• Sprott Money
    05/26/2016 - 05:58
    How many “emergency” “secret” meetings do the central planners around the world need to have before the citizens of the respective countries begin to fully understand and take notice that something...

How The NSA Hacks Your iPhone (Presenting DROPOUT JEEP)

Tyler Durden's picture




 

Following up on the latest stunning revelations released yesterday by German Spiegel which exposed the spy agency's 50 page catalog of "backdoor penetration techniques", today during a speech given by Jacob Applebaum (@ioerror) at the 30th Chaos Communication Congress, a new bombshell emerged: specifically the complete and detailed description of how the NSA bugs, remotely, your iPhone. The way the NSA accomplishes this is using software known as Dropout Jeep, which it describes as follows: "DROPOUT JEEP is a software implant for the Apple iPhone that utilizes modular mission applications to provide specific SIGINT functionality. This functionality includes the ability to remotely push/pull files from the device. SMS retrieval, contact list retrieval, voicemail, geolocation, hot mic, camera capture, cell tower location, etc. Command, control and data exfiltration can occur over SMS messaging or a GPRS data connection. All communications with the implant will be covert and encrypted."

The flowchart of how the NSA makes your iPhone its iPhone is presented below:

  • NSA ROC operator
  • Load specified module
  • Send data request
  • iPhone accepts request
  • Retrieves required SIGINT data
  • Encrypt and send exfil data
  • Rinse repeat

And visually:

 

What is perhaps just as disturbing is the following rhetorical sequence from Applebaum:

"Do you think Apple helped them build that? I don't know. I hope Apple will clarify that. Here's the problem: I don't really believe that Apple didn't help them, I can't really prove it but [the NSA] literally claim that anytime they target an iOS device that it will succeed for implantation. Either they have a huge collection of exploits that work against Apple products, meaning that they are hoarding information about critical systems that American companies produce and sabotaging them, or Apple sabotaged it themselves. Not sure which one it is. I'd like to believe that since Apple didn't join the PRISM program until after Steve Jobs died, that maybe it's just that they write shitty software. We know that's true."

Or, Apple's software is hardly "shitty" even if it seems like that to the vast majority of experts (kinda like the Fed's various programs), and in fact it achieves precisely what it is meant to achieve.

Either way, now everyone knows that their iPhone is nothing but a gateway for the NSA to peruse everyone's "private" data at will. Which, incidentally, is not news, and was revealed when we showed how the "NSA Mocks Apple's "Zombie" Customers; Asks "Your Target Is Using A BlackBerry? Now What?"

How ironic would it be if Blackberry, left for dead by virtually everyone, began marketing its products as the only smartphone that does not allow the NSA access to one's data (and did so accordingly). Since pretty much everything else it has tried has failed, we don't see the downside to this hail mary attempt to strike back at Big Brother and maybe make some money, by doing the right thing for once.

We urge readers to watch the full one hour speech by Jacob Applebaum to realize just how massive Big Brother truly is, but those who want to just listen to the section on Apple can do so beginning 44 minutes 30 seconds in the presentation below.

0
Your rating: None
 

- advertisements -

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Mon, 12/30/2013 - 13:27 | 4285607 mydogisprettier...
mydogisprettierthanyou's picture

Good thing I have android....

 

Oh wait....

Mon, 12/30/2013 - 13:29 | 4285619 fonestar
fonestar's picture

I enjoy all of Jacob's speeches... he is a great voice for the community.

Mon, 12/30/2013 - 13:37 | 4285644 Freddie
Freddie's picture

What community?  The CS-ing Silicon Valley loves obam and the spy state community of Nor Cal?  These people would sell out their mother for stock options in a cool app IPO.  F them and also Hollywood So Cal scum.

Mon, 12/30/2013 - 13:39 | 4285660 fonestar
fonestar's picture

Believe me, I wasn't speaking about the blockhead "metals only" community.  I was speaking of the Bitcoiners and crypto-anarchists.

