Apple denies NSA data-grabbing backdoors exist in iOS

News
By
published

Claims made by forensic data scientist at hacking conference about iOS access flaws denied by Apple

Apple's iOS mobile operating system contains numerous backdoors that allow hackers to bypass its PIN and password controls to steal users' personal data, a data forensics scientist has claimed.

Speaking at the Hackers of Planet Earth (HOPE) conferences last week, Jonathan Zdziarski shared with delegates details about various backdoors he claims to have found in iOS-running devices that could potentially be exploited by government agencies, such as the NSA.

During his presentation he flagged several mobile OS features that could make the OS vulnerable to government snooping, although he has since gone to great lengths to reiterate that he has not accused Apple of working with the NSA.

We have designed iOS so that its diagnostic functions do not compromise user privacy and security, but still provides needed information to enterprise IT departments.

These include the "lockdownd", "Pcapd" and "mobile.file_relay", which it is claimed can side-step encrypted backups to plunder data on the behalf of third parties.

In a blog post, published in the wake of his appearance at the conference, he said Apple needs to explain to the 600 million people using iOS devices why this capability is included in the mobile operating system.

"At the same time, this is NOT a zero day and NOT some widespread security emergency. My paranoia level is tweaked, but not going crazy," he added.

"My hope is that Apple will correct the problem. Nothing less, nothing more. I want these services off my phone. They don't belong there."

The claims have been strenuously denied by Apple in a statement to iMore, where it was also quick to stress that it has never worked with any government agency to install a backdoor in one of its products.

"We have designed iOS so that its diagnostic functions do not compromise user privacy and security, but still provides needed information to enterprise IT departments, developers and Apple for troubleshooting technical issues," the statement reads.

"A user must have unlocked their device and agreed to trust another computer before that computer is able to access this limited diagnostic data.

"The user must agree to share this information, and data is never transferred without consent," it added.

NSA whistleblower Edward Snowden also spoke, via video link, at the conference this week, and urged attendees to use their skills and expertise to build anti-surveillance products.

Caroline Donnelly
Caroline Donnelly is the news and analysis editor of IT Pro and its sister site Cloud Pro, and covers general news, as well as the storage, security, public sector, cloud and Microsoft beats. Caroline has been a member of the IT Pro/Cloud Pro team since March 2012, and has previously worked as a reporter at several B2B publications, including UK channel magazine CRN, and as features writer for local weekly newspaper, The Slough and Windsor Observer. She studied Medical Biochemistry at the University of Leicester and completed a Postgraduate Diploma in Magazine Journalism at PMA Training in 2006.