Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > News > Tech News > Report: CIA researchers have targeted Apple device security for years

Report: CIA researchers have targeted Apple device security for years
Thread Tools
NewsPoster
MacNN Staff
Join Date: Jul 2012
Status: Offline
Reply With Quote
Mar 10, 2015, 12:22 PM
 
The Central Intelligence Agency (CIA) has been trying to compromise iOS devices for a number of years, a report claims. Documents leaked by whistleblower Edward Snowden reveal that a secret annual conference called the "Trusted Computing Base Jamboree" was used to discuss various ways to exploit security in consumer devices and electronics, including iPads and iPhones, as part of ongoing attempts by intelligence agencies to use consumer devices for surveillance.

The research presented at the Jamboree has dealt with both "physical" and "non-invasive" techniques to compromise devices, reports The Intercept, including decrypting and penetrating Apple's firmware. In theory, this would allow security agencies enough access to try and find more vulnerabilities they can use to their advantage.

Researchers from Sandia National Laboratories revealed their research at the CIA-sponsored event but did not advise how successful they were in defeating Apple's security mechanisms, the documents state. It is unknown whether any exploits were being used by intelligence agencies, though the information does show that great lengths have already been taken to try and get Apple's encryption keys.

In an abstract of the 2011 presentation, researchers admit the "Intelligence Community is Highly dependent on a very small number of security flaws, many of which are public, which Apple eventually patches."

The following year, a talk called "Strawhorse: Attacking the MacOS and iOS Software Development Kit" discussed how Xcode had been manipulated so that private data could be extracted from apps created using the poisoned development kit. Rather than attacking iOS directly, the technique instead attacked the app development process, and in turn the apps themselves.

The list of potential tasks apps created within the modified Xcode could perform is short, but powerful. On Mac, backdoors could be built into applications to provide remote access. For iOS devices, an app developer's private key could be secretly embedded into iOS apps, allowing hackers to impersonate their chosen developer, while another could force apps to feed data back to an intelligence "listening post." The ability to "disable core security features" is also claimed.

While the main action of the Jamboree dealt with Apple, other tech companies were also put under close scrutiny by researchers. Microsoft's BitLocker and the Trusted Platform Module were attacked by researchers, with some apparent level of success. Researchers claimed they were able to extract BitLocker encryption keys in 2010, potentially allowing for the collection or adjustment of protected data.
( Last edited by NewsPoster; Mar 10, 2015 at 06:45 PM. )
     
Flying Meat
Senior User
Join Date: Jan 2007
Location: SF
Status: Offline
Reply With Quote
Mar 10, 2015, 03:24 PM
 
Brought to you by the fine folk that made FREAK a thing.
     
robttwo
Fresh-Faced Recruit
Join Date: Nov 2005
Status: Offline
Reply With Quote
Mar 10, 2015, 06:26 PM
 
This article has been reported.
     
The Vicar
Dedicated MacNNer
Join Date: Jul 2009
Status: Offline
Reply With Quote
Mar 10, 2015, 06:52 PM
 
Here's an idea: keep the CIA around, but instead of letting them do things, have them suggest ideas and then do the opposite. Every single thing the CIA is involved in turns out to be bad for America in the medium-to-long-term. (They started the drone bombing program which turns out to be creating more terrorists than it can possibly kill. They invented LSD. They ran drug-smuggling in the 1980s. Osama bin Laden and Saddam Hussein were both CIA assets at one time. And that's just the more memorable stuff — they've been involved in more obviously foreseeable disasters than a crash test dummy.)
     
Charles Martin
Mac Elite
Join Date: Aug 2001
Location: Maitland, FL
Status: Offline
Reply With Quote
Mar 12, 2015, 04:19 AM
 
Vicar: yes there is quite a history of failures, while any successes are probably never talked about. But some of those failures have had serious, world-changing, long-lasting effects ...
Charles Martin
MacNN Editor
     
smacker
Fresh-Faced Recruit
Join Date: Apr 2003
Status: Offline
Reply With Quote
Mar 12, 2015, 06:19 AM
 
The Vicar: LSD wasn't invented by the CIA https://en.wikipedia.org/wiki/Lysergic_acid_diethylamide
But the CIA wanted to use the drug for mind control and chemical warfare. This behaviour fits perfectly with what they're doing today. The CIA needs to go!
     
   
Thread Tools
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 01:02 AM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,