Apple just responded to newly released documents claiming that the U.S. National Security Agency has a method for gaining backdoor access to its iPhone. It says it has never worked with the agency, and is unaware of the alleged program targeting the iPhone known as DROPOUTJEEP.
The program was disclosed in a trove of documents leaked yesterday and shared by the security researcher Jacob Appelbaum and the German news magazine Der Spiegel.
Here’s Apple’s statement in full:
Apple has never worked with the NSA to create a backdoor in any of our products, including iPhone. Additionally, we have been unaware of this alleged NSA program targeting our products. We care deeply about our customers’ privacy and security. Our team is continuously working to make our products even more secure, and we make it easy for customers to keep their software up to date with the latest advancements. Whenever we hear about attempts to undermine Apple’s industry-leading security, we thoroughly investigate and take appropriate steps to protect our customers. We will continue to use our resources to stay ahead of malicious hackers and defend our customers from security attacks, regardless of who’s behind them.
According to the Der Spiegel documents, DROPOUTJEEP is software that can be implanted on an iPhone. It provides SIGINT or signals intelligence including the ability to push and pull files from the phone, retrieve text messages, contact lists, voice mail messages, the phone’s location, and turn on the internal microphone and activate the camera. Data can be removed or “exfiltrated” as the slide reads, over wireless data connections.
Here’s another interesting line, which you can read in the original slide below. The initial version requires “close access methods,” which means you have to have physical access to the phone. This would suggest that there’s no way the NSA could be readily installing this on the millions of iPhones around the world and thus spying on them all.
However: The slide goes on to say that future versions of DROPOUTJEEP might be installed remotely, which implies over the air, without physical access.
Also important: The slide dates from October, 2008, back when the iPhone was still relatively new and running on
iOS 5 an much earlier version of iOS*. There’s no indication as yet about any efforts by the NSA’s specialized teams in the Access Network Technology, or ANT division about later phones or later operating systems.
Here’s the original DROPOUTJEEPSLIDE from the NSA’s catalog.
*A few readers have reminded me that iOS 5 didn’t come on the scene until about 2011. I’ve asked Apple to clarify exactly which version of iOS was in use in the fall of 2008.