NSA Was Able to Capture Live Data From Compromised iPhones in 2008, Including Live Camera, GPS, and More

[MacRumors]

The U.S. National Security Agency could retrieve a vast array of data from compromised iPhones according to an NSA document from 2008 leaked by German magazine Der Spiegel and security researcher Jacob Appelbaum. (via Forbes)

According to the report, the NSA could install special software onto iPhones as part of a program called DROPOUTJEEP, that provides significant access to user data and other relevant information.

DROPOUTJEEP is a software implant for the Apple iPhone that utilizes modular mission applications to provide specific SIGINT functionality. This functionality includes the ability to remotely push/pull files from the device. SMS retrieval, contact list retrieval, voicemail, geolocation, hot mic, camera capture, cell tower location, etc. Command, control and data exfiltration can occur over SMS messaging or a GPRS data connection. All communications with the implant will be covert and encrypted

The NSA in 2008 claimed a 100 percent success rate in installing the software on phones it had physical access to, and it's possible that the spy agency has improved its software so it can be installed remotely or via some sort of social engineering, something that was specifically mentioned in the documents. It's also possible that Apple has closed the security holes the NSA was using, making it more difficult to compromise iOS devices in this manner.

A separate report says that American spy agencies have intercepted shipping packages -- something the NSA calls method interdiction -- containing new electronic devices destined for specific targets, installed special spy software on those devices, and then sent them on their way. One report calls the shipping disruptions some of the "most productive operations" conducted by the NSA.

Appelbaum said in a talk at the Chaos Communication Congress this weekend that he believes Apple assisted the NSA in its spying efforts though he cannot prove it and he hopes Apple will clarify what assistance they do or do not give the NSA. In addition, the NSA has targeted and cracked a number of different smartphones including those running the Android and BlackBerry operating systems.

The relevant portion of his talk begins at 44:30 in the below video.

Earlier in December, Apple CEO Tim Cook and more than a dozen other tech executives met with President Obama to discuss NSA surveillance tactics, following an open letter that Apple and seven other technology companies sent to the President and Congress asking the Government to reform its surveillance tactics.

Note: Due to the political nature of the discussion regarding this topic, the comment thread is located in our Politics, Religion, Social Issues forum. All MacRumors forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Article Link: NSA Was Able to Capture Live Data From Compromised iPhones in 2008, Including Live Camera, GPS, and More

 

[jav6454]

Keywords here are: Physical Access

In other words, they couldn't do in (in 2008) through sheer software; unless they somehow managed to use jailbreaking for their benefit.


However, what really bothers me very much is the interception of packages. That really is irksome. More reason to perform a full Restore [when I get them first time] on all my devices like I have always done.

 

[djtech42]

Unless they were installing it on phones in the factories, I don't think it would have affected the average citizen.

 

[brendu]

This doesn't surprise me at all. Everyone needs to understand it doesnt matter what device you are using. PC, Mac, iOS, android, windows phone. It does not matter. The NSA can hack it and control everything. There is no reason to think otherwise. Anything and everything you do on or with your computing devices is accessible to the NSA in one way or another. There is nothing you can do except maybe make it slightly more difficult for them.

 

[bradl]

Hey, mods..

A bit late to this one. we already have a 2-page thread on it:

https://forums.macrumors.com/threads/1690403/

Shouldn't this be merged?

Though I do say that the 2008 time frame is a bit shocking.. This means that this was implemented possibly earlier than the current POTUS term.

BL.

 

[bushido]

ugh that whole NSA thing is so sick ... thats all ... (hey nsa no need to look into me)

 

[hulugu]

Keywords here are: Physical Access

In other words, they couldn't do in (in 2008) through sheer software; unless they somehow managed to use jailbreaking for their benefit.


However, what really bothers me very much is the interception of packages. That really is irksome. More reason to perform a full Restore [when I get them first time] on all my devices like I have always done.

I agree, this is an important point. If the NSA is running "sneak and peeks" the fact that your iPhone is hacked may be the least of your problems.

What's interesting is just how much data the NSA is collecting and what they're really doing with this. How many NSA targets have iPhones and what happens to that information? How it is analyzed? There's the real story.

 

[Rogifan]

Unless they were installing it on phones in the factories, I don't think it would have affected the average citizen.

Of course tinfoil hat crowd will claim Apple was allowing it to be installed at Foxconn factories. Too many people in Alex Jones territory these days which is scary.

 

[goobot]

I'm going to take a guess and say they were using the jailbreak community's bootrom exploit.

 

[AngerDanger]

If those bastards do anything to tamper with my 2008 Doodle Jump high scores, I'm going to lose it!

 

[sazivad]

Hmm. Not only does this only seem to work 100% of the time with physical access, something that I don't think the NSA has had with my iDevices, this was also done in 2008.

