VPN Articles and News

Leaked Snowden Documents Show GCHQ Tracked iPhone Users in Real Time

Tuesday, February 17th, 2015

According to a new set of documents leaked by the NSA whistleblower Edward Snowden, the British intelligence agency GCHQ was able to track iPhone users in real time. The agency was able to achieve this not by attacking the iPhone devices directly but by focusing their attention on the computers that were paired with the devices. By exploiting the security weaknesses present in Apple’s Unique Device Identifier (UDID), the agency was able to snoop on the data stored on the handsets. The latest set of leaked documents were published by Der Spiegel, the German publication which was also responsible for publishing Snowden’s revelations in the past.

The leaked documents appear to be from 2010 when Apple was still using UDIDs. Back then, Apple issued a fixed UDID to each iPhone user that could not be changed (or hidden from the view) under any circumstances. GCHQ was able to obtain an iPhone’s UDID through the iTunes software which was installed on the computer paired with the phone. Once the intelligence agency had access to UDID, it was able to extract data from the iPhone and keep a tab on the device whenever it was synced. What’s worse, GCHQ was even able to follow the iPhone owner’s movements in real time each time he/she connected to the internet. This was done by exploiting a security vulnerability that was present in the Safari browser.

Apple stopped using UDID’s after security and privacy concerns emerged regarding the use of the identifier. The company discovered that many app developers were using the identifier to track iPhone users. Some app developers were even uploading private data of the users to unknown servers without the explicit permission of the iPhone owners. Realizing the potential dangers of using the UDID system, Apple started rejecting apps that requested access to the identifier. By March 2013, Apple had started to block apps that were still accessing the identifier. This suggests that GCHQ may no longer be able to track iPhone users through UDIDs.

The new set of documents reveal that the NSA is preparing the US government for wars in which the internet would play an important role in crippling enemies’ infrastructure. Reportedly the US intelligence agency is now hiring computer experts with an attacking mindset to hack into networks. As per the documents, the ultimate aim of the NSA is to use the internet as a weapon and paralyze all computer networks and critical infrastructure connected to them.

The leaked documents once again throw a light on the creative (and downright illegal) surveillance methods used by the intelligence authorities to snoop upon innocent citizens. They also show that like cyber criminals, intelligence agencies are at the forefront of discovering new loopholes within computers and mobile systems and they do not hesitate to use it to scoop maximum amount of data from target subjects. In addition, the documents once again prove that even the most secure systems (such as iOS and Mac) could be exploited for intelligence gains without the knowledge of software vendor and the users.

February 17, 2015

Leave a Reply

Your email address will not be published. Required fields are marked *

6 + 6 =