Ex-iPhone Jailbreaker Claims Apple Built Surveillance Backdoors in iOS

Ex-iPhone jailbreaker Jonathan Zdziarski gave a presentation at HOPE/X conference regarding iOS security. He stated the platform is secure from malicious attacks, but backdoors are present for surveillance inside.

He presented ‘Identifying Backdoors, Attack Points, and Surveillance Mechanisms in iOS Devices,’ revealing several high-value undocumented forensic services running on the iPhone, and design omissions that appear or snooping.

A little more about Zdziarski: he was a well-known figure among the jailbreak community, and worked as a dev-team member under the name NerveGas. Since then, he has released 5 books, including Securing and Hacking iOS applications:

ZDNet cites his serious claims against Apple:
  • Apple is dishing out a lot of data behind our backs
  • It’s a violation of the customer’s trust and privacy to bypass backup encryption
  • There is no valid excuse to leak personal data or allow packet sniffing without the user’s knowledge and permission.
  • Much of this data simply should never come off the phone, even during a backup.
  • Apple has added many conveniences for enterprises that make tasty attack points for .gov and criminals
  • Overall, the otherwise great security of iOS has been compromised… by Apple… by design.
And questions he’d ask the company if given the chance:
  • Why is there a packet sniffer running on 600 million personal iOS devices instead of moved to the developer mount?
  • Why are there undocumented services that bypass user backup encryption that dump mass amounts of personal data from the phone?
  • Why is most of my user data still not encrypted with the PIN or passphrase, enabling the invasion of my personal privacy by YOU?
  • Why is there still no mechanism to review the devices my iPhone is paired with, so I can delete ones that don’t belong?
Here are the PDF files of the entire presentation

While the accusations do sound wild, they are in line with reports from last year that accuse iOS devices of having backdoors for surveillance. A leaked document also revealed DROPOUTJEEP, an iPhone-specific NSA-based program.

But Apple has denied it is involved in any kind of secret government projects on many occasions, and has also joined coalition of tech giants demanding transparency from the government. Apple issued the following statement after this report:
We have designed iOS so that its diagnostic functions do not compromise user privacy and security, but still provides needed information to enterprise IT departments, developers and Apple for troubleshooting technical issues. A user must have unlocked their device and agreed to trust another computer before that computer is able to access this limited diagnostic data. The user must agree to share this information, and data is never transferred without their consent. As we have said before, Apple has never worked with any government agency from any country to create a backdoor in any of our products or services.
What do you think? 


blog comments powered by Disqus
Octofinder Blog Catalog