RESEARCHERS WORKING with the Central Intelligence Agency have conducted a multi-year, sustained effort to break the security of Apple’s iPhones and iPads, according to top-secret documents obtained by The Intercept. The security researchers presented their latest tactics and achievements at a secret annual gathering, called the “Jamboree,” where attendees discussed strategies for exploiting security flaws in household and commercial electronics. The conferences have spanned nearly a decade, with the first CIA-sponsored meeting taking place a year before the first iPhone was released. By targeting essential security keys used to encrypt data stored on Apple’s devices, the researchers have sought to thwart the company’s attempts to provide mobile security to hundreds of millions of Apple customers across the globe. Studying both “physical” and “non-invasive” techniques, U.S. government-sponsored research has been aimed at discovering ways to decrypt and ultimately penetrate Apple’s encrypted firmware. This could enable spies to plant malicious code on Apple devices and seek out potential vulnerabilities in other parts of the iPhone and iPad currently masked by encryption. The CIA declined to comment for this story. The security researchers also claimed they had created a modified version of Apple’s proprietary software development tool, Xcode, which could sneak surveillance backdoors into any apps or programs created using the tool. Xcode, which is distributed by Apple to hundreds of thousands of developers, is used to create apps that are sold through Apple’s App Store. The modified version of Xcode, the researchers claimed, could enable spies to steal passwords and grab messages on infected devices. Researchers also claimed the modified Xcode could “force all iOS applications to send embedded data to a listening post.” It remains unclear how intelligence agencies would get developers to use the poisoned version of Xcode. Researchers also claimed they had successfully modified the OS X updater, a program used to deliver updates to laptop and desktop computers, to install a “keylogger.” Other presentations at the CIA conference have focused on the products of Apple’s competitors, including Microsoft’s BitLocker encryption system, which is used widely on laptop and desktop computers running premium editions of Windows. The revelations that the CIA has waged a secret campaign to defeat the security mechanisms built into Apple’s devices come as Apple and other tech giants are loudly resisting pressure from senior U.S. and U.K. government officials to weaken the security of their products. Law enforcement agencies want the companies to maintain the government’s ability to bypass security tools built into wireless devices. Perhaps more than any other corporate leader, Apple’s CEO, Tim Cook, has taken a stand for privacy as a core value, while sharply criticizing the actions of U.S. law enforcement and intelligence agencies. “If U.S. products are OK to target, that’s news to me,” says Matthew Green, a cryptography expert at Johns Hopkins University’s Information Security Institute. “Tearing apart the products of U.S. manufacturers and potentially putting backdoors in software distributed by unknowing developers all seems to be going a bit beyond ‘targeting bad guys.’ It may be a means to an end, but it’s a hell of a means.” Apple declined to comment for this story, instead pointing to previous comments Cook and the company have made defending Apple’s privacy record.

Lockheed Martin Dulles Executive Plaza, Herndon, Virginia.

SECURITY RESEARCHERS from Sandia National Laboratories presented their Apple-focused research at a secret annual CIA conference called the Trusted Computing Base Jamboree. The Apple research and the existence of the conference are detailed in documents provided to The Intercept by National Security Agency whistleblower Edward Snowden. The conference was sponsored by the CIA’s Information Operations Center, which conducts covert cyberattacks. The aim of the gathering, according to a 2012 internal NSA wiki, was to host “presentations that provide important information to developers trying to circumvent or exploit new security capabilities,” as well as to “exploit new avenues of attack.” NSA personnel also participated in the conference through the NSA’s counterpart to the CIA’s Trusted Computing Base, according to the document. The NSA did not provide comment for this story. The Jamboree was held at a Lockheed Martin facility inside an executive office park in northern Virginia. Lockheed is one of the largest defense contractors in the world; its tentacles stretch into every aspect of U.S. national security and intelligence. The company is akin to a privatized wing of the U.S. national security state — more than 80 percent of its total revenue comes from the U.S. government. Via a subsidiary, Lockheed also operates Sandia Labs, which is funded by the U.S. government. The lab’s researchers have presented Apple findings at the CIA conference. “Lockheed Martin’s role in these activities should not be surprising given its leading role in the national surveillance state,” says William Hartung, director of the Arms and Security Project at the Center for International Policy and author of Prophets of War, a book that chronicles Lockheed’s history. “It is the largest private intelligence contractor in the world, and it has worked on past surveillance programs for the Pentagon, the CIA and the NSA. If you’re looking for a candidate for Big Brother, Lockheed Martin fits the bill.” The Apple research is consistent with a much broader secret U.S. government program to analyze “secure communications products, both foreign and domestic” in order to “develop exploitation capabilities against the authentication and encryption schemes,” according to the 2013 Congressional Budget Justification. Known widely as the “Black Budget,” the top-secret CBJ was provided to The Intercept by Snowden and gives a sprawling overview of the U.S. intelligence community’s spending and architecture. The White House did not respond to a request for comment. As of 2013, according to the classified budget, U.S. intelligence agencies were creating new capabilities against dozens of commercially produced security products, including those made by American companies, to seek out vulnerabilities. Last week, CIA Director John Brennan announced a major reorganization at the agency aimed, in large part, at expanding U.S. cyber-operations. The Information Operations Center, which organized the Jamboree conferences, will be folded into a new Directorate of Digital Innovation. Notwithstanding its innocuous name, a major priority of the directorate will be offensive cyberattacks, sabotage and digital espionage. Brennan said the CIA reorganization will be modeled after the agency’s Counterterrorism Center, which runs the U.S. targeted killing and drone program.

