Snowden docs show CIA's attempts to defeat Apple device security

A secret CIA-sponsored conference reportedly hosted talks on stealing encryption keys from Apple devices and infecting them with malware

Researchers sponsored by the U.S. government have reportedly tried to defeat the encryption and security of Apple devices for years.

Several presentations given between 2010 and 2012 at a conference sponsored by the U.S. Central Intelligence Agency described attempts to decrypt the firmware in Apple mobile devices or to backdoor Mac OS X and iOS applications by poisoning developer tools.

Abstracts of the secret presentations were among the documents leaked by former U.S. National Security Agency contractor Edward Snowden to journalists and were published Tuesday by The Intercept.

The U.S. intelligence community's interest in hacking Apple products goes as far back as 2010, when a researcher presented possible methods of implanting the iPhone 3GS with malware at an annual conference called the Trusted Computing Base Jamboree, which, according to The Intercept, is sponsored by the CIA's Information Operations Center. The presentation also covered ways to jailbreak the device.

Over the next couple of years, the same conference included more talks on ways to bypass the security of Apple devices. For example, in 2011 researchers presented a technique to "noninvasively" extract the cryptographic key that's used to encrypt the firmware of devices based on Apple's A4 processor, like the iPhone 4, the iPod Touch and the first generation iPad.

The key, which is called the Group ID (GID), is stored inside the physical chip. The researchers tried to recover it by studying the electromagnetic emissions that occur during Advanced Encryption Standard (AES) operations, a technique known as differential power analysis.

"If successful, it would enable decryption and analysis of the boot firmware for vulnerabilities, and development of associated exploits across entire A4-based product-line," they wrote in a description of their presentation.

It's not clear if the researchers ever succeeded in recovering the key, but their presentation covered the progress they had made until then.

A separate talk described methods of determining where the GID key was located on the A4 integrated circuit and how it could be recovered through an invasive technique like the "physical de-processing of the chip."

By the following year the A5 processor used in the iPhone 4S, iPad 2, iPod Touch fifth generation and the iPad mini was also being targeted. Researchers from Sandia National Laboratories, a Federally Funded Research and Development Center (FFRDC) operated by Lockheed Martin subsidiary Sandia Corporation, had a talk entitled "Apple A4/A5 Application Processors Analysis." The presentation had no abstract and attendees looking for more information about it were instead instructed to call or email a CIA official.

It wasn't just Apple's master encryption keys that the U.S. intelligence community was interested in, but also the individual keys used by private developers to sign their iOS or Mac OS X apps.

Researchers from Sandia Labs gave a talk about their efforts to create a modified, or "whacked" version of Xcode, the free tool that developers use to create software for Apple devices. The poisoned version of Xcode could insert a backdoor into any applications created with it, could hide the confirmation prompts when a developer's private key was exported and could embed a developer's key into all iOS apps created with the tool, from where it could be later extracted.

"We also describe how we modified both the Mac OS X updater to install an extra kernel extension (a keylogger) and the Xcode installer to include our SDK [software development kit] whacks," the researchers wrote in their talk's description.

The FBI and U.S. intelligence agencies have voiced concern over the past year that the increased addition of default encryption to mobile devices and Internet communications make lawful electronic surveillance impossible. They call this the Going Dark problem.

Such agencies would like to see an approach where companies could offer encryption, but also be able to comply with government requests for data. Many security experts and privacy advocates believe this would involve building backdoors into encryption implementations that could also be exploited by hackers.

"I want to be absolutely clear that we have never worked with any government agency from any country to create a backdoor in any of our products or services," Apple CEO Tim Cook wrote in an open letter in September. "We have also never allowed access to our servers. And we never will."

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags AppleCentral Intelligence AgencysecurityencryptionExploits / vulnerabilitiesdata protectionmalware

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Cool Tech

Crucial Ballistix Elite 32GB Kit (4 x 8GB) DDR4-3000 UDIMM

Learn more >

Gadgets & Things

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

Family Friendly

Lexar® JumpDrive® S57 USB 3.0 flash drive 

Learn more >

Stocking Stuffer

Plox Star Wars Death Star Levitating Bluetooth Speaker

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?