TORONTO – CIA researchers have been working for nearly a decade to thwart the security of Apple’s mobile devices, according to a new report from U.S. news site The Intercept.
The report – which cites leaked government documents obtained from NSA whistleblower Edward Snowden – suggests that U.S. government researchers created a version of Apple’s software development tool called XCode, in order to create backdoors into apps distributed to Apple’s App Store.
“By targeting essential security keys used to encrypt data stored on Apple’s devices, the researchers have sought to thwart the company’s attempts to provide mobile security to hundreds of millions of Apple customers across the globe,” reads the report, published early Tuesday.
“Studying both ‘physical’ and ‘non-invasive’ techniques, U.S. government-sponsored research has been aimed at discovering ways to decrypt and ultimately penetrate Apple’s encrypted firmware.”
This could allow spies to install malicious code on Apple devices in order to find vulnerabilities on iPhones and iPads, The Intercept report alleges.
The report also claims the modified version of XCode would allow researchers to steal passwords and private data from infected devices.
“Researchers also claimed the modified Xcode could ‘force all iOS applications to send embedded data to a listening post.’ It remains unclear how intelligence agencies would get developers to use the poisoned version of Xcode,” reads the report.
Both the CIA and Apple declined to comment on the report.
The Intercept has published many reports based on documents leaked by Snowden.
Last month, documents obtained by Snowden and published by CBC in collaboration with The Intercept revealed Canada’s Communications Security Establishment (CSE) analysts comb through hundreds of thousands of emails sent to the Canadian government and store details about those emails for “days to months.”
The U.S. investigative news site also published a report in February alleging Britain’s electronic spying agency, in co-operation with the U.S. National Security Agency, hacked into the networks of a Dutch company to steal codes that allow both governments to seamlessly eavesdrop on mobile phones worldwide.
Last September, Apple strengthened its encryption method for data stored on its devices.
Alongside the changes, Apple released a new privacy policy that included a declaration that police can’t get to users’ password-protected data. This mean users’ photos, messages and other documents are automatically encrypted once they set up a passcode. Apple said it cannot bypass that passcode, even if law enforcement asks.
“Apple has never worked with any government agency from any country to create a ‘back door’ in any of our products or services. We have also never allowed any government access to our servers. And we never will,” reads Apple’s privacy site.
– With files from The Associated Press
Comments