iOS 7 (App Store teaser 002)

Former iPhone jailbreak hacker Jonathan Zdziarski recently gave a presentation at the HOPE/X conference regarding iOS device security. He said that the platform is reasonably secure from attacks by malicious hackers, but noted there are several backdoors built-in for surveillance.

In the presentation, called ‘Identifying Backdoors, Attack Points, and Surveillance Mechanisms in iOS Devices,’ Zdziarski detailed a number of undocumented high-value forensic services running on iOS devices, and suspicious design omissions in the OS, that appear to be for snooping… 

If the name sounds familiar, that’s because Zdziarski was once a well-known figure in the jailbreak community. Under the handle NerveGas, he worked as a dev-team member on many of the early jailbreaks. He has since authored 5 books, including Hacking and Securing iOS Applications.

Here are some of Zdziarski’s more serious claims against Apple (via ZDNet):

  • Apple is dishing out a lot of data behind our backs
  • It’s a violation of the customer’s trust and privacy to bypass backup encryption
  • There is no valid excuse to leak personal data or allow packet sniffing without the user’s knowledge and permission.
  • Much of this data simply should never come off the phone, even during a backup.
  • Apple has added many conveniences for enterprises that make tasty attack points for .gov and criminals
  • Overall, the otherwise great security of iOS has been compromised… by Apple… by design.

And some of the questions he’d like to ask the company:

  • Why is there a packet sniffer running on 600 million personal iOS devices instead of moved to the developer mount?
  • Why are there undocumented services that bypass user backup encryption that dump mass amounts of personal data from the phone?
  • Why is most of my user data still not encrypted with the PIN or passphrase, enabling the invasion of my personal privacy by YOU?
  • Why is there still no mechanism to review the devices my iPhone is paired with, so I can delete ones that don’t belong?

As wild as the accusations sound, they do match up with reports from late last year accusing iOS devices of having backdoors for government surveillance. A leaked document revealed an iPhone-specific NSA program code-named DROPOUTJEEP, and many wondered if Apple was involved.

Users have been questioning Apple’s stance on user privacy ever since it was named in Edward Snowden’s PRISM program leak last summer. The program claimed to allow the NSA to access private user information on servers of 9 major tech companies, including Google, Microsoft and Apple.

Apple has emphatically denied involvement in any kind of secret government program multiple times, and has even joined a coalition of tech companies campaigning for more transparency from the government. Following Zdziarski’s report, Apple issued the following statement (via Tim Bradshaw):

We have designed iOS so that its diagnostic functions do not compromise user privacy and security, but still provides needed information to enterprise IT departments, developers and Apple for troubleshooting technical issues. A user must have unlocked their device and agreed to trust another computer before that computer is able to access this limited diagnostic data. The user must agree to share this information, and data is never transferred without their consent. As we have said before, Apple has never worked with any government agency from any country to create a backdoor in any of our products or services.

So there’s a lot to take in here, what do you make of all of this?

  • Delis Encarnacion

    Always did have a weird feeling.

    • Antzboogie

      Its pretty messed up. Snowden is a hero in my eyes and so is this hacker. We need to expose the wrong being done to us!!

      • Delis Encarnacion

        We really do. I always did have a feeling this was going on behind our backs though.

      • Rodney Coleman

        What wrong?? Grow up.. All y’all are blinded by technology. Y’all act all surprise this is happening. Smh… The phone is smarter than y’all lol.

        I can careless about my info. I die and what happens with it??

      • Dani Hayes

        You cannot care because you are an idiot.

      • Rodney Coleman

        Your the idiot for caring about something so stupid like this.

      • Antzboogie

        If your happy being a tool then continue being one I can I see your just a pawn in the bigger scheme of things thats what you are. Your right, your to boring and ignorant for anyone to want to spy on you lol. Things are taken out of context all the time what if you were joking about something and they say you meant it, now your a terroist wha?? Lol You curse on a text and next thing you know your getting a ticket in the mail. Your a fool let me stay away from people like you.

      • GuyWithTheThings

        You’re funny. “Your right, your to boring and ignorant,” you say, when you can’t even bother to spell and punctuate right? SMH…

      • Antzboogie

        Grown people talking troll and you auto correcting lol.

