Undocumented backdoors found in Apple's iOS

Forensic scientist details surveillance tools that could be used by law enforcement on iPhone

Tags: Apple Incorporated
  • E-Mail
Undocumented backdoors found in Apple's iOS Zdziarski said that undocumented backdoors are running in the background on over 600m iOS devices (Getty Images)
By  Tom Paye Published  July 22, 2014

Forensic scientist Jonathan Zdziarski this week detailed a number of tools within the iOS operating system that could be used for surveillance.

Speaking at the Hackers on Planet Earth (HOPE X) conference in New York this week, Zdziarski said that several undocumented backdoors are running in the background on over 600m iOS devices.

He explained that iOS 7 devices, in particular, provide previously unheard-of data discovery tools to do with backup and archiving. He accused Apple of working to ensure that personal data would be protected from everybody else, but could be easily accessible by itself and law enforcement agencies.

"Apple has worked hard to ensure that Apple can access data on end-user devices on behalf of law enforcement," one of his slides read.

"To their credit, iPhone 5 and iOS 7 is more secure from everybody except Apple (and government)."

One of the backdoor tools includes a file-relay service that can bypass the standard encryption offered by iOS 7, Zdziarski said. He claimed that, through this tool, data such as address books, voicemails, audio files and photos could be accessed without a user's consent. Other data to do with iCloud, Facebook and Twitter could also be accessed, he added.

Perhaps most worryingly, the software is not accidentally present on iOS, Zdziarski said; it has been updated numerous times with every new build of iOS, he explained. This is despite Apple not having talked about it.

The Register posited that the software could be needed so that iDevices conform to the 1994 Communications Assistance for Law Enforcement Act (CALEA). However, Zdziarksi told the website that the breadth of the tools that he found far exceeded the requirements of the law.

"I think Apple has exceeded any requirements the CALEA law has with these tools," he said.

"The existence of these interfaces exceeds anything that law requires. It could be that there's some kind of secret court order requiring this, but if there is then the public needs to know about and understand that."

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code