The Intercept is reporting that the US Central Intelligence Agency (CIA) researchers have been waging a multi-year campaign to break the security systems used by Apple on its devices.
Top-secret documents obtained by the website via Edward Snowden describe that the researchers have been "targeting essential security keys used to encrypt data stored on Apple's devices". The report explains they used both "physical" and "non-invasive" techniques in an attempt to decrypt Apple's encrypted software systems. Over the last few years, researchers had apparently developed tools that could be used to extract encryption keys using both software and hardware—though details of how they worked remain unclear.
The researchers also created a modified version of Xcode, Apple's software development tool which is used to code apps that appear on the App Store. In the leaked documents, it's described how this version of the software could be used to build backdoors into software created using the program, thus providing the ability to obtain passwords, read messages or even "force all iOS applications to send embedded data to a listening post". There's no explanation of how this compromised version of Xcode would be used in the wild. Elsewhere, researchers developed a modified OS X updater that could install a keylogger to capture similar information.
The Intercept explains that many of these projects were described in detail at a secret annual 'Trusted Computing Base Jamboree', which has been running for almost a decade at a Lockheed Martin facility in northern Virginia and is now sponsored by the CIA. Apparently the events sees security researchers meeting to discuss how they could expose and abuse flaws in household and commercial electronics. An internal NSA wiki explained that the conference provided a forum for "presentations that provide important information to developers trying to circumvent or exploit new security capabilities" to "exploit new avenues of attack".
We may be able to take some small shred of comfort form the fact that the documents don't explain how successful the attempts on Apple's encryption systems were. Neither do they explain if any of the developed techniques were used to secure intelligence. That may be in part because of Apple's high standards. As Matthew Green, a cryptographer at Johns Hopkins University, told The Intercept: "Apple led the way with secure coprocessors in phones, with fingerprint sensors, with encrypted messages. If you can attack Apple, then you can probably attack anyone."
We may not need to worry about Apple's systems being compromised by CIA research, though Apple did decline a request from The Intercept to comment on the news so we can't be sure. These documents serve to remind of the thirst among the world's authorities to see what they can't easily see; to peer at our secrets and learn ever more about us. [The Intercept]
Image by Mikhail Esteves under Creative Commons license