Almost no communication shared by users of Apple’s iPhone is sacred or hidden from the U.S. National Security Agency (NSA), thanks to a spyware program called DROPOUTJEEP that allows the agency to intercept SMS messages, access contacts, locate, and even activate the device’s camera and microphone.
Leaked documents made public by security researcher Jacob Appelbaum and Der Spiegel, a German news magazine, report that iOS devices implanted with DROPOUTJEEP have been successfully breached in 100 percent of the cases, according to a report in The Daily Dot.
“DROPOUTJEEP is a software implant for the Apple iPhone that utilizes modular mission applications to provide specific SIGINT functionality. This functionality includes the ability to remotely push/pull files from the device, SMS retrieval, contact list retrieval, voicemail, geolocation, hot mic, camera capture, cell tower location, etc. Command, control, and data exfiltration can occur over SMS messaging or a GPRS data connection. All communications with the implant will be covert and encrypted,” noted the report.
The National Security Agency (NSA) has apparently able to hack the iPhone since 2008, according to a Der Spiegel interactive report that looks at the NSA’s various tools used for spying purposes. One particularly interesting tool, codenamed “DROPOUTJEEP,” is an implant that was first used to compromise the first-generation iPhone and was able to send various data stored on the phone to the agency, including text messages, address book contacts, geolocation and voicemail. Furthermore, the software could activate the microphone of the iPhone, turn on the camera and take pictures and retrieve cell tower location.
The leaked materials show that the NSA had various other mobile-related spying “products” that worked with other smart devices:
GOPHERSET – an implant for GSM SIM cards to pull phone book, SMS and log files for incoming and outgoing calls
MONKEYCALENDAR – attack software that forces a SIM card to transmit geolocation data via covert SMS messages
TOTECHASER – an implant hidden in a satellite phone running Windows CE that transmits data via hidden SMS messages
TOTEGHOSTLY – an implant that enables full remote control on Windows Mobile phones offering data download and upload capabilities
PICASSO – modified GSM handsets that collect user data, audio data while also tracking the location of the handset
NSA Interception: Spy malware installed on laptops bought online