NSA Backdoor Access into iPhone/iOS

[zerogear]

http://www.dailydot.com/politics/nsa-backdoor-iphone-access-camera-mic-appelbaum/

http://bgr.com/2013/12/31/nsa-iphone-hack/

One particularly interesting tool, codenamed “DROPOUTJEEP,” is an implant that was first used to compromise the first-generation iPhone and was able to send various data stored on the phone to the agency, including text messages, address book contacts, geolocation and voicemail. Furthermore, the software could activate the microphone of the iPhone, turn on the camera and take pictures and retrieve cell tower location.

http://www.androidcentral.com/nsa-contributes-android-there-no-secret-backdoor


It's kind of ridiculous how much access they have in the name of "security". This isn't a "snipe" on Apple/iOS, While Android is open source, and so far, the review says that there is no backdoor, this isn't indicative of no access from basebands, since those are closed source.

 

[shortylickens]

First gen?

I think we've already heard about this, years ago.
I think.

 

[lopri]

No one is surprised. (I think) And one of the reasons I wasn't too excited about the introduction of fingerprint identification.

It is widely assumed that Snowden had not revealed everything. At this point it is naive to think that NSA has a self-constrain of limiting their "research" into metadata of phone calls.

 

[stlc8tr]

The links indicate this is malware and that the NSA needed physical access to the device. I assume they used the same exploits that the jailbreak community uses.

How is this different from Android malware?

 

[BladeVenom]

It's also on DailyTech. "the NSA claims its malware attacks on Apple devices 'never fail."

 

[LostPassword]

I thought it was known that all us tech companies gave the NSA their info.

 

[Joe1987]

The NSA needed physical access to the iPhones to get that level of control, and that slide is from 2008, I have a sneaking suspicion that the carrier updates to Android have backdoors built into them, not slamming Android in particular, and since I'm not a terrorist/criminal, it doesn't matter to me a lot, I always assumed they were collecting metadata, but the sheer scope of what they've collected is stunning.

Maybe now we know why Verizon takes forever for OS updates

These revelations are going to kill US based tech companies overseas sales

 

[Kaido]

The NSA needed physical access to the iPhones to get that level of control

http://www.engadget.com/2013/12/30/nsa-can-hack-wifi-devices-from-eight-miles-away/

 

[Apex]

It's also on DailyTech. "the NSA claims its malware attacks on Apple devices 'never fail."

Yep, Business Insider has had a few articles about it recently too. The war of words is heating up for this new year.

http://www.businessinsider.com/apple-anger-on-the-nsa-iphone-hacking-2013-12

Apple claims to not be happy about it:

The company said it was unaware of the NSA's hacking program, called "DROPOUTJEEP," and that it was working to end the breach. But note that Apple's statement went out of its way to portray the U.S. government as a security threat:

We will continue to use our resources to stay ahead of malicious hackers and defend our customers from security attacks, regardless of who’s behind them.

 

[lopri]

Apple's denial is laughable. If anything I wondered about a possible connection with this and iPads not getting fingerprint identification. XD

Try using Tor + VPN on your Android and Google will soon ask you to fax over your government issued IDs.

Don't look at the Constitution - James Madison's head would explode trying to understand smartphones. Likewise, judges are not equipped to deal with advancing technology. While it's a long shot, the only shot we have (that will last) is through legislative bodies.

 

[Joe1987]

Apple's denial is laughable. If anything I wondered about a possible connection with this and iPads not getting fingerprint identification. XD

Try using Tor + VPN on your Android and Google will soon ask you to fax over your government issued IDs.

Don't look at the Constitution - James Madison's head would explode trying to understand smartphones. Likewise, judges are not equipped to deal with advancing technology. While it's a long shot, the only shot we have (that will last) is through legislative bodies.

The fingerprint thing is massively overblown.

 

[WelshBloke]

I have a sneaking suspicion that the carrier updates to Android have backdoors built into them,

I suppose there's always open source AOSP based stuff to fall back on.

These revelations are going to kill US based tech companies overseas sales

It's not making me feel that cosy about buying a Moto phone I have to say.

 

[stlc8tr]

http://www.engadget.com/2013/12/30/nsa-can-hack-wifi-devices-from-eight-miles-away/

"Exploitable Targets include ... running Internet Explorer 5.0-6.0."

If you're running IE5 or IE6, you should be hacked as punishment.

 

[WelshBloke]

"Exploitable Targets include ... running Internet Explorer 5.0-6.0."

If you're running IE5 or IE6, you should be hacked as punishment.

TBF that system was from 2008, I can only presume that they have also moved with the times and have access to more modern systems now.

Makes me wonder how complicit Microsoft is/was in allowing this through.

 

[Brian Stirling]

Yeah, at this point you have to assume the NSA and many other government and non-government groups are doing this and more. We let business data mine or data for profit and spy agencies want that info to.

In fact, I think government and business are in a kind of mutual parasitic relationship in that government lets business get away with data snooping and storage because the spy agencies want that data collected so they can have it to. And, business, it seems, will tolerate government snooping on this data so long as the government doesn't step in to limit their use of it.

