Another day, another collection of NSA spying revelations. The latest comes from security researcher Jacob Appelbaum, who spoke yesterday at the Chaos Communications Congress. During his presentation, Appelbaum detailed a number of nefarious programs, including a remote Wi-Fi hacking device reportedly capable of compromising devices from up to eight miles away. This so-called NIGHTSTAND hardware fits inside a relatively small suitcase, and leaked documents characterize it as "battlefield tested." Appelbaum also speculates that the hardware could be deployed on an unmanned drone, though he admits that there's no evidence to confirm that hunch.
Much of Appelbaum's talk covers programs described by Der Spiegel yesterday. The presentation is fascinating and frightening at the same time, and iPhone users should pay particular attention. At the 44:30 mark, Appelbaum mentions DROPOUTJEEP, a "software implant" that purportedly gives spooks unfettered access to the most popular smartphone on the planet.
Forbes has posted a document snippet describing this "product," which "includes the ability to remotely push/pull files from the device, SMS retrieval, contact list retrieval, voicemail, geolocation, hot mic, camera capture, cell tower location, etc." So pretty much everything, then. The document is dated 2008, and at the time, DROPOUTJEEP required "close access methods" to compromise a device. However, the document goes on to say that "a remote installation capability will be pursued for a future release." Given the NSA's resources, it seems likely that a remote implant program has been completed by now.
The NSA targets other mobile devices, of course, but it seems particularly adept at exploiting Apple gear. According to Appelbaum, NSA documents claim a 100% success rate when "implanting" iOS devices. Appelbaum worries that Apple may be cooperating with the NSA, though he says the spy agency could simply be sitting on a treasure trove of unpublished security vulnerabilities. Given the extent of the NSA's apparent activities, it seems like no device or Internet connection is safe from prying eyes.
Update: Apple has issued a statement to All Things D saying that it "has never worked with the NSA to create a backdoor in any of [its] products, including iPhone." Amusingly, the statement mentions Apple's "industry-leading security" and says the company will "continue to use [its] resources to stay ahead of malicious hackers and defend our customers from security attacks, regardless of who's behind them." There's no response to the claim that the NSA has a 100% success rate exploiting iOS devices.
|Here's the not-so-live video version of The TR Podcast 164||16|
|Here's what's cooking in Damage Labs||34|
|Deal of the week: An IPS ultra-wide for $420, plus cheap SSDs and more||30|
|Microsoft's quarterly revenue up 25% on strong Surface, Xbox sales||25|
|Assassin's Creed Unity PC requires 6GB of RAM, GTX 680||238|
|Join us as we attempt to live stream The TR Podcast tonight||13|
|Civ: Beyond Earth with Mantle aims to end multi-GPU microstuttering||76|
|CPU startup claims to achieve 3x IPC gains with VISC architecture||63|
|I just found this AMAZING trick! Call of Duty takes up 0GB if you just don't buy it!||+122|