How The NSA Hacks Your iPhone (Presenting DROPOUT JEEP)

Tyler Durden's picture

Following up on the latest stunning revelations released yesterday by German Spiegel which exposed the spy agency's 50 page catalog of "backdoor penetration techniques", today during a speech given by Jacob Applebaum (@ioerror) at the 30th Chaos Communication Congress, a new bombshell emerged: specifically the complete and detailed description of how the NSA bugs, remotely, your iPhone. The way the NSA accomplishes this is using software known as Dropout Jeep, which it describes as follows: "DROPOUT JEEP is a software implant for the Apple iPhone that utilizes modular mission applications to provide specific SIGINT functionality. This functionality includes the ability to remotely push/pull files from the device. SMS retrieval, contact list retrieval, voicemail, geolocation, hot mic, camera capture, cell tower location, etc. Command, control and data exfiltration can occur over SMS messaging or a GPRS data connection. All communications with the implant will be covert and encrypted."

The flowchart of how the NSA makes your iPhone its iPhone is presented below:

  • NSA ROC operator
  • Load specified module
  • Send data request
  • iPhone accepts request
  • Retrieves required SIGINT data
  • Encrypt and send exfil data
  • Rinse repeat

And visually:


What is perhaps just as disturbing is the following rhetorical sequence from Applebaum:

"Do you think Apple helped them build that? I don't know. I hope Apple will clarify that. Here's the problem: I don't really believe that Apple didn't help them, I can't really prove it but [the NSA] literally claim that anytime they target an iOS device that it will succeed for implantation. Either they have a huge collection of exploits that work against Apple products, meaning that they are hoarding information about critical systems that American companies produce and sabotaging them, or Apple sabotaged it themselves. Not sure which one it is. I'd like to believe that since Apple didn't join the PRISM program until after Steve Jobs died, that maybe it's just that they write shitty software. We know that's true."

Or, Apple's software is hardly "shitty" even if it seems like that to the vast majority of experts (kinda like the Fed's various programs), and in fact it achieves precisely what it is meant to achieve.

Either way, now everyone knows that their iPhone is nothing but a gateway for the NSA to peruse everyone's "private" data at will. Which, incidentally, is not news, and was revealed when we showed how the "NSA Mocks Apple's "Zombie" Customers; Asks "Your Target Is Using A BlackBerry? Now What?"

How ironic would it be if Blackberry, left for dead by virtually everyone, began marketing its products as the only smartphone that does not allow the NSA access to one's data (and did so accordingly). Since pretty much everything else it has tried has failed, we don't see the downside to this hail mary attempt to strike back at Big Brother and maybe make some money, by doing the right thing for once.

We urge readers to watch the full one hour speech by Jacob Applebaum to realize just how massive Big Brother truly is, but those who want to just listen to the section on Apple can do so beginning 44 minutes 30 seconds in the presentation below.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
mydogisprettierthanyou's picture

Good thing I have android....


Oh wait....

fonestar's picture

I enjoy all of Jacob's speeches... he is a great voice for the community.

Freddie's picture

What community?  The CS-ing Silicon Valley loves obam and the spy state community of Nor Cal?  These people would sell out their mother for stock options in a cool app IPO.  F them and also Hollywood So Cal scum.

fonestar's picture

Believe me, I wasn't speaking about the blockhead "metals only" community.  I was speaking of the Bitcoiners and crypto-anarchists.

Bay of Pigs's picture

Oh, so now PM holders are "blockheads"? Got it fonestar...

fonestar's picture

I'm a PM holder, just not one that enjoys revelling in ignorance.

firstdivision's picture

At least with tulips, I could plant them.  With South Sea shares, I could frame them and sell as art.  What does one do with a BitCoin when it is no longer fashionable?

fonestar's picture

Bitcoin is not going out of fashion.  It is centuries ahead of all of today's virtual currencies.

BaBaBouy's picture

SNOWDON Has Revealed The ENTIRE SECRET FACE Of This Planet.
NOTHING Is Sacred, Everything Is EXPOSED To The Powers.
The Thug Down The Street, Your Grandmother, Your Girlfriend...
Remember, Front & Back HI-Res Cameras, Mic, Data, Pics... Everything

Wonder What KLiper Is Watching Today???

Four chan's picture

the doors remain open because the hft algo owners want them to be. 

the faster than light packet attack is hft.


providing liquidity my ass.

Ying-Yang's picture

Blackberry networks are no longer secure.

malikai's picture

Yep, this whole thing is going to be very bad for business.

All american tech companies are going to be suspect now.

fonestar's picture

It's interesting that they seem to need to go straight for the hardware isn't it?  I think that speaks well for today's encryption available open source.

malikai's picture

They sure do have an affinity.

I guess they just want 'total coverage'.

knukles's picture

Another Conspiracy Theory becomes Conspiracy Fact.

Can you hear me now?

fuu's picture

"This functionality includes the ability to remotely push/pull files from the device."

Super handy for:

Planting kiddie porn on a phone.

Planting images of pressure cookers on a phone.

Planting contact lists on a phone.

Planting calender events on a phone.

Planting internet history on a phone.

Planting GPS history on a phone.

Bad Attitude's picture

Very good points. I hope criminal defense attorneys are paying attention. Evidence collected from phones or computers cannot be trusted.

Forward (over the cliff).

fuu's picture

Parallel construction will fix that loop hole.

Yes We Can. But Lets Not.'s picture

Uhm. What was it, again, that killed Steve Jobs at 56?

MillionDollarBogus_'s picture

"...Your target is using a Blackberry.  Now what?..."

Anyone using a Blackberry is not worth spying on. 