THE DOCUMENTS do not address how successful the targeting of Apple’s encryption mechanisms have been, nor do they provide any detail about the specific use of such exploits by U.S. intelligence. But they do shed light on an ongoing campaign aimed at defeating the tech giant’s efforts to secure its products, and in turn, its customers’ private data. “Spies gonna spy,” says Steven Bellovin, a former chief technologist for the U.S. Federal Trade Commission and current professor at Columbia University. “I’m never surprised by what intelligence agencies do to get information. They’re going to go where the info is, and as it moves, they’ll adjust their tactics. Their attitude is basically amoral: whatever works is OK.” Bellovin says he generally supports efforts by U.S. intelligence to “hack” devices — including Apple’s — used by terrorists and criminals, but expressed concern that such capabilities could be abused. “There are bad people out there, and it’s reasonable to seek information on them,” he says, cautioning that “inappropriate use — mass surveillance, targeting Americans without a warrant, probably spying on allies — is another matter entirely.” In the top-secret documents, ranging from 2010 through 2012, the researchers appear particularly intent on extracting encryption keys that prevent unauthorized access to data stored — and firmware run — on Apple products. “The Intelligence Community (IC) is highly dependent on a very small number of security flaws, many of which are public, which Apple eventually patches,” the researchers noted in an abstract of their 2011 presentation at the Jamboree. But, they promised, their presentation could provide the intelligence community with a “method to noninvasively extract” encryption keys used on Apple devices. Another presentation focused on physically extracting the key from Apple’s hardware. A year later, at the 2012 Jamboree, researchers described their attacks on the software used by developers to create applications for Apple’s popular App Store. In a talk called “Strawhorse: Attacking the MacOS and iOS Software Development Kit,” a presenter from Sandia Labs described a successful “whacking” of Apple’s Xcode — the software used to create apps for iPhones, iPads and Mac computers. Developers who create Apple-approved and distributed apps overwhelmingly use Xcode, a free piece of software easily downloaded from the App Store. The researchers boasted that they had discovered a way to manipulate Xcode so that it could serve as a conduit for infecting and extracting private data from devices on which users had installed apps that were built with the poisoned Xcode. In other words, by manipulating Xcode, the spies could compromise the devices and private data of anyone with apps made by a poisoned developer — potentially millions of people. “Trying to plant stuff in Xcode has fascinating implications,” says Bellovin. The researchers listed a variety of actions their “whacked” Xcode could perform, including: — “Entice” all Mac applications to create a “remote backdoor” allowing undetected access to an Apple computer. — Secretly embed an app developer’s private key into all iOS applications. (This could potentially allow spies to impersonate the targeted developer.) — “Force all iOS applications” to send data from an iPhone or iPad back to a U.S. intelligence “listening post.” — Disable core security features on Apple devices.

The Intelligence Community is highly dependent on a very small number of security flaws, many of which are public, which Apple eventually patches.

