A report released a couple of weeks ago by The Intercept gave information that researchers within the Central Intelligence Agency (CIA) where engaged in a “multi-year, sustained effort” to try and break the security of Apple’s Iphones and Ipads using modified versions of software towards developers and attempting to crack Apple’s encryption keys.
The researchers began to discuss information about exploiting Apple’s security flaws and ideas on how to sabotage the company’s software at a secret annual meeting called the Jamboree, the Jamboree first began just a year before the first Iphone was released and has been held annually to this day.
“The researchers boasted that they had discovered a way to manipulate Xcode so that it could serve as a conduit for infecting and extracting private data from devices on which users had installed apps that were built with the poisoned Xcode. In other words, by manipulating Xcode, the spies could compromise the devices and private data of anyone with apps made by a poisoned developer — potentially millions of people.”
Xcode is a piece of software used by many Apple developers, the CIA wants to potentially, (and possibly already have) create an infected version of Xcode that would allow back doors into any app created with the infected version. With these back doors the CIA could take anyone’s personal data such as passwords and private messages. The researchers also claimed that the modified Xcode could “force all iOS applications to send embedded data to a listening post.” It is still unclear on how the CIA will make developers use the infected version.
Apple have also said them self that they never have, and never will allow the government to create any back doors in their software, “I want to be absolutely clear that we have never worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers. And we never will.”
The researchers also claimed that they managed to create a modified version of OS X Updater, a program used to send updates to computers, to install a keylogger. Keyloggers are programs that track every key stroke and saves the data for later, with a keylogger installed the attacker will see anything you type.
One of the other things that has been discussed at the Jamboree was about Microsoft’s Bitlocker encryption system which is used vastly in many laptops and computers running premium editions of windows, however, it is still unknown what exactly was said.