Update: Apple has made a statement disavowing any knowledge of the exploit or collusion with the NSA.
Security researcher Jacob Appelbaum claims to have discovered what he describes as "an iPhone backdoor" exploited by the National Security Agency (NSA). Appelbaum discussed the exploit during a speech he gave at this week’s Chaos Communication Congress in Hamburg, Germany, according to The Daily Dot.
According to a leaked document, The software, called DROPOUTJEEP, enables users to push and pull files to and from the device, retrieve SMS message, retrieve contact list data, voicemail, geolocation data, captures camera images, and more, as well as enable a "hot mic" – a microphone that will transmit audio without the user’s knowledge or consent.
"You think Apple helped them with that?" asked Appelbaum. "I don’t know. I hope Apple will clarify that. I think it’s really important that Apple doesn’t. Here’s the problem: I don’t really believe that Apple didn’t help them. I can’t prove it yet, but they [the NSA] literally claim that any time they target an iOS device, that it will succeed for implantation."
"Either they [the NSA] have a huge collection of exploits that work against Apple products, meaning that they are hoarding information about critical systems that American companies produce, and sabotaging them, or Apple sabotaged it themselves," said Appelbaum.
"Not sure which one it is; I’d like to believe that since Apple didn’t join the PRISM program until after Steve Jobs died, that maybe it’s just they write…that they write shitty software. We know that’s true," he said, to laughter and applause from the audience.
Appelbaum, who goes under the Twitter nickname @ioerror, is a core member of the Tor project – free software designed to enable online anonymity by directing traffic through thousands of Internet relays. Appelbaum has fallen under the Department of Justice’s scrutiny and has represented Julian Assange’s WikiLeaks organization at past conferences.
Some of Appelbaum’s revelations were also posted in an article published by German news magazine Der Spiegel.
Appelbaum discusses the iPhone exploit at around the 44 minute and 30 second mark in the video embedded above.
In June, Apple published its Commitment to Customer Privacy:
"Two weeks ago, when technology companies were accused of indiscriminately sharing customer data with government agencies, Apple issued a clear response: We first heard of the governmentâ€™s ‘Prism’ program when news organizations asked us about it on June 6. We do not provide any government agency with direct access to our servers, and any government agency requesting customer content must get a court order."
Appelbaum’s allegations are an entirely different situation, however: this would enable the NSA to eavesdrop on iPhone users without any knowledge or cooperation with Apple. Appelbaum’s snide commentary about the quality of Apple’s programming notwithstanding, it’s a troubling development, if true.
Update: Apple provided a statement disavowing knowledge of any such exploit, and also disavowing any collusion with the NSA. They said in part:
Whenever we hear about attempts to undermine Appleâ€™s industry-leading security, we thoroughly investigate and take appropriate steps to protect our customers. We will continue to use our resources to stay ahead of malicious hackers and defend our customers from security attacks, regardless of whoâ€™s behind them.
Source: The Daily Dot