There have been quite a few iOS releases since then, and they've all made the iDevices they're on more secure.

 

[bushido]

Of course tinfoil hat crowd will claim Apple was allowing it to be installed at Foxconn factories. Too many people in Alex Jones territory these days which is scary.

they were holding back postal packages to install something on devices. it was leaked the other day

edit: and is mentioned in the article above whoops

 

[Peace]

Hmm. Not only does this only seem to work 100% of the time with physical access, something that I don't think the NSA has had with my iDevices, this was also done in 2008.

There have been quite a few iOS releases since then, and they've all made the iDevices they're on more secure.

They don't need physical access . All they need to do is park in a car 8 miles away.

http://www.engadget.com/2013/12/30/nsa-can-hack-wifi-devices-from-eight-miles-away/#continued

 

[nzalog]

Good thing I have a tendancy to wipe my devices pretty regularly. Not like the NSA cares about me but still

 

[Rogifan]

they were holding back postal packages to install something on devices. it was leaked the other day

edit: and is mentioned in the article above whoops

And how did they manage to re-seal and repackage the devices so the consumer wouldn't know? And how is it that no one from Fed Ex or UPS leaked that this was going on?

 

[lostngone]

Not like the NSA cares about me but still

Don't sell yourself short, the NSA cares about everyone.

----------

And how did they manage to re-seal and repackage the devices so the consumer wouldn't know? And how is it that no one from Fed Ex or UPS leaked that this was going on?

My guess is they would do this at customs.

 

[MistaBungle]

As much as I don't like this whole NSA stuff, it seems a little far fetched to think that they intercepted every single iPhone ever shipped. I don't think they did that, maybe a certain few who they had their eye on already.

But then again, we thought nothing was wrong.

 

[Jessica Lares]

FYI: There was no GPS on the original iPhone, there was no video option in the 2G or 3G models either.

 

[bushido]

And how did they manage to re-seal and repackage the devices so the consumer wouldn't know? And how is it that no one from Fed Ex or UPS leaked that this was going on?

because they would get in trouble for spilling secrets concerning "national security" (that term is so overused and just an excuse to justify illegal stuff nowadays). thats why companies like google, apple etc statements only go so far

wow i sound like im watching too much homeland and scandal haha

 

[gnasher729]

They don't need physical access . All they need to do is park in a car 8 miles away.

http://www.engadget.com/2013/12/30/nsa-can-hack-wifi-devices-from-eight-miles-away/#continued

As usual, careful reading is required. Nothing in the article says that iOS devices can be compromised in that way.

 

[longofest]

And how did they manage to re-seal and repackage the devices so the consumer wouldn't know? And how is it that no one from Fed Ex or UPS leaked that this was going on?

package interdictions are a regular occurance in the import business. Typically I'd think of an interdiction in reference to US Customs/Border Protection in reference to opening product and checking to ensure it is authentic and what it claims to be on the manifest. If NSA or another spy agency ran an op with CBP, the shipper probably wouldn't be able to tell the difference.

Also, I highly doubt that this has been used that many times. This doesn't at all appear to be like the metadata collection - this was targeted at specific people the government needed to keep an eye on.

 

[gnasher729]

And how did they manage to re-seal and repackage the devices so the consumer wouldn't know? And how is it that no one from Fed Ex or UPS leaked that this was going on?

They wouldn't have to do this with the phone that was sent to you. They can buy 100 iPhones, do whatever they want with them without any hurry, and if Foxconn can seal a package so that it looks brand new, then surely someone else can do it as well. Prepared that way, all they have to do is swap packages. An NSA employee could get a job at FedEx or UPS (I wonder if they can keep the second salary).

they were holding back postal packages to install something on devices. it was leaked the other day

If you buy a new device, there's no difference between "your" iPhone and any other iPhone, so a swap is all that's needed. Unless you order one with an engraving. I wonder if Apple will accept orders for an engraving "******* the NSA".

 

[69650]

Unless the US government does something radical US IT companies will never be fully trusted again. I've already moved away from US based cloud companies as I simply don't trust that my data will remain secure. It's a very sad situation. Whatever next.

 

[Rogifan]

They wouldn't have to do this with the phone that was sent to you. They can buy 100 iPhones, do whatever they want with them without any hurry, and if Foxconn can seal a package so that it looks brand new, then surely someone else can do it as well. Prepared that way, all they have to do is swap packages. An NSA employee could get a job at FedEx or UPS (I wonder if they can keep the second salary).



If you buy a new device, there's no difference between "your" iPhone and any other iPhone, so a swap is all that's needed. Unless you order one with an engraving. I wonder if Apple will accept orders for an engraving "******* the NSA".

Ah, so Foxconn is in on this now too. Got it.

 

[JoeRito]

Otg !!!

Anyone know of a good source of info on how to go Off The Grid? Lol whoever thought privacy would be such a commodity!