A new trove of classified documents leaked by Edward Snowden reveal how British spy agency GCHQ tracked iPhone users by compromising their computers.
Instead of targeting iPhones directly, agents at GCHQ would seek to compromise the computers to which they are registered and synchronised, giving them access to all of the data stored on the iPhone.
The trick exploited privacy flaws with Apple's UDID (unique device identifier) system, which gave a unique code to each iPhone which linked it to its owner, was shared with apps run on the handset, and could not be changed or hidden.
Once GCHQ agents obtained the iPhone's UDID through a compromised computer (the code was visible through iTunes), they could identify the user, keep tabs on the handset each time it was synced, and extract data from it. The Cheltenham-based agency could also follow the iPhone as it browsed the web through its Safari browser exploit.
One document states: "The target UDID can be used [to] track the iPhone...in this particular case the target UDID has been seen 16 times, the last time off [redacted IP address] using the inbuilt iPhone Mail client to access his Yahoo account." The document later adds: "The UDID can be used for realtime tracking of target iPhones..."
Former NSA contracter-turned-whistleblower, Edward Snowden gave the documents to a team of nine journalists including Laura Poitras, who directed the documentary Citizenfour, and they were published by Der Spiegel.
Dated November 2010, the report on iPhone tracking was published before Apple began to move away from the UDID system after it was found some app developers used the codes to track iPhone users. But it wasn't until March 2013 that Apple began formally rejecting apps still using the system.
The newly published Snowden documents also reveal how the NSA, GCHQ's American cousin, is arming the US for future wars where the internet will play a crucial role in crippling enemy countries. The documents claim the NSA is hiring experts with an "attacker's mindset" to strengthen its department responsible for hacking into computers.
The NSA aims to use the internet to "paralyse computer networks and, by doing so, potentially all the infrastructure they control, including power and water supplies, factories, airports or the flow of money."