      • Dan

        beat me to it

      • Soylent Green

        .gov troll (unpaid lol)

      • ARX8

        *You’re

      • Innes

        Did you get fined for swearing in a text message?

      • Rodney Coleman

        ^^^^^ yea ok boss

        Your the pawn being scared about your info being lost out on the web.

        We are always being tracked one way or another and our info is out there for everyone to see.

        So why care about this?? Your still gonna buy iPhones and androids right? Ignorant people these days.

      • So do you care when the NSA is passing around nude photographs of you? Or does this not bother you one bit either?

      • Peter Fernandes

        so there is no f# problem that ur info. even where u live is being shared to others u dont know behind ur back?? 0.o weird let me tell ya…. and ppl judging others just becuz they forgot a ? or you´re plz stop being soo ignorant, who dosent type incorrectly sometimes??

      • Soylent Green

        Paid .gov troll

  • James Allen

    That’s crazy and some deep Questions

    • Soylent Green

      Its been the case since the day globalists sheep obaaama & his executive orders decided to scoop every call/email/txt etc thru various big companys such as apple, the ppl here saying stuff like “who cares” are on record as being paid nsa whores aka trolls, after all we cant have all these ppl believing apple are are now just a nsa sockpuppet outfit. They are coming for ur guns americans, this is all part of the conditioning pre-op intelligence gathering phase thats is current. Check infowars nightly news for more corrupt global shennanigans 😉

  • Willie

    I’m sure all softwares do have backdoors and stuff, I just hope that it will not cause our personal data to be compromised.

  • White Michael Jackson

    I always knew this. Thats why I do all my illegal activities through burner phones.

    • Eni

      You go and do all your illegall activities deep in the groung Michael

      • Jonathan

        *grave

  • highNiggaPie

    Yea if you’re doing anything illegal on or through an iPhone you’re an idiot go get a $20 go phone and you’re set

    • Quang

      probably they should invent a phone of their own 🙂 haha

    • disqusted

      I’ll do you one better; go with the NSA’s nemesis… COMMUNICATE WITH PEOPLE FACE TO FACE, *not* FaceTime to FaceTime. Unless your buddies are wearing a wire, or unless Big Brother has microphones set up all over to be able to record even outside conversations (not unlikely)… In fact, I think an even better way to go is use sign language in a remote, visually obscured location to pass messages.

      According to Orwell, their TV’s were like two way mirrors, while they watched their TVs, their TVs watched them. Was he alluding to APPLE TVs?!

      I propose that we abandon the current calendar system and each year henceforth will be 1984… cause it fkn is, anyway. Might as well just call it what it is. Like the Ministry of Peace that keeps our endless war going for us. 13 years straight and counting! They’re good like that. War is peace. Apple is secure. Freeom is slavery. The US government is only trying to keep you safe from terrorists. It’s FOR YOU, INGRATE. Your nudie pics and all that are for NSA workers to send and trade with their buddies… SO THEYLL RECOGNIZE YOU EVEN IF YOURE NAKED WHEN THE TERRORISTS ATTACK, AND CAN GET YOU TO SAFETY! And by “the terrorists”, I mean the US government and the conglomerates who operate that machine.

      So when your own country attacks us (again), know that you’ll be safe. You’ll know that you’re being taken care of when you see the black helicopters.

      And by “taken care of” I mean “exterminated” in Holocaust II— or if you are one of those who believe the first one never happened, then you’ll be exterminated in Holocaust I. Though, I’m sure you’ll be spared. After all, what good is power when you have no slaves to control?! That takes all the fun out of totalitarianism when you have killed all of your totali-toads. Cherry bomb up your butthole will be the choice method of execution. No more showers and cyanide pellets.

