On Tuesday, Apple responded to reports that the National Security Agency had devised a way to hack into iPhones. The hacking system, being called “DROPOUTJEEP,” is a software implant that allows users to access data from iPhones such as voicemail messages, geolocation, contact lists and text messages. The implant also allows a user to push or pull info onto the iPhone. It can also use the phone’s mic and camera to turn the phone into a “hot mic.” The system uses malware to help the hackers gain access.
The only good news that came from the report is that the information is five years old and that a user would need to be in close proximity to the iPhone to install the program. Slides show a date of 2007.
The bad news is that the report said that future releases will have remote installation capability.
The initial report from Der Spiegel did not indicate that Apple had worked with the spy agency.
Apple’s statement on Tuesday said the company has never worked with the National Security Agency to make a backdoor in any of its products. Not only that, but Apple was not aware of the DROPOUTJEEP system. The company said it will continue to protect its customers from “malicious hackers,” no matter who is behind the security attacks.
The report was shared by security researcher Jacob Appelbaum, who is closely tied to Edward Snowden and Wikileaks. He opened his statements at the Chaos Communication Congress in Germany by saying his findings are “wrist-slitting depressing.” With NSA’s claims that its efforts are 100 percent successful on any targeted iOS device, it’s hard for him to believe that Apple didn’t participate.
So what is a person to think? Did Apple participate? And are you surprised that the spy agency has this ability? I mean, really. It’s the NSA, after all.
It’s really not surprising that the NSA can hack into iPhones; there have always been a laundry list of severe vulnerabilities when it comes to the iPhone, including with iOS 7. Usually, to gain control of someone’s iPhone in the manner described above, you need two vulnerabilities: a privilege escalation vulnerability and an arbitrary code execution vulnerability. These vulnerabilities work together to allow a user to install whatever software is desired. This is how jailbreaking works, after all. Since jailbreaking is perfectly possible, you really can’t deny the fact that the reality of DROPOUTJEEP is likely.
Even though some security vulnerabilities were fixed in iOS 7.0.1, including those that allow code execution and privilege execution, one would have to assume that NSA has access to vulnerabilities we don’t know about or have not yet been patched.
I don’t think that the NSA yet has an over-the-air way to compromise the security of any iPhone; someone would have surely found that weakness and we would have heard about it. I also don’t think that Apple necessarily has co-operated with NSA in this endeavor; wouldn’t it be against the company’s best interests? I mean, if it was revealed that Apple did have a hand in it, the company would lose its customer base.
