The Central Intelligence Agency has conducted “a multi-year, sustained effort to break the security of Apple’s iPhones and iPads,” claims The Intercept, referencing new Snowden leaks of a document from the CIA’s internal wiki system.
A presentation on the attempts, focusing on breaking Apple’s encryption of iOS devices, was said to have been delivered at an annual CIA conference called the Jamboree.
Studying both “physical” and “non-invasive” techniques, U.S. government-sponsored research has been aimed at discovering ways to decrypt and ultimately penetrate Apple’s encrypted firmware. This could enable spies to plant malicious code on Apple devices and seek out potential vulnerabilities in other parts of the iPhone and iPad currently masked by encryption.
One route reportedly taken by the CIA was to create a modified version of Xcode, which would allow it to compromise apps at the point at which they are created …
The modified version could slip CIA code into any apps created by developers.
The modified version of Xcode, the researchers claimed, could enable spies to steal passwords and grab messages on infected devices. Researchers also claimed the modified Xcode could “force all iOS applications to send embedded data to a listening post.”
However, as Xcode is distributed direct by Apple, it “remains unclear” how they would switch developers to the compromised version.
While most of the presentation focused on iOS, the CIA presenters also claimed to have created a rogue version of the OS X updater, which would install a keylogger on Macs.
Unsurprisingly, the CIA refused to comment on the report, and Apple pointed to its numerous statements on its stance on security and privacy.