Documents leaked yesterday by Der Spiegel appear to show that the United States National Security Agency (NSA) can easily access virtually every area of Apple Inc.’s iPhone, in addition to being able to access other devices as well.
NSA spyware known by the name DROPOUTJEEP can apparently access just about any information contained in an iPhone with little effort. DROPOUTJEEP is just one of the tools that the NSA’s Advanced or Access Network Technology (ANT) division utilizes in the course of gathering information, with any number of other methods also being used to gain access to a variety of devices.
DROPOUTJEEP was specifically developed to target the iPhone in 2008. The leaked documents did not reveal any information about the use of DROPOUTJEEP in versions of Apple’s operating system since iOS 5. According to some, then, it seems likely that iPhones operating with more recent versions of iOS are probably not vulnerable to such an attack. Historically Apple has been quick to address vulnerability to security issues with each new iteration of iOS, and Apple customers are generally quick to update as newer versions become available as well. The existence of the spyware alone, however, is still worrisome.
The leaked documents show that voicemail, contact information, communication via instant messaging apps, photos and even location could be easily accessed. The spyware allows the NSA to remotely push or pull files from a device. Reportedly, the camera and microphone on the iPhone can also be remotely activated with the use of DROPOUTJEEP. According to leaked documents, it appears that at the time of the documentation, DROPOUTJEEP had been installed only by “close-access methods,” though there was discussion of developing methods for remote installation going forward. It is unknown whether that work was ever completed.
As part of a presentation at a conference yesterday, journalist and security researcher, Jacob Appelbaum, also discussed DROPOUTJEEP. His presentation reportedly included speculation as to whether Apple Inc. itself has had anything to do with development of the spyware in conjunction with the NSA or if Apple Inc. could have allowed the NSA the covert access. Appelbaum said that he hoped Apple “would clarify that.”
Apple Inc. did, indeed, offer clarification, responding quickly to such speculation with a strong statement today. The tech giant specifically denied any involvement whatsoever in working with the NSA to create DROPOUTJEEP or any other method of covert access to the iPhone or any device that they manufacture. They further said that they consider their customers’ security of the utmost importance and that they would continue to try to protect customers from “security attacks, regardless of who’s behind them.” Apple Inc. claims to have been completely unaware of the NSA’s spyware targeting its iPhones.
Apple Inc. has long emphasized its superior security as an advantage to its products over those produced by competitors. The statement today did not neglect to stress this as well, referring to Apple Inc.’s “industry-leading security.”
Though DROPOUTJEEP appears to have been intended to specifically target only Apple, Inc.’s iPhones, the iPhone is only one of many devices that is vulnerable to backdoor access and covert surveillance through easy NSA access methods. The leaked documents also include information about “dozens of devices and methods,” all reportedly contained within a 50-page catalogue of “hacking tools.”
By Michele Wessel