updated 12:26 am EDT, Tue July 22, 2014
May enable collection of private data by Apple, governments
[Updated with rebuttal from Apple] Apple's iOS platform contains several backdoors that may allow for Apple and/or governments to collect private data, according to a forensic scientist, Jonathan Zdziarski. Presenting at the recent Hackers On Planet Earth (HOPE/X) conference, Zdziarski said that that there are several conspicuous design gaps -- and some deliberately-included forensic services -- that make it possible to extract data using forensic tools. The services have names such as "lockdownd," "pcapd," and "mobile.file_relay."
These can bypass backup encryption measures, and be exploited via USB and Wi-Fi, and possibly over cellular networks as well. They aren't publicly documented by Apple, and Zdziarski notes that they don't appear to be carrier or developer functions, since they can reach personal content that would be unnecessary for troubleshooting apps or networks.
"I am not suggesting some grand conspiracy; there are, however, some services running in iOS that shouldn't be there, that were intentionally added by Apple as part of the firmware, and that bypass backup encryption while copying more of your personal data than ever should come off the phone for the average consumer," the analyst comments. "I think at the very least, this warrants an explanation and disclosure to the some 600 million customers out there running iOS devices. At the same time, this is not a zero day and not some widespread security emergency. My paranoia level is tweaked, but not going crazy. My hope is that Apple will correct the problem. Nothing less, nothing more. I want these services off my phone. They don't belong there."
Despite attempts to assuage fears, Zdziarski says that forensic software firms like Cellebrite and Elcomsoft are already using the backdoors to extract data requested by law enforcement agencies. Unmentioned is whether organizations like the National Security Agency might be collecting data, but in December of last year, a leaked 2008 document revealed that the NSA already had near-total access to iPhone data if it could get its hands on a device, and was working on remote access.
Zdziarski encourages people worried about privacy to set a complex passcode, and use Apple's Configurator tool to set up mobile device management restrictions, as well as pair locking, which will delete pairing records. This blocks direct third-party data intrusions, but not those in which Apple collects the data first.
[Update] Apple has quickly responded to the charges, denying any activities inferred by Zdziarski and explaining steps that are taken to ensure customer data privacy. It was equally quick to refute and explain concerns about location privacy raised by Chinese government-run media outlets in a manufactured controversy last week.
"We have designed iOS so that its diagnostic functions do not compromise user privacy and security, but still provides needed information to enterprise IT departments, developers and Apple for troubleshooting technical issues," the company said in a statement given to the Financial Times but not yet fully published. "A user must have unlocked their device and agreed to trust another computer before that computer is able to access this limited diagnostic data. The user must agree to share this information, and data is never transferred without their consent."
The statement from Apple also again reiterates that it has never worked with any government agency to create a "backdoor" in any consumer product or service. Some of the "flaws" Zdziarsky raised in his presentation are based on flaws in the security certificate system (not developed by Apple) that can allow hackers to forge valid certificates and obtain information. Several web and tech companies have had to deal with such issues, including Apple, Google and most recently Microsoft.