iOS contains several backdoors that may allow for Apple and/or governments to collect private data, according to a forensic scientist, Jonathan Zdziarski. Presenting at the recent Hackers On Planet Earth (HOPE/X) conference, Zdziarski said that that there are several conspicuous design gaps — and some deliberately-included forensic services — that make it possible to extract data using forensic tools. The services have names such as “lockdownd,” “pcapd,” and “mobile.file_relay.”
These can bypass backup encryption measures, and be exploited via USB and Wi-Fi, and possibly over cellular networks as well. They aren’t publicly documented by Apple, and Zdziarski notes that they don’t appear to be carrier or developer functions, since they can reach personal content that would be unnecessary for troubleshooting apps or networks.
“I am not suggesting some grand conspiracy; there are, however, some services running in iOS that shouldn’t be there, that were intentionally added by Apple as part of the firmware, and that bypass backup encryption while copying more of your personal data than ever should come off the phone for the average consumer,” the analyst comments. “I think at the very least, this warrants an explanation and disclosure to the some 600 million customers out there running iOS devices. At the same time, this is NOT a zero day and NOT some widespread security emergency. My paranoia level is tweaked, but not going crazy. My hope is that Apple will correct the problem. Nothing less, nothing more. I want these services off my phone. They don’t belong there.”
Despite attempts to assuage fears, Zdziarski says that forensic software firms like Cellebrite and Elcomsoft are already using the backdoors to extract data requested by law enforcement agencies. Unmentioned is whether organizations like the National Security Agency might be collecting data, but in December of last year, a leaked 2008 document revealed that the NSA already had near-total access to iPhone data if it could get its hands on a device, and was working on remote access.
Zdziarski encourages people worried about privacy to set a complex passcode, and use Apple’s Configurator tool to set up mobile device management restrictions, as well as pair locking, which will delete pairing records. This blocks direct third-party data intrusions, but not those in which Apple collects the data first.
