Accusations have recently been made that Apple has intentionally built a backdoor on 600 million iOS devices. Apple argues that this backdoor is meant for IT and troubleshooting purposes only. They go on to argue that this backdoor cannot be accessed without user consent.
Jonathan Zdziarski a forensic researcher argues otherwise. At the recent Hackers on Planet Earth Conference, Jonathan presented a talk called “Identifying backdoors, Attack Points, and Surveillance Mechanisms in iOS Devices.” His talk demonstrates “a number of undocumented high-value forensic services running on every iOS device” and “suspicious design omissions in iOS that make collection easier.”
So how does the backdoor work exactly? Backdoor access is made when an iOS device is connected to a computer. The iOS device and the computer swap security certificates in order to establish a secure relationship. Encryption keys are then exchanged to set up encrypted SSL channels. Access to the pairing data will allow anyone to spy on an iPhone user.
However, this formula is not so easy to put together. The hacker must:
- Have the pairing keys
- Know where the devices will be
- Have access to the same wireless networks the devices are on
- Must ensure the devices have wireless access on.
Although this may be difficult for an average hacker to achieve, larger government agencies like the NSA will have no problem with it, and Zdziarski notes that the NSA may have used these backdoor capabilities to retrieve user information and data. This backdoor allows access to private data including photos, browsing history, and GPS locations. This is information that no IT or troubleshooting service should need to attain.
So, does Apple have some more explaining to do? Or is this an issue that loyal Apple users will push under the carpet? If you are concerned, it may be best to avoid connecting your iOS device to a computer.
For more information on Apple backdoor usage, contact us at (800) 875-8843 or send us an email at firstname.lastname@example.org. Our team at Kyocera Intelligence will ensure your awareness of any relevant information concerning your privacy with Apple devices.]]>