Hacker finds iOS 'backdoors' that allow access to personal data

Apple's mobile devices have services that can potentially gather data about their owners and send them back to the iPhone and iPad maker, a researcher has disclosed.

 

Researcher Jonathan Zdziarski said there are services on iOS "that shouldn't be there" but were added by Apple as part of the firmware.

 

"I have NOT accused Apple of working with (the National Security Agency), however I suspect (based on released documents) that some of these services MAY have been used by NSA to collect data on potential targets," he said in a blog post.

Copying personal data
 

He added such services "bypass backup encryption while copying more of your personal data than ever should come off the phone for the average consumer."

 

"I think at the very least, this warrants an explanation and disclosure to the some 600 million customers out there running iOS devices," he said.

 

Zdziarski posted a response from Apple indicating the iOS software "backdoors" are for "diagnostics."

 

He quoted Apple as saying it designed iOS "so that its diagnostic functions do not compromise user privacy and security but still provides needed information to enterprise IT departments, developers and Apple for troubleshooting technical issues."

 

Apple also maintained it "has never worked with any government agency from any country to create a backdoor in any of our products or services."

'Diagnostics'?
 

"I don’t buy for a minute that these services are intended solely for diagnostics. The data they leak is of an extreme personal nature. There is no notification to the user. A real diagnostic tool would have been engineered to respect the user, prompt them like applications do for access to data, and respect backup encryption. Tell me, what is the point in promising the user encryption if there is a back door to bypass it?" Zdziarski said.

 

The functions retrieve data, without authentication, from an iOS-based device using wireless or USB connections and have no other purpose other than data retrieval from devices, Zdziarski says.

 

“I have emailed both Tim Cook and Steve Jobs at various times to ask for an explanation about these services, citing them as `back doors,’ and have received no reply,” the researcher said in a presentation. “Apple is well aware of these components, and has clearly been updating them and supporting them for reasons unknown.”

 

A separate article on the HotForSecurity blog said the functions can potentially help retrieve data such as private messages and deleted messages, from an installed Twitter app.

 

"Call history, SMS texts, photo, video and audio recordings can be accessed by law enforcement, while data of third-party apps, calendar entries and emails can’t be passed by Apple to law enforcement," it said. — Joel Locsin/TJD, GMA News