Apple once again in Limelight for compromising privacy

Apple’s been like all about iOS security and user’s privacy at all fronts. But they themselves have engineered surveillance backdoors into the iPhones. This was recently revealed by a highly skilled hacker, Jonathan Zdziarski (aka NerveGas) who presented his paper “Identifying Backdoors, Attack Points, and Surveillance Mechanisms in iOS Devices” at the recently held Hacker On Planet Earth conference in New York.

In making the iOS more secure against typical attackers they have just made easier for the Law Enforcement Agencies who with the help of right tools can easily get anything they want from your iOS device even at a routine traffic stop. His investigation into the coding behind iOS revealed that the seemingly user-friendly system, which is used on hundreds of millions of Apple iPhones, contains a number of "undocumented high-value forensic services" and "suspicious design omissions," both of which make it relatively easy for private data to be extracted from users' phones. NSA even developed a program to gain full access' to iPhone.

“In December 2013, an NSA program dubbed DROPOUTJEEP was reveled by security researcher Jacob Appelbaum that reportedly gave the agency almost complete access to the iPhone", as written by ZDNet.

These iOS tools that facilitate spying are not for iTunes or Xcode (quite clever), the Genius Bar/Apple Support, developers or engineers, and the code discovered in iOS versions isn’t something Apple forgot about as years passed. “Apple has been maintaining and enhancing this code, even with iOS 7; they know it’s there,” the researcher wrote.

He pointed that applications using file relay, pcap or house arrest assist in collecting your information. ITunes for which they are quite careful do not use any file relay or pcap. Although it uses house arrest but only for accessing Documents. But maybe the data is collected for folks at Genius Bar or Apple Support? No. Data is too raw to be of any use to tech support and cannot be in anyway put back on phone. Another theory can be for Debugging but 600Million devices need not have debugging always on.

“Well they could have also forgotten that old debug code was there. But over the time the code has been modified and enhanced and that’s true for even iOS 7. They know about it”, were his thoughts. He even contacted Apple’s CEO’s Steve Jobs and Tim Cook regarding the issue but returned empty handed.

“Overall, the otherwise great security of iOS has been compromised… by Apple… by design” he concludes his presentation.

Source : BGR, ZDNet, Zidziarski