The Intercept¹ is reporting a secret program targeting Apple devices and software as part of a CIA sponsored event called “Jamboree,” where groups of security researchers meet and present on new ways to circumvent security tools and software. The documents are part of the leaked NSA data from Edward Snowden. The document The Intercept links to does not provide information to back up the claims made in the story, so it is assumed there are additional documents that have not been released. In the document provided by the Intercerpt, Apple is not mentioned at all, only mention of the seventh “Trusted Computing Jamboree” where the goal of the conference is to…
…present notable results that will provide developers insight into how to meet the threats of the TCG architectures and embedded architectures and how they can exploit new avenues of attack.
The conference itself appears to be a government sponsored version of DEF CON, without the responsible disclosure… or culture. The Intercept mentions Apple specific research from Sandia National Laboratories that was presented at the Jamboree in 2012 at Lockheed Martin. Similar programs have been revealed, such as the NSA’s Dropout Jeep Program, where the goal was to compromise and root iPhones when you had physical access to the device. I worked with the Red Alert (R3d4l3rt) on a demo of the same capability utilizing existing and publicly available jailbreaking methods, with additional tools to automate the process when connected to a PC.
These same methods and techniques are used by a number of countries as part of their high tech spycraft. If the software and devices were successfully exploited by the researchers at the CIA sponsored event and not disclosed to Apple, at the very least, they broke the Apple EULA, as well as possibly a few laws if the exploits were used against domestic, or unauthorized targets. It is difficult to identify what, if anything, was actually disclosed at this Jamboree. The Intercept admits that the documents do not mention how successful the attempts to circumvent Apple’s encryption were, or that any specific exploits that were disclosed.
¹Disclaimer: article may link to classified information.