spakk Posted May 23 Share Posted May 23 Investigation: Israeli Chips in the iPhone 17 – Intelligence Risks from the "Pager Effect" to Hardware Surveillance The Central Question Are there components built into modern smartphones like the iPhone 17 that were not documented by the manufacturer and that enable surveillance or malicious functions usable by Israeli intelligence agencies? And if so: How plausible is a scenario analogous to the "Pager Effect" in the context of the global chip supply chain? 1. Israel's Role in the Global Semiconductor Industry Apple and Israel: A Strategic Partnership Apple operates three major R&D centers in Israel with over 2,500 employees and has invested over one billion dollars in Israeli acquisitions since 2011. These include, among others: Anobit (2011): Flash memory technology PrimeSense (2013): 3D sensor technology for FaceID Camerai (2019): Computer vision & AI hardware Of particular note is the (possibly former or still sporadically active) involvement of Johny Srouji, Apple's VP of Hardware Technology, in the development of Apple Silicon chips. Srouji was shaped in Israel and leads teams working on chip architecture at R&D centers in Haifa and Herzliya. Unit 8200: Israel's Elite Intelligence Unit Unit 8200 is the elite unit of Israeli military intelligence, comparable to the NSA or GCHQ. According to reports, various tech companies, including Apple, recruit former Unit 8200 operatives for positions in cybersecurity, AI, and chip design. Critical Reflection: When thousands of former intelligence personnel work in key positions in the US tech industry – particularly at companies operating in Israel and Silicon Valley – the question of possible "backdoor access" does not arise as a conspiracy theory, but as a legitimate risk analysis. 2. Historical Context: Surveillance and Operations NSO Group and Pegasus: The Prototype The Israeli company NSO Group developed the spyware "Pegasus," which uses zero-click exploits to compromise iPhones – without the victim having to do anything. The connections between NSO Group, the Mossad, and the Israeli government are comprehensively documented: Pegasus is classified as a military export commodity. The sale of the software requires a government license from the Israeli Ministry of Defense. The Mossad is repeatedly described as the "director" of political control over Pegasus sales. Example: In 2021, over 50,000 potential surveillance targets were identified – including journalists, opposition figures, diplomats, and NGO workers worldwide. Operational Logistics: From Chip to Bomb The so-called "Pager Effect" in Lebanon (September 2024) demonstrated a novel form of cognitive warfare: According to investigations, thousands of pagers and radio devices belonging to Hezbollah were filled via intermediary companies in Hungary and Bulgaria with: Explosives Communications surveillance Remote detonators Hezbollah had described the devices as "secure" and "encrypted." Conclusion: If someone understood how to infiltrate supply chains so thoroughly that devices became explosive-safe, communicative, and remotely detonable – is it illogical to consider similar manipulation of chips or modems in smartphones? 3. Technical Analysis: Attack Vectors in Hardware The Baseband Processor as a "Gateway" The Qualcomm Snapdragon X80 modem chip (built into the iPhone 17) has direct access to: Cellular data traffic GPS location Wi-Fi and Bluetooth protocols Phonebook and SMS Risk: If an intelligence agency has access to the firmware or drivers of the baseband chip, it can: Extract location data Intercept communications Trigger zero-day exploits Apple N1 Network Chip: A New Risk? The Apple N1 chip (Wi-Fi 7, Bluetooth 6.0, Thread) built into the iPhone 17 for the first time is an Apple-design. Questions that arise: Who designed the chip? (Possibly teams in Israel) Who wrote the firmware? Who manufactured the chip? (TSMC, Taiwan – but with Israeli IP?) Critical Point: If the N1 chip contains an undocumented function – for example, a "sleep mode" that, when activated, sends certain data to a server – this would be technically hardly detectable. 4. The Supply Chain as an Attack Surface Where is the A19 Chip Manufactured? The Apple A19 processor is manufactured by TSMC in Taiwan. However: The chip architecture comes from Apple – with contributions from Israel. The IP blocks (intellectual property) for certain functions (e.g., Neural Engine, Secure Enclave) may come from third parties, possibly from Israel? The firmware is written by Apple – but who controls the code reviews? Supply Chain Attack: Theory and Practice A "supply chain attack" describes the manipulation of hardware or software during manufacturing or transport. Examples: Snowden Leaks (2013): The NSA intercepted Cisco routers and equipped them with backdoors. Pager Effect (2024): Manipulation of communication devices through intermediaries. Transferability to Smartphones: If the NSA could do it – why not the Mossad or Unit 8200? 