Apple is quick to deny recent allegations from a data forensic scientist that iOS houses ‘undocumented features’ that are a direct backdoor into iOS allowing government agencies and third parties direct access into the phone alongside large swaths of data.
The company has denied all claims published in Jonathan Zdziarski’s report, an iOS security expert and long time iPhone hacker.
Zdziarski, known as “NerveGas” in the iOS development community, uncovered a number of undocumented features found in Apple’s popular iOS mobile operating system. At HOPE X, Zdziarski unveiled his report: “Identifying Back Doors, Attack Points, and Surveillance Mechanisms in iOS Devices” (PDF).
Zdziarski explained in his slides how Apple fails to encrypt data in their backup encryption mechanism offered in iTunes, and how over 600 millions personal devices specifically running iOS 7 are found susceptible.
“Once the device is first unlocked after reboot, most of the data-protection encrypted data can be accessed until the device is shut down,” Zdziarski documented in his presentation. “Your device is almost always at risk of spilling all data, since it’s almost always authenticated, even while locked.”
In the undocumented features disclosed, Zdziarski found data that can be recovered includes a full copy of the phones address book even deleted entries, stored photos, the voicemail database, audio files, account configurations on the device such as iCloud, email logins, Facebook accounts, Twitter accounts, and a number of other services. It also includes user cache of screenshots, keystrokes, the device’s clipboard, and GPS data all without required a backup password to be entered.
Apple was quick to respond in a statement to Tim Bradshaw, a technical reporter at the Financial Times, denying all allegations Zdziarski had presented, with the following comments:
“We have designed iOS so that its diagnostic functions do not compromise user privacy and security, but still provides needed information to enterprise IT departments, developers and Apple for troubleshooting technical issues. A user must have unlocked their device and agreed to trust another computer before that computer is able to access this limited diagnostic data. The user must agree to share this information, and data is never transferred without their consent.”
Apples continues to claim it “has never worked with any government agency from any country to create a backdoor in any of our products or services.”
To further Apples claims, they identify what mobile file_relay, com.apple.pcapd and com.apple.mobile.house_arrest do, which Zdziarski noted to be undocumented features.
pcapd supports diagnostic packet capture from an iOS device to a trusted computer. The tool helps troubleshoot and diagnose any issues with applications on the iOS device as well as enterprise VPN connections. More on pcapd can be found on Apples new support page – developer.apple.com/library/ios/qa/qa1176.
file_relay supports limited copying of diagnostic data from a device. This service is separate from user-generated backups, does not have access to all data on the device, and respects iOS Data Protection. Apple engineering uses file_relay on internal devices to qualify customer configurations. AppleCare, with user consent, can also use this tool to gather relevant diagnostic data from users’ devices.
house_arrest is a feature used by iTunes to transfer documents to and from iOS devices for applications that support the house_arrest functionality. This is also used by Xcode to assist in the transfer of test data to a device while an application is in development stages.
Apple restates on their support documentation page that to access the tools and their diagnostic capabilities, it requires an unlocked iOS device alongside a trusted computer to protect against data extraction from unknown sources. They continue noting that transferred data is encrypted with keys not shared with the company.