The CIA has been busying itself with cracking the security of iOS for years, the latest documents released by Edward Snowden reveal, as published by The Intercept.
The details emerged from an annual CIA conference named “The Trusted Computing Base Jamboree”, detailed in the documents uncovered today. The conference was sponsored by the CIA’s Information Operations Center, which, by the way, conducts covert cyberattacks.
The aim of the meeting was provide important information to developers tying too circumvent or exploit new security capabilities, as well as to “exploit new avenues of attack.” The documents reveal a lecture entitled “Strawhorse: Attacking the MacOS and iOS Software Development Kit,” in which the presenter, from Sandia Labs, described a way of successfully “whacking” of Apple’s Xcode (free Apple software developers use to create apps for iOS and OS X).
The researchers listed a variety of actions their “whacked” Xcode could perform, including:
— “Entice” all Mac applications to create a “remote backdoor” allowing undetected access to an Apple computer.
— Secretly embed an app developer’s private key into all iOS applications. (This could potentially allow spies to impersonate the targeted developer.)
— “Force all iOS applications” to send data from an iPhone or iPad back to a U.S. intelligence “listening post.”
— Disable core security features on Apple devices.
At this point it is unclear how the Agency has benefitted from the back doors Sandia Labs uncovered. Since then Apple has become more vocal on the need for internet privacy, how much they value your private data and that protecting their customer is of the utmost importance.