Researchers from Sandia Labs gave a talk about their efforts to create a modified, or "whacked" version of Xcode, the free tool that developers use to create software for Apple devices. The poisoned version of Xcode could insert a backdoor into any applications created with it, could hide the confirmation prompts when a developer's private key was exported and could embed a developer's key into all iOS apps created with the tool, from where it could be later extracted.
"We also describe how we modified both the Mac OS X updater to install an extra kernel extension (a keylogger) and the Xcode installer to include our SDK [software development kit] whacks," the researchers wrote in their talk's description.
The FBI and U.S. intelligence agencies have voiced concern over the past year that the increased addition of default encryption to mobile devices and Internet communications make lawful electronic surveillance impossible. They call this the Going Dark problem.
Such agencies would like to see an approach where companies could offer encryption, but also be able to comply with government requests for data. Many security experts and privacy advocates believe this would involve building backdoors into encryption implementations that could also be exploited by hackers.
"I want to be absolutely clear that we have never worked with any government agency from any country to create a backdoor in any of our products or services," Apple CEO Tim Cook wrote in an open letter in September. "We have also never allowed access to our servers. And we never will."
Sign up for CIO Asia eNewsletters.