No surprise: The NSA can hack iPhones

Summary:Nobody should find it surprising that the NSA can hack into iPhones and there's no reason to assume Apple is helping them.

As we and everyone else are reporting,  the latest poop on the NSA is that they claim to be able to hack into iPhones .

NSA.logo

Go back through Apple's log of security updates to their products, including iOS: there have always been many severe vulnerabilities. The general assumption out there is that nobody's exploiting them, but the other possibility is that they are being exploited, but only very rarely in targeted attacks. The NSA would be exactly the sort of agency to do that.

Even since iOS 7 was released, vulnerabilities have been patched which could allow full compromise without the knowledge of the user. Usually you need two vulnerabilities to accomplish this: an arbitrary code execution vulnerability to gain control, and a privilege escalation vulnerability to gain admin or root privileges. Once you have this, you can install what software you want.

This, incidentally, is how jailbreaking works. Every jailbreak is based on at least one security flaw in iOS. We know these work, so we know that what the NSA claims is perfectly possible.

iOS 7.0.1 fixed many security vulnerabilities, including both code execution and privilege escalation, and there have been many others in the past. It only stands to reason that researchers (and their customers, including the NSA) have access to vulnerabilities which have not yet been disclosed to Apple or patched.

Of course none of this is verifiable by us ordinary civilians, but for me the NSA's apparent claim of a 100% success rate in installing malware is a bit fishy. Unless they have an over-the-air, network-based exploit, something which executes automatically, then they still have to socially-engineer the user some. Good, targeted social engineering (sometimes a.k.a. "spear phishing") can get very good results, but 100%? I don't think so. And I very much doubt that they have an auto-executing, over-the-air compromise of iOS; someone else would have found it by now.

So don't assume that Apple must be cooperating. I would assume the contrary. It would be very much against their interests to cooperate. Remember that any super-backdoor built into the OS could be used by anyone who finds it. Not all of them are the good guys, like the NSA ;)

Topics: Security, Apple, Government : US, iPad, iPhone

About

Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years. He was most recently Editorial Director of BYTE, Dark Reading and Network Computing at UBM Tech. Prior to that he spent over a decade consulting and writing on technology subjects, primarily in the area of sec... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.