Just when you think that the whole NSA situation can’t get a lot worse, somehow it blows up and somehow takes things to a new level. And now, we’re hearing that the NSA can reportedly gain almost complete access to an iPhone remotely following installation of a software implant.
The news comes via security researcher Jacob Applebaum and German news outlet Der Spiegel, with the revelation being that an NSA program called DROPOUTJEEP allows the agency to collect SMS messages, location data and other information from an iPhone without touching it once a software implant has been installed. Currently that requires access to the device in question, though an updated release was being worked on that would allow remote installation.
Oh, and the NSA can activate an iPhone’s microphone and camera too, should they so wish. Time to start putting black tape over that camera, perhaps.
"DROPOUTJEEP is a software implant for the Apple iPhone that utilizes modular mission applications to provide specific SIGINT functionality. This functionality includes the ability to remotely push/pull files from the device, SMS retrieval, contact list retrieval, voicemail, geolocation, hot mic, camera capture, cell tower location, etc. Command, control, and data exfiltration can occur over SMS messaging or a GPRS data connection. All communications with the implant will be covert and encrypted."
What’s particularly most worrying about this whole sordid affair is the NSA’s belief that this method of data collection will work 100% of the time. This level of confidence is staggering, and begs the question about how the agency can be so sure that each iPhone will be so responsive to its requests. Some are suggesting that Apple has helped the NSA in its endeavors, but that might be a conversation for another day.
It’s clear that US intelligence has access to things far beyond what most of us would have ever believed, and while the claims and counter-claims start to encroach on what we would expect out of a good spy movie, there appears to be no end to the revelations started by Edward Snowden earlier this year.
But the big question is: are you ready to be under that sort of surveillance 24/7? Or do you prefer to have privacy without anyone snooping around your private data?