Is Apple collaborating with the NSA?

Apple has been accused of working with with the U.S. National Security Agency (NSA) to spy on iPhone users, according to a report on TechCrunch. A recently leaked 50-page catalogue that lists all the hacking tools NSA agents have access contains a “DROPOUTJEEP” malware that apparently targets the iOS platform. Security researcher Jacob Applebaum notes that the promised 100 percent success rate implies the cooperation of Apple with the NSA.

Apple has since issued a statement denying it has worked with the NSA to create a backdoor to its iOS operating system. The company also denies all knowledge of the NSA program. The full statement is as follow:

“Apple has never worked with the NSA to create a backdoor in any of our products, including iPhone. Additionally, we have been unaware of this alleged NSA program targeting our products. We care deeply about our customers’ privacy and security.  Our team is continuously working to make our products even more secure, and we make it easy for customers to keep their software up to date with the latest advancements.”

“Whenever we hear about attempts to undermine Apple’s industry-leading security, we thoroughly investigate and take appropriate steps to protect our customers.  We will continue to use our resources to stay ahead of malicious hackers and defend our customers from security attacks, regardless of who’s behind them.”

I personally doubt that Apple is involved. As  some commenters have written, the iOS  version was just 2.1 back in 2008, which was the date found in the leaked document. Security on the iOS was so much different that even jailbreaks were simple; there were no such thing as signature checking performed by the bootrom back then. Fast forward to present, the iPhone is incredibly secure and jailbreaks these days require multiple obscure exploits before a device can be declared “jailbroken.”

NSA DROPOUTJEEP

Indeed, the latest jailbreak requires physical access to the device, the passcode to be disabled, and the device to “trust” the computer. Looking at all these evidences, it would appear that those NSA tools are unlikely to exploit a modern device running on iOS 6 or iOS 7. Even a custom iOS firmware wouldn’t work too, as it would have certainly fail the bootrom signature check.

Think about it, the cat-and-mouse game between Apple and jailbreak developers is already a worthy proof that Apple takes security seriously. Not surprisingly, Apple doesn’t appear amused by the allegations. On this front, the company’s statement that it intends to defend its customers from security attacks “regardless of who’s behind them” appears to be a direct challenge to the NSA to break its operating system.