According to the reports published on Tuesday in The Intercept, the United States Central Intelligence Agency has been working to break the iOS security code for years. These allegations have been levelled against CIA, based on the documents which were provided by NSA whistle-blower Edward Snowden.The documents suggest that researcher who have been working who have been working with the agency have presented their achievements and tactics at the Trusted Computing Base Jamborees, a secret annual gathering being held for decades. The documents suggest that the agency have been trying to use non-invasive as well as physical techniques to penetrate Apple’s encrypted firmware with the aim of plant malicious code on Apple devices and to find potential vulnerabilities in the devices as well.
As per Eric Cowperthwaite, who is vice president for advanced security and strategy at Core Security, breaking the security code of Apple will mean taking control over a major portion of the market. This is mainly because iOS are made secure making it the most prominent target. Attempts from the CIA, and other agencies like the NSA can affect the ecosystem by means of tampering the trust and security.
Reports suggest that CIA has created a tainted version of Apple’s Xcode integrated development environment which can allow the users to get a sneak peak from the backdoors of the programs and apps developed by iOS. Report also suggests that a key-logger has been installed as well.
Collaboration between public and private sector:
CIA’s Information Operations Centre has sponsored the work carried out by the researcher at the Sandia National Laboratories, which was presented at the jamborees. Even the NSA personnel was said to be part of the jamborees held in 2012. The use of overt cyber-snooping and forced intellectual property disgorgement can provoke responses from government as well as the private companies.
Tax dollars at work:
According to Philip Lieberman, president of Lieberman Software, Intelligence-gathering techniques requires evaluation and use of different types of means and methods. This needs to be carried out at low cost as well as quickly. The CIA activities are supposedly part of a secret U.S. government program, which has the aim of breaking the authentication and encryption of communications products. Both iCloud and iOS have been repeatedly hacked. The iOS hacking last year revealed a lot of vulnerabilities at the Hope/X hackers’ conference in New York.
Should this be a concern to any enterprise? As per Vera-code VP of Security Research Chris Eng, most of the enterprises won’t be flexible against a nation-state or intelligence community adversary neither they have to be worried about any nation state. It all depends on Apple now if they will start selling products which are basically CIA proof. Lieberman added that Apple has to consider creating a balance between national defence and privacy. He stated that there is no need for the company to look out for a specific path; they only need to ensure that stakeholders are satisfied about their national and private security.