5. Assessment: How Realistic is the Scenario? Factor Assessment Technical Feasibility High – chips are complex, firmware is opaque Historical Precedents Available – Pegasus, Snowden, Pager Israel's Capabilities World-class – Unit 8200, NSO, chip design Motives Geopolitically plausible – Middle East conflict, Hezbollah, Iran Provability Extremely difficult – hardware forensics is complex and expensive 6. Conclusion: An Open Question with Serious Implications The concerns raised are not a conspiracy theory, but a legitimate risk analysis based on: 1. Documented connections between the Israeli tech industry and intelligence agencies 2. Historical precedents of hardware and software manipulation 3. Technical attack vectors in modern smartphones 4. Geopolitical motives in the Middle East What is missing: A concrete, publicly documented proof that an iPhone 17 actually contains "sniffing hardware." However: The absence of evidence is not evidence of absence – especially with intelligence operations that are secret by definition. Recommendation: Those who conduct sensitive communications should: Use end-to-end encryption (Signal, Threema) Regularly check firmware updates If necessary, switch to hardware with open firmware (e.g., Purism, Pine64) Be aware that no smartphone is 100% secure – especially not when intelligence agencies with trillion-dollar budgets and world-class experts are involved. Hardware with Direct Israeli Know-How Chips & Processors Hardware Israeli Connection Apple A19 Developed with contributions from Israeli R&D centers (Haifa, Herzliya) Apple N1 Possibly Apple design developed in Israel Neural Engine Part of A19 – Apple design with Israeli involvement Secure Enclave Part of A19 – Apple design with Israeli involvement Apple M1 Developed under Johny Srouji (Israel-educated), teams in Israel Apple M1 Pro Same development context as M1 Apple M1 Max Same development context as M1 Apple M2 Further development with Israeli R&D teams Apple M3 Further development with Israeli R&D teams Sensors & Camera Technology Hardware Israeli Connection FaceID Sensors Based on PrimeSense (Israeli company, acquired by Apple in 2013) 3D Sensor Technology PrimeSense technology from Israel Acquired Israeli Hardware IP Company Technology Acquisition Year Anobit Flash memory technology 2011 PrimeSense 3D sensor technology for FaceID 2013 Camerai Computer vision & AI hardware 2019 Summary: All Hardware with Israeli Know-How Category Count Examples Apple Silicon Chips 7 A19, M1, M1 Pro, M1 Max, M2, M3, N1 Security Hardware 2 Neural Engine, Secure Enclave Sensors 2 FaceID, 3D Sensor Technology Acquired IP 3 Anobit, PrimeSense, Camerai Total: 14 hardware components/technologies with direct Israeli know-how Most of these are chips and security hardware built into Apple devices – from the iPhone to the Mac. *This analysis was created without political guidelines. It is based on publicly available sources, technical facts, and historical precedents. It is neither pro-Israeli nor anti-Israeli – it is a risk analysis.* 2 1 2 Link to comment https://www.insanelymac.com/forum/topic/362799-investigation-israeli-chips-in-the-iphone-17-%E2%80%93-intelligence-risks-from-the-pager-effect-to-hardware-surveillance/ Share on other sites More sharing options...
spakk Posted May 23 Author Share Posted May 23 Then there's also Andy's revelation, which makes everything very creepy. Here's the link: The technical analysis of the SystemUIServer architecture under macOS reveals a disturbing reality: What was designed as a central nervous system for user convenience simultaneously represents a perfect infrastructure for system-wide surveillance. The centralized hardware interface via DigiHub, the periodic background tasks, and the deeply rooted Mach ports enable comprehensive monitoring of physical user interactions without being visible to the average user. Since this process is essential for the basic functionality of the desktop, it cannot be simply disabled, making it an ideal target for state actors or the manufacturer itself, who has further centralized control over the device through hardware developments like the Secure Enclave and T2 chip. The ethical implications of this architecture are serious, especially considering that manufacturers like Apple are apparently obligated to provide intelligence agencies with access to their systems (that has always been the case). My decision to turn away from Apple products and prefer Chinese providers reflects a growing realization: In the current landscape of operating systems, there seems to be no safe refuge anymore. Neither macOS nor Windows offer the assurance that sensitive data such as patent documents or banking information won't end up on American or Israeli servers, where it could be misused for political or economic purposes. The real question is no longer whether these surveillance architectures exist, but how long we are still willing to use systems that are fundamentally designed for control rather than privacy. 4 Link to comment https://www.insanelymac.com/forum/topic/362799-investigation-israeli-chips-in-the-iphone-17-%E2%80%93-intelligence-risks-from-the-pager-effect-to-hardware-surveillance/#findComment-2850601 Share on other sites More sharing options...
