Click to Skip Ad
Closing in...

The NSA may be responsible for iOS 7’s biggest security vulnerability

Published Feb 25th, 2014 3:05PM EST
Apple iOS 7 Security Flaw NSA

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

Apple released the latest update for iOS 7 last Friday after a vulnerability was discovered in the SSL connection verification, an exploit which could potentially allow hackers to access your encrypted data. Worryingly, this exploit appears to have been around for quite some time. John Gruber gathered the evidence over at Daring Fireball and has come to a startling conclusion — the NSA might have something to do with the bug.

According to a tweet from Jeffery Grossman, this vulnerability has been present in the software since iOS 6. Based on the leaked PowerPoint document which exposed PRISM, Apple and its devices were added to the NSA program in October 2012, just one month after the release of iOS 6. Whether or not the NSA planted the exploit itself, Gruber believes there is a chance the government agency was aware of it and took advantage of it to gain access to private information.

“Once the bug was in place, the NSA wouldn’t even have needed to find the bug by manually reading the source code,” wrote Gruber. “All they would need are automated tests using spoofed certificates that they run against each new release of every OS. Apple releases iOS, the NSA’s automated spoofed certificate testing finds the vulnerability, and boom, Apple gets “added” to PRISM.”

Of the many conspiracy theories that have cropped up since the NSA backlash began, this is definitely not the most improbable.

Jacob Siegal
Jacob Siegal Associate Editor

Jacob Siegal is Associate Editor at BGR, having joined the news team in 2013. He has over a decade of professional writing and editing experience, and helps to lead our technology and entertainment product launch and movie release coverage.