LFI to RCE via access_log injection

Apple says it was never privy to NSA's program targeting iPhones



Apple contends it was “unaware” of a government-led spying program focused on the retrieval of iPhone communications, including text messages, voicemails and conversations of device owners.
On Tuesday, the tech giant responded to revelations made public in part by Snowden leaks published in the German publication Der Spiegel in September. On Monday, security researcher Jacob Appelbaum posted a video of his presentation at the Chaos Communication Congress in Germany (video here), which provided further insight on the scope of NSA's efforts to tap into the iPhone.
classified government document published by Der Spiegel also sheds light on the spying program, dubbed “Dropout Jeep,” as well as the NSA-conceived backdoor of the same name.
According to the “top secret” document, Dropout Jeep is a “software implant” the NSA began developing specifically for Apple's iPhone in order to “remotely push/pull files from the device,” as well as texts, voicemails, geolocation data, photos and even conversations picked up by its microphone via the surveillance software.
The document, dated October 1, 2008, includes a note that the “initial release” of the program would focus on installing the implant “via close access methods.” A remote installation capability was said to be examined for future iterations of the software.
As Appelbaum's presentation at the Chaos hacking conference went viral, Apple proceeded to release a statement on the leaks expressing its lack of involvement and knowledge of the program.
On Tuesday, an Apple spokeswoman told The New York Times via email that the company “has never worked with the NSA to create a backdoor in any of our products, including the iPhone.”
SCMagazine.com reached out to Apple regarding the leaked documents, but did not immediately hear back.
In addition to being “unaware of this alleged N.S.A. program targeting [its] products,” Apple also told theTimes via a statement that, “whenever we hear about attempts to undermine Apple's industry-leading security, we thoroughly investigate and take appropriate steps to protect our customers.”
Earlier this week, when news broke that other widely used software had been compromised by NSA backdoors (including Cisco, Juniper Networks and Huawei products), Cisco's CSO John Stewart quickly announced that the company had “opened an investigation.”
Leaked documents revealed specific products purportedly compromised due to NSA's spying efforts, including the Cisco 500 series PIX firewalls and ASA firewalls, leveraged through a special department in the agency called Tailored Access Operations (TAO), which is said to employ more than a thousand hackers.

Comments