“Following up on the latest stunning revelations released yesterday by German Spiegel which exposed the spy agency’s 50 page catalog of “backdoor penetration techniques”, today during a speech given by Jacob Applebaum (@ioerror) at the 30th Chaos Communication Congress, a new bombshell emerged: specifically the complete and detailed description of how the NSA bugs, remotely, your iPhone,” Tyler Durden reports for Zero Hedge.
Durden reports, “The way the NSA accomplishes this is using software known as Dropout Jeep, which it describes as follows: ‘DROPOUT JEEP is a software implant for the Apple iPhone that utilizes modular mission applications to provide specific SIGINT functionality. This functionality includes the ability to remotely push/pull files from the device. SMS retrieval, contact list retrieval, voicemail, geolocation, hot mic, camera capture, cell tower location, etc. Command, control and data exfiltration can occur over SMS messaging or a GPRS data connection. All communications with the implant will be covert and encrypted.'”
Durden reports, “What is perhaps just as disturbing is the following rhetorical sequence from Applebaum: ‘Do you think Apple helped them build that? I don’t know. I hope Apple will clarify that. Here’s the problem: I don’t really believe that Apple didn’t help them, I can’t really prove it but [the NSA] literally claim that anytime they target an iOS device that it will succeed for implantation. Either they have a huge collection of exploits that work against Apple products, meaning that they are hoarding information about critical systems that American companies produce and sabotaging them, or Apple sabotaged it themselves. Not sure which one it is. I’d like to believe that since Apple didn’t join the PRISM program until after Steve Jobs died, that maybe it’s just that they write shitty software. We know that’s true.’ Or, Apple’s software is hardly ‘shitty’ even if it seems like that to the vast majority of experts (kinda like the Fed’s various programs), and in fact it achieves precisely what it is meant to achieve.”
Read more in the full article here.
MacDailyNews Take: Shit meet fan. Fan, shit.
No wonder Apple et al. are scared to death about potential losses of business over this Orwellian nightmare and are now calling for government surveillance reform. Sans Snowden, ’tis doubtful, sadly, that we’d have heard a peep from any of these companies, including Apple.
American citizens: If you do not stand up for your rights now, you never will.
United States Constitution, Amendment IV:
“The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety. – Benjamin Franklin, Historical Review of Pennsylvania, 1759
Visit the Apple-backed reformgovernmentsurveillance.com today.
[Thanks to MacDailyNews Readers “TGunServo” and “Mj miller” for the heads up.]
Related articles:
Report: U.S. NSA intercepts computers during shipping to install surveillance malware – December 30, 2013
U.S. NSA uses Google cookies to pinpoint targets for hacking – December 11, 2013
Apple, Google, others call for government surveillance reform – December 9, 2013
U.S. NSA secretly infiltrated Yahoo, Google data centers worldwide, Snowden documents say – October 30, 2013
Obama administration decides NSA spying is ‘essential,’ but oversight of NSA is not – October 8, 2013
Apple’s iPhone 5s with Touch ID seen as protection against U.S. NSA – September 16, 2013
German government: Windows 8 contains U.S. NSA snooping back doors; too dangerous to use – August 23, 2013
Report: NSA can see 75% of U.S. Web traffic, can snare emails – August 21, 2013
NSA can read email, online chats, track Web browsing without warrant, documents leaked by Edward Snowden show – July 31, 2013
Momentum builds against U.S. government surveillance – July 29, 2013
U.S. House rejects effort to curb NSA surveillance powers, 205-217 – July 24, 2013
Obama administration scrambles to shut down imminent U.S. House vote to defund NSA spying – July 24, 2013
Obama administration demands master encryption keys from firms in order to conduct electronic surveillance against Internet users – July 24, 2013
Apple, Google, dozens of others push Obama administration to disclose U.S. surveillance requests – July 19, 2013
Secret court agrees to allow Yahoo to reveal its fight against U.S. government PRISM requests – July 16, 2013
How Microsoft handed U.S. NSA, FBI, CIA access to users’ encrypted video, audio, and text communications – July 11, 2013
DuckDuckGo search engine surges 33% in wake of PRISM scandal – June 20, 2013
Yahoo: Since December 2012, we have received up to 13,000 U.S. gov’t requests for customer data – June 18, 2013
Apple: Since December 2012, we have received U.S. gov’t requests for customer data for up to 10,000 accounts – June 17, 2013
Nine companies, including Apple, tied to PRISM, Obama to be smacked with class-action lawsuit – June 12, 2013
U.S. lawmakers urge review of ‘Prism’ domestic spying, Patriot Act – June 10, 2013
PRISM: Do Apple, Google, Facebook have an ethical obligation not to spy on users? – June 8, 2013
Plausible deniability: The strange and unbelievable similarities in the Apple, Google, and Facebook PRISM denials – June 7, 2013
Google’s Larry Page on government eavesdropping: ‘We had not heard of a program called PRISM until yesterday’ – June 7, 2013
Seecrypt app lets iPhone, Android users keep voice calls, text messages away from carriers, government eyes and ears – June 7, 2013
Obama administration defends PRISM data-collection as legal anti-terrorism tool – June 7, 2013
Facebook, Google, Yahoo join Apple in sort-of denying PRISM involvement – June 7, 2013
Report: Intelligence program gives U.S. government direct access to customer data on Apple servers; Apple denies – June 6, 2013
I told you so. The whole rewrite of the iOS 7 was to install a back door. Before that, IOS 6 and earlier was almost impenetrable. Now IOS 7 is almost a mandatory update. I wonder if a jailbreak could eliminate this Trojan software. Breaking his software may been the real issue with Scott Forstall. He would have seen this invasion the same way Steve Jobs would have seen it.
