How The NSA Hacks Your iPhone (Presenting DROPOUT JEEP)

Following up on the latest stunning revelations released yesterday by German Spiegel which exposed the spy agency's 50 page catalog of "backdoor penetration techniques", today during a speech given by Jacob Applebaum (@ioerror) at the 30th Chaos Communication Congress, a new bombshell emerged: specifically the complete and detailed description of how the NSA bugs, remotely, your iPhone. The way the NSA accomplishes this is using software known as Dropout Jeep, which it describes as follows: "DROPOUT JEEP is a software implant for the Apple iPhone that utilizes modular mission applications to provide specific SIGINT functionality. This functionality includes the ability to remotely push/pull files from the device. SMS retrieval, contact list retrieval, voicemail, geolocation, hot mic, camera capture, cell tower location, etc. Command, control and data exfiltration can occur over SMS messaging or a GPRS data connection. All communications with the implant will be covert and encrypted."

The flowchart of how the NSA makes your iPhone its iPhone is presented below:

• NSA ROC operator
• Load specified module
• Send data request
• iPhone accepts request
• Retrieves required SIGINT data
• Encrypt and send exfil data
• Rinse repeat

And visually:

What is perhaps just as disturbing is the following rhetorical sequence from Applebaum:

"Do you think Apple helped them build that? I don't know. I hope Apple will clarify that. Here's the problem: I don't really believe that Apple didn't help them, I can't really prove it but [the NSA] literally claim that anytime they target an iOS device that it will succeed for implantation. Either they have a huge collection of exploits that work against Apple products, meaning that they are hoarding information about critical systems that American companies produce and sabotaging them, or Apple sabotaged it themselves. Not sure which one it is. I'd like to believe that since Apple didn't join the PRISM program until after Steve Jobs died, that maybe it's just that they write shitty software. We know that's true."

How The NSA Hacks Your iPhone