New in OS X: Get MacRumors Push Notifications on your Mac

Resubscribe Now Close

NSA Was Able to Capture Live Data From Compromised iPhones in 2008, Including Live Camera, GPS, and More

The U.S. National Security Agency could retrieve a vast array of data from compromised iPhones according to an NSA document from 2008 leaked by German magazine Der Spiegel and security researcher Jacob Appelbaum. (via Forbes)

According to the report, the NSA could install special software onto iPhones as part of a program called DROPOUTJEEP, that provides significant access to user data and other relevant information.
DROPOUTJEEP is a software implant for the Apple iPhone that utilizes modular mission applications to provide specific SIGINT functionality. This functionality includes the ability to remotely push/pull files from the device. SMS retrieval, contact list retrieval, voicemail, geolocation, hot mic, camera capture, cell tower location, etc. Command, control and data exfiltration can occur over SMS messaging or a GPRS data connection. All communications with the implant will be covert and encrypted
The NSA in 2008 claimed a 100 percent success rate in installing the software on phones it had physical access to, and it's possible that the spy agency has improved its software so it can be installed remotely or via some sort of social engineering, something that was specifically mentioned in the documents. It's also possible that Apple has closed the security holes the NSA was using, making it more difficult to compromise iOS devices in this manner.

A separate report says that American spy agencies have intercepted shipping packages -- something the NSA calls method interdiction -- containing new electronic devices destined for specific targets, installed special spy software on those devices, and then sent them on their way. One report calls the shipping disruptions some of the "most productive operations" conducted by the NSA.

Appelbaum said in a talk at the Chaos Communication Congress this weekend that he believes Apple assisted the NSA in its spying efforts though he cannot prove it and he hopes Apple will clarify what assistance they do or do not give the NSA. In addition, the NSA has targeted and cracked a number of different smartphones including those running the Android and BlackBerry operating systems.

The relevant portion of his talk begins at 44:30 in the below video.

Earlier in December, Apple CEO Tim Cook and more than a dozen other tech executives met with President Obama to discuss NSA surveillance tactics, following an open letter that Apple and seven other technology companies sent to the President and Congress asking the Government to reform its surveillance tactics.

Note: Due to the political nature of the discussion regarding this topic, the comment thread is located in our Politics, Religion, Social Issues forum. All MacRumors forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Top Rated Comments

(View all)

65 months ago
If those bastards do anything to tamper with my 2008 Doodle Jump high scores, I'm going to lose it!
Rating: 28 Votes
65 months ago

1) ...
I'm not sure why one would be worried about that in the professional world unless they were into wrongdoing.

really? It's called the Fourth Amendment to the U.S. Constitution. and everyone should be worried that the American police state run amok violates it with impunity.
Rating: 19 Votes
65 months ago
Keywords here are: Physical Access

In other words, they couldn't do in (in 2008) through sheer software; unless they somehow managed to use jailbreaking for their benefit.

However, what really bothers me very much is the interception of packages. That really is irksome. More reason to perform a full Restore [when I get them first time] on all my devices like I have always done.
Rating: 15 Votes
65 months ago
ugh that whole NSA thing is so sick ... thats all ... (hey nsa no need to look into me)
Rating: 15 Votes
65 months ago

that whole 4th amendment obsession is so weird to me like isnt it dated by now. stuff that made a bit of sense back then shouldnt be the holy grail that can never be wrong now in 2013/14

Dated? After less than 250 years? The Roman Empire lasted over 2000 years. Will the American Empire last that long?

What exactly is it about "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures..." that you think is "dated"?

It was actually incredibly well-written to apply just as precisely today as it did then.
Rating: 13 Votes
65 months ago
This is only going to hurt the U.S. economy in the long run. The internet economy is nothing without trust. The rest of the world will innovate and seal us off like a plague. We aren't always going to be top dog when it comes to technology. I'd bail on using U.S. Internet companies too except that I'm in the U.S., so I'm screwed either way. Without privacy we might as well be animals in a zoo. The government will feed us, give us health care, watch our every move. We only need to hand over our soul and basic right to freedom.

The majority of people won't complain until their TV goes out, and even then they'll be too obese to do anything about it. The control is slowly tightening. The government can get away with anything when they control access to basic necessities. It is in man's nature to be corrupt and seek power. Why are we slowly tearing down the limitations our forefathers put on the greed of man? We might as well quarter soldiers in every household to watch those who say they aren't doing anything wrong and declare a supreme king to rule us from on high. History repeats itself if we don't pay attention to it. Great empires are always falling. The U.S. is not immune. What makes us special in the history of the world is our freedom and if we let that erode away into nothing then we fail and the great American experiment will come to a tragic end.
Rating: 12 Votes
65 months ago
This doesn't surprise me at all. Everyone needs to understand it doesnt matter what device you are using. PC, Mac, iOS, android, windows phone. It does not matter. The NSA can hack it and control everything. There is no reason to think otherwise. Anything and everything you do on or with your computing devices is accessible to the NSA in one way or another. There is nothing you can do except maybe make it slightly more difficult for them.
Rating: 11 Votes
65 months ago

Not like the NSA cares about me but still :p

Don't sell yourself short, the NSA cares about everyone.


And how did they manage to re-seal and repackage the devices so the consumer wouldn't know? And how is it that no one from Fed Ex or UPS leaked that this was going on?

My guess is they would do this at customs.
Rating: 10 Votes
65 months ago

Of course tinfoil hat crowd will claim Apple was allowing it to be installed at Foxconn factories. Too many people in Alex Jones territory these days which is scary.

oh my.

physical access to factories is trivial for the NSA, with or without Apple assistance. the only scary part is that there are others who turn a blind eye to the totalitarian police state in these first decades of its emergence.
Rating: 10 Votes
65 months ago

1) secure from whom? if you're worried that the US government is going to see your data, then I guess you'd have something to worry about, but I'm not sure why one would be worried about that in the professional world unless they were into wrongdoing. In the professional world I consider the chief goal of keeping data secure is to keep it secure from competitors who may want to get a leg up, and from hackers who would want to just want to see the world burn because its fun. There are a few others reasons of course including when dealing with PII data but those are the top threats IMO. The only time I'd be worried about a government spying on me is when the government is communist or like because they could be spying in order to pass competitive secrets to state-sanctioned corporations in order to give competitive advantages which goes back to the competitive reasons.

2) Do you really think a UK based company or any other country really is going to do anything less? US got caught this time... doesn't mean others don't do it.

Doesn't matter whether or not you have something to hide, it's about the principle. Would you willingly accept the NSA putting cameras in your home? No? Why not if you've nothing to hide? It's an invasion of privacy. Without that we have no freedoms whatsoever.

I don't trust the UK government either. They're just lapdogs for the Americans. I will only use cloud services based in certain countries like Scandinavia. Better still I've gone back to using flash drives instead of the cloud.
Rating: 8 Votes

[ Read All Comments ]