      And you’ll light the fuse when they tell you to, because the public will be sent into a panic by something “scary and threatening” which will cause all of the idiots to give up every last bit of their imaginary control and freedom in exchange for protection! I’m sure martial law and police states will decentralize and destabilize the existing federal government/prop and in a state of chaos and lack of central authority, “heroes” will step in and set up an “interim government” until they can restore the one some of us know and hate. Then the interim government sort of turns into a long term reassignment of power (kind of like how a “quick invasion of Iraq”, a “shock and awe” campaign to ensure we wouldn’t get involved in a decade+ war with no end in sight… that keeps jumping from country to country and of course we can’t just leave them hanging like we did sadaam…! We need a long term “exit strategy” which will curiously be aborted due to a new threat that we can’t ignore! How is it that 12-13 years later, we STILL haven’t trained the “Iraq military/our miltary” enough to self sustain. We can’t create a sovereign entity in a decade and a half?! Seems like we want them to depend on us and keep our forces in a key area in the Middle East, right there all sexy snuggled with Syria and Iran, we could almost just peek over and see what our friendly neighbors are up to… not that we care….)

      Seems I got carried away talking about reality. Sorry, I am forced to live in a pseudo-reality, so getting to talk about the real world gets me excited and wound up. Carried away daydreaming of truth and that kind of ridiculous shit. I apologize for my obvious delusion and paranoia……… Yeeeeaaahh. Let’s go with that story, avoiding reality has been working out really great for everyone so far, yeah? Wouldn’t want to ruin this utopia we’re fortunate enough to be living in. Where’s your nationalism and patriotism?? Be proud to me a puppet! Somebody has to, cause I’m sure as hell not gonna fall for that shit…

  • Victor

    Every company in the world is bought. Can’t believe you guys are just figuring this out.

    • Ron Rainz

      Agreed.
      As someone who grew up living under the same roof with, and who was raised by a member of the intelligence community, I’m sometimes amazed as to how indifferent or ignorant people are on the subject of the Government’s surveillance on the general public.

      I’m not blaming anybody, since I would totally be in the dark about these things as well, had I not been exposed to it. I’m just saying that people should not be so surprised. The reason Apple and all these other companies allow this is pretty simple: Its a backhanded deal with the authorities, which allows these companies in turn to receive many perks from the government – both above and under the table.

      Now, lets clarify: its not as if Apple, Microsoft or the NSA are actually physically monitoring everybody’s emails, phone calls and text messages in any given moment. That’s just absurd, because its impossible. The scope of manpower and man hours needed to pull something with that kind of magnitude off is far beyond feasible.

      No, Apple and the other tech companies have little to do with this, aside from allowing it. The Government is the true “culprit” here, and it does this so that they can have easy access to devices used by “persons of interest”. Said “persons of interest” can be anybody that the government might be looking into, at any given time and for any given reason (suspicion of terrorist activity, fraud, etc’).

      This, in essence, is a civil rights and liberties issue: While he police might need to get a warrant to search your phone, other more clandestine government agencies do not. RICO clauses and the Patriot Act allow them to pretty much do as they please, and get away with it without having to give any answers (not even formal ones) to John Q, Public.

      I can only advise that anybody who has a problem with this, should seriously start using a burner phone. This isn’t going to change anytime soon, no matter how big and intense the public outcry might get. They have the power, and they’re not going to give it up.

      • Wolfer

        Very well said!!! Im with you and well Im like u in this man…if you understand what I mean

      • Ron Rainz

        Thanks. Roger that. Nuff said, right?

      • Sound_Mind24

        Great point of view man. Nothing to hide, nothing to fear.

      • Ron Rainz

        Exactly. Thanks.

  • siddique

    agreed wd him

  • Brian 

    If this type of news is something that scares you, then this should be a wake up call because this is some of the LEAST important things on the list of things our government is doing behind our backs. Plus who cares, they can snoop in my text messages and dirty pictures all they want instead of taking action on real threats.

    P.S. If you are a terrorist donate your iPhone to me immediately!

    • Dani Hayes

      Just because you do not value privacy and security does not mean the rest of us do.

      • Brian 

        & just because you do doesn’t mean that the government is going to stop invading our privacy so might as well accept it and move on with your daily life.

      • Sgt. ThroatPunch

        Baaaaaaa.

      • Dani Hayes

        Only way it can be stopped is if stupid people like you actually speak out against it but you idiots never will because you have no grasp on the reality of it.

      • Brian 

        You obviously don’t have a grasp on reality of you think the government will ever stop. You must be one of those who still thinks politicians are all honest people working for the good of the citizens as well 🙂

      • Dani Hayes

        Too many dumb asses like you in this world is what the problem is.

