NSA seizes full control of targeted iPhones via DROPOUTJEEP malware

The NSA developed in 2008 a software program for iPhones that can selectively and stealthily deliver data from iPhones to the NSA. The program is called DROPOUTJEEP. News of the malware is the latest to come out of the ongoing Snowden document media bonanza.

DROPOUTJEEP can read and retrieve SMS messages, contact lists, voice messages, and the iPhone’s location via GPS and cell phone towers. It can also remotely activate the microphone and the camera.

In short, DROPOUTJEEP can gain full covert “command and control” over any iPhone on which it is installed.

The method of installation is not entirely clear, but logic dictates DROPOUTJEEP has to be installed either remotely or with hands on. In light of last weekend’s Der Spiegel Snowden document analysis showing the NSA has infiltrated a wide range of proprietary hardware throughout the tech industry, the latter is a distinct possibility. That is to say, some iPhones currently in use in the wild may have physically passed through the NSA before arriving, bugged, in users’ hands.

The NSA document describing DROPOUTJEEP seems to imply exactly that:

“The initial release of DROPOUTJEEP will focus on installing the implant via close access methods.”

How many iPhones have DROPOUTJEEP installed? And how many iPads? There’s no way of knowing that at this point. It could be considered alarmist to imply a pervasive NSA influence on the iOS ecosystem. Equally alarmist — and unfair — might be to imply that Apple knowingly cooperated with the NSA on DROPOUTJEEP.

But questions are being raised, as in the case of Jacob Applebaum’s comments today at a Chaos Communication Project event. Among them: “Either [the NSA] have a huge collection of exploits that work against Apple products, meaning that they are hoarding information about critical systems that American companies produce and sabotaging them, or Apple sabotaged it themselves.”

In either case, iOS owners won’t find much comfort in this little revelation. But neither will anyone who owns almost any kind of device from any manufacturer. The NSA is now everywhere.

SOURCE: Forbes