Apple has “inadvertently admitted” to creating a “backdoor” in iOS, according to a new post by a forensics scientist, iOS author and former hacker, who this week created a stir when he posted a presentation laying out his case.
Apple has created “several services and mechanisms” that let Apple — and, potentially, government agencies or malicious third parties — extract lots of personal data from iOS devices, says Jonathan Zdziarski. There is, he says, no way to shut off this data leakage and there is no explicit consent granted by endusers.
He made his case in a talk, “Identifying back doors, attack points, and surveillance mechanisms in iOS devices,” [available in PDF] at the annual HOPE X hackers conference last week in New York City. The talk was based on a paper published in the March issue of “Digital Investigation,” which can be ordered online.
Essentially, Zdziarski says that Apple over time has deliberately added several “undocumented high-value forensic services” in iOS, along with “suspicious design omissions…that make collection easier.” The result is these services can copy a wide range of a user’s personal data, and bypass Apple’s backup encryption. That gives Apple, and potentially government agencies, such as the National Security Agency, or just bad people intent on exploiting these service, the ability to extract personal data without the user knowing this is happening.