(Undated), Intercept: GCHQ: Mobile Handset Exploitation Team: Capability - iPhone (PDF)
19 February 2015, Intercept: The Great SIM Heist: How Spies Stole the Keys to the Encryption Castle
February 2012, Intercept: ODNI: FY 2013 Congressional Budget Justification: Vol. II: Cryptanalysis & Exploitation Services: Analysis of Target Systems: Project Description (PDF)
[See below for more documents.]
The CIA Campaign to Steal Apple's Secrets
By Jeremy Scahill and Josh Begley
10 Mar 2015
RESEARCHERS WORKING with the Central Intelligence Agency have conducted a multi-year, sustained effort to break the security of Apple's iPhones and iPads, according to top-secret documents  obtained by The Intercept.
The security researchers presented their latest tactics and achievements at a secret annual gathering, called the "Jamboree," where attendees discussed strategies for exploiting security flaws in household and commercial electronics. The conferences have spanned nearly a decade, with the first CIA-sponsored meeting taking place a year before the first iPhone was released.
By targeting essential security keys used to encrypt data stored on Apple's devices, the researchers have sought to thwart the company's attempts to provide mobile security to hundreds of millions of Apple customers across the globe. Studying both "physical" and "non-invasive" techniques, U.S. government-sponsored research has been aimed at discovering ways to decrypt and ultimately penetrate Apple's encrypted firmware. This could enable spies to plant malicious code on Apple devices and seek out potential vulnerabilities in other parts of the iPhone and iPad currently masked by encryption.
The CIA declined to comment for this story.
The security researchers also claimed they had created a modified version of Apple's proprietary software development tool, Xcode, which could sneak surveillance backdoors into any apps or programs created using the tool. Xcode, which is distributed by Apple to hundreds of thousands of developers, is used to create apps that are sold through Apple's App Store.
The modified version of Xcode, the researchers claimed, could enable spies to steal passwords and grab messages on infected devices. Researchers also claimed the modified Xcode could "force all iOS applications to send embedded data to a listening post." It remains unclear how intelligence agencies would get developers to use the poisoned version of Xcode.
Researchers also claimed they had successfully modified the OS X updater, a program used to deliver updates to laptop and desktop computers, to install a "keylogger."
Other presentations at the CIA conference have focused on the products of Apple's competitors, including Microsoft's BitLocker encryption system, which is used widely on laptop and desktop computers running premium editions of Windows.
The revelations that the CIA has waged a secret campaign to defeat the security mechanisms built into Apple's devices come as Apple and other tech giants are loudly resisting pressure from senior U.S. and U.K. government officials to weaken the security of their products. Law enforcement agencies want the companies to maintain the government's ability to bypass security tools built into wireless devices. Perhaps more than any other corporate leader, Apple's CEO, Tim Cook, has taken a stand for privacy as a core value, while sharply criticizing the actions of U.S. law enforcement and intelligence agencies.
"If U.S. products are OK to target, that's news to me," says Matthew Green, a cryptography expert at Johns Hopkins University's Information Security Institute. "Tearing apart the products of U.S. manufacturers and potentially putting backdoors in software distributed by unknowing developers all seems to be going a bit beyond 'targeting bad guys.' It may be a means to an end, but it's a hell of a means."
Apple declined to comment for this story, instead pointing to previous comments Cook and the company have made defending Apple's privacy record.
SECURITY RESEARCHERS from Sandia National Laboratories presented their Apple-focused research at a secret annual CIA conference called the Trusted Computing Base Jamboree. The Apple research and the existence of the conference are detailed in documents provided to The Intercept by National Security Agency whistleblower Edward Snowden.
The conference was sponsored by the CIA's Information Operations Center, which conducts covert cyberattacks. The aim of the gathering, according to a 2012 internal NSA wiki, was to host "presentations that provide important information to developers trying to circumvent or exploit new security capabilities," as well as to "exploit new avenues of attack." NSA personnel also participated in the conference through the NSA's counterpart to the CIA's Trusted Computing Base, according to the document. The NSA did not provide comment for this story.
