Apple has long been outspoken about the measures it goes to to keep your iPhone secure, but new documents leaked by whistleblower Edward Snowden demonstrate how the British spy agency GCHQ was able to carry out “realtime tracking of target iPhones” — by compromising users’ computers.
Rather than directly targeting the iPhones, GCHQ agents focused their attack on the computers with which the iPhones were synchronised, enabling them to access much of the data stored on the handset. The method took advantage of flaws in Apple’s UDID (unique device identifier) system, which issued a unique code for every iPhone, linking it with its owner.
The iPhone tracking report was handed over by Snowden to a group of nine journalists — including Laura Poitras, the filmmaker behind the acclaimed documentary Citizenfour.
Fortunately, Apple has long moved away from using UDID identifiers — meaning that the 2010 report is now well and truly out-of-date.
Apple abandoned the system after a number of iOS app privacy concerns, including one social networking app that was discovered to be uploading users’ iPhone address books and storing them on private servers without permission. Not long after, Apple began formally rejecting apps which used UDID.
Since news of the Edward Snowden NSA leaks first took place in 2013, a group backed by tech companies including Apple has been outspoken about demanding an end to the indiscriminate collection of metadata by governments.
Still, if nothing else, the new leak shows just how hard spy agencies will work to surveil users — and how incredibly effective it can be when the right exploit is used.