430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Hacking

DROPOUTJEEP – How NSA completely controls your iPhone

Leaked documents shared by Der Spiegel show how NSA spyware codenamed DROPOUTJEEP can spy on every Apple iPhone. Apple denies any claim. Users buy the iPhone, NSA controls them. This is not a slogan for the last Apple advertising, it is the uncomfortable truth revealed by another set of NSA documents leaked by Snowden and […]

DROPOUTJEEP – How NSA completely controls your iPhone

Leaked documents shared by Der Spiegel show how NSA spyware codenamed DROPOUTJEEP can spy on every Apple iPhone. Apple denies any claim.

Users buy the iPhone, NSA controls them. This is not a slogan for the last Apple advertising, it is the uncomfortable truth revealed by another set of NSA documents leaked by Snowden and published by the German magazine Der Spiegel.

The US National Security Agency is able to control every data managed by  iPhone, the documents reveal the existence of spyware codenamed DROPOUTJEEP developed by ANT (Advanced or Access Network Technology) division of the Agency that is used to gain backdoor access to numerous electronic devices, including the popular Apple Smarphones.

Last week Der Spiegel published a couple of posts to describe the work done by the NSA hacking unit known as TAO and the Tools used by the agency to hack practically any technology, from hard drives to network appliances.

Der Spiegel: Inside TAO -Documents Reveal Top NSA Hacking Unit

Der Spiegel: Shopping for Spy Gear – Catalog Advertises NSA Toolbox

The documents describe DROPOUTJEEP as a spyware that can access virtually every component of the iPhone sniffing out data managed, including voice mail, contact lists, instant messages, and cell tower location.

“DROPOUTJEEP is a software implant for the Apple iPhone that utilizes modular mission applications to provide specific SIGINT functionality. This functionality includes the ability to remotely push/pull files from the device. SMS retrieval, contact list retrieval, voicemail, geolocation, hot mic, camera capture, cell tower location, etc. Command, control and data exfiltration can occur over SMS messaging or a GPRS data connection. All communications with the implant will be covert and encrypted.” reports one of NSA documents published by Der Spiegel.

DropOutJeep NSA iPhone spyware

DROPOUTJEEP was presented by cyber security expert Jacob Appelbaum at the 30c3 conference on Monday,  he even speculated on the role played by IT companies like Apple in supporting the NSA surveillance programs providing backdoors access to their products.

A recent report claims that the NSA paid security firm RSA $10 million to adopt as default option a flawed encryption algorithm in one of its popular products.

 

The document states that the DROPOUTJEEP was designed in 2008 to spy on iPhone devices and first variant of spyware requested the installation through “close-access methods.” But 2008 is five years ago, it’s an eternity, and it is easy to imagine that successive versions of DROPOUTJEEP would focus on remote infection methods.

Apple has refused any claims, like RSA,  with an official statement released Tuesday:

“Apple has never worked with the NSA to create a backdoor in any of our products, including iPhone. Additionally, we have been unaware of this alleged NSA program targeting our products. We care deeply about our customers’ privacy and security. Our team is continuously working to make our products even more secure, and we make it easy for customers to keep their software up to date with the latest advancements. Whenever we hear about attempts to undermine Apple’s industry-leading security, we thoroughly investigate and take appropriate steps to protect our customers. We will continue to use our resources to stay ahead of malicious hackers and defend our customers from security attacks, regardless of who’s behind them.”

I believe that this is just the tip of the iceberg, a further reflection is needed, what would happen if these instruments falling into the many cyber mercenaries or foreign governments?
It probably has already happened!

Pierluigi Paganini

(Security Affairs –  DROPOUTJEEP, NSA)