The Jamboree was held at a Lockheed Martin facility inside an executive office park in northern Virginia. Lockheed is one of the largest defense contractors in the world; its tentacles stretch into every aspect of U.S. national security and intelligence. The company is akin to a privatized wing of the U.S. national security state -- more than 80 percent of its total revenue  comes from the U.S. government. Lockheed also owns Sandia Labs, which is funded by the U.S. government, whose researchers have presented Apple findings at the CIA conference.
"Lockheed Martin's role in these activities should not be surprising given its leading role in the national surveillance state," says William Hartung, director of the Arms and Security Project at the Center for International Policy and author of Prophets of War, a book that chronicles Lockheed's history. "It is the largest private intelligence contractor in the world, and it has worked on past surveillance programs for the Pentagon, the CIA and the NSA. If you're looking for a candidate for Big Brother, Lockheed Martin fits the bill."
The Apple research is consistent with a much broader secret U.S. government program to analyze "secure communications products, both foreign and domestic" in order to "develop exploitation capabilities against the authentication and encryption schemes," according to the 2013 Congressional Budget Justification. Known widely as the "Black Budget," the top-secret CBJ was provided to The Intercept by Snowden and gives a sprawling overview of the U.S. intelligence community's spending and architecture. The White House did not respond to a request for comment.
As of 2013, according to the classified budget, U.S. intelligence agencies were creating new capabilities against dozens of commercially produced security products, including those made by American companies, to seek out vulnerabilities.
Last week, CIA Director John Brennan announced a major reorganization at the agency aimed, in large part, at expanding U.S. cyber-operations. The Information Operations Center, which organized the Jamboree conferences, will be folded into a new Directorate of Digital Innovation. Notwithstanding its innocuous name, a major priority of the directorate will be offensive cyberattacks, sabotage and digital espionage. Brennan said the CIA reorganization will be modeled after the agency's Counterterrorism Center, which runs the U.S. targeted killing and drone program.
THE DOCUMENTS do not address how successful the targeting of Apple's encryption mechanisms have been, nor do they provide any detail about the specific use of such exploits by U.S. intelligence. But they do shed light on an ongoing campaign aimed at defeating the tech giant's efforts to secure its products, and in turn, its customers' private data.
"Spies gonna spy," says Steven Bellovin, a former chief technologist for the U.S. Federal Trade Commission and current professor at Columbia University. "I'm never surprised by what intelligence agencies do to get information. They're going to go where the info is, and as it moves, they'll adjust their tactics. Their attitude is basically amoral: whatever works is OK."
Bellovin says he generally supports efforts by U.S. intelligence to "hack" devices -- including Apple's -- used by terrorists and criminals, but expressed concern that such capabilities could be abused. "There are bad people out there, and it's reasonable to seek information on them," he says, cautioning that "inappropriate use -- mass surveillance, targeting Americans without a warrant, probably spying on allies -- is another matter entirely."
In the top-secret documents, ranging from 2010 through 2012, the researchers appear particularly intent on extracting encryption keys that prevent unauthorized access to data stored -- and firmware run -- on Apple products.
"The Intelligence Community (IC) is highly dependent on a very small number of security flaws, many of which are public, which Apple eventually patches," the researchers noted in an abstract of their 2011 presentation at the Jamboree. But, they promised, their presentation could provide the intelligence community with a "method to noninvasively extract" encryption keys used on Apple devices. Another presentation focused on physically extracting the key from Apple's hardware.
A year later, at the 2012 Jamboree, researchers described their attacks on the software used by developers to create applications for Apple's popular App Store. In a talk called "Strawhorse: Attacking the MacOS and iOS Software Development Kit," a presenter from Sandia Labs described a successful "whacking" of Apple's Xcode -- the software used to create apps for iPhones, iPads and Mac computers. Developers who create Apple-approved and distributed apps overwhelmingly use Xcode, a free piece of software easily downloaded from the App Store.
