Apple’s (NASDAQ:AAPL) iOS has been deliberately outfitted with several secret back door services and surveillance mechanisms that could allow Apple, law enforcement agencies, or commercial forensic software operators to covertly collect data from iOS-based devices, according to a renowned security researcher. In a presentation first spotted by ZDNet, renowned iOS forensic expert Jonathan Zdziarski — also known as “NerveGas” in the iPhone jailbreaking community — described a number of vulnerabilities in Apple’s mobile operating system. Zdziarski revealed the backdoors during a presentation given at the recent Hackers On Planet Earth (HOPE/X) conference.
According to slides provided by Zdziarski on his blog, iOS has “a number of undocumented high-value forensic services running on every iOS device” and various “surveillance mechanisms to bypass personal security.” While the surveillance mechanisms are ostensibly intended for enterprise users, Zdziarski noted that the ways the mechanisms are designed also make them potential targets. He also highlighted “suspicious design omissions in iOS that make [data] collection easier.”
According to Zdziarski, once your device is first unlocked after a reboot, the backdoor services running on iOS devices will render most of your data-protection encrypted data accessible. “Your device is almost always at risk of spilling all data, since it’s almost always authenticated, even while locked,” noted Zdziarski. The security researcher also pointed out that most of the back door services “are not referenced by any known Apple software” and “are available without developer mode, eliminating their purpose as developer tools.”
One of the services highlighted by Zdziarski is known as “pcapd.” Pcapd “dumps network traffic and HTTP request/response data traveling into and out of the device” and can be targeted via Wi-Fi for remote monitoring. Another service called “mobile.file_relay” is the “biggest forensic trove of intelligence on the device” and was “very intentionally placed and intended to dump data from the device by request,” according to Zdziarski. The security researcher also detailed several other back door services that appear to be designed to collect users’ personal data.