The days of "we the people" are long gone and we are to blame for letting it happen. Too many even here on this site seem to be OK with the data mining thing and there indifference has given the spies, both in government and in business, a free reign to do as they please.

Meanwhile, the folks that are supposed to be the targets of these spying efforts have long since removed themselves from the grid and conduct business in person -- no phone, email, text, or even snail mail involved. The NSA's efforts, in short, are near useless at stopping big terror attacks but have obliterated the US Constitution!


Brian

 

[dainthomas]

If the NSA isn't able to remotely break into anyone's phone and get whatever they want, I want my tax money back. I thought that was their thing?

 

[Kaido]

Yeah, at this point you have to assume the NSA and many other government and non-government groups are doing this and more. We let business data mine or data for profit and spy agencies want that info to.

In fact, I think government and business are in a kind of mutual parasitic relationship in that government lets business get away with data snooping and storage because the spy agencies want that data collected so they can have it to. And, business, it seems, will tolerate government snooping on this data so long as the government doesn't step in to limit their use of it.

The days of "we the people" are long gone and we are to blame for letting it happen. Too many even here on this site seem to be OK with the data mining thing and there indifference has given the spies, both in government and in business, a free reign to do as they please.

Meanwhile, the folks that are supposed to be the targets of these spying efforts have long since removed themselves from the grid and conduct business in person -- no phone, email, text, or even snail mail involved. The NSA's efforts, in short, are near useless at stopping big terror attacks but have obliterated the US Constitution!Brian

Um, barring the Boston bombing, we haven't had a major terrorist attack here since 9/11, so I'd say they are doing pretty good so far...

People are okay with it because what choice do they have? The majority of the population isn't going to move to overthrow domestic spying, partially because you can't have 100% security with 100% privacy and partially because if we ban it, they'll just find another backdoor loophole and do it anyway without telling anyone again. And everyone enjoys using free services...Facebook, Anandtech forums, Twitter, Google Search, Youtube, Gmail, etc. No one is disappearing at night like in the Hitler days. No one is beating me up on the streets. The worst I get is some junk mail in my mailbox and some targeted web advertisements. The reality is that yes, they've kind of gone overboard on data collection, but you have to make some sacrifices to enjoy some security, and no system is perfect (note: not to be an apologist at all, just sayin').

So meh. We can complain about it all day, but based on the general reaction of the Internet, you, me, and about 10 other people would be the only ones petitioning the government to reduce data collection lol. Most people don't really care enough to take any kind of action.

 

[Brian Stirling]

Um, barring the Boston bombing, we haven't had a major terrorist attack here since 9/11, so I'd say they are doing pretty good so far...

People are okay with it because what choice do they have? The majority of the population isn't going to move to overthrow domestic spying, partially because you can't have 100% security with 100% privacy and partially because if we ban it, they'll just find another backdoor loophole and do it anyway without telling anyone again. And everyone enjoys using free services...Facebook, Anandtech forums, Twitter, Google Search, Youtube, Gmail, etc. No one is disappearing at night like in the Hitler days. No one is beating me up on the streets. The worst I get is some junk mail in my mailbox and some targeted web advertisements. The reality is that yes, they've kind of gone overboard on data collection, but you have to make some sacrifices to enjoy some security, and no system is perfect (note: not to be an apologist at all, just sayin').

So meh. We can complain about it all day, but based on the general reaction of the Internet, you, me, and about 10 other people would be the only ones petitioning the government to reduce data collection lol. Most people don't really care enough to take any kind of action.

Um, the Boston Bombing is an interesting point here ... all the NSA tools had no effect on preventing that attack even though our intelligence agencies had been made aware of there suspicious activities long before the day of the bombing. A similar case can be made for 911 itself in that there were numerous sources of information, from within the FBI and elsewhere, that were pointing to suspicious activities at several flight training centers.

And again, it took 10 years to get Bin Laden because he went off the grid and was therefore immune from NSA snooping. We found out about a human courier and then followed him to Bin Laden's door. Sweeping up every Americans total communications activities did nothing to find him.

Yes, far too many folks seem to be OK with businesses collecting data on us -- no argument there. Interestingly, the recent federal court ruling out of New York, that OK's the use of these data capture methods, goes on to state that the government spying isn't as bad as what business is doing. He maybe correct in that, but that's an unacceptable defense of the NSA's practices. Kind of like saying to the judge that I shouldn't have to pay a fine for speeding because I was only going 10mph over the limit while others were going faster.

In the end, about all this vast spying is ever likely to stop is the handful of little guys planning attacks. The major players are off the grid and lone wolves aren't talking to anyone.

But hey, we COULD really lower street crime if we allowed police to enter anyones home and look for anything illegal. In fact, we could probably cut street crime by 75% or more if we allowed the police to enter our homes and businesses at will and without warrant.

But at what price?


Brian

 

[Doomer]

The NSA doesn't give a rats ass about terrorism, their goal is to enslave and control the masses.

 

[Bateluer]

The NSA doesn't give a rats ass about terrorism, their goal is to enslave and control the masses.

Don't social media, crappy US news sites, and pop music do that already?