CIA Working Behind the Scenes to Break into Apple Security Ecosystem

By CIOReview | Wednesday, March 11, 2015

FREMONT, CA: The Central Intelligence Agency (CIA) in the last few years has been trying to break into the security ecosystem of Apple for surveillance purpose, reports JEREMY SCAHILL and JOSH BEGLEY from THE INTERCEPT. The details of the conferences held to circumvent the Apple security have been procured by THE INTERCEPT – which it has recently put up on its website – derived from the National Security Agency whistleblower Edward Snowden.

Top secret documents leaked through the website reveal how CIA has over the period of time held meetings to discuss the progress in introducing back doors into the Apple devices for gathering user data and other information. One widely debated approach to infringe the Apple security net is to attack the Xcode, Apple’s proprietary software development tool, used by several thousand developers to build apps.

Though the findings don’t mention about any successful attempt of tampering Apple security establishment, the report suggests that the CIA and other security agencies are constantly on Apple’s back probably in the name of securing U.S. interests.

Secret gatherings have been held annually called the ‘Jamboree’ where security researchers working for the CIA have discussed strategies to circumvent the security implementations and exploit the vulnerabilities in household and commercial electronics. The first CIA-sponsored meeting is said to have taken place even before iPhone existed.

Big Plans
The plan made by the CIA is not just to tamper the security of one or a group of individuals using Apple product, but to penetrate much deeper into the proprietary Apple firmware and implant malicious code through back door resulting in vulnerabilities which will be carried to all the Apple devices out there in the horizon. The security agencies could then swing into action and tap information and data from any and every Apple device at will, at the drop of a hat.

The Xcode
Researchers backed by the CIA opined that the modified verision of Xcode could “force all iOS applications to send embedded data to a listening post.” Xcode is the widely used software to create Apple-approved apps. As these apps are distributed across the regions, the spies could easily compromise the devices and private data of any user through the ‘corrupt apps.’ Messages could be read by stealing passwords through this approach.

“If U.S. products are OK to target, that’s news to me,” says Matthew Green, a cryptography expert at Johns Hopkins University’s Information Security Institute. “Tearing apart the products of U.S. manufacturers and potentially putting backdoors in software distributed by unknowing developers all seems to be going a bit beyond ‘targeting bad guys.’ It may be a means to an end, but it’s a hell of a means.” Green Adds.