Another day, another collection of NSA spying revelations. The latest comes from security researcher Jacob Appelbaum, who spoke yesterday at the Chaos Communications Congress. During his presentation, Appelbaum detailed a number of nefarious programs, including a remote Wi-Fi hacking device reportedly capable of compromising devices from up to eight miles away. This so-called NIGHTSTAND hardware fits inside a relatively small suitcase, and leaked documents characterize it as "battlefield tested." Appelbaum also speculates that the hardware could be deployed on an unmanned drone, though he admits that there's no evidence to confirm that hunch.
Much of Appelbaum's talk covers programs described by Der Spiegel yesterday. The presentation is fascinating and frightening at the same time, and iPhone users should pay particular attention. At the 44:30 mark, Appelbaum mentions DROPOUTJEEP, a "software implant" that purportedly gives spooks unfettered access to the most popular smartphone on the planet.
Forbes has posted a document snippet describing this "product," which "includes the ability to remotely push/pull files from the device, SMS retrieval, contact list retrieval, voicemail, geolocation, hot mic, camera capture, cell tower location, etc." So pretty much everything, then. The document is dated 2008, and at the time, DROPOUTJEEP required "close access methods" to compromise a device. However, the document goes on to say that "a remote installation capability will be pursued for a future release." Given the NSA's resources, it seems likely that a remote implant program has been completed by now.
The NSA targets other mobile devices, of course, but it seems particularly adept at exploiting Apple gear. According to Appelbaum, NSA documents claim a 100% success rate when "implanting" iOS devices. Appelbaum worries that Apple may be cooperating with the NSA, though he says the spy agency could simply be sitting on a treasure trove of unpublished security vulnerabilities. Given the extent of the NSA's apparent activities, it seems like no device or Internet connection is safe from prying eyes.
Update: Apple has issued a statement to All Things D saying that it "has never worked with the NSA to create a backdoor in any of [its] products, including iPhone." Amusingly, the statement mentions Apple's "industry-leading security" and says the company will "continue to use [its] resources to stay ahead of malicious hackers and defend our customers from security attacks, regardless of who's behind them." There's no response to the claim that the NSA has a 100% success rate exploiting iOS devices.