Feedback

Apple strongly denies stuffing iPhones and iPads with NSA backdoors

SecurityNews
by Paul Cooper
, 24 Jul 2014News
Apple strongly denies stuffing iPhones and iPads with NSA backdoors

Apple has vociferously denied writing surveillance backdoors into iOS, the operating system used on the iPhone and iPad range of devices. The Cupertino CA-based company released a strongly-worded statement denying any collusion with the spying programmes of intelligence agencies like the NSA and GCHQ.

"As we have said before, Apple has never worked with any government agency from any country to create a backdoor in any of our products of services," Apple said in a statement.

Forensic scientist and author Jonathan Zdziarski revealed earlier this week a whole raft of backdoors, attack points and surveillance mechanisms built into iOS devices.

Read more: Apple’s iOS security: Not what it’s cracked up to be

Speaking at the Hackers On Planet Earth (HOPE/X) conference in New York, Zdziarski basically shot down Apple's claims about security and its efforts to safeguard iOS devices from police and government snooping.

Zdziarski, better known as the hacker "NerveGas" in the iPhone development community, worked as a dev team member on many of the early iOS jailbreaks, and is the author of five iOS-related O'Reilly books including "Hacking and Securing iOS Applications."

However, Apple denied all of his claims.

"We have designed iOS so that its diagnostic functions do not compromise user privacy and security, but still provides needed information to enterprise IT departments, developers and Apple for troubleshooting technical issues," the Cupertino-based company said.

Related: How to tell if your Android phone is infected with malware

"A user must have unlocked their device and agreed to trust another computer before that computer is able to access this limited diagnostic data. The user must agree to share this information, and data is never transferred without their consent."

In his talk, entitled "Identifying Backdoors, Attack Points, and Surveillance Mechanisms in iOS Devices," Zdziarski claimed that the undocumented functions could be used by unauthorised parties to wirelessly extract sensitive data from iOS devices, without requiring a password or PIN.

In a blog post published after his HOPE X talk, Zdziarski played down conspiracy theories, saying that the flaws should be seen as weaknesses rather than intentional backdoors:

"I am not suggesting some grand conspiracy. There are, however, some services running in iOS that shouldn't be there, that were intentionally added by Apple as part of the firmware and that bypass backup encryption while copying more of your personal data than ever should come off the phone for the average consumer."

"My hope is that Apple will correct the problem. Nothing less, nothing more. I want these services off my phone. They don't belong there."

Related: The year the NSA hacked the world: A 2013 PRISM timeline

Topics
blog comments powered by Disqus