The U.S. Central Intelligence Agency (CIA) is engaged in an active campaign to break Apple's encryption technologies in order to broaden its ability to surveil anyone, anywhere. According to The Intercept, the CIA has waged a multi-year effort to find vulnerabilities in iOS, iPhones, and iPads that it can exploit.
According to documents leaked by Edward Snowden, the CIA presented its anti-Apple efforts at a recent annual gathering of its encryption experts called "Jamboree." That presentation included claims that the CIA has managed to clone Apple's Xcode development tools—apps compiled by that malicious version of Xcode insert backdoors into apps.
It's not known if Apple could then detect those backdoors, but jailbroken app sites are not curated by Apple. Such sites have already been used to distribute malware by the Chinese government, and most likely other entities. The CIA could do the same thing.
The malicious copy of Xcode could also make iOS apps report to a listening post, and the documents claimed the CIA has created a hacked version of Apple's OS X installer that would include a keylogger.
Good for the Goose, Good for the Criminals
Of course, once this stuff is used, it's out there for potential exploit by everyone else, including foreign governments and criminal organizations. The U.S. surveillance state lost sight of such realities long ago in its zeal to slurp up all things just because they can.
“Spies gonna spy,” Steven Bellovin, a former chief technologist for the U.S. Federal Trade Commission and current professor at Columbia University, told The Intercept. “I’m never surprised by what intelligence agencies do to get information. They’re going to go where the info is, and as it moves, they’ll adjust their tactics. Their attitude is basically amoral: whatever works is OK.”
He added, "There are bad people out there, and it’s reasonable to seek information on them. Inappropriate use—mass surveillance, targeting Americans without a warrant, probably spying on allies—is another matter entirely."
Give and Take and Take and Take
This is the tough give and take in the intelligence business. The good guys—and your side usually considers itself the good guys—wants and needs to know what the bad guys are doing. In the modern age, however, it has become easier to scoop up everything and sift through it looking for something, anything, than it is to actually target the bad guys.
The problem, however, is that if the good guys can rifle through your information, the bad guys can, too. The U.S., UK, and China all demand the right to have backdoors into consumer devices, seemingly oblivious to the reality that their counterparts and criminal organizations can exploit the same back doors.
For his part, Apple CEO Tim Cook has made a public stand on the importance of privacy and our right to it. If true to his word, Apple is doing all it can to beat the CIA at its dirty game of making all of us weaker and more vulnerable to the bad guys.
There is much, much more in the full article at The Intercept. It's excellent reporting, and I recommend you read it in full. and then pass it around.