The NSA Reportedly Has Total Access To The Apple iPhone

[P. Mason]

http://www.forbes.com/sites/erikkain/2013/12/30/the-nsa-reportedly-has-total-access-to-your-iphone/

 

 

As with most good stories, revelations of the NSA spy program will almost certainly keep getting worse before anything gets better.

Yesterday we reported on claims—based on leaked NSA documents—that the spy agency was rerouting laptops ordered online to install spyware and malicious hardware on the machines.

Laptops are just one device the agency is targeting, however.

Der Spiegel reported on the NSA’s access to smartphones and, in particular, the iPhone back in September. Today, these reports expand to the NSA’s apparent ability to access just about all your iPhone data through a program called DROPOUTJEEP, according to security researcher Jacob Applebaum.

During a speech at the 30th Chaos Communication Congress in Germany, Applebaum revealed some startling information about the program.

From the NSA document in question:

“DROPOUT JEEP is a software implant for the Apple iPhone that utilizes modular mission applications to provide specific SIGINT functionality. This functionality includes the ability to remotely push/pull files from the device. SMS retrieval, contact list retrieval, voicemail, geolocation, hot mic, camera capture, cell tower location, etc. Command, control and data exfiltration can occur over SMS messaging or a GPRS data connection. All communications with the implant will be covert and encrypted.”

 

So its only worse that the people who buy these phones call themselves "liberal". Android is probably also similarly infected.

[Kevin Beal]

Google security team are apparently pretty pissed off about what the NSA is doing. Some data is forced at gunpoint while other data is gathered through illegal means. Story here.

 

 

 

[...]a report in the Washington Post last week that the NSA had gained access to an overseas cable or switch that relayed Google and Yahoo Inc traffic through an unnamed telecommunications provider. The report is the latest revelation based on secret NSA documents leaked by former contractor Edward Snowden.

[cynicist]

I'm looking forward to fully open platforms like Ubuntu to come to phones, but then again we still need to trust that hardware manufacturers aren't doing anything shady so it's better to just assume all of these devices are potentially compromised and speak face to face when you want to guarantee no one is eavesdropping. I trust Google engineers are genuinely outraged but it would be nice if their apps were more transparent. (Android itself is open-source but all Google apps like Youtube/Gmail are proprietary)

[Dorrogeray]

Its not just the iPhone.

 

http://www.scribd.com/doc/194899209/Nsa-Ant-Catalog

 

Its every HW that has any significance.

 

Ubuntu 13.10 has a public keylogger in the new start feature, submiting every search to ubuntu servers. Untill I learned that, I still secretly hoped that Ubuntu might be just a little bit better. I am dissapointed, but not surprised.

 

By the way, these documents are leaking because the time has come to normalize this 1984 nightmare. Its up to us to grasp this unfreeze of the domain of government surveilance, and mold it to our advantage. Make this be the end of it, instead of it being normalized. You dont want to know what will come next if we put up with this.

[cynicist]

Ubuntu 13.10 has a public keylogger in the new start feature, submiting every search to ubuntu servers. Untill I learned that, I still secretly hoped that Ubuntu might be just a little bit better. I am dissapointed, but not surprised.

 

Blah no it does not. Do you consider Firefox to be keylogging software because by default it takes your input and forwards it to Google? For me a keylogger is a malicious piece of software designed to record your keystrokes without you noticing and send them somewhere you don't intend, while also being difficult to disable or remove. Ubuntu's online search mechanism is no different than what Firefox does and is just as easy to disable in privacy settings if you are concerned about it. On top of that I've never seen a 'keylogger' include a privacy disclaimer

[Dorrogeray]

Yes, I kinda do, actually. 95% of people will not disable this, which is a good enough result for data mining. If it would be disabled by default, then it would be acceptable..

 

But that really was the least important part of my post..

[cynicist]

Yes, I kinda do, actually. 95% of people will not disable this, which is a good enough result for data mining. If it would be disabled by default, then it would be acceptable..

 

But that really was the least important part of my post..

