Researchers working for the CIA were involved in a “multi-year, sustained effort” to crack security measures and undermine encryption on Apple devices, The Intercept reports, citing top secret documents leaked by Edward Snowden. The documents were presented at one of clandestine annual security conferences known as the “Jamboree.” The CIA-sponsored forums took place annually for nearly a decade, while the leak covers the period of 2006 to 2013.
Though the report does not provide the details of any successful operations waged against Apple, the documents describe several methods US intelligence officers were using to attempt to infiltrate the tech giant’s products.
One of the most egregious revelations detailed by The Intercept was an attempt to create a dummy version of Xcode — the tool used to create many of the apps sold the Apple App Store. If successful, this could allow spies to insert surveillance “backdoors” into any app created using the compromised development software.
The docs also claim that the CIA was actively working to crack encryption keys implanted into Apple mobile devices that secured user data and communications. The news has spurred backlash amongst security experts on Twitter and will likely prompt heighted security audits from Apple developers. The revelations are expected to strain already tense relations between the company and the US government.
A spokesperson for Apple pointed to previous statements by company CEO Tim Cook on privacy, but did not comment further on the breach. “I want to be absolutely clear that we have never worked with any government agency from any country to create a backdoor in any of our products or services,” Cook wrote last year. “We have also never allowed access to our servers. And we never will.”
Previously Apple was said to have cooperated with the US government’s Prism program, a legal backdoor which allowed the NSA and other security agencies to obtain user information.
However, following the first batch of Snowden revelations about NSA surveillance, Apple said it ramped up its efforts to protect user privacy aiming to restore user trust. Last fall, the company changed its encryption methods for data stored on iPhones, a move it said meant it had no longer had a way to extract user data, even if ordered to with a warrant.
Security researchers warned that the tactics would set a dangerous precedent for mobile privacy.
“Every other manufacturer looks to Apple. If the CIA can undermine Apple’s systems, it’s likely they’ll be able to deploy the same capabilities against everyone else,” Matthew Green, a Johns Hopkins cryptographer, told The Intercept. “Apple led the way with secure coprocessors in phones, with fingerprint sensors, with encrypted messages. If you can attack Apple, then you can probably attack anyone.”
US President Barack Obama as well British Prime Minister David Cameron expressed disapproval at such measures, cautioning that increased privacy for users may prevent governments from tracking extremists planning attacks.