Mon, 12/30/2013 - 13:40 | 4285681 Bay of Pigs
Bay of Pigs's picture

Oh, so now PM holders are "blockheads"? Got it fonestar...

Mon, 12/30/2013 - 13:45 | 4285686 fonestar
fonestar's picture

I'm a PM holder, just not one that enjoys revelling in ignorance.

Mon, 12/30/2013 - 13:50 | 4285712 firstdivision
firstdivision's picture

At least with tulips, I could plant them.  With South Sea shares, I could frame them and sell as art.  What does one do with a BitCoin when it is no longer fashionable?

Mon, 12/30/2013 - 13:52 | 4285720 fonestar
fonestar's picture

Bitcoin is not going out of fashion.  It is centuries ahead of all of today's virtual currencies.

Mon, 12/30/2013 - 14:06 | 4285747 BaBaBouy
BaBaBouy's picture

SNOWDON Has Revealed The ENTIRE SECRET FACE Of This Planet.
NOTHING Is Sacred, Everything Is EXPOSED To The Powers.
The Thug Down The Street, Your Grandmother, Your Girlfriend...
Remember, Front & Back HI-Res Cameras, Mic, Data, Pics... Everything

Wonder What KLiper Is Watching Today???

Mon, 12/30/2013 - 14:10 | 4285766 Four chan
Four chan's picture

the doors remain open because the hft algo owners want them to be. 

the faster than light packet attack is hft.

 

providing liquidity my ass.

Mon, 12/30/2013 - 14:32 | 4285846 Richard Chesler
Richard Chesler's picture

Man you're boring.

Mon, 12/30/2013 - 14:35 | 4285854 Ying-Yang
Ying-Yang's picture

Blackberry networks are no longer secure.

Mon, 12/30/2013 - 14:54 | 4285923 malikai
malikai's picture

Yep, this whole thing is going to be very bad for business.

All american tech companies are going to be suspect now.

Mon, 12/30/2013 - 15:00 | 4285941 fonestar
fonestar's picture

It's interesting that they seem to need to go straight for the hardware isn't it?  I think that speaks well for today's encryption available open source.

Mon, 12/30/2013 - 15:51 | 4286137 malikai
malikai's picture

They sure do have an affinity.

I guess they just want 'total coverage'.

Mon, 12/30/2013 - 15:51 | 4286153 knukles
knukles's picture

Another Conspiracy Theory becomes Conspiracy Fact.

Can you hear me now?

Mon, 12/30/2013 - 15:53 | 4286161 SoundMoney45
Mon, 12/30/2013 - 16:13 | 4286233 fuu
fuu's picture

"This functionality includes the ability to remotely push/pull files from the device."

Super handy for:

Planting kiddie porn on a phone.

Planting images of pressure cookers on a phone.

Planting contact lists on a phone.

Planting calender events on a phone.

Planting internet history on a phone.

Planting GPS history on a phone.

Mon, 12/30/2013 - 17:35 | 4286484 Bad Attitude
Bad Attitude's picture

Very good points. I hope criminal defense attorneys are paying attention. Evidence collected from phones or computers cannot be trusted.

Forward (over the cliff).

Mon, 12/30/2013 - 18:07 | 4286566 fuu
fuu's picture

Parallel construction will fix that loop hole.

Mon, 12/30/2013 - 18:41 | 4286651 Yes We Can. But...
Yes We Can. But Lets Not.'s picture

Uhm. What was it, again, that killed Steve Jobs at 56?

Mon, 12/30/2013 - 19:22 | 4286772 mjcOH1
mjcOH1's picture

(deleted)

Mon, 12/30/2013 - 20:48 | 4286998 spankthebernank
spankthebernank's picture

Jobs is the architect....and he aint dead.

Mon, 12/30/2013 - 21:07 | 4287043 tip e. canoe
tip e. canoe's picture

the more i read his bio,

the more i tend to agree.

Mon, 12/30/2013 - 18:41 | 4286653 MillionDollarBogus_
MillionDollarBogus_'s picture

"...Your target is using a Blackberry.  Now what?..."

