Just as Apple unveils what it hopes will be its game-changing Apple Watch, new Snowden documents given to the Intercept reveal that the tech giant was the target of a proposed CIA cyber surveillance program.
Research was conducted on various ways of breaching the encryptions, some “physical” and some “non-invasive.”
One such plan was the forging of a phony, government-approved version of Apple’s Xcode software. That software serves as a template, and is used by hundreds of thousands of independent developers to create the apps we all know and love. Flappy Bird, Angry Birds, iBird Pro Guide to Birds. Any of these app developers who used the CIA counterfeit software would unknowingly infect millions of devices.
Once infected, intelligence agencies could then steal user passwords. The phony Xcode could also “force all iOS applications to send embedded data to a listening post,” according to the documents.
A third, purportedly less effective technique the CIA researched, was a hacking method known as a “side channel” attack. That technique involved monitoring the processor of an individual device as it went through an encryption process. Researchers hoped to mimic the processor’s activity pattern to gain deeper access into the users’ software.
“If US products are ok to target, that’s news to me,” Matthew Green of the Information Security Institute at John Hopkins University told the Intercept. “Tearing apart the products of US manufacturers and potentially putting back doors in software distributed by unknowing developers all seems to be going a bit beyond ‘targeting bad guys.’ It may be a means to an end, but it’s a hell of a means.”
Other cybersecurity experts weren’t terribly surprised by the revelations.
The documents do not reveal how successful any of these surveillance methods have proven, but just last month Apple CEO Tim Cook addressed his concerns about government intrusion into the private tech industry.
“If those of us in positions of responsibility fail to do everything in our power to protect the right of privacy, we risk something far more valuable than money. We risk our way of life.” Cook said during a speech at the cybersecurity summit, only moments before President Obama took the stage.
The tech industry has had a complicated relationship with the White House ever since the Snowden revelations revealed the extent of NSA’s spying apparatus. At the same time that consumers have expressed increased concerns about data privacy, the Obama administration is urging companies to willfully provide information in the name of national security.