Today Apple denied creating backdoors on the iPhone for the NSA to exploit. First let’s review some articles that preceded the denial.
Within the last few days came numerous reports NSA Reportedly Has Total Access To The Apple iPhone.
Back in September, Der Spiegel online reported iSpy: How the NSA Accesses Smartphone Data
AppleInsider notes “New documents revealed on Monday show the U.S. National Security Agency has the capability of deploying software implants on Apple’s iPhone that grants remote access to on-board assets like SMS messages, location data and microphone audio.“
Please consider Der Spiegel article Shopping for Spy Gear: Catalog Advertises NSA Toolbox by Jacob Appelbaum, Judith Horchert and Christian Stöcker.
After years of speculation that electronics can be accessed by intelligence agencies through a back door, an internal NSA catalog reveals that such methods already exist for numerous end-user devices.
According to Juniper Networks’ online PR copy, the company’s products are “ideal” for protecting large companies and computing centers from unwanted access from outside. They claim the performance of the company’s special computers is “unmatched” and their firewalls are the “best-in-class.” Despite these assurances, though, there is one attacker none of these products can fend off — the United States’ National Security Agency.
A document viewed by SPIEGEL resembling a product catalog reveals that an NSA division called ANT has burrowed its way into nearly all the security architecture made by the major players in the industry — including American global market leader Cisco and its Chinese competitor Huawei, but also producers of mass-market goods, such as US computer-maker Dell.
A 50-Page Catalog
These NSA agents, who specialize in secret back doors, are able to keep an eye on all levels of our digital lives — from computing centers to individual computers, and from laptops to mobile phones. For nearly every lock, ANT seems to have a key in its toolbox. And no matter what walls companies erect, the NSA’s specialists seem already to have gotten past them.
This, at least, is the impression gained from flipping through the 50-page document. The list reads like a mail-order catalog, one from which other NSA employees can order technologies from the ANT division for tapping their targets’ data. The catalog even lists the prices for these electronic break-in tools, with costs ranging from free to $250,000.
In the case of Juniper, the name of this particular digital lock pick is “FEEDTROUGH.” This malware burrows into Juniper firewalls and makes it possible to smuggle other NSA programs into mainframe computers. Thanks to FEEDTROUGH, these implants can, by design, even survive “across reboots and software upgrades.” In this way, US government spies can secure themselves a permanent presence in computer networks. The catalog states that FEEDTROUGH “has been deployed on many target platforms.”
Some of the equipment available is quite inexpensive. A rigged monitor cable that allows “TAO personnel to see what is displayed on the targeted monitor,” for example, is available for just $30. But an “active GSM base station” — a tool that makes it possible to mimic a mobile phone tower and thus monitor cell phones — costs a full $40,000.
A second Der Spiegel article takes a look Inside TAO a top-secret National Security Agency team known as Tailored Access Operations.
In January 2010, numerous homeowners in San Antonio, Texas, stood baffled in front of their closed garage doors. They wanted to drive to work or head off to do their grocery shopping, but their garage door openers had gone dead, leaving them stranded. No matter how many times they pressed the buttons, the doors didn’t budge. The problem primarily affected residents in the western part of the city, around Military Drive and the interstate highway known as Loop 410.
Fault for the error lay with the United States’ foreign intelligence service, the National Security Agency, which has offices in San Antonio. Officials at the agency were forced to admit that one of the NSA’s radio antennas was broadcasting at the same frequency as the garage door openers. Embarrassed officials at the intelligence agency promised to resolve the issue as quickly as possible, and soon the doors began opening again.
It was thanks to the garage door opener episode that Texans learned just how far the NSA’s work had encroached upon their daily lives.
An internal description of TAO’s responsibilities makes clear that aggressive attacks are an explicit part of the unit’s tasks. Indeed, TAO specialists have directly accessed the protected networks of democratically elected leaders of countries. They infiltrated networks of European telecommunications companies and gained access to and read mails sent over Blackberry’s BES email servers, which until then were believed to be securely encrypted. Achieving this last goal required a “sustained TAO operation,” one document states.
Having Fun at Microsoft’s Expense
One example of the sheer creativity with which the TAO spies approach their work can be seen in a hacking method they use that exploits the error-proneness of Microsoft’s Windows. Every user of the operating system is familiar with the annoying window that occasionally pops up on screen when an internal problem is detected, an automatic message that prompts the user to report the bug to the manufacturer and to restart the program. These crash reports offer TAO specialists a welcome opportunity to spy on computers.
