China Central Television (CCTV), run by the Chinese government, declared the iPhone is a security risk to Chinese intelligence on Friday. According to the Wall Street Journal, the iPhone’s “Frequent Location” app that records a user’s movements and times at various locations is a “national security concern” and that “state secrets could be at risk” if iPhones are allowed within China’s borders. In its claim, CCTV said that the iPhone could track the user’s “home address,” whereabouts, and other information that could be used against the Chinese government.
Apple has now responded to the claim, stating that the concerns of China are unfounded: “Frequent Locations are only stored on the customer’s iOS device; they aren’t backed up on iTunes or iCloud, and are encrypted. Apple doesn’t obtain or know a user’s Frequent Locations and this feature can always be turned ‘Off’ via our privacy settings.” As for whether or not Apple tracks user location and movement, Apple responded with the words, “Apple does not track users’ locations – Apple has never done so and has no plans to ever do so.”
While some say that Apple’s claims are financially motivated by a desire to see Chinese iPhone sales rise, Apple is also strongly committed to the privacy of its users. The Cupertino, California company has teamed up with numerous other tech giants such as Microsoft, Twitter, Dropbox, Mozilla, Yahoo, and others to call for greater NSA transparency with regard to user data.
At the same time, however, China’s claim against the iPhone is a strong reaction that’s typical of the post-Snowden era in which consumers find themselves. With NSA suspicions on the rise and reports that claim the NSA knew about Heartbleed for two years but used it to exploit consumer data and personal information, it’s not uncommon to find countries like China afraid of what secrets could be leaked to the US government.
Let’s look at actions of the NSA that’ve American citizens suspicious. First, the NSA filed a court order demanding that Verizon Wireless, one of the US’s top carriers, hand over telephone calls made by its American customers to overseas recipients as well as all local telephone calls.
As far back as September 2013, it was shown from a 2010 NSA document titled “Exploring Current Trends, Targets and Techniques” that the NSA set up three teams to crack three different operating systems: iOS, Android, and Blackberry. As for Blackberry, the NSA has been reading text messages of BB customers since 2009 – a startling thought when you consider that BlackBerry’s tough encryption system is one factor that made its smartphone so popular.
The claim that CCTV makes against Apple would’ve been valid about four years or so ago, since Apple removed geographic tracking for extended periods of time in iOS 4.3.3. Any iPhone running iOS 3 and 4 is an all too easy target for NSA access. Apart from this, current iPhones running iOS 5, 6, and 7 are still susceptible to NSA access simply because, of the location services feature: “the ‘location services’ used by many iPhone apps, ranging from the camera to maps to Facebook, are useful to the NSA. In the US intelligence documents, the analysts note that the ‘convenience’ for users ensures that most readily consent when applications ask them whether they can use their current location.”
Security researcher Jacob Appelbaum shared the NSA’s special love for iPhone vulnerabilities at the Chaos Communication Congress in Germany last year. The NSA has created a special security operation called “Dropout Jeep” that “is a software implant for the Apple iPhone that utilizes modular mission applications to provide specific SIGINT functionality. This functionality includes the ability to remotely push/pull files from the device, SMS retrieval, contact list retrieval, voicemail, geolocation, hot mic, camera capture, cell tower location, etc. Command, control and data exfiltration can occur over SMS messaging or a GPRS data connection. All communications with the implant will be covert and encrypted,” reads the document detailing the security operation.
Of special note is the document statement that says, “A remote installation capability will be pursued for a future release” – a bold declaration that the NSA will seek easier methods by which to spy on iPhone users in the future.
So, it is an unfortunate truth that, despite Apple’s attempts to protect its user data, the NSA still has a backdoor via location services. The fact that NSA documents testify to this shows that there’s more danger behind location services than even Apple knows or is willing to admit.
The NSA’s Reach Doesn’t Just Extend to Americans
If you think that the NSA’s reach extends only to Americans, think again. It turns out that the NSA has also spied on text messages of international citizens. The NSA, under its own “Operation Quantum” project, have bugged USB transmitters in 100,000 computers that’re present in Russia and China military intelligence since at least 2008, according to The Huffington Post, and that “none domestically” (referring to USB transmitters and computers) have been affected.
iPhones have also been targeted with Russian and Chinese intelligence officials, and both American and British spies have recovered “hundreds of millions of text messages” belonging to UK citizens. The British text messages are said to reside in a database called “Dishfire,” claims Channel 4 News and The Guardian.
Find out more about how your smartphone data is vulnerable to NSA access as well as how Yahoo and Google data centers have been infiltrated by the NSA.