The researchers boasted that they had discovered a way to manipulate Xcode so that it could serve as a conduit for infecting and extracting private data from devices on which users had installed apps that were built with the poisoned Xcode. In other words, by manipulating Xcode, the spies could compromise the devices and private data of anyone with apps made by a poisoned developer -- potentially millions of people. "Trying to plant stuff in Xcode has fascinating implications," says Bellovin.
The researchers listed a variety of actions their "whacked" Xcode could perform, including:
-- "Entice" all Mac applications to create a "remote backdoor" allowing undetected access to an Apple computer.
-- Secretly embed an app developer's private key into all iOS applications. (This could potentially allow spies to impersonate the targeted developer.)
-- "Force all iOS applications" to send data from an iPhone or iPad back to a U.S. intelligence "listening post."
-- Disable core security features on Apple devices.
For years, U.S. and British intelligence agencies have consistently sought to defeat the layers of encryption and other security features used by Apple to protect the iPhone. A joint task force comprised of operatives from the NSA and Britain's Government Communications Headquarters, formed in 2010, developed surveillance software targeting iPhones, Android devices and Nokia's Symbian phones. The Mobile Handset Exploitation Team successfully implanted malware on iPhones as part of WARRIOR PRIDE, a GCHQ framework for secretly accessing private communications on mobile devices.
That program was disclosed in Snowden documents reported on last year by The Guardian.  A WARRIOR PRIDE plugin called NOSEY SMURF allowed spies to remotely and secretly activate a phone's microphone. Another plugin, DREAMY SMURF, allowed intelligence agents to manage the power system on a phone and thus avoid detection. PARANOID SMURF was designed to conceal the malware in other ways. TRACKER SMURF allowed ultra-precise geolocating of an individual phone. "[If] its [sic] on the phone, we can get it," the spies boasted in a secret GCHQ document describing the targeting of the iPhone.
All of the SMURF malware -- including the plugin that secretly turns on the iPhone's microphone -- would first require that agencies bypass the security controls built into the iOS operating system. Spies would either need to hack the phone in order to plant their malware on it, or sneak a backdoor into an app the user installed voluntarily. That was one of the clear aims of the Apple-focused research presented at the CIA's conference.
"The U.S. government is prioritizing its own offensive surveillance needs over the cybersecurity of the millions of Americans who use Apple products," says Christopher Soghoian, the principal technologist at the American Civil Liberties Union. "If U.S. government-funded researchers can discover these flaws, it is quite likely that Chinese, Russian and Israeli researchers can discover them, too. By quietly exploiting these flaws rather than notifying Apple, the U.S. government leaves Apple's customers vulnerable to other sophisticated governments."
Security experts interviewed by The Intercept point out that the SMURF capabilities were already available to U.S. and British intelligence agencies five years ago. That raises the question of how advanced the current capacity to surveil smartphone users is, especially in light of the extensive resources poured into targeting the products of major tech companies. One GCHQ slide from 2010 stated that the agency's ultimate goal was to be able to "Exploit any phone, anywhere, any time."
THE FIRST JAMBOREE took place in 2006, just as Apple was preparing to unveil its highly-anticipated iPhone. In March 2010, according to a top-secret document, during a talk called "Rocoto: Implanting the iPhone," a presenter discussed efforts to target the iPhone 3G. In addition to analyzing the device's software for potential vulnerabilities, the presentation examined "jailbreak methods," used within the iPhone community to free phones from their built-in constraints, that could be leveraged by intelligence agencies. "We will conclude with a look ahead at future challenges presented by the iPhone 3GS and the upcoming iPad," the abstract noted. Over the years, as Apple updates its hardware, software and encryption methods, the CIA and its researchers study ways to break and exploit them.
The attempts to target vulnerabilities in Apple's products have not occurred in a vacuum. Rather, they are part of a vast multi-agency U.S./U.K. effort to attack commercial encryption and security systems used on billions of devices around the world. U.S. intelligence agencies are not just focusing on individual terrorists or criminals -- they are targeting the large corporations, such as Apple, that produce popular mobile devices.