For years, U.S. and British intelligence agencies have consistently sought to defeat the layers of encryption and other security features used by Apple to protect the iPhone. A joint task force comprised of operatives from the NSA and Britain’s Government Communications Headquarters, formed in 2010, developed surveillance software targeting iPhones, Android devices and Nokia’s Symbian phones. The Mobile Handset Exploitation Team successfully implanted malware on iPhones as part of WARRIOR PRIDE, a GCHQ framework for secretly accessing private communications on mobile devices. That program was disclosed in Snowden documents reported on last year by The Guardian. A WARRIOR PRIDE plugin called NOSEY SMURF allowed spies to remotely and secretly activate a phone’s microphone. Another plugin, DREAMY SMURF, allowed intelligence agents to manage the power system on a phone and thus avoid detection. PARANOID SMURF was designed to conceal the malware in other ways. TRACKER SMURF allowed ultra-precise geolocating of an individual phone. “[If] its [sic] on the phone, we can get it,” the spies boasted in a secret GCHQ document describing the targeting of the iPhone. All of the SMURF malware — including the plugin that secretly turns on the iPhone’s microphone — would first require that agencies bypass the security controls built into the iOS operating system. Spies would either need to hack the phone in order to plant their malware on it, or sneak a backdoor into an app the user installed voluntarily. That was one of the clear aims of the Apple-focused research presented at the CIA’s conference. “The U.S. government is prioritizing its own offensive surveillance needs over the cybersecurity of the millions of Americans who use Apple products,” says Christopher Soghoian, the principal technologist at the American Civil Liberties Union. “If U.S. government-funded researchers can discover these flaws, it is quite likely that Chinese, Russian and Israeli researchers can discover them, too. By quietly exploiting these flaws rather than notifying Apple, the U.S. government leaves Apple’s customers vulnerable to other sophisticated governments.” Security experts interviewed by The Intercept point out that the SMURF capabilities were already available to U.S. and British intelligence agencies five years ago. That raises the question of how advanced the current capacity to surveil smartphone users is, especially in light of the extensive resources poured into targeting the products of major tech companies. One GCHQ slide from 2010 stated that the agency’s ultimate goal was to be able to “Exploit any phone, anywhere, any time.”

THE FIRST JAMBOREE took place in 2006, just as Apple was preparing to unveil its highly-anticipated iPhone. In March 2010, according to a top-secret document, during a talk called “Rocoto: Implanting the iPhone,” a presenter discussed efforts to target the iPhone 3G. In addition to analyzing the device’s software for potential vulnerabilities, the presentation examined “jailbreak methods,” used within the iPhone community to free phones from their built-in constraints, that could be leveraged by intelligence agencies. “We will conclude with a look ahead at future challenges presented by the iPhone 3GS and the upcoming iPad,” the abstract noted. Over the years, as Apple updates its hardware, software and encryption methods, the CIA and its researchers study ways to break and exploit them. The attempts to target vulnerabilities in Apple’s products have not occurred in a vacuum. Rather, they are part of a vast multi-agency U.S./U.K. effort to attack commercial encryption and security systems used on billions of devices around the world. U.S. intelligence agencies are not just focusing on individual terrorists or criminals — they are targeting the large corporations, such as Apple, that produce popular mobile devices. “Every other manufacturer looks to Apple. If the CIA can undermine Apple’s systems, it’s likely they’ll be able to deploy the same capabilities against everyone else,” says Green, the Johns Hopkins cryptographer. “Apple led the way with secure coprocessors in phones, with fingerprint sensors, with encrypted messages. If you can attack Apple, then you can probably attack anyone.” According to the Black Budget, U.S. intelligence agencies have tech companies dead in their sights with the aim of breaking or circumventing any existing or emerging encryption or antiviral products, noting the threat posed by “increasingly strong commercial” encryption and “adversarial cryptography.” The Analysis of Target Systems Project produced “prototype capabilities” for the intelligence community, enabled “the defeat of strong commercial data security systems” and developed ways “to exploit emerging information systems and technologies,” according to the classified budget. The project received $35 million in funding in 2012 and had more than 200 personnel assigned to it. By the end of 2013, according to the budget, the project would “develop new capabilities against 50 commercial information security device products to exploit emerging technologies,” as well as new methods that would allow spies to recover user and device passwords on new products. Among the project’s missions: — Analyze “secure communications products, both foreign and domestic produced” to “develop exploitation capabilities against the authentication and encryption schemes.” — “[D]evelop exploitation capabilities against network communications protocols and commercial network security products.” — “Anticipate future encryption technologies” and “prepare strategies to exploit those technologies.” — “Develop, enhance, and implement software attacks against encrypted signals.” — “Develop exploitation capabilities against specific key management and authentication schemes.” — “[D]evelop exploitation capabilities against emerging multimedia applications.” — Provide tools for “exploiting” devices used to “store, manage, protect, or communicate data.” — “Develop methods to discover and exploit communication systems employing public key cryptography” and “communications protected by passwords or pass phrases.” — Exploit public key cryptography. — Exploit Virtual Private Networks, or VPNs, which allow people to browse the Internet with increased security and anonymity. The black budget also noted that the U.S. intelligence community partners with “National Laboratories” to conduct the type of research presented at the CIA’s annual Jamboree conference. It confirms the U.S. government’s aggressive efforts to steal encryption and authentication keys, as occurred in the NSA and GCHQ operations against Gemalto, the world’s largest manufacturer of SIM cards, through the use of Computer Network Exploitation attacks. In that case, spy agencies penetrated Gemalto’s internal networks and cyberstalked its employees to steal mass quantities of keys used to encrypt mobile phone communications. The CIA’s Information Operations Center is currently the second largest of the spy agency’s specialized centers. It not only conducts cyber-ops, but has operated covertly in other nations, working to develop assets from targeted countries to assist in its cyber-surveillance programs, according to the Black Budget. At times, its personnel brief the president.

