Documents provided by U.S. National Security Agency whistleblower Edward Snowden reveal that the Central Intelligence Agency (CIA) has for years tried to crack the security of Apple devices, including iPhones and iPads. CIA and other security researchers have been meeting annually at a secret gathering called the Trusted Computing Base (TCB) Jamboree to share findings and strategies for breaking into Apple devices and other electronics, according to an article published Tuesday by The Intercept.
The Intercept also posted online a document provided by Snowden inviting attendees to a TCB Jamboree at the Lockheed Martin Dulles Executive Plaza in Herndon, Virginia. The document noted that the 2012 Jamboree would have been the seventh such annual gathering.
That would mean the first Jamboree was held one year before Apple released its first iPhone, according to The Intercept. In addition to trying to break the keys used to encrypt data on Apple devices, security researchers also developed their own version of Apple's Xcode development environment with the goal of creating backdoor access to iPhones and iPads, according to The Intercept report.
'Fundamentally a Scandal'
Peter Eckersley, Technology Projects Director with the Electronic Frontier Foundation (EFF), told us that the latest report reveals a "calculated, organized and ruthless" campaign by the U.S. surveillance agencies to crack the security of Apple products. "It's fundamentally a scandal anytime a well-funded agency is trying to undermine the security" of products made by a U.S.-based company, he said.
By comparison, the Superfish adware recently found on Lenovo devices was "the bumbling, amateur commercial version of what the NSA does in a much more subtle and sophisticated way," Eckersley said.
He added that the newly revealed attempts to create security vulnerabilities in Apple devices are likely not exclusive to U.S. spy agencies. Any country with a well-funded government security infrastructure -- including Russia, China, Israel and Iran -- is likely to be exerting similar efforts, he said.
For technology companies like Apple and others, that means redoubling efforts to improve security and encryption protections, Eckersley said. "We really need to lift our game," he said.
Apple 'Not a Treasure Trove'
Other presentations at the TCB Jamboree "have focused on the products of Apple's competitors, including Microsoft's BitLocker encryption system, which is used widely on laptop and desktop computers running premium editions of Windows," The Intercept noted.
Speaking in a televised interview with Charlie Rose in September, Apple CEO Tim Cook said his company is "not the treasure trove" of data for government surveillance agencies. "I don't think that the country, or the government's found the right balance. I think they erred too much on the collect-everything side," he said at the time.
A new initiative led by the Internet Security Research Group, the EFF and other organizations aims to make it easier for Web sites to encrypt their data to ensure better security and privacy for users. The Let's Encrypt program expects to launch a new certificate authority offering for secure browsing this summer, according to Eckersley.
While information security attackers might always seem to have an edge, technology companies can better protect themselves and their customers by investing more in improved security, Eckersley added. "We need to be spending 10 times more on defense," he said.
Read more on: NSA
, Edward Snowden
, Network Security
, Data Security
, Top Tech News
Posted: 2015-03-11 @ 11:02am PT
Mr. Cook is right and this attitude drives the premium price for iDevices, unlike Google that sells its users to advertisers for a few cents. It does not surprise me that the government agencies wasted taxpayers' money in the futile attempt to collect everything from iDevices, instead of being more conscious about what they are being paid for.