NSA Project DROPOUT JEEP Hacked Into Apple iPhones

NSA Project DROPOUT JEEP Hacked Into Apple iPhones


The NSA targeted and hacked into Apple iPhones through their program called DROPOUT JEEP, according to security researcher Jacob Applebaum and Der Spiegel. NSA’s elite hacking unit, TAO, responsible for targeting corporate networks among other things, can even install malware and spyware on smartphones and other devices in the process of their being shipped to customers. Apple denies any complicity in the NSA hacking activities.

Apple iPhones are not the only telecommunications products that the NSA has hacked into, they are just the latest mentioned in the ongoing investigations into the extent that the NSA has conducted such information-collecting activities. The NSA can, and has, also hacked into BlackBerry devices and Android phones as well.

What sort of data has the NSA accessed through hacking into Apple iPhones?

Through the DROPOUT JEEP program, the NSA and their malware has full access to your Apple iPhones. The NSA can, and has, hacked into and collected such information as voicemail, contact lists, text messages, files, and geolocation history, and they can also access and use the iPhone’s microphone and camera.

According to Applebaum speaking at the Chaos Communication Conference in Hamburg, Germany, referring to a leaked NSA document from 2008, the NSA stated that they had a 100 percent success rate in installing malware on Apple iPhones. At that time, the NSA reportedly didn’t have the capability to install its malware remotely, but they had already began project DROPOUT JEEP, just a year after the launch of the iPhone.

Did Apple cooperate with the NSA and their DROPOUT JEEP program?

Jacob Applebaum is one of many people critical of the NSA’s DROPOUT JEEP hacking program who have raised the question of if Apple cooperated with the NSA in their hacking activities, and also at what point Apple became aware of the program. He has stated that he hopes “Apple will clarify that.”

On Tuesday, Apple issued a statement denying that they ever worked with the NSA “to create a backdoor in any of our products, including iPhone.” According to the statement, Apple has “been unaware of this alleged NSA program targeting our products,” and the company cares  “deeply  about our customers’ privacy and security.”

What’s more, Apple Inc., in their statement, refers to the NSA and anyone else who tries to break through their security as “malicious hackers,” and they state that they will continue to make sure that their customers are defended “from security attacks, regardless of who’s behind them.”

Apple, with their statement, becomes the latest tech giant to deny any involvement with the hacking activities of the NSA. Google and Cisco are two other tech giants who have denied any complicity with the NSA or knowledge that their products were being targeted by the NSA.

It is unknown if this recent report by Der Spiegel  about the NSA hacking program DROPOUT JEEP will have any  implications related to Apple’s deal to sell its iPhones via China Mobile’s telecommunications network. However, the news that Apple iPhones are vulnerable to being hacked by U.S. government agencies will likely not be a major selling point to China Mobile’s 700 million customers.

Written by: Douglas Cobb

VentureBeat.com
SFGate.com
IBTimes.com
 

2 Responses to "NSA Project DROPOUT JEEP Hacked Into Apple iPhones"

  1. T   January 1, 2014 at 2:36 am

    At the time this document was allegedly written, there was a well known tiff exploit, and all user space code in the iPhone ran off root credentials. That’s how “JailBreakMe.com” worked, was the tiff exploit. So a DNS attack at the carrier could have easily injected a remote jailbreak.

    If you had physical access to the phone, you could use a tethered jailbreaking tool, but it’s also well known that you could attack the baseband firmware through the SIM slot using custom hardware. You can also pretend to be a cell tower, and do things that way (we have people faking cell towers every once in a while in my neighborhood to get at the the unencrypted network traffic for industrial espionage reasons). Until they moved one of the chips over top of it, you could also get in via the JTAG port, if you could get hold of the phone for long enough, like the other physical/tethered exploits.

    One of the unlock tools relied on the fact that there was a known cryptographic signature bug in the Samsung baseband chip, which would let you rewrite the baseband firmware, at which point the microphone could be turned on undetectably, so game over. This became less of an issue after they hid the flash part serial number, which was used to re-validate the seczone to do the unlock, but to fix the bug, they had to spin new silicon, since the bug was in a masked ROM section of the chips. It’s how you did a carrier unlock on the old Blackberry’s and Sony and Samsung phones that used the same chip.

    Most of the information is available remotely anyway — we used to use URL hacks to listen to our voicemail on our desktops, since it’s basically just a Web server sitting in an AT&T rack that implements Visual Voice Mail. But even so, almost everyone turns on the iCloud sync’ing, which means contacts and other data are sitting on an Apple server in a data center in Virginia, and all you’d have to do to get your copy is pretend to be a cell tower, or DNS attack or BGP attack the phone’s idea of the back end server and pretend to be the iCloud for a single sync operation.

    Oh, and it’s not a very good cell phone if it doesn’t connect to a cell tower anyway, so unless you turn the thing off, the phone company records your location and since they consider it their data, not yours, they’ll happily hand it over when asked/paid. So all the crap this tool supposedly does can be done to any cell phone, including an emergency services override to turn on the microphone, without installing any malware at all.

    Reply
  2. Fill   December 31, 2013 at 9:07 pm

    This is simple jailbreaking. It’s like somebody intercepting your new computer purchase and installing spyware before you receive it. I’m not downplaying the importance, just the technical aspects of this being fairly trivial, especially at the time.

    Reply

Leave a Reply

Your email address will not be published.