Since before the release of the first iPhone in 2007, security researchers have been holding secret annual meetings called “Jamborees”, in order to exchange new ideas about the possibilities of manipulating commercial electronics and household gadgets to extract protected information. The documents about these gatherings have been provided for The Intercept by NSA famous whistleblower Edward Snowden.
The current conference, called the Trusted Computing Base Jamboree, sponsored by the CIA’s Information Operations Center, is focused on bypassing and exploiting new security features of electronic devices. Held in a Lockheed Martin unit (Lockheed Martin is one of the largest defense contractors, considered by Arms and Security Project Director William Hartung, from the Center for International Policy, to be a good “candidate for Big Brother”), this conference is part of a larger project dedicated to the discovery of ways to crack private companies’ security systems. According to documents dating from 2010-2012, security experts have been mainly interested in extracting encryption keys that protect data stored on Apple devices. In 2011, some security researchers claimed to have discovered a “noninvasive” way to extract encryption keys, while others focused on the possibilities of physically extracting the key from Apple’s hardware. At the consecutive year’s Jamboree, other experts presented a way to control Xcode (a free piece of software upon which most Apple app-developers base their work) for creating malware which extracts private data from users.
The CIA attempts to tackle Apple private security settings are more of a concern in a context like the current one, with IT giants struggling to resist pressure from the U. S. and U. K. governments to weaker the security of their products. Law enforcement agencies want the government to be allowed to circumvent the security tools built into wireless devices. Apple’s CEO, Tim Cook, has vocally defended privacy as a core value of his company and reproved law enforcement agencies and secret services for their attempt at interfering.
Steven Bellovin, former chief technologist for the U. S. Federal Trade Commission (currently a professor at Columbia University), expressed his lack of surprise at the news odf CIA’s research into Apple technologies: “Spies gonna spy”, he said. “Their attitude is basically amoral”. While he conceded that it’s reasonable to seek information about dangerous people, Bellovin restated the risks of an inappropriate use of such intelligence technologies: mass surveillance, targeting Americans without a warrant, or spying on allies.
image source: The Intercept