Home Your IT Mobility iPhones can be ‘backdoor penetrated’ by NSA

Apple has denied any knowledge of the US National Security Agency (NSA) alleged efforts called project DROPOUT JEEP to hack the iPhone and data capable iPad.

Here is the full statement Apple provided to TechCrunch.com.

Apple has never worked with the NSA to create a backdoor in any of our products, including iPhone. Additionally, we have been unaware of this alleged NSA program targeting our products. We care deeply about our customers’ privacy and security. Our team is continuously working to make our products even more secure, and we make it easy for customers to keep their software up to date with the latest advancements. Whenever we hear about attempts to undermine Apple’s industry-leading security, we thoroughly investigate and take appropriate steps to protect our customers. We will continue to use our resources to stay ahead of malicious hackers and defend our customers from security attacks, regardless of who is behind them.

Let’s just accept the statement at face value – it serves no purpose to debate things like ‘lies by omission’ (… never worked with the NSA … what other agencies has it worked with?) and not attempt to analyse the inordinately carefully chosen language which would win a seasoned wordsmith an Oscar for best fiction script.

Let’s just say that it would have been better it to say something like “Apple is sickened and we will never knowingly allow this to happen again.” How about some positive action Apple?

The point is that the much touted ‘secure’ iPhone has apparently been able to be hacked since the inception of NSA’s project DROPOUT JEEP in 2008. This is not a new phenomenon – it is just that recent action from whistle-blower Edward Snowden and friends have simply revealed the name.

Before we go much further let me state that Apple is not alone. If DROPOUT JEEP exists for a supposedly secure iOS then you can be sure as hell that two other things are true:

  1. Similar backdoor hacks exist for Android, Windows, OSX, Linux – hell every known operating system (OS) and its variants.
  2. And that every government with its own equivalent of NSA will be using similar tools

In fact, Germany’s Spiegel reveals the existence of a 50-page catalogue of NSA hacks – spy toolbox it calls it – that makes for very unsettling reading. I will be absorbing this over the next few days and will provide an overview.

What is DROPOUT JEEP? [Items in square brackets are my additions]

It is a software implant [virus style, remote self-installing, to provide root level functionality] for the Apple iPhone [and the rest] that provides SIGINT [signals intelligence] functionality including: the ability to remotely push/pull files from the device; SMS retrieval; contact list retrieval; voicemail; geo-location; hot microphone; camera capture; cell tower location; and more.

Command, control, and data exfiltration can occur via SMS messaging or data connection [2/3/4G or Wi-Fi]. All communications with the iPhone are covert and encrypted.

Opinion

I opted to file this as a brief opinion piece because of the controversial nature of the allegations and that this issue is likely to escalate once the world returns from its holiday revelry to reality.

For example, Apple’s deal to sell iPhones in China via China Mobile could well be under review – the Chinese government gets tetchy when another country outdoes its spying abilities. The first OS or security provider than can identify DROPOUT JEEP or its variants and disable it will make a fortune!

For now, crooks et al should not use an iPhone. Apple needs to urgently patch iOS and ensure it is safe from prying eyes.

I find it an amazing coincidence that recently, Apple joined AOL, Yahoo, Twitter, Microsoft, LinkedIn, Google, and Facebook in requesting global government surveillance reform. Was it case of trying to minimise fall-out once the true extent of surveillance is revealed?

The inconvenient truth is that NSA and its world equivalents are government agencies. “I’m from the government and I’m here to help” have become the most terrifying words in the English language. Only governments can truly fix this fundamental privacy issue.

Although perhaps better known as an actor former US President Ronald Regan summed this mess up well: “Government exists to protect us from each other. Where government has gone beyond its limits is in deciding to protect us from ourselves.”

FREE WHITEPAPER - REMOTE SUPPORT TRENDS FOR 2015

Does your remote support strategy keep you and your CEO awake at night?

Today’s remote support solutions offer much more than just remote control for PCs. Their functional footprint is expanding to include support for more devices and richer analytics for trend analysis and supervisor dashboards.

It is imperative that service executives acquaint themselves with the new features and capabilities being introduced by leading remote support platforms and find ways to leverage the capabilities beyond technical support.

Field services, education services, professional services, and managed services are all increasing adoption of these tools to boost productivity and avoid on-site visits.

Which product is easiest to deploy, has the best maintenance mode capabilities, the best mobile access and custom reporting, dynamic thresholds setting, and enhanced discovery capabilities?

To find out all you need to know about using remote support to improve your bottom line, download this FREE Whitepaper.

DOWNLOAD!

Ray Shaw

joomla stats

Ray Shaw ray@im.com.au  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!

Connect