Anyone using a Blackberry is not worth spying on. 

Mon, 12/30/2013 - 19:32 | 4286802 Poundsand
Poundsand's picture

Can't believe I just up-arrowed MDB...  What has the world come to?

Mon, 12/30/2013 - 19:35 | 4286809 fuu
fuu's picture

Yeah but this one is MillionDollarBogus_, so no worries.

Mon, 12/30/2013 - 20:49 | 4287006 Poundsand
Poundsand's picture

It did seem a little too witty for MDB.  My bad for not looking closer.

Mon, 12/30/2013 - 20:54 | 4287020 BurningFuld
BurningFuld's picture

Anyone with a Blackberry is part of the 1% and therefore not allowed to be spied on.  Duh!

Mon, 12/30/2013 - 20:16 | 4286928 DaveyJones
DaveyJones's picture

This one is. Problem is, the new version of their Bill of Rights software is non compatible 

Mon, 12/30/2013 - 17:52 | 4286530 DoChenRollingBearing
DoChenRollingBearing's picture

Most excellent observation, fuu.

Mon, 12/30/2013 - 18:40 | 4286647 post turtle saver
post turtle saver's picture

bingo... they may as well as named it BLACKBAG or FRAMEJOB or similar, because that's exactly what this is

Mon, 12/30/2013 - 19:43 | 4286833 fuu
fuu's picture

The other codenames are excellent:

 

STRAITBIZZARE based software

CHIMNEYPOOL framework

FREEFLOW project compliant

TURBULANCE architecture

 

banzai, stickers on iphones!

 

 

Mon, 12/30/2013 - 20:22 | 4286938 DaveyJones
DaveyJones's picture

Great comment

and the best example of how "modern technology" is a blessing and a curse.

A despot's wet dream

to track everywhere you go

everything you say

and when you say something wrong

to correct your "criminal record"

It' a nightmare

 

Mon, 12/30/2013 - 22:38 | 4287225 Dave Thomas
Dave Thomas's picture

Remember that pesky national ID card they kept talking about 2005~2008? Guess we don't need one now lol.

 

Mon, 12/30/2013 - 15:57 | 4286175 Ourrulersknowbest
Ourrulersknowbest's picture

"It's interesting that they seem to need to go straight for the hardware isn't it? I think that speaks well for today's encryption available open source."

Why is that interesting?
Do you think software runs on unicorns?
Jesus!
Encryption is the lock you put on a door.
Fine, I'll just FIX the Door for ya.
Wake up dude.your bit coins may or may not be safe.but where is your safe? Cos it sure as fuck ain't at the bottom of a lake

Mon, 12/30/2013 - 18:48 | 4286672 Dewey Cheatum Howe
Dewey Cheatum Howe's picture

Yep it is the how and what they aren't targeting that is telling a bigger story here.

Mon, 12/30/2013 - 16:18 | 4286248 sleigher
sleigher's picture

It is just complete and total own!  That is all...  They have to survive across reboots/rebuilds and access "new" deployments.  Can't do that with just the software.

I just like the sound of the thousands of voices screaming out from the conspiratard websites across the planet for total vindication.  I have read about hacks like these for years and seen many shoot them down about tin foil hats and all that nonsense.  

Just wait til we hear about the built in radios in all modern cpu's that can be activated by satellite.  Then will people get mad?  no...

Mon, 12/30/2013 - 16:34 | 4286319 fuu
fuu's picture

USB cables, monitor cables, power cables, etc can be used to broadcast the data crossing the cable.

Shit you can crack RSA keys remotely using a call phone microphone to detect the high frequency whine of a processor decrypting a known plaintext.

 

Mon, 12/30/2013 - 18:43 | 4286659 post turtle saver
Mon, 12/30/2013 - 16:20 | 4286267 OpenThePodBayDoorHAL
OpenThePodBayDoorHAL's picture

EXCELLENT point fonestar. Real end-to-end encryption is better than the trolls would have you believe. What we need is hardware that's not compromised. Blackberry? (keep the faith on Bitcoin BTW, it really is the way forward)

Mon, 12/30/2013 - 16:37 | 4286329 TheReplacement
TheReplacement's picture

No, it's not an excellent point.  He completely misses the forest while pointing at the trees.  See my post below for why (hint: cost). 

