Latest Snowden Docs Reveal U.S. Govt. Obsession With Breaking Encryption

The CIA created software that may have been capable of turning millions of apps into surveillance tools.

175153105crop
175153105crop

It is common knowledge that the U.S. intelligence community is terrified of commercial encryption systems. FBI Director James Comey has repeatedly and publicly speculated on the consequences of being “left in the dark” as a result of encryption. What has been less known are the creative methods the intelligence community has considered using to circumvent encryption.

In a fascinating, if unsatisfying, story posted Tuesday on the Intercept, new documents from NSA whistleblower Edward Snowden reveal that the CIA has developed the means to  undermine the software used to build applications for Apple devices in order to install backdoors in iPhones, iPads, and computers manufactured by the California company.

Here’s the unsatisfying part: It’s impossible to know whether U.S. spies actually carried out that plan or used any of the technology described in this article.

It is common knowledge that the U.S. intelligence community is terrified of commercial encryption systems. FBI Director James Comey has repeatedly and publicly speculated on the consequences of being “left in the dark” as a result of encryption. What has been less known are the creative methods the intelligence community has considered using to circumvent encryption.

In a fascinating, if unsatisfying, story posted Tuesday on the Intercept, new documents from NSA whistleblower Edward Snowden reveal that the CIA has developed the means to  undermine the software used to build applications for Apple devices in order to install backdoors in iPhones, iPads, and computers manufactured by the California company.

Here’s the unsatisfying part: It’s impossible to know whether U.S. spies actually carried out that plan or used any of the technology described in this article.

But as a concept, the exploit is revealing in how the U.S. intelligence community is thinking about what it clearly considers a huge challenge moving forward. (By the same measure, the government’s attention on getting around commercial encryption is also indicative of the fact that properly implemented encryption systems can be quite effective in protecting an individual user from government surveillance.)

According to a document posted by the Intercept, which previews a talk by a researcher at Sandia National Laboratories, it is possible to use a modified version of the Xcode software development kit — called Strawhorse — to inject a surveillance backdoor into a program being written. This allowed a government hacker to “create a remote backdoor on execution” and “force all iOS applications to send embedded ata to a listening post.” Strawhorse also had the ability to steal a developers private encryption keys.

To inject Strawhorse, the researcher claims to have modified Apple’s automatic software updater to install the “whacked” version of Xcode.

In short, if a user downloads an application created with the modified version of Xcode, it turns a computer, cellphone, or laptop into a CIA surveillance device. This method, if used, had the potential to infect millions of devices. Another document posted by the Intercept Tuesday describes the name of software used by the NSA to control the power and microphone systems on an iPhone — Dreamy Smurf and Nosey Smurf, respectively. Those programs were previously described by the Guardian.

Two other documents posted by the Intercept Tuesday reveals that the CIA also studied technology to attempt to capture the encryption keys used for an entire Apple chipset. “If successful, it would enable decryption and analysis of the boot firmware for vulnerabilities, and development of associated exploits across the entire A4-based product-line, which includes the iPhone 4, the iPod touch, and the iPad.” A-4 refers to the processor used in those products.

The Snowden revelations have made it painfully clear to tech companies that they lie squarely in the crosshairs of U.S. spies, and as a result several major players in the industry have moved to encrypt to user data. In September, Apple rolled out new measures to do exactly that.

But the technology being described here may now be obsolete. They were described at so-called “Jamborees” — top secret conferences for U.S. intelligence officials between 2010 and 2012. Since then, one can only guess how spytech has evolved to keep up with encryption’s increasing popularity.

STRINGER/AFP/Getty Images

 Twitter: @EliasGroll

More from Foreign Policy

A propaganda poster from the 1960s shows Chinese leader Mao Zedong.
A propaganda poster from the 1960s shows Chinese leader Mao Zedong.

Xi’s Great Leap Backward

Beijing is running out of recipes for its looming jobs crisis—and reviving Mao-era policies.

A textile worker at the Maxport factory in Hanoi on Sept. 21, 2021.
A textile worker at the Maxport factory in Hanoi on Sept. 21, 2021.

Companies Are Fleeing China for Friendlier Shores

“Friendshoring” is the new trend as geopolitics bites.

German children stand atop building rubble in Berlin in 1948.
German children stand atop building rubble in Berlin in 1948.

Why Superpower Crises Are a Good Thing

A new era of tensions will focus minds and break logjams, as Cold War history shows.

Vacationers sit on a beach in Greece.
Vacationers sit on a beach in Greece.

The Mediterranean as We Know It Is Vanishing

From Saint-Tropez to Amalfi, the region’s most attractive tourist destinations are also its most vulnerable.