How does a document from 2008 describing the installation of an exploit via physical access to an iPhone 1 running iOS 1 in your eyes substantiate a supposed “back door” in iOS 7?
Unless, of course, the NSA looked 5 years into the future somehow…
Or in other words: Bullshit!
Because now in IOS 7, they don’t need physical access. I agree with you, I hope I’m wrong. I have 7 devices in my home running IOS 7. But, unfortunately I don’t think I’m wrong.
As I’ve said, we all know about the earlier “jailbreak me” exploit as an example of how such a thing could conceivably work; But you’re simply assuming that even while that particular vulnerability has long been fixed by now another such exploit was still around – there may actually be one, but there is zero indication known about it, at least not publically, so your supposition is empty unless you can actually substantiate it.
So?
Fingerprint Reader / PIN Bypass Backdoor for Enterprises Built Into iOS 7
Posted on September 18, 2013 by Jonathan Zdziarski
Please read the article above. I tried to hyperlink it but it did not work.
As for IOS 7 back door, it doesn’t stop me from using my iPhone or iPad, just making a point that I think one exist.
You can simply paste the URL into your post for a link.
And I’ve looked into Zdziarski’s blog. Keep in mind that he makes his money from getting selling presumable extraction tools so he is constantly trying to get attention for himself, often by overhyping presumable vulnerabilities,
What he’s talking about is simply that a device that’s enrolled in a company’s management program is under that company’s control, which is sort of obvious.
He is correct in that this can be a problem for people who bring their own device to their job; Apple currently doesn’t compartmentalize the corporate from the private data, so the company will have control over everything if you agree to have your device under their control. If you don’t, they won’t – that is the operative point.
The mechanism of a company administrator being able to open up a company-controlled phone is perfectly proper – it’s not a “back door” but simply a necessary part of the multi-device-management scheme for the reasons he himself explains.
If you don’t want a company to have control over your device, don’t have it enrolled in their MDM program so they can’t push profiles and can’t extract data from it. That’s it.
At least as far as this goes it’s a non-issue from my view and not a security vulnerability as such, maybe apart from the opportunity for Apple to introduce compartmentalized control at some point (iOS 8?) so your company would only be able to erase and extract data in a secluded company data compartment on your device even if it is enrolled in their BYOD MDM program.
Ok so they had 100% success in 2008 and they needed direct access to the iPhone – “The NSA in 2008 claimed a 100 percent success rate in installing the software on phones it had physical access to, and it’s possible that the spy agency has improved its software so it can be installed remotely or via some sort of social engineering, something that was specifically mentioned in the documents. It’s also possible that Apple has closed the security holes the NSA was using, making it more difficult to compromise iOS devices in this manner.” Unless you’re one of the bad guys, I’m not too concerned. If you’re worried then get a burner phone and don’t use any form of communication – period!
It sounds like there are numerous severe zero-day vulnerabilities that fetch a higher price from the NSA than any legitimate company. iPhones and Macs are just as vulnerable as any other OS. This is very troubling. History continues to show that no software is invulnerable to attack.
You’re confusing different things:
a) It is correct that probably most if not all systems have some flaws which may make them exploitable.
b) But it is incorrect that that meant that absolutely every system was equally exploitable. That is definitely not the case! The levels of exploitability can be very different between different systems.
c) The referenced document is old and outdated. It says absolutely nothing about iOS devices of today, since it apparently refers to “jailbreak” attacks which are no longer possible, at least not that way.
You all don’t actually read those articles past the headline, and the usual MDN provides FUD commentary (and showing he was too busy reading the article as well.
Paranoid idiots!
This was IN 2008 – and requires physical contact with the iPhone. In other words, the NSA just described jailbreakimg the iPhone.
… and while mr. Self-Promotion Applebaum described exploiting gps data and remotely turning on video cameras, I’m curious where those 2008 era iPhones (which were first gen iPhones) had video recording and gps – BECAUSE THEY DIDNT.
That’s why Bebot stated “you don’t need to worry about it”, because you don’t.
I’m far more worried about the bunch of paranoid idiots in these thread actually being capable of voting.
I’m more worried about the complacent who trust the government while tyranny marches on.
A society is not free if they have no privacy. I doubt I myself have been exploited but the fact that I could be exploited without a warrant, if someone in the NSA saw it prudent, and without any oversight, means I live in tyranny.
This is not tin foil hat stuff. They are breaking the law. And any government willing to break it’s own laws should not continue to stand because they have lost the right to the faith of the people. It is no longer a government by the people. We now have an adversarial government who is willing to use its power to intimidate and oppress. The NSA scandal is not the only chapter to this saga. We have Benghazi, the AP scandal, IRS scandal, and a journalist being assassinated.
Edward Snowden is a hero.
Thanks, Ping, for being the voice of reason.
Thanks for the appreciation.
Sometimes this can feel like mucking out a stable which has no end in sight… 😉