"Every other manufacturer looks to Apple. If the CIA can undermine Apple's systems, it's likely they'll be able to deploy the same capabilities against everyone else," says Green, the Johns Hopkins cryptographer. "Apple led the way with secure coprocessors in phones, with fingerprint sensors, with encrypted messages. If you can attack Apple, then you can probably attack anyone."
According to the Black Budget, U.S. intelligence agencies have tech companies dead in their sights with the aim of breaking or circumventing any existing or emerging encryption or antiviral products, noting the threat posed by "increasingly strong commercial" encryption and "adversarial cryptography."
The Analysis of Target Systems Project produced "prototype capabilities" for the intelligence community, enabled "the defeat of strong commercial data security systems" and developed ways "to exploit emerging information systems and technologies," according to the classified budget. The project received $35 million in funding in 2012 and had more than 200 personnel assigned to it. By the end of 2013, according to the budget, the project would "develop new capabilities against 50 commercial information security device products to exploit emerging technologies," as well as new methods that would allow spies to recover user and device passwords on new products.
Among the project's missions:
-- Analyze "secure communications products, both foreign and domestic produced" to "develop exploitation capabilities against the authentication and encryption schemes."
-- "[D]evelop exploitation capabilities against network communications protocols and commercial network security products."
-- "Anticipate future encryption technologies" and "prepare strategies to exploit those technologies."
-- "Develop, enhance, and implement software attacks against encrypted signals."
-- "Develop exploitation capabilities against specific key management and authentication schemes."
-- "[D]evelop exploitation capabilities against emerging multimedia applications."
-- Provide tools for "exploiting" devices used to "store, manage, protect, or communicate data."
-- "Develop methods to discover and exploit communication systems employing public key cryptography" and "communications protected by passwords or pass phrases."
-- Exploit public key cryptography.
-- Exploit Virtual Private Networks, or VPNs, which allow people to browse the Internet with increased security and anonymity.
The black budget also noted that the U.S. intelligence community partners with "National Laboratories" to conduct the type of research presented at the CIA's annual Jamboree conference. It confirms the U.S. government's aggressive efforts to steal encryption and authentication keys, as occurred in the NSA and GCHQ operations against Gemalto,  the world's largest manufacturer of SIM cards, through the use of Computer Network Exploitation attacks. In that case, spy agencies penetrated Gemalto's internal networks and cyberstalked its employees to steal mass quantities of keys used to encrypt mobile phone communications.
The CIA's Information Operations Center is currently the second largest  of the spy agency's specialized centers. It not only conducts cyber-ops, but has operated covertly in other nations, working to develop assets from targeted countries to assist in its cyber-surveillance programs, according to the Black Budget. At times, its personnel brief the president.
AT THE CIA's Jamboree in 2011, the computer researchers conducted workshops where they revealed the specifics of their efforts to attack one of the key privacy elements of Apple's mobile devices. These machines have two separate keys integrated into the silicon of their Apple-designed processors at the point of manufacture. The two, paired together, are used to encrypt data and software stored on iPhones and iPads. One, the User ID, is unique to an individual's phone, and is not retained by Apple. That key is vital to protecting an individual's data and -- particularly on Apple's latest devices -- difficult to steal. A second key, the Group ID, is known to Apple and is the same across multiple Apple devices that use the same processor. The GID is used to encrypt essential system software that runs on Apple's mobile devices.
The focus of the security researchers, as described at the CIA conferences, was to target the GID key, which Apple implants on all devices that use the same processors. For instance, Apple's A4 processor was used in the iPhone 4, the iPod Touch and the original iPad. All of those devices used the same GID. As Apple designs new processors and faster devices that use those processors, the company creates new GIDs. If someone has the same iPhone as her neighbor, they have the exact same GID key on their devices. So, if intelligence agencies extract the GID key, it means they have information useful to compromising any device containing that key.
At the 2011 Jamboree conference, there were two separate presentations on hacking the GID key on Apple's processors. One was focused on non-invasively obtaining it by studying the electromagnetic emissions of -- and the amount of power used by -- the iPhone's processor while encryption is being performed. Careful analysis of that information could be used to extract the encryption key. Such a tactic is known as a "side channel" attack. The second focused on a "method to physically extract the GID key."
