Apple issued a statement today denying that it had anything to do with the alleged National Security Agency program Dropout Jeep, used to hack iPhones.
Apple has never worked with the NSA to create a backdoor in any of our products, including iPhone. Additionally, we have been unaware of this alleged NSA program targeting our products. We care deeply about our customers’ privacy and security. Our team is continuously working to make our products even more secure, and we make it easy for customers to keep their software up to date with the latest advancements. Whenever we hear about attempts to undermine Apple’s industry-leading security, we thoroughly investigate and take appropriate steps to protect our customers. We will continue to use our resources to stay ahead of malicious hackers and defend our customers from security attacks, regardless of who’s behind them.
Researcher Jacob Appelbaum presented at the Computer Chaos Congress security conference yesterday to talk about the NSA program. Dropout Jeep is “a software implant for the Apple iPhone that utilizes modular mission applications to provide specific SIGINT [signals intelligence] functionality,” according to Appelbaum. This means that the NSA uses a hack on iPhone to gather information such as your location, your contact list, your text messages, your voicemail, your camera, and more.
Appelbaum, however, expressed his concern and desire for Apple to respond, as it has today. At the time he said that he wouldn’t put it past Apple, but that he hoped, instead, that Apple simply writes “shitty software.”
Concerns that companies are playing a little bit too nicely with the NSA have been an issue since the first leaks from former NSA contractor Edward Snowden over the summer. The PRISM program described a relationship between a number of tech giants (including Apple) and the NSA whereby the agency got access to streams of customer data for collection purposes. At the time, these companies vehemently denied giving the NSA direct access to its servers, though that wouldn’t necessarily bar the intelligence agency from getting this data.
Shortly after, a report about Microsoft surfaced, claiming that it had helped the NSA circumvent its own encryption technology in Outlook before releasing the product to the public.
But Google and Yahoo, which were both involved in the PRISM program, were taken aback when news hit that the NSA was secretly tapping their fiberoptic cables. These were unencrypted cables running between the companies’ respective data centers — believed to be fully internally and fully secured. As a result, the two companies announced that they would begin heavily encrypting the lines.
As Appelbaum notes, however, it is believable that a company would aid the NSA, though certainly its clear the agency will go after what it wants with or without the help.
hat tip CNET