When TAO selects a computer somewhere in the world as a target and enters its unique identifiers (an IP address, for example) into the corresponding database, intelligence agents are then automatically notified any time the operating system of that computer crashes and its user receives the prompt to report the problem to Microsoft. An internal presentation suggests it is NSA’s powerful XKeyscore spying tool that is used to fish these crash reports out of the massive sea of Internet traffic.
The automated crash reports are a “neat way” to gain “passive access” to a machine, the presentation continues. Passive access means that, initially, only data the computer sends out into the Internet is captured and saved, but the computer itself is not yet manipulated. Still, even this passive access to error messages provides valuable insights into problems with a targeted person’s computer and, thus, information on security holes that might be exploitable for planting malware or spyware on the unwitting victim’s computer.
NSA Intercepts Packages to Install Bugs
The NSA does not stop there. The Verge reports NSA intercepts laptops purchased online to install spy malware before routing to the customer.
OK, but what is Apple’s, Google’s, and Microsoft’s response as to whether backdoors are purposely built into the phones and computers?
Apple Denies Working With NSA
Apple has contacted TechCrunch with a statement about the DROPOUTJEEP NSA program that detailed a system by which the organization claimed it could snoop on iPhone users.
Apple says that it has never worked with the NSA to create any ‘backdoors’ that would allow that kind of monitoring, and that it was unaware of any programs to do so.
Here is the full statement from Apple:
Apple has never worked with the NSA to create a backdoor in any of our products, including iPhone. Additionally, we have been unaware of this alleged NSA program targeting our products. We care deeply about our customers’ privacy and security. Our team is continuously working to make our products even more secure, and we make it easy for customers to keep their software up to date with the latest advancements. Whenever we hear about attempts to undermine Apple’s industry-leading security, we thoroughly investigate and take appropriate steps to protect our customers. We will continue to use our resources to stay ahead of malicious hackers and defend our customers from security attacks, regardless of who’s behind them.
The statement is a response to a report in Der Spiegel Sunday that detailed a Tailored Access Operations (TAO) unit within the NSA that is tasked with gaining access to foreign computer systems in order to retrieve data to protect national security.
Among these options was a program called DROPOUTJEEP — a program by which the NSA could theoretically snoop on ‘any’ Apple iPhone with ’100% success’. The documents were dated 2008, implying that these methods were for older devices. Still, the program’s detailed capabilities are worrisome.
Researcher and hacker Jacob Applebaum — the co-author of the articles, coinciding with a speech he gave at a conference about the programs — pointed out that the ’100% success rate’ claimed by the NSA was worrisome as it implied cooperation by Apple. The statement from the company appears to preclude that cooperation.
This year has been an eventful one for NSA spying program revelations. Apple joined a host of large companies that denied that they had been willing participants in the PRISM data collection system — but later revelations of the MUSCULAR program indicated that the NSA could get its hands on data by monitoring internal company server communications anyway. This spurred targets like Google and Yahoo to implement internal encryption.
Operations Muscular and Prism
Inquiring minds may also be interested in these Tech Crunch articles.
Operation “Muscular”: NSA Infiltrates Google And Yahoo Networks
Reflections on NSA Gag Orders
Unfortunately, the NSA has made it difficult or even impossible for companies to comment on precisely what the NSA requires of them.
Clearly these gag orders makes backdoor denials at least somewhat suspicious.
Apple Files Suit
On November 5, Tech Crunch reported Apple Files With U.S. Government For More Information Request Transparency As It Releases First Report.
Today, Apple has released its first ever report on government information requests, detailing exact numbers of account information and data requests internationally. The report highlights how restrictive the rules are for Apple in the US, as only ranges of 1,000 are represented there.
Apple also specifies the exact FBI letters and requests that it had to comply with. In the report, Apple goes into detail about what it would like to see changed about the process.
“This report provides statistics on requests related to customer accounts as well as those related to specific devices. We have reported all the information we are legally allowed to share, and Apple will continue to advocate for greater transparency about the requests we receive,” the report states. “At the time of this report, the U.S. government does not allow Apple to disclose, except in broad ranges, the number of national security orders, the number of accounts affected by the orders, or whether content, such as emails, was disclosed.”
Open Letter on Government Surveillance
Recently AOL, Apple, Facebook Google LinkedIn, Microsoft, Twitter, and Yahoo sent an Open Letter on Global Government Surveillance seeking reforms that would limit government authority to collect user information.
Will anything come of it? I highly doubt it.
Celebrate the new year: 1984 is here.
Addendum: Reader “Robert” provided the correct link for the Apple first ever report on government information requests
Mike “Mish” Shedlock