According to a report published in The Intercept, The Central Intelligence Agency of the USA has been trying to hack iOS security for years. These allegations have been based on documentary evidence given by Edward Snowden, an NSA whistleblower.
The researchers that have been working on this for a decade have presented their tactics and individual achievements to the Trusted Base Jamborees. There have been secret gatherings for the last 10 years. These researchers are working with one target in mind. They use both non-invasive and physical techniques to penetrate into the encrypted system of Apple. They have possible intentions to plant a malicious code to break into the devices of Apple and find possible vulnerabilities.
Vice President for advanced security and strategy at Core Security, Eric Cowperthwaite stated that if Apple’s security code can be cracked then hackers have the potential to break inside other phones in the market. This is a good opportunity for them to make their investigations for diverse reasons. Besides this, iOS is considered to be the most secure smartphone operating system and has a very attractive large market.
Now, this is detrimental in the future, Cowpertwaite stated. There is the CIA, NSA, Chinese security agencies and several others trying to break in. This is not very good news for the eco system. The trust and security is compromised.
A modified version of Apple’s Xcode, an integrated environment for developers, has been created by CIA researchers. Their code will allow users to put surveillance backdoors into applications and programs developed for the OS X and iOS platforms. However, the question is still unsure as to whether users would be willing to go in for a tampered version of the Xcode.
There are further reports that the CIA researchers have modified the updater of the OS X for installing a keylogger. Moreover, the BitLocker full disk encryption system of Microsoft has also been targeted as well.
Cooperation between private and public sectors
Researchers from the Sandia National Laboratories are known to have showcased their skills of Apple security cracking at the Jamborees. These gala affairs are also hosted by the Information Operations Center of the CIA. The center is also accused of performing covert cyber attacks against targets. Leaked information revealed that the 2012 Jamboree, held in northern Virginia, was attended by the NSA personnel.
“The use of overt cyber snooping and forced intellectual property disgorgement as an impediment to foreign trade is a unique and innovative strategy, certain to provoke negative responses from companies and governments alike,” stated Philip Lieberman from Lieberman Software.
Where do your tax money go?
The Intercept reported that these activities, led by the CIA, are actually part of a secret government program which is included in the Congressional Budget Justification of 2013.
Both iCloud and iOS have been hacked multiple times. Jonathan Zdziarski, the iOS hacker, revealed a number of iOS vulnerabilities last year at the New York Hope/X hackers’ conference. They also shed light on undocumented services that do away with backup encryption.
So, why is CIA investing in crypto research instead of simply leveraging these attacks via web? “Intelligence-gathering techniques require the evaluation and use of all types of methods and means to achieve the best information quickly and at the lowest possible cost. Even the government is concerned with ROI,” Liebermann told TechNewsWorld.
Will it affect enterprise mobility?
Now, the question is, should companies and enterprises be concerned? According to Veracode VP of Security Research Chris Eng, most of the enterprises will not be worried or resilient against national adversaries.
Cowperthwaite from Core Security asked a reasonable question: how would secure systems of CISO know that they have been polluted?
How should Apple react to the these revelations?
Now, the case is dealing with Apple and it is expected that it should act to protect its security. According to Jon Rudolph, principal software engineer at Core Security, the ball is now in the court of Apple. It is the company to decide if they would be selling a product in the market that is CIA-proof. Rudolph stated that he would buy two products and make the task simpler by removing his personal data.
Apple as a company needs to take into account both national defense and privacy. There has to be a balance between the two. “There is no clear or right path – only a daily need to keep every stakeholder equally dissatisfied with privacy and national security needs,” remarked Lieberman.