Forensic scientist and author Jonathan Zdziarski (opens in new tab) has revealed backdoors, attack points and surveillance mechanisms built into iOS Devices.
Speaking at the Hackers On Planet Earth (opens in new tab) (HOPE/X) conference in New York, Jonathan Zdziarski basically shot down Apple’s claims about security and its efforts to safeguard iOS devices from police and government snooping.
Zdziarski, better known as the hacker "NerveGas" in the iPhone development community, worked as a dev team member on many of the early iOS jailbreaks, and is the author of five iOS-related O’Reilly books including "Hacking and Securing iOS Applications (opens in new tab)."
Read more: Mobile security: 5 tips for protecting your sensitive data (opens in new tab)
In his talk, Zdziarski revealed "a number of undocumented high-value forensic services running on every iOS device" and "suspicious design omissions in iOS that make collection easier."
He also provided examples of forensic artefacts acquired that "should never come off the device" without user consent.(opens in new tab)
These undocumented iOS services exposed by Zdziarski (like "lockdownd," "pcapd" and "mobile.file_relay") can bypass encrypted backups and be accessed via USB, Wi-Fi and "maybe cellular."
What's most suspicious about the undocumented services (and the data they collect) is that they're not referenced in any Apple software, the data is personal in nature (thus unlikely to be for debugging) and is stored in raw format, making it impossible to restore to the device.(opens in new tab)
Zdziarski does say that the iPhone is "reasonably secure" to a typical attacker and newer devices are generally more secure from everybody… everybody except Apple and the government.
He noted that Apple has "worked hard to ensure that it can access data on end-user devices on behalf of law enforcement", and links to Apple's Law Enforcement Process Guidelines (opens in new tab) spell this out in a fairly chilling way.
Apple’s Law Enforcement Process Guidelines make it pretty clear that Apple is storing all sorts of information about users, and Section III ‘Information Available From Apple’ almost seems like a menu of various items they will provide law enforcement or government agencies (with the proper warrants, subpoenas, etc).
The list includes such items as device registration information, customer service records, iTunes information, retail store transactions, online purchases, gift card purchases, just about anything stored on Apple’s iCloud service (including subscriber information, mail logs, emails, photos, documents, contacts, calendars, bookmarks and iOS device backups). And they can provide some Find My iPhone data.
Finally, when it comes to iOS devices Apple admits that it can indeed extract quite a bit of data from Passcode locked devices.
The list is pretty scary all by itself and you can see that in many cases if they can’t get the data from one place they can easily get it from another. For example they may not be able to pull emails from an iPhone but they can access the ‘auto correct’ data so if you used your iPad or iPhone to compose an email message the original keystrokes (and the corrected misspellings) are available - or if you stored them on iCloud they are there.
Zdziarski concluded his talk with two slides. The first is a list of questions for Apple (apparently he already asked but never got an answer).(opens in new tab)
And finally he points out that Apple may have added many conveniences for enterprises but these backdoors provide, as he puts it, “tasty attack points for .gov and criminals.”(opens in new tab)
This is fairly disturbing information and it’s not going to make it any easier for Apple to sell products overseas or to large corporations – two areas that have been highlighted in recent weeks. I guess that the Chinese news services were right after all when they said that iPhones could be a threat to national security (opens in new tab).
You can find Jonathan Zdziarski’s slides from his talk in PDF format here.