For most people, Apple's new smartwatch might be a new expensive ornament for your wrist. For the CIA, well, it's just another device to hack.
According to documents provided by NSA whistleblower Edward Snowden to The Intercept, the CIA has been working since 2006—a year before the iPhone was released to the public—on ways to crack the security measures in Apple's devices. And this wasn't led by some poindexters in a dingy backroom at the CIA's headquarters in Langley. Quite the opposite, really: The Agency sponsored a secret annual conference that that was dedicated to showcasing Apple-device hacking efforts. The event was dubbed "Jamboree," and it was a literal hacker party.
The event was held at the Lockheed Martin facility in north Virginia from a period spanning at least from 2006 to 2013. Lockheed Martin is a private aerospace, defense, security, and technology company that works closely with the government, having worked on projects for the Pentagon, CIA, and the NSA. They also own Sandia Labs, whose researchers gave the presentation "Strawhorse: Attacking the MacOS and iOS Software Development," during the 2012 Jamboree. The Sandia Labs talk displayed ways to compromise Xcode, Apple's suite of software development tools for apps, to take passwords and messages from iPhones and iPads, and disable tools that Apple had setup to protect user information on their servers. The only thing they would need is a way to get developers to use their version of Xcode.
Other Jamboree presentations looked at physical ways of breaking into Apple's devices, and modifying iOS updates for iPhones and iPads. One talk, called, "Rocoto: Implanting the iPhone," looked at ways to use jailbreaking—a way to for iPhone users to manipulate iOS so that they could do more things with their devices than Apple intended them to—for their own purposes. There was also a plan to compromise the update tool for OS X, so that it would record whatever you typed into your Mac.
Should you be afraid if you use an iPhone? Well, none of the documents reveal how successful the CIA has been with their efforts, or detail any specific times where the Agency used their tactics on a real target. But as one security researcher told The Intercept, "If you can attack Apple, then you can probably attack anyone."
1.
These revelations are, of course, bad for Apple—they have their work cut out for them when the government is constantly at work undermining their security efforts—but at the same time, they show that Apple isn't working with the government to give them a backdoor to their servers, which was a big concern back when the Snowden leaks first dropped in 2013.
"I want to be absolutely clear that we have never worked with any government agency from any country to create a backdoor in any of our products or services," Apple CEO Tim Cook wrote last year, since the leaks were also a PR disaster that could have threatened the company's relationship with its users. "We have also never allowed access to our servers. And we never will." Since then, a number of new companies have been founded that feature privacy as a selling point for their devices, like the Blackphone or the Ind.ie Phone.
Likewise, this round of revelations also show the administration's major hypocrisy. When the American government has dedicated an entire decade to figuring out how to spy on an American company, it's hard to take President Barack Obama seriously when he says companies and government must "work together like never before." (Yeah, it's really like never before.) The president said this during the White House Summit on Cybersecurity and Consumer Protection at Stanford University last month, where, ironically, Tim Cook was one of the few major CEOs to show up.
Senior Google, Yahoo, and Facebook executives all skipped out. It's not a mystery why: the government's credibility when it comes to cybersecurity disappeared just as fast as Christian Bale peaced out of the new Steve Jobs movie.
