Menu
Snowden docs show CIA's attempts to defeat Apple device security

Snowden docs show CIA's attempts to defeat Apple device security

A secret CIA-sponsored conference reportedly hosted talks on stealing encryption keys from Apple devices and infecting them with malware

Researchers sponsored by the U.S. government have reportedly tried to defeat the encryption and security of Apple devices for years.

Several presentations given between 2010 and 2012 at a conference sponsored by the U.S. Central Intelligence Agency described attempts to decrypt the firmware in Apple mobile devices or to backdoor Mac OS X and iOS applications by poisoning developer tools.

Abstracts of the secret presentations were among the documents leaked by former U.S. National Security Agency contractor Edward Snowden to journalists and were published Tuesday by The Intercept.

The U.S. intelligence community's interest in hacking Apple products goes as far back as 2010, when a researcher presented possible methods of implanting the iPhone 3GS with malware at an annual conference called the Trusted Computing Base Jamboree, which, according to The Intercept, is sponsored by the CIA's Information Operations Center. The presentation also covered ways to jailbreak the device.

Over the next couple of years, the same conference included more talks on ways to bypass the security of Apple devices. For example, in 2011 researchers presented a technique to "noninvasively" extract the cryptographic key that's used to encrypt the firmware of devices based on Apple's A4 processor, like the iPhone 4, the iPod Touch and the first generation iPad.

The key, which is called the Group ID (GID), is stored inside the physical chip. The researchers tried to recover it by studying the electromagnetic emissions that occur during Advanced Encryption Standard (AES) operations, a technique known as differential power analysis.

"If successful, it would enable decryption and analysis of the boot firmware for vulnerabilities, and development of associated exploits across entire A4-based product-line," they wrote in a description of their presentation.

It's not clear if the researchers ever succeeded in recovering the key, but their presentation covered the progress they had made until then.

A separate talk described methods of determining where the GID key was located on the A4 integrated circuit and how it could be recovered through an invasive technique like the "physical de-processing of the chip."

By the following year the A5 processor used in the iPhone 4S, iPad 2, iPod Touch fifth generation and the iPad mini was also being targeted. Researchers from Sandia National Laboratories, a Federally Funded Research and Development Center (FFRDC) operated by Lockheed Martin subsidiary Sandia Corporation, had a talk entitled "Apple A4/A5 Application Processors Analysis." The presentation had no abstract and attendees looking for more information about it were instead instructed to call or email a CIA official.

It wasn't just Apple's master encryption keys that the U.S. intelligence community was interested in, but also the individual keys used by private developers to sign their iOS or Mac OS X apps.

Researchers from Sandia Labs gave a talk about their efforts to create a modified, or "whacked" version of Xcode, the free tool that developers use to create software for Apple devices. The poisoned version of Xcode could insert a backdoor into any applications created with it, could hide the confirmation prompts when a developer's private key was exported and could embed a developer's key into all iOS apps created with the tool, from where it could be later extracted.

"We also describe how we modified both the Mac OS X updater to install an extra kernel extension (a keylogger) and the Xcode installer to include our SDK [software development kit] whacks," the researchers wrote in their talk's description.

The FBI and U.S. intelligence agencies have voiced concern over the past year that the increased addition of default encryption to mobile devices and Internet communications make lawful electronic surveillance impossible. They call this the Going Dark problem.

Such agencies would like to see an approach where companies could offer encryption, but also be able to comply with government requests for data. Many security experts and privacy advocates believe this would involve building backdoors into encryption implementations that could also be exploited by hackers.

"I want to be absolutely clear that we have never worked with any government agency from any country to create a backdoor in any of our products or services," Apple CEO Tim Cook wrote in an open letter in September. "We have also never allowed access to our servers. And we never will."

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags AppleCentral Intelligence AgencysecurityencryptionExploits / vulnerabilitiesdata protectionmalware

Featured

Slideshows

Educating from the epicentre - Why distributors are the pulse checkers of the channel

Educating from the epicentre - Why distributors are the pulse checkers of the channel

​As the channel changes and industry voices deepen, the need for clarity and insight heightens. Market misconceptions talk of an “under pressure” distribution space, with competitors in that fateful “race for relevance” across New Zealand. Amidst the cliched assumptions however, distribution is once again showing its strength, as a force to be listened to, rather than questioned. Traditionally, the role was born out of a need for vendors and resellers to find one another, acting as a bridge between the testing lab and the marketplace. Yet despite new technologies and business approaches shaking the channel to its very core, distributors remain tied to the epicentre - providing the voice of reason amidst a seismic industry shift. In looking across both sides of the vendor and partner fences, the middle concept of the three-tier chain remains centrally placed to understand the metrics of two differing worlds, as the continual pulse checkers of the local channel. This exclusive Reseller News Roundtable, in association with Dicker Data and rhipe, examined the pivotal role of distribution in understanding the health of the channel, educating from the epicentre as the market transforms at a rapid rate.

Educating from the epicentre - Why distributors are the pulse checkers of the channel
Kiwi channel reunites as After Hours kicks off 2017

Kiwi channel reunites as After Hours kicks off 2017

After Hours made a welcome return to the channel social calendar last night, with a bumper crowd of distributors, vendors and resellers descending on The Jefferson in Auckland to kickstart 2017. Photos by Maria Stefina.

Kiwi channel reunites as After Hours kicks off 2017
Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow Electronics introduced Tenable Network Security to local resellers in Sydney last week, officially launching the distributor's latest security partnership across Australia and New Zealand. Representing the first direct distribution agreement locally for Tenable specifically, the deal sees Arrow deliver security solutions directly to mid-market and enterprise channel partners on both sides of the Tasman.

Arrow exclusively introduces Tenable Network Security to A/NZ channel
Show Comments