Apple admits to the existence of an iOS backdoor, but says its for diagnostics. The researcher that exposed it says it undermines the platform’s security
Jonathan Zdiarski exposed the back door during a presentation at the Hackers on Hackers On Planet Earth (HOPE) conference last week, where Edward Snowden also spoke, detailing how it could be used to obtain personal information from an iOS device.
This, he said, compromises iOS users’ security and privacy, while opening up a potential weakness that could be exploited by government surveillance programmes and criminals – an accusation Apple refutes.
“We have designed iOS so that its diagnostic functions do not compromise user privacy and security, but still provides needed information to enterprise IT departments, developers and Apple for troubleshooting technical issues,” the company said in a statement sent to the FT. “A user must have unlocked their device and agreed to trust another computer before that computer is able to access this limited diagnostic data. The user must agree to share this information, and data is never transferred without their consent.”
However Zdiarski says this statement merely confirms the existence of the backdoor and says it can exploited even if the ‘send diagnostic data to Apple’ option is switched off and if the device is not managed by an enterprise policy – both of which would be the opposite if it was a genuine diagnostic mode.
He also points out that there are many ways to gain access to this data using pairing records, which are generated every time a device is connected to a computer. Apple has only recently introduced a feature which prompts users to say whether they ‘trust’ a computer, meaning there could be countless instances of these records on shared or public systems.
“As a result, every single device has these features enabled and there’s no way to turn them off, nor are users prompted for consent to send this kind of personal data off the device,” Zdiarski says. “This makes it much harder to believe that Apple is actually telling the truth here.”
A likely story…
In his presentation, Zdiarski struggled to come up with a logical reason as to why this backdoor exists. He says tech support wouldn’t need such raw, sensitive data that can’t be put back onto the phone and that they shouldn’t need to bypass security. Similarly, developers have their own tools for debugging and would not need so much data.
“I don’t buy for a minute that these services are intended solely for diagnostics,” he states. “The data they leak is of an extreme personal nature. There is no notification to the user. A real diagnostic tool would have been engineered to respect the user, prompt them like applications do for access to data, and respect backup encryption. Tell me, what is the point in promising the user encryption if there is a back door to bypass it?”
He says he has never accused Apple of working with the NSA, but says the existence of the backdoor is a grand betrayal of iOS users’ trust and undermines the platform’s otherwise good security. iOS has long been viewed as relatively secure when compared to Android, which has been beset by malware.
“I am not suggesting some grand conspiracy; there are, however, some services running in iOS that shouldn’t be there, that were intentionally added by Apple as part of the firmware, and that bypass backup encryption while copying more of your personal data than ever should come off the phone for the average consumer,” he says. “I think at the very least, this warrants an explanation and disclosure to the some 600 million customers out there running iOS devices.
“My hope is that Apple will correct the problem. Nothing less, nothing more. I want these services off my phone. They don’t belong there.”
How well do you know Apple? Take our quiz!