The Intercept is reporting a secret program targeting Apple devices and software as part of a CIA sponsored event called “Jamboree” where groups of security researchers meet and present new ways to circumvent security tools and software. Ken Westin, Security Analyst of Tripwire questions the line between research and espionage. The documents acquired by The Intercept are part of the leaked NSA data from Edward Snowden. Similar programs have been revealed such as the NSA’s Dropout Jeep Program where the goal was to compromise and root iPhones when you had physical access to the device. Ken says these same methods and techniques are used by a number of countries as part of their high tech spycraft.
Ken Westin’s writes:“The story provided by The Intercept unfortunately does not tell us a whole lot that most security researchers did not already know or assume. The one document that The Intercept provides only reveals the existence of a CIA-sponsored event where security researchers met to discuss methods and techniques to compromise Trusted Computing systems.
The article also mentions that the documents they have do not show any evidence of actual successful compromise or active exploits. There have been a number of similar programs such as the NSA’s Dropout Jeep where the goal was to find ways to compromise devices. I think it is a bit naïve to think that these types of programs don’t exist either by the US government or other government agencies for that matter.
The question arises however if vulnerabilities were discovered that were not disclosed to Apple or other companies whose systems were potentially exploited, this is where the definition of security research and high tech espionage diverge.”