Poundsand's picture

Can't believe I just up-arrowed MDB...  What has the world come to?

fuu's picture

Yeah but this one is MillionDollarBogus_, so no worries.

Poundsand's picture

It did seem a little too witty for MDB.  My bad for not looking closer.

BurningFuld's picture

Anyone with a Blackberry is part of the 1% and therefore not allowed to be spied on.  Duh!

DaveyJones's picture

This one is. Problem is, the new version of their Bill of Rights software is non compatible 

DoChenRollingBearing's picture

Most excellent observation, fuu.

post turtle saver's picture

bingo... they may as well as named it BLACKBAG or FRAMEJOB or similar, because that's exactly what this is

fuu's picture

The other codenames are excellent:


STRAITBIZZARE based software


FREEFLOW project compliant

TURBULANCE architecture


banzai, stickers on iphones!



DaveyJones's picture

Great comment

and the best example of how "modern technology" is a blessing and a curse.

A despot's wet dream

to track everywhere you go

everything you say

and when you say something wrong

to correct your "criminal record"

It' a nightmare


Dave Thomas's picture

Remember that pesky national ID card they kept talking about 2005~2008? Guess we don't need one now lol.


Ourrulersknowbest's picture

"It's interesting that they seem to need to go straight for the hardware isn't it? I think that speaks well for today's encryption available open source."

Why is that interesting?
Do you think software runs on unicorns?
Encryption is the lock you put on a door.
Fine, I'll just FIX the Door for ya.
Wake up dude.your bit coins may or may not be safe.but where is your safe? Cos it sure as fuck ain't at the bottom of a lake

Dewey Cheatum Howe's picture

Yep it is the how and what they aren't targeting that is telling a bigger story here.

sleigher's picture

It is just complete and total own!  That is all...  They have to survive across reboots/rebuilds and access "new" deployments.  Can't do that with just the software.

I just like the sound of the thousands of voices screaming out from the conspiratard websites across the planet for total vindication.  I have read about hacks like these for years and seen many shoot them down about tin foil hats and all that nonsense.  

Just wait til we hear about the built in radios in all modern cpu's that can be activated by satellite.  Then will people get mad?  no...

fuu's picture

USB cables, monitor cables, power cables, etc can be used to broadcast the data crossing the cable.

Shit you can crack RSA keys remotely using a call phone microphone to detect the high frequency whine of a processor decrypting a known plaintext.


OpenThePodBayDoorHAL's picture

EXCELLENT point fonestar. Real end-to-end encryption is better than the trolls would have you believe. What we need is hardware that's not compromised. Blackberry? (keep the faith on Bitcoin BTW, it really is the way forward)

TheReplacement's picture

No, it's not an excellent point.  He completely misses the forest while pointing at the trees.  See my post below for why (hint: cost). 

TheReplacement's picture

Hardware is the logical choice, not any sort of statement about encryption or OSS.  No matter what you load on the device, the hardware is still there.  It would be a logistical nightmare to try to track and catalog all devices when people are changing OSes or other mods.

Think people.  It just costs less and works 100% of the time.

seek's picture

This is why I said months ago that you couldn't do secure messaging on a phone, regardless of what the program provider claimed -- smartphones are compromised out of the box, as is any other device where the service provider (telco or ISP) has unilateral authority to access and upgrade the device. Once you have that ability, you just copy the keys/what's on the display/keystrokes or anything else you want, regardless of what the secure messaging app might be doing.

But the fact that they're doing it this way -- which as I've said before is "cheating" -- does indeed say that this method (compromising the device) is easier than breaking the encryption. Indeed, it may well be that current encryption methods are virtually unbreakable, so they focused on the compromising platforms instead.

I think all these revealations also reinforce the notion that if you're going to have a secure computing environment, it has to be offline and air-gapped.

chumbawamba's picture

Has this guy considered the all-too plausible possibility that the NSA simply fielded the best technical candidate for an engineering job at Apple, who then proceeded to get the job and plant backdoor code into all Apple products?  Repeat for every major technical company out there, Blackberry included.


I am Chumbawamba.

tip e. canoe's picture

BUT BUT BUT, if BB is compromised, that would mean that all the Truly Useful Idiots that have been using BB phones thinking they were secure are compromised too!!!   that would mean the entire System could be manipulated by anyone who has access to that closet full of dirty secrets!!!

Holy Spitzer, Batman!!!

malikai's picture

Not likely.

It's cheaper and easier to compromise by purchasing exploits from research shops.

$100 says that everyone (US tech companies and other complicit parties) will at least claim to be a victom here.

But the problem comes when collaboration is already assured by their participation in other programs.

Hence, they are all now permanently suspect.

chumbawamba's picture


I say anyone who bought a piece of shit iPhone deserves to have their shitty, plastic lives spied on.  You Android users can go fuck yourselves, too, for being hypocritically smug.  And me and my Samsung phone?  Yeah, I know it's telling on me.  I know it's reporting all the nasty deeds I commit, in realtime.  But it's a marriage of convenience.  It doesn't know what horror I have in store for it when I no longer require its services.  It'll be sorry for being the NSA's bitch while stationed next to my penis the entire time.  It's cries for mercy will be music to my ears.  No quarter shall be given.  I shall dissect it, while still powered on, chip by chip, transistor by transistor, diode by diode, until it dumps it's last data load to the NSA and bleats out its last ringtone and then fails catastrophically.  The NSA goons who have been tracking me through this traitor will watch in horror as this all transpires live on their datafeeds.

I am Chumbawamba.

Dugald's picture

Have yourself on much Dude?

BobRocket's picture

You have absolutley no fuckin idea.


there is no limit as to how I will thong U


Release the dragons