Snowden Docs: CIA Tried to Hack Apple for Years

Just as Apple unveils what it hopes will be its game-changing Apple Watch, new Snowden documents given to the Intercept reveal that the tech giant was the target of a proposed CIA cyber surveillance program.

According to the documents – dated from 2012 and obtained directly from the NSA’s internal systems – the CIA made an active effort to plant dummy software and digital backdoor access into Apple products. This would effectively allow both the CIA and NSA to glean information from not only individual hardware, but also app software used by millions.

Research was conducted on various ways of breaching the encryptions, some “physical” and some “non-invasive.”

One such plan was the forging of a phony, government-approved version of Apple’s Xcode software. That software serves as a template, and is used by hundreds of thousands of independent developers to create the apps we all know and love. Flappy Bird, Angry Birds, iBird Pro Guide to Birds. Any of these app developers who used the CIA counterfeit software would unknowingly infect millions of devices.

Once infected, intelligence agencies could then steal user passwords. The phony Xcode could also “force all iOS applications to send embedded data to a listening post,” according to the documents.

The documents also claim that CIA engineers had managed to manipulate Apple’s OS X updater. This tampering would allow the agency to install a “keylogger” program on laptops and desktop computers. Once installed, that program would record users’ keystrokes and deliver the data to intelligence agencies.

A third, purportedly less effective technique the CIA researched, was a hacking method known as a “side channel” attack. That technique involved monitoring the processor of an individual device as it went through an encryption process. Researchers hoped to mimic the processor’s activity pattern to gain deeper access into the users’ software.

“If US products are ok to target, that’s news to me,” Matthew Green of the Information Security Institute at John Hopkins University told the Intercept. “Tearing apart the products of US manufacturers and potentially putting back doors in software distributed by unknowing developers all seems to be going a bit beyond ‘targeting bad guys.’ It may be a means to an end, but it’s a hell of a means.”

Other cybersecurity experts weren’t terribly surprised by the revelations.

“Spies gonna spy,” Steven Bellovin, former chief technologist for the US Federal Trade Commission, told the Intercept. “I’m never surprised by what intelligence agencies do to get information. They’re going to go where the info is, and as it moves, they’ll adjust their tactics. Their attitude is basically amoral: whatever works is ok.”

The documents do not reveal how successful any of these surveillance methods have proven, but just last month Apple CEO Tim Cook addressed his concerns about government intrusion into the private tech industry.

“If those of us in positions of responsibility fail to do everything in our power to protect the right of privacy, we risk something far more valuable than money. We risk our way of life.” Cook said during a speech at the cybersecurity summit, only moments before President Obama took the stage.

The tech industry has had a complicated relationship with the White House ever since the Snowden revelations revealed the extent of NSA’s spying apparatus. At the same time that consumers have expressed increased concerns about data privacy, the Obama administration is urging companies to willfully provide information in the name of national security.