Apple has responded to documents that claim the U.S. National Security Agency has implemented a backdoor to access communications sent via the iPhone.
The company denies working with the NSA to create any so-called backdoors — lines of code in the OS that would allow the agency to remotely access, monitor or intercept communications on the phone.
Here's the company's full statement:
Apple has never worked with the NSA to create a backdoor in any of our products, including iPhone. Additionally, we have been unaware of this alleged NSA program targeting our products. We care deeply about our customers' privacy and security. Our team is continuously working to make our products even more secure, and we make it easy for customers to keep their software up to date with the latest advancements.
Whenever we hear about attempts to undermine Apple's industry-leading security, we thoroughly investigate and take appropriate steps to protect our customers. We will continue to use our resources to stay ahead of malicious hackers and defend our customers from security attacks, regardless of who's behind them.
The statement comes in the wake of a report published Sunday by the German magazine Der Spiegel in conjunction with security researcher Jacob Appelbaum. The report revealed new documents from the NSA, including a description of a 50-page catalog of toolkits and surveillance goodies that NSA employees can order to zero in on a target.
Those documents included the revelation that the NSA has (or had, circa 2008) backdoors in places such as high-end routers, firewalls and the firmware and BIOS of computers, mainframes and even hard drives. One of those documents, dated October 1 2008, highlights a software implant known as "DROPOUTJEEP" that can be used to intercept communication and data from the original iPhone.
The document, embedded below, outlines how the system works. After being installed, the software implant supposedly lets an NSA employee "remotely push/pull files from the device, SMS retrieval, contact list retrieval, voicemail, geolocation, hot mic, camera capture, cell tower location, etc. Command, control, and data exfiltration can occur over SMS messaging or a GPRS data connection. All communications with the implant will be covert and encrypted."
The date of the document — as well as the description of some of its functionality (GPRS) — indicates that the initial version of DROPOUTJEEP was focused on the original iPhone and early versions of its operating system.

The description of DROPUTJEET indicates that in order to work, the implant would need to be installed via "close access methods." As of 2008, the agency was pursing a remote installation option for a future release.
In other words, in order to access this sort of data, the NSA would need physical access to a phone — or would need to contrive a way for users to install an application (in the iPhone's case, a provisioning profile) that would allow this kind of access.
Moreover, the same NSA catalog that showcases DROPOUTJEEP also includes other items such as GSM Base Station Routers that allow agents to connect to GSM handsets in order to capture signaling, call control and SMS messaging.
As of 2008, standard GSM cell phones (smartphone or otherwise) could be intercepted with ease.
This new information is bolstered by previous reports by Der Spiegel alleging that the NSA has been surveilling iPhone, Android and BlackBerry devices since at least 2010.
It should also be noted that this isn't the first time its been alleged that the NSA has the ability to successfully tap smartphones. In chat logs from May 2010 between Chelsea Manning and Adrian Lamo (published by Wired in 2011), Manning discussed military SIGINT (signals intelligence) capabilities in regards to cell phones.
This passage mentions the PROPHET team's ability to tap cell phones:
(7:35:37 AM) bradass87: other person knows a lot about phones… how to tap cellular phones (its his job, after all)
(7:35:56 AM) bradass87: PROPHET team
(7:36:22 AM) bradass87: http://www.globalsecurity.org/intell/systems/prophet.htm
(7:36:47 AM) info@adrianlamo.com: Can they do CDMA or GSM over-the-air vs. at the switch?
(7:37:07 AM) bradass87: both
(7:37:16 AM) bradass87: v3 as well
(7:37:48 AM) bradass87: over-the-air and at switches and towers…
(7:38:06 AM) bradass87: redundancy for locational refinement
(7:38:14 AM) info@adrianlamo.com: I assume the same could be done in the U.S.
(7:38:37 AM) bradass87: of course
In a later conversation, Manning (bradass87) mentions the NSA and the iPhone:
(1:24:21 PM) bradass87: did you know it took NSA 6 months, and 50 people to figure out how to tap the iPhone
(1:24:21 PM) info@adrianlamo.com : I have more messages than resources allocatable to action them. Please be very patient.
(1:26:16 PM) bradass87: they honestly didn't know what was going on, because of the sudden format switch when AT&T made the contract
(1:26:32 PM) bradass87: =P
(1:27:42 PM) bradass87: [not 100% if thats true, but i've heard enough variations by NSA types to believe it]
The documents published by Der Speigel did not implicate Apple or any other company. In fact, most leaked documents seem to indicate that American companies don't need to be aware of what the NSA is doing in order for surveillance programs to exist.
This isn't to say that the NSA doesn't lean on companies who make their jobs difficult, but evidence revealed thus far suggests access is possible whether or not the companies themselves are involved.
Instead, Apple's public denial of working with the NSA — as well as its disavowal of any knowledge related to alleged attempts by the NSA to target Apple products — seem to be a direct response to questions raised by Jacob Appelbaum (one of the contributors to the Der Spiegel report at Sunday's 30th Chaos Communications Congress. During his presentation, Appelbaum raises the possibility that Apple itself cooperated with the NSA on an iPhone backdoor.
His logic appeared to be that only two scenarios were possible: The NSA has a huge list of iOS exploits it has purposefully kept secret from Apple, or Apple has agreed to keep those exploits in place.
But there's a third possibility: interceptions made on an original iPhone in 2008 are not necessarily applicable in 2014. It seems unlikely that even the iPhone 3G, which was released in July 2008, would be ready to be surveilled less than one month later — if only because standard QA and testing would likely take more time than that.
The original iPhone was a revolutionary device, but it lacked certain technical advancements. For instance, it lacked 3G support and didn't support MMS. That would make the process of tapping an iPhone less complex than another smartphone. Moreover, the original iPhone wasn't exactly the most secure smartphone out of the gate.
It took less than two weeks for the first jailbreak to come to the original iPhone, back in July 2007. By August 2007, there were software and hardware SIM unlock available.
Fast-forward six and a half years. The jailbreak movement is still alive, but updates come much later, with more caveats than in the past. The iOS has seen tremendous evolution in terms of software, sandboxing and security.
It's possible that the NSA has updated tools to monitor communications taking place on an iPhone, Android, BlackBerry or Windows Phone, and the extent of the 2008-era program are troubling. Still, it's going to require a lot more evidence to prove that the NSA can read anything on your smartphone today.
Image: Patrick Lux/Getty Images; Der Spiegel