Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Snowden docs show CIA's attempts to defeat Apple device security

Lucian Constantin | March 11, 2015
A secret CIA-sponsored conference reportedly hosted talks on stealing encryption keys from Apple devices and infecting them with malware.

Researchers sponsored by the U.S. government have reportedly tried to defeat the encryption and security of Apple devices for years.

Several presentations given between 2010 and 2012 at a conference sponsored by the U.S. Central Intelligence Agency described attempts to decrypt the firmware in Apple mobile devices or to backdoor Mac OS X and iOS applications by poisoning developer tools.

Abstracts of the secret presentations were among the documents leaked by former U.S. National Security Agency contractor Edward Snowden to journalists and were published Tuesday by The Intercept.

The U.S. intelligence community's interest in hacking Apple products goes as far back as 2010, when a researcher presented possible methods of implanting the iPhone 3GS with malware at an annual conference called the Trusted Computing Base Jamboree, which, according to The Intercept, is sponsored by the CIA's Information Operations Center. The presentation also covered ways to jailbreak the device.

Over the next couple of years, the same conference included more talks on ways to bypass the security of Apple devices. For example, in 2011 researchers presented a technique to "noninvasively" extract the cryptographic key that's used to encrypt the firmware of devices based on Apple's A4 processor, like the iPhone 4, the iPod Touch and the first generation iPad.

The key, which is called the Group ID (GID), is stored inside the physical chip. The researchers tried to recover it by studying the electromagnetic emissions that occur during Advanced Encryption Standard (AES) operations, a technique known as differential power analysis.

"If successful, it would enable decryption and analysis of the boot firmware for vulnerabilities, and development of associated exploits across entire A4-based product-line," they wrote in a description of their presentation.

It's not clear if the researchers ever succeeded in recovering the key, but their presentation covered the progress they had made until then.

A separate talk described methods of determining where the GID key was located on the A4 integrated circuit and how it could be recovered through an invasive technique like the "physical de-processing of the chip."

By the following year the A5 processor used in the iPhone 4S, iPad 2, iPod Touch fifth generation and the iPad mini was also being targeted. Researchers from Sandia National Laboratories, a Federally Funded Research and Development Center (FFRDC) operated by Lockheed Martin subsidiary Sandia Corporation, had a talk entitled "Apple A4/A5 Application Processors Analysis." The presentation had no abstract and attendees looking for more information about it were instead instructed to call or email a CIA official.

It wasn't just Apple's master encryption keys that the U.S. intelligence community was interested in, but also the individual keys used by private developers to sign their iOS or Mac OS X apps.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.