Home / / Undocumented backdoors found in Apple's iOS

Undocumented backdoors found in Apple's iOS

Forensic scientist details surveillance tools that could be used by law enforcement on iPhone

Undocumented backdoors found in Apple's iOS
Zdziarski said that undocumented backdoors are running in the background on over 600m iOS devices

Forensic scientist Jonathan Zdziarski this week detailed a number of tools within the iOS operating system that could be used for surveillance.

Speaking at the Hackers on Planet Earth (HOPE X) conference in New York this week, Zdziarski said that several undocumented backdoors are running in the background on over 600m iOS devices.

He explained that iOS 7 devices, in particular, provide previously unheard-of data discovery tools to do with backup and archiving. He accused Apple of working to ensure that personal data would be protected from everybody else, but could be easily accessible by itself and law enforcement agencies.

"Apple has worked hard to ensure that Apple can access data on end-user devices on behalf of law enforcement," one of his slides read.

"To their credit, iPhone 5 and iOS 7 is more secure from everybody except Apple (and government)."

One of the backdoor tools includes a file-relay service that can bypass the standard encryption offered by iOS 7, Zdziarski said. He claimed that, through this tool, data such as address books, voicemails, audio files and photos could be accessed without a user's consent. Other data to do with iCloud, Facebook and Twitter could also be accessed, he added.

Perhaps most worryingly, the software is not accidentally present on iOS, Zdziarski said; it has been updated numerous times with every new build of iOS, he explained. This is despite Apple not having talked about it.

The Register posited that the software could be needed so that iDevices conform to the 1994 Communications Assistance for Law Enforcement Act (CALEA). However, Zdziarksi told the website that the breadth of the tools that he found far exceeded the requirements of the law.

"I think Apple has exceeded any requirements the CALEA law has with these tools," he said.

"The existence of these interfaces exceeds anything that law requires. It could be that there's some kind of secret court order requiring this, but if there is then the public needs to know about and understand that."

Follow us to get the most comprehensive consumer tech news delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.