iOS 7 (App Store teaser 002)

Former iPhone jailbreak hacker Jonathan Zdziarski recently gave a presentation at the HOPE/X conference regarding iOS device security. He said that the platform is reasonably secure from attacks by malicious hackers, but noted there are several backdoors built-in for surveillance.

In the presentation, called ‘Identifying Backdoors, Attack Points, and Surveillance Mechanisms in iOS Devices,’ Zdziarski detailed a number of undocumented high-value forensic services running on iOS devices, and suspicious design omissions in the OS, that appear to be for snooping… 

If the name sounds familiar, that’s because Zdziarski was once a well-known figure in the jailbreak community. Under the handle NerveGas, he worked as a dev-team member on many of the early jailbreaks. He has since authored 5 books, including Hacking and Securing iOS Applications.

Here are some of Zdziarski’s more serious claims against Apple (via ZDNet):

  • Apple is dishing out a lot of data behind our backs
  • It’s a violation of the customer’s trust and privacy to bypass backup encryption
  • There is no valid excuse to leak personal data or allow packet sniffing without the user’s knowledge and permission.
  • Much of this data simply should never come off the phone, even during a backup.
  • Apple has added many conveniences for enterprises that make tasty attack points for .gov and criminals
  • Overall, the otherwise great security of iOS has been compromised… by Apple… by design.

And some of the questions he’d like to ask the company:

  • Why is there a packet sniffer running on 600 million personal iOS devices instead of moved to the developer mount?
  • Why are there undocumented services that bypass user backup encryption that dump mass amounts of personal data from the phone?
  • Why is most of my user data still not encrypted with the PIN or passphrase, enabling the invasion of my personal privacy by YOU?
  • Why is there still no mechanism to review the devices my iPhone is paired with, so I can delete ones that don’t belong?

As wild as the accusations sound, they do match up with reports from late last year accusing iOS devices of having backdoors for government surveillance. A leaked document revealed an iPhone-specific NSA program code-named DROPOUTJEEP, and many wondered if Apple was involved.

Users have been questioning Apple’s stance on user privacy ever since it was named in Edward Snowden’s PRISM program leak last summer. The program claimed to allow the NSA to access private user information on servers of 9 major tech companies, including Google, Microsoft and Apple.

Apple has emphatically denied involvement in any kind of secret government program multiple times, and has even joined a coalition of tech companies campaigning for more transparency from the government. Following Zdziarski’s report, Apple issued the following statement (via Tim Bradshaw):

We have designed iOS so that its diagnostic functions do not compromise user privacy and security, but still provides needed information to enterprise IT departments, developers and Apple for troubleshooting technical issues. A user must have unlocked their device and agreed to trust another computer before that computer is able to access this limited diagnostic data. The user must agree to share this information, and data is never transferred without their consent. As we have said before, Apple has never worked with any government agency from any country to create a backdoor in any of our products or services.

So there’s a lot to take in here, what do you make of all of this?