimed the modified Xcode could "force all iOS applications to send embedded data to a listening post." The report noted it remains unclear how intelligence agencies would get developers to use the poisoned version of Xcode. The documents cited a presentation at an annual CIA conference to discuss strategies for exploiting security flaws in household and commercial electronics known as a "Jamboree."

Importantly, however, the documents do not address how successful the CIA has been at hacking into Apple's encryption mechanisms, nor do they provide any information about the specific use of such methods by U.S. intelligence agencies.

The CIA and Apple declined to comment, the report said. According to the report and Reuters, Apple pointed to comments made by Cook in September 2014. "I want to be absolutely clear that we have never worked with any government agency from any country to create a backdoor in any of our products or services," Cook wrote in a statement on privacy and security. "We have also never allowed access to our servers. And we never will."

Apple disclosed last year that its latest mobile software update, iOS 8, includes deep protection of customer data. The company said it cannot technically turn over customer data using the new software even if was required to by a warrant. Apple, along with Google (NASDAQ: GOOG) and other tech companies, have resisted pressure from U.S. and UK law enforcement officials to weaken their security and encryption on mobile devices to aid intelligence and law enforcement officials in getting access to suspects' data, the report notes.

"If U.S. products are OK to target, that's news to me," Matthew Green, a cryptography expert at Johns Hopkins University's Information Security Institute, told The Intercept. "Tearing apart the products of U.S. manufacturers and potentially putting backdoors in software distributed by unknowing developers all seems to be going a bit beyond 'targeting bad guys.' It may be a means to an end, but it's a hell of a means."

The report noted that for years U.S. and British intelligence agencies have been seeking to crack into security and encryption technology of iPhones, Android phones and other smartphones. A joint task force comprised of operatives from the NSA and Britain's Government Communications Headquarters, formed in 2010, created such surveillance software and successfully placed malware on iPhones as part of WARRIOR PRIDE, a GCHQ project for secretly accessing private communications on smartphones. That program was disclosed in Snowden documents reported on last year by the Guardian, and included malware designed to remotely and secretly activate a phone's microphone, remotely manage the power of a phone to turn it off to avoid detection, to allow ultra-precise geo-targeting of a phone and to conceal the malware itself. However, all of that requires spies to get around security built into the iOS operating itself.

The Intercept reported last month that, according documents provided by Snowden, the NSA and GCHQ penetrated SIM-card maker Gemalto's internal computer systems. The report said that the spy agencies harvested encryption keys for SIM cards so that they could secretly monitor cellular voice and data traffic. That would have allowed the agencies to bypass the need to get permission from carriers or governments to wiretap intelligence targets' communications. However, Gemalto later said that although the security agencies likely mounted an operation to hack SIM card encryption in 2010 and 2011, the attacks failed to get beyond its office networks thanks to a secure encryption key transfer system. Yet some analysts and security researchers have questioned the thoroughness of Gemalto's investigation (which took less than a week) and have said the company likely has no idea how vulnerable it actually was. 

For more:
- see this The Intercept article
- see this Reuters article
- see this Guardian article

Related Articles:
Gemalto reveals GCHQ, NSA failed to crack SIM encryption keys
Gemalto says its initial investigation found its SIM cards are 'secure,' despite report of hacking
Gemalto launches probe after report claims NSA, GCHQ hacked its system to steal SIM card encryption keys
Researcher says up to 750M phones may be vulnerable to SIM card security flaw
Apple highlights privacy safeguards amid concerns over user data being compromised