Apple’s (NASDAQ:AAPL) iOS has been deliberately outfitted with several secret back door services and surveillance mechanisms that could allow Apple, law enforcement agencies, or commercial forensic software operators to covertly collect data from iOS-based devices, according to a renowned security researcher. In a presentation first spotted by ZDNet, renowned iOS forensic expert Jonathan Zdziarski — also known as “NerveGas” in the iPhone jailbreaking community — described a number of vulnerabilities in Apple’s mobile operating system. Zdziarski revealed the backdoors during a presentation given at the recent Hackers On Planet Earth (HOPE/X) conference.
According to slides provided by Zdziarski on his blog, iOS has “a number of undocumented high-value forensic services running on every iOS device” and various “surveillance mechanisms to bypass personal security.” While the surveillance mechanisms are ostensibly intended for enterprise users, Zdziarski noted that the ways the mechanisms are designed also make them potential targets. He also highlighted “suspicious design omissions in iOS that make [data] collection easier.”
According to Zdziarski, once your device is first unlocked after a reboot, the backdoor services running on iOS devices will render most of your data-protection encrypted data accessible. “Your device is almost always at risk of spilling all data, since it’s almost always authenticated, even while locked,” noted Zdziarski. The security researcher also pointed out that most of the back door services “are not referenced by any known Apple software” and “are available without developer mode, eliminating their purpose as developer tools.”
One of the services highlighted by Zdziarski is known as “pcapd.” Pcapd “dumps network traffic and HTTP request/response data traveling into and out of the device” and can be targeted via Wi-Fi for remote monitoring. Another service called “mobile.file_relay” is the “biggest forensic trove of intelligence on the device” and was “very intentionally placed and intended to dump data from the device by request,” according to Zdziarski. The security researcher also detailed several other back door services that appear to be designed to collect users’ personal data.
On the final slide of his presentation, Zdziarski concluded that “Apple is dishing out a lot of data behind our backs” and “has added many conveniences for enterprises that make tasty attack points for .gov and criminals.” However, excluding the deliberately included back doors, Zdziarski also noted that, “Apple has worked hard to make iOS devices reasonably secure against typical attackers.”
Although the back door services in iOS appear to be intended for law enforcement use, Zdziarski made it clear that he was not accusing Apple of collaborating with the NSA, even if some of the services may have been exploited by the NSA. “I am not suggesting some grand conspiracy; there are, however, some services running in iOS that shouldn’t be there, that were intentionally added by Apple as part of the firmware, and that bypass backup encryption while copying more of your personal data than ever should come off the phone for the average consumer,” wrote Zdziarski on his blog. “I think at the very least, this warrants an explanation and disclosure to the some 600 million customers out there running iOS devices. At the same time, this is NOT a zero day and NOT some widespread security emergency. My paranoia level is tweaked, but not going crazy. My hope is that Apple will correct the problem. Nothing less, nothing more. I want these services off my phone. They don’t belong there.”
Following the exposure of the NSA’s bulk data collection program by former NSA contractor Edward Snowden last year, Apple and several other tech companies have been pushing the U.S. government to rein in its surveillance programs based on concerns that it could harm their businesses, especially in markets overseas. Earlier this month, the state-run television China Central Television accused Apple’s iPhone of being a national security threat by keeping track of a user’s frequently visited locations, reported Reuters. As noted by RT, Germany’s government phased out the use of Apple’s iPhones last year due to its incompatibility with third-party security software. While it remains to be seen how Apple will explain the back door services uncovered by Zdziarski, these revelations will undoubtedly not help the iPhone maker’s reputation with customers who were already concerned about the collection of their private data.
Follow Nathanael on Twitter (@ArnoldEtan_WSCS)