New Snowden Leak: NSACompromised Hardware, iPhones
Days after the German Der Spiegel newspaper reported that the U.S. National Security Agency had compromised a wide range of commercial computer hardware and smart phones for years, the e-spy agency says it, too, is concerned about the security of those products.
But a Dec. 31 NSA statement does not address the allegation, based on documents leaked by former agency contractor Edward Snowden, that the NSA hacked into and compromised commercial products, including PCs, Apple’s iPhone, hard drives and network routers.
“While we cannot comment on specific, alleged intelligence-gathering activities,” the NSA statement says, “NSA’s interest in any given technology is driven by the use of that technology by foreign intelligence targets. The United States pursues its intelligence mission with care to ensure that innocent users of those same technologies are not affected.”
Der Spiegel earlier in the week reported that an NSA team known as TAO – Tailored Access Operations – years ago foraged into nearly all the security architecture made by the major IT vendors, including American network equipment maker Cisco and its Chinese rival Huawei, as well as makers of consumer information technology, such as Dell.
The NSA says America’s technology industry builds the most secure hardware in the world and that it relies on these products to help protect the nation’s most sensitive information. The agency says it has turned to commercial technology over the past decade to replace government-built wares. “Given its own reliance on many of the very same technologies that the public uses,” the NSA statement says, “the U.S. government is as concerned as the public is with the security of these products.”
Cisco Finds News Disturbing
Cisco Chief Security Officer John Stewart, in a blog posting, says the German news report disturbs the networking equipment company. “We are concerned with anything that could impact the integrity of our products or our customers’ networks and continue to seek additional information,” he says. “We are committed to avoiding security issues in our products and handling issues professionally when they arise.”
Stewart reiterates earlier statements that Cisco neither works with any government to weaken its products for exploitation nor to implement so-called security back doors to its products.
Der Spiegel also reports that the NSA, has used a homegrown application called DROPOUTJEEP to intercept SMS messages, access contact lists, locate phones using cell tower data and activate the smartphones’ microphone and camera.
Apple issued a statement saying it is unaware of an NSA program targeting its products. It also says it has never worked with the agency to create a backdoor in any of its products. “Whenever we hear about attempts to undermine Apple’s industry-leading security, we thoroughly investigate and take appropriate steps to protect our customers,” Apple says. ” We will continue to use our resources to stay ahead of malicious hackers and defend our customers from security attacks, regardless of who’s behind them.”
Follow Eric Chabrow on Twitter: @GovInfoSecurity