Alwaght-Researchers
working for the CIA were involved in a “multi-year, sustained effort” to crack
security measures and undermine encryption on Apple devices, The Intercept
reports, citing top-secret documents leaked by Edward Snowden, as Russia Today reported.
The documents
were presented at one of clandestine annual security conferences known as the
“Jamboree.” The CIA-sponsored forums
took place annually for nearly a decade, while the leak covers the period of
2006 to 2013.
Though the
report does not provide the details of any successful operations waged against
Apple, the documents describe several methods US intelligence officers were
using to attempt to infiltrate the tech giant’s products.
One of the most
egregious revelations detailed by The Intercept was an attempt to create a
dummy version of Xcode — the tool used to create many of the apps sold the
Apple App Store. If successful, this
could allow spies to insert surveillance “backdoors” into any app created using
the compromised development software.
The docs also
claim that the CIA was actively working to crack encryption keys implanted into
Apple mobile devices that secured user data and communications.
The news has
spurred backlash amongst security experts on Twitter and will likely prompt
heighted security audits from Apple developers.
The revelations are expected to strain already tense relations between
the company and the US government.
A spokesperson
for Apple pointed to previous statements by company CEO Tim Cook on privacy,
but did not comment further on the breach.
“I want to be absolutely clear that we have never worked with any
government agency from any country to create a backdoor in any of our products
or services," Cook wrote last year. "We have also never allowed
access to our servers. And we never will."
Previously
Apple was said to have cooperated with the US government’s Prism program, a
legal backdoor that allowed the NSA and other security agencies to obtain user
information.
However,
following the first batch of Snowden revelations about NSA surveillance, Apple
said it ramped up its efforts to protect user privacy aiming to restore user
trust. Last fall, the company changed
its encryption methods for data stored on iPhones, a move it said meant it had
no longer had a way to extract user data, even if ordered to with a warrant.
Security
researchers warned that the tactics would set a dangerous precedent for mobile
privacy.
"Every other
manufacturer looks to Apple. If the CIA can undermine Apple’s systems, it’s
likely they’ll be able to deploy the same capabilities against everyone else,”
Matthew Green, a Johns Hopkins cryptographer, told The Intercept. "Apple led the way with secure
coprocessors in phones, with fingerprint sensors, with encrypted messages. If you can attack Apple, then you can
probably attack anyone."
US President
Barack Obama as well British Prime Minister David Cameron expressed disapproval
at such measures, cautioning that increased privacy for users may prevent
governments from tracking extremists planning attacks.
A US
intelligence official told CNBC on Tuesday that such tactics were simply
standard practice for American security agencies.
"That's what we
do. CIA collects information overseas, and this is focused on our adversaries,
whether they be terrorists or other adversaries," the official said. "This isn't just about Apple or
Microsoft. There is a whole world of
devices out there, and that is what we are going to do. It is what it is."
