The Central Intelligence Agency has spent years trying to find a back door into Apple's mobile devices, according to documents provided to The Intercept by former National Security Agency contractor Edward Snowden.
The CIA has focused its efforts on cracking the security keys used to encrypt personal data on iPhones and iPads, according to an article published by The Intercept on Tuesday. Researchers working for the CIA have been looking into both "physical" and "non-invasive" ways of hacking through Apple's security and ultimately gaining access to a device's firmware, according to The Intercept. If the firmware can be hacked, agency spies could grab personal data, infect a device with malware or look for weaknesses in other encrypted areas of the device. The Intercept was co-founded by journalist Glenn Greenwald, who helped Snowden begin publishing leaked documents when Greenwald wrote for the newspaper The Guardian.
Assuming the details are correct, this latest revelation is another sign of the war between government spy agencies and technology firms. Typically based on Snowden-leaked documents, previous reports by The Intercept and other publications have accused the US government of intentionally hacking into consumer products with the intent of accessing personal data. Many technology firms have consistently complained about the government's tactics, saying that they undermine consumer trust in the companies' products and violate the privacy rights of users.
"If US products are OK to target, that's news to me," Matthew Green, a cryptography expert at Johns Hopkins University's Information Security Institute, told The Intercept. "Tearing apart the products of US manufacturers and potentially putting backdoors in software distributed by unknowing developers all seems to be going a bit beyond 'targeting bad guys.' It may be a means to an end, but it's a hell of a means."
Further information about the CIA's efforts has surfaced at a secret annual event called "Jamboree" in which attendees share tidbits about exploiting security holes in consumer electronics, The Intercept said. To create a backdoor into Apple products, researchers said they developed a customized version of Apple's own software development software known as Xcode. Through this customized version, spies could access passwords and personal messages as well as plant surveillance software.
The documents don't reveal whether the CIA has yet been successful in its attempts to reach Apple's firmware. But in an an alleged excerpt of one presentation from several years ago obtained by The Intercept, the CIA explained how it could gain access into the encryption keys and the firmware:
The Intelligence Community is highly dependent on a very small number of security flaws, many of which are public, which Apple eventually patches. The following presentation will discuss a method to noninvasively extract the GID key from the A4 silicon. If successful, it would enable decryption and analysis of the boot firmware for vulnerabilities, and development of associated exploits across the entire A4-based product-line, which includes the iPhone 4, the iPod touch and the iPad.
The CIA declined The Intercept's request to comment. Neither the CIA nor Apple immediately responded to CNET's request for comment.