If you’ve been following the news lately, you’d see that Apple has been leading the charge for privacy on as many fronts as their legal team can take, but as the old adage says, “it’s always the one’s you least suspect.”
Operation DROPOUTJEEP is capable of a lot of different things, none of which should be even remotely surprising given all the news that’s preceded it so far. Touting a 100% success rate, the program was able to tear through even the most up to date versions of security fixes on the iOS platform, utilizing tools such as hidden SMS messages, screengrabbing, contact surfing, and even turning on your microphone when the phone is supposedly “off” to track users and potential terrorist targets who used the popular smartphone as their primary method of communication.
They could also remotely operate your camera, choose when and where to scoop up your location data, and even had the power to tap into your voicemail whether they were stored on the device or not. These tools essentially granted agents full control over any device of their choosing, using malware that could be installed over cell towers through simple brute force attacks on the network itself.
Despite what you may be thinking (and what Apple has recently come out swinging against), the researcher who presented on the link between DROPOUTJEEP and iOS malware suggests that much like several other companies who have seen their products pop up in NSA PowerPoint slides, Apple was more likely incompetent than sinister when it comes to placing the blame for this privacy mishap.
It’s believed many of these companies, despite employing massive cybersecurity teams that stretch across dozens of global departments, are still no match for the highest-paid, most sought after talent leaving schools like MIT and Harvard each year.
The NSA gets the first pick of the draft every year, students who are secretly being trotted around to all the top government agencies as “the best thing that’s happened to cryptography in the last century”. Then after everyone else is officially graduated, the likes of Google and Microsoft can finally start putting their offers on the table and pick up whatever talent is left after the agency has had its fill.
This means that no matter how strong the supposed top programmers in the world spend making your device safe, there is always going to be someone in the government with one extra gold star on their degree that gives them the opportunity to crack their way inside.
To protect your iPhone, you should never download apps you don’t explicitly recognize from respected vendor, and always update your firmware to the latest version as soon as it’s available on the App Store.