        “I do not care if my government spies on me. It makes us safer from terrorists.”

        What a tool.

      • Brian 

        You are obviously much smarter than me. What exactly have you done that has helped stop the government from spying on us like you said? You know, other than arguing behind a computer and not actually doing anything in real life about it.

      • Dani Hayes

        Yes because you know that I have not done anything about it.

        If you do not care why don’t you post all your conversations, pictures, whereabouts, and everything else on a public forum for the world to see. Maybe than you care about privacy. I doubt that though.

      • Brian 

        Obviously you haven’t done anything to stop them, because they’re still doing it LOL. & it’s simple, if you don’t want the government knowing all of those things then don’t use technology. Send your messages in little envelopes with owls.

      • Dani Hayes

        And that’s why you are an idiot.

      • Brian 

        And thats why you’re still getting spied on

      • Innes

        isn’t that called facebook?

  • Rodney Coleman

    Who cares…. These people know our every move. Oh well…

  • Rowan09

    No surprise here.

  • Blue_Kobra

    I don’t give a fu… I don’t care what they know. I don’t have anything abnormal on my device that I don’t want the government/apple to see. But I can see where others might have a problem with it.

  • Adel Ali

    Its good to know people like him care and will get to the bottom of things

  • CODENAME_CAFE

    OH NO OMFG NO LOOK AT ME IM SURPRISED WOW
    eh that was expected..

  • Charlie DuHadway

    We always should assume there watching. And I’m kinda glad. I have nothing to hide. And if they do stop the next 9/11 because of these “backdoor” holes in ios. That’s awesome.

    • (JailbreakQA) King Shoot

      It is highly unlikely that the next major terrorist attack will happen on September 11th. More like somewhere in June, so the terrorist can get ice cream

  • Dan

    I have nothing to hide. If they can stop potential crimes by doing this, why not.

  • Zaidan Umar

    Oh now apple’s gona read my msgs with my girl :/
    Why do people have to worry if they’re not doing anything wrong??

    • Because the NSA according to a reliable source (Edward Snowden) is treating our data like a joke. Perhaps if the government was open and transparent about what they were doing there would’t be a problem but no people are literally taking our private and sensitive data like a complete and utter joke and it sickening for me to hear that this is happening. It’s one thing partaking in mass surveillance but it’s another thing treating it like a complete and utter joke, having no respect for the persons data your viewing and passing nude photographs around the office like there’s no tomorrow…

  • (JailbreakQA) King Shoot

    At least we can patch this backdoor with a jailbreak tweak. Take that Crapple

  • mav3rick

    “…Apple has never worked with any government agency from any country to create a backdoor in any of our products or services.”
    Yeah, sure. Build by themselves.

  • Nic

    With the new iPhone 6 coming out I better sell my old iPhone before the value of it drops. I usually search 8-14 different sites to find the best offer, but I just found this company that compares all the buyback companies in one spot, it’s called RecomHub.

    It’s like Kayak but for electronic devices that show you all the offers in one spot.

  • mlee19841

    If this exist on the apple platform. One can only wonder how bad it is on the android platform.

    • AnArcticMonkey

      Somehow Apple fanatics always find a way to bring Android into conversations…I only use Apple products, but seriously get the bias out of your head.

      • mlee19841

        Not a blind apple user. Just stating the facts. If this is a problem on apples side I’m pretty sure it’s and issue on android as well.

  • mlee19841

    If their just looking for keywords used or looked up that’s related to terrorism I’m all for it.

  • U Kn0w What 1t 1s

    I’m switching to android, s5 or note 4. There are tons of encryption options if you are rooted and their new os is honestly as nice as iOS.

  • Soylent Green

    You just noticed and btw you have also been willingly handing over bio-metric data with “cool” touchID “feature” –
    Line up over there for fingerprint scan- its ok your a sheep we have urs from apple, ALL THIS HAS BEEN ON RECORD FOR AGES, wake up, see at alexjones radio show for more info

  • AnArcticMonkey

    The comments here show Apple can do no wrong apparently…

    -An Apple fan, but not someone who worships the bloody company…