The National Security Agency can intercept the world’s Internet communications, tap Google’s and Yahoo’s corporate networks, collect revealing data on every phone call in America, and covertly divert new PC shipments to install monitoring software. And now, as newly revealed NSA documents show, we know it can take complete control over virtually anyone’s Apple iPhone.
Apple, for its part, says it knew nothing about the iPhone exploit, and has vowed to protect customers from any “malicious hackers.”
First revealed by security researcher Jacob Appelbaum and Germany’s Der Spiegel magazine, the NSA installs a piece of spyware called DROPOUTJEEP, which enables the agency to intercept SMS text messages; snag voicemail, geolocation data, cell tower location, and contact lists; capture conversations over the iPhone’s microphone; and snap pictures via the camera.
According to the leaked document on DROPOUTJEEP from 2008 (below), the NSA installed this software through “close access methods” – meaning they needed physical access to the device, which was likely achieved by rerouting shipments of iPhones purchased by targeted customers. The document also explains that the NSA planned a “future release” of DROPOUTJEEP that would allow for remote installation. It is currently unclear whether the agency has developed this updated version in the five years since the document was apparently created.
During the recent 30c3 Conference in Hamburg, Germany, Appelbaum questioned whether Apple aided the NSA in its iPhone tapping efforts.
“Either [the NSA] have a huge collection of exploits that work against Apple products, meaning they are hoarding information about critical systems that American companies produce, and sabotaging them, or Apple sabotaged it themselves,” said Appelbaum (via the Daily Dot).
Apple has since denied Appelbaum’s speculation, however, telling AllThingsD in a statement that it has “has never worked with the NSA to create a backdoor in any of our products, including iPhone.”
“Apple has never worked with the NSA to create a backdoor in any of our products, including iPhone,” the company said. “Additionally, we have been unaware of this alleged NSA program targeting our products. We care deeply about our customers’ privacy and security.”
Furthermore, says Apple, the company “will continue to use our resources to stay ahead of malicious hackers and defend our customers from security attacks, regardless of who’s behind them.”
DROPOUTJEEP is but one of nearly 50 newly revealed technology programs the NSA uses to gather intelligence.