Whatever method the CIA and its partners use, by extracting the GID -- which is implanted on the processors of all Apple mobile devices -- the CIA and its allies could be able to decrypt the firmware that runs on the iPhone and other mobile devices. This would allow them to seek out other security vulnerabilities to exploit. Taken together, the documents make clear that researching each new Apple processor and mobile device, and studying them for potential security flaws, is a priority for the CIA.
According to the 2011 document describing the Jamboree presentations on Apple's processor, the researchers asserted that extracting the GID key could also allow them to look for other potential gateways into Apple devices. "If successful, it would enable decryption and analysis of the boot firmware for vulnerabilities, and development of associated exploits across the entire A4-based product-line, which includes the iPhone 4, the iPod touch and the iPad."
At the CIA conference in 2012, Sandia researchers delivered a presentation on Apple's A5 processor. The A5 is used in the iPhone 4s and iPad 2. But this time, it contained no abstract or other details, instructing those interested to contact a CIA official on his secure phone or email.
"If I were Tim Cook, I'd be furious," says the ACLU's Soghoian. "If Apple is mad at the intelligence community, and they should be, they should put their lawyers to work. Lawsuits speak louder than words."
FOR YEARS, Apple has included encryption features in the products it sells to consumers. In 2014, the company dramatically broadened the types of data stored on iPhones that are encrypted, and it incorporated encryption by default into its desktop and laptop operating system. This resulted in criticism from leading law enforcement officials, including the FBI director. The encryption technology that Apple has built into its products -- along with many other security features -- is a virtual wall that separates cybercriminals and foreign governments from customer data. But now, because Apple claims it can no longer extract customer data stored on iPhones, because it is encrypted with a key the company does not know, the U.S. government can be locked out too -- even with a search warrant. The FBI director and other U.S. officials have referred to the advent of the encryption era -- where previously accessible data and communications may now be off limits because of the security technology protecting them -- as "going dark."
In the face of this rising challenge to its surveillance capabilities, U.S. intelligence has spent considerable time and resources trying to find security vulnerabilities in Apple's encryption technology, and, more broadly, in its products, which can be leveraged to install surveillance software on iPhones and Macbooks. "The exploitation of security flaws is a high-priority area for the U.S. intelligence community, and such methods have only become more important as U.S. technology companies have built strong encryption into their products," says the ACLU's Soghoian.
Microsoft has, for nearly a decade, included BitLocker, an encryption technology that protects data stored on a computer, in its Windows operating system. Unlike Apple, which made encryption available to all customers, Microsoft had included this feature only in its more expensive premium and professional versions of Windows, up until a few years ago. BitLocker is designed to work with a Trusted Platform Module, a special security chip included in some computers, which stores the encryption keys and also protects against unauthorized software modification.
Also presented at the Jamboree were successes in the targeting of Microsoft's disk encryption technology, and the TPM chips that are used to store its encryption keys. Researchers at the CIA conference in 2010 boasted about the ability to extract the encryption keys used by BitLocker and thus decrypt private data stored on the computer. Because the TPM chip is used to protect the system from untrusted software, attacking it could allow the covert installation of malware onto the computer, which could be used to access otherwise encrypted communications and files of consumers. Microsoft declined to comment for this story.
In the wake of the initial Snowden disclosures, Apple CEO Tim Cook has specifically denounced the U.S. government's efforts to compel companies to provide backdoor access to their users' data.
As corporations increasingly integrate default encryption methods and companies like Apple incorporate their own indigenous encryption technologies into easy-to-use text, voice and video communication platforms, the U.S. and British governments are panicking. "Encryption threatens to lead all of us to a very dark place," declared FBI Director James Comey in an October 2014 lecture at the Brookings Institution. Citing the recent moves by Apple to strengthen default encryption on its operating systems, and commitments by Google to incorporate such tools, Comey said, "This means the companies themselves won't be able to unlock phones, laptops, and tablets to reveal photos, documents, e-mail, and recordings stored within."
