iOS 'backdoor' entry is real, says Jonathan Zdziarski. Not for NSA, says Apple
There might be more to the iPhone than consumers know and these features could be leaking out personal information without permission.
This is according to a presentation done by forensics expert Jonathan Zdziarski at New York's Hackers On Planet Earth conference, one of the most creative and diverse hacker events in the globe. Titled "Identifying Backdoors, Attack Points, and Surveillance Mechanisms in iOS Devices," Zdziarski's talk highlights that a number of undocumented forensic services are installed and running on every iOS device out there and that design omissions on the part of Apple are making the unsolicited collection of data easier.
Backdoor access is initialized when an iOS device is paired when it is connected to a computer via USB. The iOS device and the computer swap security certificates with each other to establish a secure relationship, exchanging encryption keys needed to set up encrypted SSL channels. This pairing cannot be undone unless the iOS device is wiped or the computer is restored to its original factory settings.
Anyone looking to spy on an iOS device simply needs access to the pairing data. To achieve this, the targeted device must simply be connected secretly to a computer or spyware can be installed on the target's computer to copy pairing data.
But it's not as easy as it sounds. Hackers must have pairing keys, know where devices will be, have access to the same wireless networks the devices are on and must ensure the devices have wireless access switched on before any information can be swiped without permission. It may sound a lot of work for a run-of-the-mill hacker but an agency with a $52 billion budget like the NSA will have no problems with it.
Even Zdziarski (known as "NerveGas" in the iPhone development community) admits that the iPhone is generally secure but what mostly bothers him is the presence of an undocumented file-relay service that is only useful for spying.
"Its sole purposes is to dish out data, bypass backup encryption, and give you almost the same amount of personal data you get from a backup on the phone, in some cases even more. We really need someone at Apple to step up and explain why this is here. There's no logical reason why it should be there on 600 million devices," points out Zdziarski.
"We have designed iOS so that its diagnostic functions do not compromise user privacy and security, but still provides needed information to enterprise IT departments, developers and Apple for troubleshooting technical issues. The user must agree to share this information, and data is never transferred without their consent. As we have said before, Apple has never worked with any government agency from any country to create a backdoor in any of our products of services," counters Apple.