Almost no communication shared by users of Apple's iPhone is sacred or hidden from the U.S. National Security Agency (NSA), thanks to a spyware program called DROPOUTJEEP that allows the agency to intercept SMS messages, access contacts, locate, and even activate the device's camera and microphone.
Leaked documents made public by security researcher Jacob Appelbaum and Der Spiegel, a German news magazine, report that iOS devices implanted with DROPOUTJEEP have been successfully breached in 100 percent of the cases, according to a report in The Daily Dot.
"DROPOUTJEEP is a software implant for the Apple iPhone that utilizes modular mission applications to provide specific SIGINT functionality. This functionality includes the ability to remotely push/pull files from the device, SMS retrieval, contact list retrieval, voicemail, geolocation, hot mic, camera capture, cell tower location, etc. Command, control, and data exfiltration can occur over SMS messaging or a GPRS data connection. All communications with the implant will be covert and encrypted," noted the report.
The report notes that currently, the NSA needs to access iPhones physically to install the spyware and they do this by rerouting shipments of the devices purchased online. The agency is also reportedly working on a remote version of the spyware.
Appelbaum, in his discussion of the revelation at the Chaos Communication Conference in Hamburg, Germany, argued that the situation may have arisen due to one of two possibilities:
"Either [the NSA] has a huge collection of exploits that work against Apple products, meaning they are hoarding information about critical systems that American companies produce, and sabotaging them, or Apple sabotaged it themselves," said Appelbaum.
"Do you think Apple helped them with that?" Appelbaum asked. "I hope Apple will clarify that."