U.S. President Barack Obama holds up an iPad.

AT THE CIA’s Jamboree in 2011, the computer researchers conducted workshops where they revealed the specifics of their efforts to attack one of the key privacy elements of Apple’s mobile devices. These machines have two separate keys integrated into the silicon of their Apple-designed processors at the point of manufacture. The two, paired together, are used to encrypt data and software stored on iPhones and iPads. One, the User ID, is unique to an individual’s phone, and is not retained by Apple. That key is vital to protecting an individual’s data and — particularly on Apple’s latest devices — difficult to steal. A second key, the Group ID, is known to Apple and is the same across multiple Apple devices that use the same processor. The GID is used to encrypt essential system software that runs on Apple’s mobile devices. The focus of the security researchers, as described at the CIA conferences, was to target the GID key, which Apple implants on all devices that use the same processors. For instance, Apple’s A4 processor was used in the iPhone 4, the iPod Touch and the original iPad. All of those devices used the same GID. As Apple designs new processors and faster devices that use those processors, the company creates new GIDs. If someone has the same iPhone as her neighbor, they have the exact same GID key on their devices. So, if intelligence agencies extract the GID key, it means they have information useful to compromising any device containing that key. At the 2011 Jamboree conference, there were two separate presentations on hacking the GID key on Apple’s processors. One was focused on non-invasively obtaining it by studying the electromagnetic emissions of — and the amount of power used by — the iPhone’s processor while encryption is being performed. Careful analysis of that information could be used to extract the encryption key. Such a tactic is known as a “side channel” attack. The second focused on a “method to physically extract the GID key.” Whatever method the CIA and its partners use, by extracting the GID — which is implanted on the processors of all Apple mobile devices — the CIA and its allies could be able to decrypt the firmware that runs on the iPhone and other mobile devices. This would allow them to seek out other security vulnerabilities to exploit. Taken together, the documents make clear that researching each new Apple processor and mobile device, and studying them for potential security flaws, is a priority for the CIA. According to the 2011 document describing the Jamboree presentations on Apple’s processor, the researchers asserted that extracting the GID key could also allow them to look for other potential gateways into Apple devices. “If successful, it would enable decryption and analysis of the boot firmware for vulnerabilities, and development of associated exploits across the entire A4-based product-line, which includes the iPhone 4, the iPod touch and the iPad.” At the CIA conference in 2012, Sandia researchers delivered a presentation on Apple’s A5 processor. The A5 is used in the iPhone 4s and iPad 2. But this time, it contained no abstract or other details, instructing those interested to contact a CIA official on his secure phone or email. “If I were Tim Cook, I’d be furious,” says the ACLU’s Soghoian. “If Apple is mad at the intelligence community, and they should be, they should put their lawyers to work. Lawsuits speak louder than words.”

Apple CEO Tim Cook testifies on Capitol Hill in Washington, May 21, 2013.