 

But then of course 95% of people would not enable it because they wouldn't be able to find it, making it pointless to program in the first place. The goal of it is to include online sources in search and generate a little bit of revenue when you go to sites like Amazon. I'm kind of surprised that you would put that kind of feature in the same category as hidden hardware keyloggers that you have no way to disable.

 

I think it is important how you label things. If you start talking about benign functionality like it is the same as the NSA trying to spy on you then it lowers your credibility imo. Like right now I'm about to look at those documents that you posted but I'm already skeptical of the content inside. It's like the 9/11 truther situation. If they were right about some future conspiracy by the government I might not even know because they already discredited themselves by talking about demolitions going on at one of the towers.

 

http://www.forbes.com/sites/erikkain/2013/12/30/the-nsa-reportedly-has-total-access-to-your-iphone/

 

 

So its only worse that the people who buy these phones call themselves "liberal". Android is probably also similarly infected.

 

I forgot to mention that on the plus side at least all of those instances are software exploits, which are possible to defend against. If it was discovered that hardware manufacturers like Qualcomm were cooperating with the NSA I would be a lot more worried. I think that the odds are low though, only because if people found out nobody would want to buy their phones anymore.

[Dorrogeray]

hidden hardware keyloggers

 

I am not sure what do you mean by "hardware" keylogger. I dont think it matters if its HW or SW keylogger. And yes, it is hidden, since you are not informed about the fact that every key you type into the search function is logged on their servers. This system also enables Amazon and others to put cookies into your computer without your permission. A lot of the people in the linux comunity are rightfully furious about this.

 

As far as the document provided goes, you can just wish it away..

[P. Mason]

Yes, I kinda do, actually. 95% of people will not disable this, which is a good enough result for data mining. If it would be disabled by default, then it would be acceptable..

 

But that really was the least important part of my post..

Where is this setting in firefox? Thanks

[Dorrogeray]

Right click the search bar right to the url bar, click manage search engines. I recomend using startpage.com

[cynicist]

I am not sure what do you mean by "hardware" keylogger. I dont think it matters if its HW or SW keylogger. And yes, it is hidden, since you are not informed about the fact that every key you type into the search function is logged on their servers. This system also enables Amazon and others to put cookies into your computer without your permission. A lot of the people in the linux comunity are rightfully furious about this.

 

As far as the document provided goes, you can just wish it away..

 

Well if the keylogger is done in firmware or on a level inaccessible to users it becomes a lot more difficult to do anything about it since any software you try to use to negate is going to be in the operating system layer. A software keylogger can be removed or thwarted far more easily. And they absolutely do inform you. There is a legal notice in the dash as well as a permanent one in the settings application. Also you are wrong about cookies. One reason the data is sent to their servers is in order to proxy all requests so that sites like amazon don't get unique search results. I think you should do more research on this before making these claims.

 

The people in the Linux community who are furious about this change are hard to take seriously. I mean it's a clear on/off setting in the privacy section of your system settings. If they are aware enough to be outraged they are certainly aware of where to go to turn it off. I mean if you trust them to develop the software that runs your computer I don't understand why trusting them with online search is such a stretch. (and it's not forced on anyone regardless)

 

Lol I read that document. So the NSA is putting custom firmware on specific server models that only functions under certain conditions (the correct operating system/etc). Not super scary or relevant to the average user and something system admins should be competent enough to deal with if they are managing sensitive data. If it was a link on Intel providing a hardware backdoor to the NSA on all of their most recent processors then I would be concerned.

 

Where is this setting in firefox? Thanks

 

Here is an article on it. Be warned, it's somewhat technical.

[Dorrogeray]

Lol I read that document.

 

 

Apparently not whole, since there is so much more than HW/OS specific methods. This is just what they allow to be leaked, anyways. The purpose is to normalize this state of affairs in your mind. Two steps forward, one step back. Incrementalism applied.

[ChrisL]

 

Android is probably also similarly infected.

 and then somehttps://www.youtube.com/watch?v=vILAlhwUgIU