Under current U.S. regulations, law enforcement agencies can get a court order to access communications channeled through major tech companies and wireless providers. But if those communications are encrypted through a process not accessible by any involved company, the data is essentially meaningless, garbled gibberish. "In a world in which data is encrypted, and the providers don't have the keys, suddenly, there is no one to go to when they have a warrant," says Soghoian. "That is, even if they get a court order, it doesn't help them. That is what is freaking them out."
Comey alleged that "even a supercomputer would have difficulty with today's high-level encryption," meaning a "brute force" attempt to decrypt intercepted communications would be ineffective, and, even if successful, time-consuming.
"Encryption isn't just a technical feature; it's a marketing pitch," Comey added. "But it will have very serious consequences for law enforcement and national security agencies at all levels. Sophisticated criminals will come to count on these means of evading detection. It's the equivalent of a closet that can't be opened. A safe that can't be cracked."
A few months after Comey's remarks, Robert Litt, the general counsel for the Office of the Director of National Intelligence, also appeared at Brookings. "One of the many ways in which Snowden's leaks have damaged our national security is by driving a wedge between the government and providers and technology companies, so that some companies that formerly recognized that protecting our nation was a valuable and important public service now feel compelled to stand in opposition," Litt said. He appealed to corporations to embrace "a solution that does not compromise the integrity of encryption technology but that enables both encryption to protect privacy and decryption under lawful authority to protect national security."
Green, the Johns Hopkins professor, argues that U.S. government attacks against the products of American companies will not just threaten privacy, but will ultimately harm the U.S. economy. "U.S. tech companies have already suffered overseas due to foreign concerns about our products' security," he says. "The last thing any of us need is for the U.S. government to actively undermine our own technology industry."
The U.S. government is certainly not alone in the war against secure communications. British Prime Minister David Cameron has suggested that if he is re-elected, he may seek to ban encrypted chat programs that do not provide backdoor access to law enforcement. "Are we going to allow a means of communications which it simply isn't possible to read?" Cameron said in a speech in England earlier this year. "My answer to that question is: 'No, we must not.'"
When the Chinese government recently tried to force tech companies to install a backdoor in their products for use by Chinese intelligence agencies, the U.S. government denounced China. "This is something that I've raised directly with President Xi," President Obama said in early March. "We have made it very clear to them that this is something they are going to have to change if they are to do business with the United States." But China was actually following the U.S. government's lead. The FBI has called for an expansion of U.S. law, which would require Apple and its competitors to design their products so that all communications could be made available to government agencies. NSA officials have expressed similar sentiments.
"Obama's comments were dripping with hypocrisy," says Trevor Timm, executive director of the Freedom of the Press Foundation. "Don't get me wrong, his actual criticism of China for attempting to force tech companies to install backdoors was spot on -- now if only he would apply what he said to his own government. Since he now knows backdooring encryption is a terrible policy that will damage cybersecurity, privacy, and the economy, why won't he order the FBI and NSA to stop pushing for it as well?"
Andrew Fishman, Alleen Brown, Andrea Jones, Ryan Gallagher, Morgan Marquis-Boire, and Micah Lee contributed to this story.
Documents published with this article:
* TCB Jamboree 2012 Invitation
* Strawhorse: Attacking the MacOS and iOS Software Development Kit
* TPM Vulnerabilities to Power Analysis and An Exposed Exploit to Bitlocker
* TCB Jamboree 2012
* Apple A4/A5 Application Processors Analysis
* Differential Power Analysis on the Apple A4 Processor
* Secure Key Extraction by Physical De-Processing of Apple's A4 Processor
* Rocoto: Implanting the iPhone
* Smurf Capability -- iPhone
* Black Budget: Cryptanalysis & Exploitation Services -- Analysis of Target Systems
Disclosure: Freedom of the Press Foundation, which Trevor Timm represents, has received grant funding from First Look Media, The Intercept's parent company. Intercept co-founders Glenn Greenwald and Laura Poitras are on the board of the organization.
Email the authors: email@example.com, firstname.lastname@example.org