Security researchers at the Central Intelligence Agency (CIA) have worked for almost decade to target security keys used to encrypt data stored on Apple devices in order to break the system.
Citing the top-secret documents obtained from NSA whistleblower Edward Snowden, The Intercept blog reported
that among an attempt to crack encryption keys implanted into Apple's
mobile processor, the researchers working for CIA had created a dummy
version of Xcode.
CIA’s WEAPON TO HACK APPLE DEVICES
Xcode is an Apple’s application development tool used by
the company to create the vast majority of iOS apps. However using the
compromised development software, CIA, NSA or other spies agencies were
potentially allowed to inject surveillance backdoor into programs
distributed on Apple's App Store.
In addition, the custom version of Xcode could also be used to spy on
users, steal passwords, account information, intercept communications,
and disable core security features of Apple devices.
The latest documents from the National Security Agency’s internal
systems revealed that the researchers’ work was presented at its 2012
annual gathering called the "Jamboree" -- CIA sponsored secretive event which has run for nearly a decade -- at a Lockheed Martin facility in northern Virginia.
KEYLOGGER FOR MAC COMPUTERS
According to the report, "essential security keys" used to encrypt data stored on Apple’s devices have become a major target of the research team.
Overall, the U.S. government-sponsored researchers are seeking ways to
decrypt this data, as well as penetrate Apple's firmware, using both
"physical" and "non-invasive" techniques.
In addition to this, the security researchers also presented that how
they successfully modified the OS X updater -- a program used to deliver
updates to laptop and desktop computers -- in an attempt to install a
"keylogger" on Mac computers.
HACKING ENCRYPTION KEYS
Another presentation from 2011 showed different techniques that could be
used to hack Apple's Group ID (GID) -- one of the two encryption keys
that Apple places on its iPhones.
One of the techniques involved studying the electromagnetic emissions of
the GID and the amount of power used by the iPhone’s processor in order
to extract the encryption key, while a separate method focused on a
"method to physically extract the [Apple's] GID key."
According to Matthew Green, a cryptography expert at Johns Hopkins University’s Information Security Institute, "Tearing apart the products of U.S. manufacturers and potentially putting backdoors in software distributed by unknowing developers all seems to be going a bit beyond ‘targeting bad guys.’ It may be a means to an end, but it’s a hell of a means."
Although the documents do not specify how successful or not these
surveillance operations have been against Apple, it once again provoke
the ongoing battle between spy agencies and tech companies, as well as
the dishonesty of the US government.
'SPIES GONNA SPY'
On one hand, where President Barack Obama criticized China for forcing
tech companies to install security backdoors for the purpose of
government surveillance. On the other hand, The Intercept notes that
China is just following America's lead, that’s it.
"Spies gonna spy," said Steven Bellovin, a computer science
professor at Columbia University and former chief technologist for the
FTC. "I’m never surprised by what intelligence agencies do to get
information. They’re going to go where the info is, and as it moves,
they’ll adjust their tactics. Their attitude is basically amoral:
whatever works is OK."
We have already reported about NSA and GCHQ’s various surveillance programs including PRISM, XkeyScore, DROPOUTJEEP, and many more.
FROM http://thehackernews.com/2015/03/cia-hack-iphone-encryption.html
