data privacy

Apple denies creating backdoor for NSA

Warwick Ashford

Apple has denied working with the US National Security Agency (NSA) to create a backdoor in any of its products.

The denial follows the release of documents by security researcher Jacob

Requires Free Membership to View

Appelbaum that suggest there were plans to develop software to give the NSA remote access to Apple devices, the Guardian has reported.

Installation of the software called DropoutJeep would require physical access to target devices, but would allow the NSA to access text messages, photos, voicemail and live calls, according to Appelbaum.

The 2008 documents are classified as top secret, but are cleared for release to "FVEY", which refers to the Five Eyes agreement to share intelligence by the US, Australia, New Zealand, Canada and the UK.

The documents were released as part of a presentation Appelbaum gave at the 30C3 Conference in Hamburg that outlined different methods the NSA can use to intercept communications.

In response, Apple issued a statement that said: “Apple has never worked with the NSA to create a backdoor in any of our products, including iPhone.

“Additionally, we have been unaware of this alleged NSA program targeting our products. We care deeply about our customers’ privacy and security.

“Whenever we hear about attempts to undermine Apple’s industry-leading security, we thoroughly investigate and take appropriate steps to protect our customers.

“We will continue to use our resources to stay ahead of malicious hackers and defend our customers from security attacks, regardless of who’s behind them,” the statement said.

Independent security advisor Graham Cluley pointed out that Applebaum's documents show a broader range of tools that the NSA apparently deploys against other technology companies and products, including HP servers, Cisco firewalls, and Huawei routers.

But Cluley said in a blog post that the material presented "does not mean that the NSA has complete control of your iPhone" because physical access to the device would be needed.

"It may be that they have since found unpatched vulnerabilities in iOS to install the spyware onto targeted devices remotely... but that's not what the leaked documents say," Cluley wrote.

Cluley also noted that the document dates from 2008. "Let's hope that Apple has improved its software's security since 2008. And if it's not true, we've all got a huge problem," he added.