No surprise: The NSA can hack iPhones

Nobody should find it surprising that the NSA can hack into iPhones and there's no reason to assume Apple is helping them.
Written by Larry Seltzer, Contributor

As we and everyone else are reporting, the latest poop on the NSA is that they claim to be able to hack into iPhones.


Go back through Apple's log of security updates to their products, including iOS: there have always been many severe vulnerabilities. The general assumption out there is that nobody's exploiting them, but the other possibility is that they are being exploited, but only very rarely in targeted attacks. The NSA would be exactly the sort of agency to do that.

Even since iOS 7 was released, vulnerabilities have been patched which could allow full compromise without the knowledge of the user. Usually you need two vulnerabilities to accomplish this: an arbitrary code execution vulnerability to gain control, and a privilege escalation vulnerability to gain admin or root privileges. Once you have this, you can install what software you want.

This, incidentally, is how jailbreaking works. Every jailbreak is based on at least one security flaw in iOS. We know these work, so we know that what the NSA claims is perfectly possible.

iOS 7.0.1 fixed many security vulnerabilities, including both code execution and privilege escalation, and there have been many others in the past. It only stands to reason that researchers (and their customers, including the NSA) have access to vulnerabilities which have not yet been disclosed to Apple or patched.

Of course none of this is verifiable by us ordinary civilians, but for me the NSA's apparent claim of a 100% success rate in installing malware is a bit fishy. Unless they have an over-the-air, network-based exploit, something which executes automatically, then they still have to socially-engineer the user some. Good, targeted social engineering (sometimes a.k.a. "spear phishing") can get very good results, but 100%? I don't think so. And I very much doubt that they have an auto-executing, over-the-air compromise of iOS; someone else would have found it by now.

So don't assume that Apple must be cooperating. I would assume the contrary. It would be very much against their interests to cooperate. Remember that any super-backdoor built into the OS could be used by anyone who finds it. Not all of them are the good guys, like the NSA ;)

Editorial standards