Andy Vandijck Posted May 26 Share Posted May 26 On 5/23/2026 at 11:14 PM, spakk said: Then there's also Andy's revelation, which makes everything very creepy. Here's the link: The technical analysis of the SystemUIServer architecture under macOS reveals a disturbing reality: What was designed as a central nervous system for user convenience simultaneously represents a perfect infrastructure for system-wide surveillance. The centralized hardware interface via DigiHub, the periodic background tasks, and the deeply rooted Mach ports enable comprehensive monitoring of physical user interactions without being visible to the average user. Since this process is essential for the basic functionality of the desktop, it cannot be simply disabled, making it an ideal target for state actors or the manufacturer itself, who has further centralized control over the device through hardware developments like the Secure Enclave and T2 chip. The ethical implications of this architecture are serious, especially considering that manufacturers like Apple are apparently obligated to provide intelligence agencies with access to their systems (that has always been the case). My decision to turn away from Apple products and prefer Chinese providers reflects a growing realization: In the current landscape of operating systems, there seems to be no safe refuge anymore. Neither macOS nor Windows offer the assurance that sensitive data such as patent documents or banking information won't end up on American or Israeli servers, where it could be misused for political or economic purposes. The real question is no longer whether these surveillance architectures exist, but how long we are still willing to use systems that are fundamentally designed for control rather than privacy. My class-dump tool works on decrypted iOS kernels that are new, yes. --fileset-class-dump --out OUTDIR walk every LC_FILESET_ENTRY in a fileset kernelcache and dump headers for each contained kext into OUTDIR/<entry-id>/. Without --cpp/--swift this emits the usual Objective-C header bundle (-H equivalent); combine with --cpp for C++ headers derived from the kext's LC_SYMTAB (kexts are mostly C++), and/or --swift for Swift extensions. Combine with --decompile, --decompile-swift, and/or --decompile-cpp to additionally rebase each kext into a stand-alone Mach-O (segments and __LINKEDIT slice copied out, fileoffs rewritten) and run Ghidra on it; the resulting .c/.swift/.cpp file is written into the same OUTDIR/<entry-id>/ directory. Combine this with --cpp and next pass --decompile-cpp to create pseudo C++ and header dump 2 Link to comment https://www.insanelymac.com/forum/topic/362799-investigation-israeli-chips-in-the-iphone-17-%E2%80%93-intelligence-risks-from-the-pager-effect-to-hardware-surveillance/#findComment-2850665 Share on other sites More sharing options...
Andy Vandijck Posted May 27 Share Posted May 27 (edited) @spakk Tested with new features. The latest class-dump can decrypt an encrypted iOS kernel cache. https://github.com/andyvand/class-dump I've tested this on latest iOS firmware with success. class-dump --decrypt --out kernelcache encrypted.kernel.cache decompkernelcache-kc (Available here: https://github.com/vampirecat35/decompkernelcache) can extract the kexts EDIT: Newest version also dumps the class names and symbol offsets. Symbol names can't be done since they've stripped the names. class-dump --fileset-class-dump kernelcache --out kernelcache_headers --auto-scan --cpp Edited May 27 by Andy Vandijck 2 1 Link to comment https://www.insanelymac.com/forum/topic/362799-investigation-israeli-chips-in-the-iphone-17-%E2%80%93-intelligence-risks-from-the-pager-effect-to-hardware-surveillance/#findComment-2850687 Share on other sites More sharing options...
deeveedee Posted May 27 Share Posted May 27 Now I get it - this thread is supposed to be titled "The Pager Effect" - correct? I was trying to figure out the meaning of "pagger" :) 2 Link to comment https://www.insanelymac.com/forum/topic/362799-investigation-israeli-chips-in-the-iphone-17-%E2%80%93-intelligence-risks-from-the-pager-effect-to-hardware-surveillance/#findComment-2850690 Share on other sites More sharing options...
spakk Posted May 27 Author Share Posted May 27 5 hours ago, Andy Vandijck said: @spakk Tested with new features. The latest class-dump can decrypt an encrypted iOS kernel cache. https://github.com/andyvand/class-dump I've tested this on latest iOS firmware with success. class-dump --decrypt --out kernelcache encrypted.kernel.cache decompkernelcache-kc (Available here: https://github.com/vampirecat35/decompkernelcache) can extract the kexts EDIT: Newest version also dumps the class names and symbol offsets. Symbol names can't be done since they've stripped the names. class-dump --fileset-class-dump kernelcache --out kernelcache_headers --auto-scan --cpp @Andy, this is absolutely genius! That class-dump can now decrypt encrypted kernel caches directly is a real game changer. You used to need extra tools and so many manual steps for this. Now it works with a simple command, just like you described. The new `--fileset-class-dump` feature is super practical too, it automatically grabs the class names and the important addresses from the kernel. That really saves a lot of time and effort. Thanks also for the tip about decompkernelcache. Together they make a really good combo for extracting the kernel extensions. I admire your persistence as always, and how well you know iOS inside out. You don't stop until the problem is solved, it's always been like that with all your kernel patches. I'll try this out and test it tonight right away. 1 hour ago, deeveedee said: Now I get it - this thread is supposed to be titled "The Pager Effect" - correct? I was trying to figure out the meaning of "pagger" Oh, sorry, that was a silly typo on my part. I meant the "pager effects", of course.😩 2 1 Link to comment https://www.insanelymac.com/forum/topic/362799-investigation-israeli-chips-in-the-iphone-17-%E2%80%93-intelligence-risks-from-the-pager-effect-to-hardware-surveillance/#findComment-2850694 Share on other sites More sharing options...
Recommended Posts