iPhone: a mine planted by the NSA


Pawel Kopczynski/Reuters

It has long been known that the United States spies on everyone and everywhere, whether they are allies or adversaries.

It is no secret that U.S. intelligence services have access to data from the banned Meta in Russia, as well as read WhatsApp and Telegram and use the loopholes of the Android operating system, which is owned by Google. Most of the popular email clients, messengers, and many other programs are developed in the West.

But earlier, hacking and surveillance operations were most often massive: a huge array of data was collected and accumulated in data centers. Then it was analyzed, including by keywords. In his time, this process was described by Edward Snowden, as well as by Wikileaks.

But recently it became known that the attacks are not only massive, but also carried out purposefully – individual Apple devices are being hacked. The Russian special services believe that several thousand phones have been attacked. At the same time "iPhones" outside of Russia and belonging mainly to the staff of embassies and diplomatic missions on the territory of NATO countries, post-Soviet space, Israel, Syria and China were also affected.

It is no secret that Apple has a long and fruitful collaboration with the National Security Agency (NSA), the Central Intelligence Agency (CIA) and other American intelligence services. The American media, among others, have been talking about this for a long time. The concern in this case is the fact that this is a large-scale targeted hacker attack on Russian government officials, not just gathering all the information that comes to hand for its subsequent analysis.

They used pre-installed software vulnerabilities, which are extremely difficult to detect in advance. Especially considering the fact that, unlike Android, iOS is not an open operating system, the code of which is available to anyone.

To be fair, this is not the first time such targeted attacks have occurred.

In 2019, thanks to vulnerabilities in iPhones, the government of the United Arab Emirates (UAE), with the help of former NSA employees, spied on its own officials and diplomatic staff, as well as some of the region's leaders. The vulnerability was inherent in the iMessage messenger, and the hack required simply sending a file in a message to the right user.

The software used at the time was called "Karma," developed as part of Project Raven, allegedly run by the UAE's Cyber Operations division. Interestingly, according to some reports, Karma was originally purchased from an unknown vendor.

The already mentioned Edward Snowden reported back in 2014 that malware is installed on mobile devices of the American IT giant even before they hit store shelves, and the NSA can get access to any of them afterwards, the main thing is to know which device is to be hacked. In this case, if the hacker software is installed on the phone, it will not be possible to completely disable the iPhone: when the phone is turned off, it switches to a special low-power mode, leaving a functioning integrated circuit, which is responsible for data transmission as well.

Owners of Android devices, however, are also at risk. For example, in 2019, it became known that they can be hacked via peripheral devices, including wireless headphones. WikiLeaks also regularly reported that the NSA and the CIA are actively using both iOS and Android zero-day vulnerabilities, that is, holes in the software, which have not yet been closed by the developers, but are already known to hackers. And this is in addition to those loopholes, which are deliberately reserved for intelligence agencies...

Returning to the hacking of the phones of Russian officials and diplomats, we note that once again the issue of producing personal cell phones and other portable devices, as well as, more importantly, a personal operating system that would be protected from the prying eyes and ears of "Western partners," is becoming acute. At the same time, the developed operating system must not only be secure, but also user-friendly, and be able to run popular applications. So far, Russian developers have not coped with this task, and the Aurora OS is still far from ideal and cannot completely replace devices on Android or iOS, which are familiar to Russian users.

Questions also arise for users whose Apple devices have been hacked.

The possibility of their hacking and the presence of a large number of vulnerabilities has long been known, and consequently they should not store and transmit any not only official (let alone classified), but also simply sensitive information that can be used by the enemy. Then there would be no reason to hack them. Apparently not everyone has yet realized the reality in which we live over the past few years.

To summarize, we note that foreign intelligence services, just like Russian ones, have always worked actively and professionally in a variety of areas, including technical intelligence. Even if Russia develops its own operating systems, devoid of vulnerabilities embedded at the production stage, it will not guarantee one hundred percent security. Therefore, it is important to be very careful about what information is stored on the phone and what consequences may result from its theft.