It’s been said that Android users have Google to fear when it comes to their personal information, but iOS users shouldn’t wear any confidence about their operating system, either.
According to a new report by forensics expert and iOS hacker Jonathan Zdziarski, also known as “NerveGas,” iOS has a number of “back doors” in iOS that allow governmental access – even while Apple claims that it’s committed to protecting its users’ privacy.
NerveGas has worked on iOS jailbreaks up through iOS 4, has designed the iOS forensics techniques that law enforcement uses today and has himself written five books on iOS hacking and security. In his slides from his presentation at the recent New York Hackers on Planet Earth, or HOPE Conference, Zdziarski notes that there’re a number of “undocumented forensic services” on every iOS device, leading many to wonder why these services are “undocumented” and what the purpose is for implementing such services on iOS devices.
Zdziarski asks some questions at the HOPE Conference that are excellent ones for iPhone and iPad users to consider:
- Why is there a packet sniffer running on 600 million personal iOS devices instead of moved to the developer mount?
- Why are there undocumented services that bypass user backup encryption that dump mass amounts of personal data from the phone?
- Why is most of my user data still not encrypted with the PIN or passphrase, enabling the invasion of my personal privacy by YOU?
Packet sniffers are used by iOS developers to see what kinds of user traffic utilize their apps, but why are packet sniffers placed on all iOS devices? Also, there’re a number of other tools in iOS on iDevices that Apple’s been advancing over the years, a troubling sign for a company that’s intent on maintaining user privacy. As Zdziarski wrote on his blog (to explain the purpose of his claims),
“I have NOT accused Apple of working with the NSA, however I suspect (based on released documents) that some of these services MAY have been used by NSA to collect data on certain potential targets. I am not suggesting some grand conspiracy; there are, however, some services running in iOS that shouldn’t be there, that were intentionally added by Apple as part of the firmware…at the very least, this warrants an explanation and disclosure to some 600 million customers out there running iOS devices.”
Keep in mind that Zdziarski has done lots of work in iOS security and knows his way around the iOS configurations. He’s got much experience in iOS and isn’t talking about what others have said; instead, he’s giving details of his own research in iOS.
Apple responded to Zdziarski’s presentation and comments by saying that it’s never teamed up with the NSA, nor is it compromising user data.
At the same time, however, Zdziarski notes in his presentation slides that he’s received emails from Tim Cook about Apple’s warranty policies (a response to his own emails), but never received anything back about the “back doors” in iOS. Tim Cook’s silence on the subject of iOS back doors is an interesting move indeed for a CEO whose company’s looking to sell 70-80 million iPhone 6 models come September.
Here’s more discussion on 38 iOS vulnerabilities and how the US Government has exploited operating systems for its own benefit.