Pixel Envy

Written by Nick Heer.

The CIA Campaign to Steal Apple’s Secrets

Jeremy Scahill and Josh Begley of the Intercept:

Studying both “physical” and “non-invasive” techniques, U.S. government-sponsored research has been aimed at discovering ways to decrypt and ultimately penetrate Apple’s encrypted firmware. This could enable spies to plant malicious code on Apple devices and seek out potential vulnerabilities in other parts of the iPhone and iPad currently masked by encryption. […]

The security researchers also claimed they had created a modified version of Apple’s proprietary software development tool, Xcode, which could sneak surveillance backdoors into any apps or programs created using the tool. Xcode, which is distributed by Apple to hundreds of thousands of developers, is used to create apps that are sold through Apple’s App Store.

These allegations are absolutely staggering. The US spy machine isn’t targeting specific individuals’ communications; they simply want to mass-collect everyone’s data, regardless of whether it’s remote, local, or in transit. If any other country were exploiting loopholes like this in an American country’s products, there would be an international outrage. If any other country’s spy agency was doing this to products made in their own country, it would be unacceptable:

When the Chinese government recently tried to force tech companies to install a backdoor in their products for use by Chinese intelligence agencies, the U.S. government denounced China. “This is something that I’ve raised directly with President Xi,” President Obama said in early March. “We have made it very clear to them that this is something they are going to have to change if they are to do business with the United States.”

If you’re surprised by this hypocrisy, I can’t help you.

What’s equally worrying is that the bugs that the CIA and NSA are exploiting are real security problems affecting real people, and it’s very likely that countries — both allied and not — have discovered and are using the same bugs to snoop on US citizens. The United States can’t both ensure the security of their citizens and seek to exploit security loopholes.

So, make sure you have Gatekeeper turned on, keep your OSes updated, and tell the CIA to fuck off.