The U.S. National Security Agency was developing in 2008 a software implant for Apple iPhones that allowed the agency to take almost total control of the device, including retrieving text messages and voicemail and remotely turning on its microphone and camera, according to a report by Der Spiegel.
The implant, code-named DROPOUTJEEP, was "in development" and initially intended for "close access" installation on a phone, with remote installation being planned for a future release, according to an alleged NSA document with the date Oct. 1, 2008, that Der Spiegel included in a graphic with its recent NSA report.
DROPOUTJEEP's other capabilities included remotely pushing and pulling files from an iPhone, retrieving the phone's contact list and identifying the device's location and the location of the nearest cell tower, the document said. The implant could do all this without the phone user's knowledge, over SMS (Short Message Service) or a GPRS (General Packet Radio Service) data connection. All the software implant's communications would be "covert and encrypted," the document said.
GPRS was a pre-3G mobile data technology with speeds much lower than today's LTE networks. The first-generation iPhone was introduced in 2007, and the iPhone 3G came out in mid-2008.
Apple could not immediately be reached for comment on the report. In a statement reported by the Wall Street Journal, the company said it was unaware of the project and had never worked with the NSA and had never worked with agency to create a backdoor to any of its products.
The alleged NSA document describing DROPOUTJEEP was included in an interactive graphic published alongside a Dec. 30 Der Spiegel report on a special hacking unit of the agency, which reportedly intercepts deliveries of computer equipment and installs spyware on it before it's delivered to the recipients. The report cited internal NSA documents that Der Spiegel said it had viewed. The graphic included links to numerous documents about technologies that the hacking unit developed for infiltrating servers, firewalls, routers, wireless LANs, PCs, peripherals and cellphone networks.
Stephen Lawson covers mobile, storage and networking technologies for The IDG News Service. Follow Stephen on Twitter at @sdlawsonmedia. Stephen's e-mail address is stephen_lawson@idg.com