Security

The iPhone has reportedly been fully hacked by the NSA since 2008 (Update: Apple denies working with NSA)

As 2013 edges to a close, reports of the NSA’s widespread surveillance capabilities have reached new heights of absurdity.

A report from Der Spiegel over the weekend highlighted the NSA’s elite TAO hacking unit, which directly targets corporate networks and can even place spyware on devices while they’re being shipped to recipients. And yesterday, security researcher Jacob Applebaum and Der Spiegel blew the lid off another NSA program, dubbed “DROPOUTJEEP,” which gives the agency full control of Apple’s iPhone.

Once the NSA’s malware is on an iPhone, the agency can access just about any data on the device, including text messages, contact lists, geolocation history, and voicemail, according to a leaked NSA document (below). It can also remotely enable the iPhone’s camera and microphone.

Applebaum, who coauthored the story in Der Spiegel also detailed how the NSA’s iPhone surveillance works during a talk at this week’s Chaos Communications Congress, an annual hacker get-together. You can view the second part of his talk below, with the iPhone discussion beginning at 44:30.

Given the extent of the NSA’s surveillance machine so far, it’s not surprising that it has its hooks in the iPhone. What is surprising is the agency’s purported 100-percent success rate on installing malware on the iPhone. It’s also worrying that Applebaum is highlighting a leaked NSA document from 2008, only a year after the iPhone was released. At that point, the NSA didn’t have a way to remotely install its malware on iPhones — who knows what the agency’s full capabilities are today.

“Do you think Apple helped them build that?” Appelbaum said during his talk. “I don’t know. I hope Apple will clarify that …”

News of DROPOUTJEEP comes on top of reports that the NSA can easily hack into Android phones and BlackBerry devices and servers. But it sounds like, for whatever reason, the NSA may have even more complete access to the iPhone.

Update: Apple has issued the following response to the report, aiming to dispel the notion that it cooperated with the NSA:

Apple has never worked with the NSA to create a backdoor in any of our products, including iPhone. Additionally, we have been unaware of this alleged NSA program targeting our products. We care deeply about our customers’ privacy and security. Our team is continuously working to make our products even more secure, and we make it easy for customers to keep their software up to date with the latest advancements. Whenever we hear about attempts to undermine Apple’s industry-leading security, we thoroughly investigate and take appropriate steps to protect our customers. We will continue to use our resources to stay ahead of malicious hackers and defend our customers from security attacks, regardless of who’s behind them.

NSA DROPOUTJEEP iPhone hackVia Forbes