Mon, 12/30/2013 - 16:36 | 4286322 TheReplacement
TheReplacement's picture

Hardware is the logical choice, not any sort of statement about encryption or OSS.  No matter what you load on the device, the hardware is still there.  It would be a logistical nightmare to try to track and catalog all devices when people are changing OSes or other mods.

Think people.  It just costs less and works 100% of the time.

Mon, 12/30/2013 - 17:47 | 4286510 seek
seek's picture

This is why I said months ago that you couldn't do secure messaging on a phone, regardless of what the program provider claimed -- smartphones are compromised out of the box, as is any other device where the service provider (telco or ISP) has unilateral authority to access and upgrade the device. Once you have that ability, you just copy the keys/what's on the display/keystrokes or anything else you want, regardless of what the secure messaging app might be doing.

But the fact that they're doing it this way -- which as I've said before is "cheating" -- does indeed say that this method (compromising the device) is easier than breaking the encryption. Indeed, it may well be that current encryption methods are virtually unbreakable, so they focused on the compromising platforms instead.

I think all these revealations also reinforce the notion that if you're going to have a secure computing environment, it has to be offline and air-gapped.

Mon, 12/30/2013 - 14:56 | 4285934 chumbawamba
chumbawamba's picture

Has this guy considered the all-too plausible possibility that the NSA simply fielded the best technical candidate for an engineering job at Apple, who then proceeded to get the job and plant backdoor code into all Apple products?  Repeat for every major technical company out there, Blackberry included.

NSA SAY: ALL YOUR PHONE ARE BELONG TO US

I am Chumbawamba.

Mon, 12/30/2013 - 15:17 | 4286012 tip e. canoe
tip e. canoe's picture

BUT BUT BUT, if BB is compromised, that would mean that all the Truly Useful Idiots that have been using BB phones thinking they were secure are compromised too!!!   that would mean the entire System could be manipulated by anyone who has access to that closet full of dirty secrets!!!

Holy Spitzer, Batman!!!

Mon, 12/30/2013 - 15:52 | 4286129 malikai
malikai's picture

Not likely.

It's cheaper and easier to compromise by purchasing exploits from research shops.

$100 says that everyone (US tech companies and other complicit parties) will at least claim to be a victom here.

But the problem comes when collaboration is already assured by their participation in other programs.

Hence, they are all now permanently suspect.

Mon, 12/30/2013 - 16:38 | 4286180 chumbawamba
chumbawamba's picture

WE'RE JUST GOING TO HAVE TO AGREE TO DISAGREE.

I say anyone who bought a piece of shit iPhone deserves to have their shitty, plastic lives spied on.  You Android users can go fuck yourselves, too, for being hypocritically smug.  And me and my Samsung phone?  Yeah, I know it's telling on me.  I know it's reporting all the nasty deeds I commit, in realtime.  But it's a marriage of convenience.  It doesn't know what horror I have in store for it when I no longer require its services.  It'll be sorry for being the NSA's bitch while stationed next to my penis the entire time.  It's cries for mercy will be music to my ears.  No quarter shall be given.  I shall dissect it, while still powered on, chip by chip, transistor by transistor, diode by diode, until it dumps it's last data load to the NSA and bleats out its last ringtone and then fails catastrophically.  The NSA goons who have been tracking me through this traitor will watch in horror as this all transpires live on their datafeeds.

I am Chumbawamba.

Mon, 12/30/2013 - 19:29 | 4286799 Dugald
Dugald's picture

Have yourself on much Dude?

Mon, 12/30/2013 - 19:47 | 4286838 BobRocket
BobRocket's picture

You have absolutley no fuckin idea.

 

there is no limit as to how I will thong U

 

Release the dragons

 

 

Do NOT follow this link or you will be banned from the site!