Jonathan Zdziarski identifies ‘Backdoors’ that runs iOS devices

July 22, 2014

Apple has vehemently denied claims by Jonathan “NerveGas” Zdziarski who spoke at the Hackers on Planet Earth conference over the weekend, presenting his claims on the functions, globally renowned iPhone hacker and app developer claimed to have found a range of undocumented functions in iOS mobile operating system that make it possible to grab data off devices wirelessly or through USB connections, without entering passwords or personal identification numbers. ”NeverGas” added that commercial forensic tools are able to take advantage of the undocumented iOS functions to access much of the data devices hold, including bypassing encrypted backups. Apple yesterday rejected Zdiarski’s claims saying the “company has designed iOS so that its diagnostic functions do not compromise user privacy and security, but still provides needed information to enterprise IT departments, developers, and Apple for troubleshooting technical issues. A user must have unlocked their device and agreed to trust another computer before that computer is able to access this limited diagnostic data. The user must agree to share this information, and data is never transferred without their consent. As we have said before, Apple has never worked with any government agency from any country to create a backdoor in any of our products or services.”

Zdziarski also said that while Apple can access data on devices on behalf of law enforcement, the iPhone 5 running iOS7 is more secure against attack than competing devices and operating systems with the exception of Apple and the United States government. In his own estimates, there are over 600 million iOS users in the world and Zdziarski was critical of “Apple dishing out a lot of data behind our backs” which he said is a violation of consumers’ trust and privacy. Additionally, he said Apple had compromised the security of iOS with the undocumented functions, adding “tasty attack points” for governments and criminals. According to “NerveGas”, beyond data access, iOS also contains a libpcap packet sniffing service that can be targeted through wi-fi for remote start-up and monitoring, without any indication to users that it is running, he said. Testing with Twitter, Zdziarski said he was able to use the undocumented functions to retrieve information such as the private messages database. This included several deleted messages. OAuth tokens for authentication were also retrievable, and combined with consumer key and secret, these can be used to remotely spy on all future correspondence. Zdziarski said the backdoors and services are low-level operating system components that have been around for years.Based on former National Security Agency contractor Edward Snowden’s leaked documents, Zdziarski concluded that the spy agency’s DROPOUTJEEP set of techniques for accessing iOS data matched Apple’s undocumented features.

He also claimed Apple was not only “well aware of these components” but was also updating and supporting them – for unknown reasons. “I have emailed both Tim Cook and Steve Jobs at various times to ask for an explanation about these services, citing them as “back doors”, and have received no reply,” he claimed.While Apple is able to retrieve user data for law enforcement from iOS devices, it will only do so under a strict process that includes receiving a valid search warrant. Apple also charges authorities US$1000 per information extraction attempt, Zdziarski said.The data that can be provided to law enforcement includes SMS texts, photos, videos, audio recordings, and the call history of the phone, Zdziarski noted. Email messages, calendar entries and third-party app data can’t be handed over by Apple. iPhones  seems to have secret tools that makes it easy for Apple to snoop on us, on behalf of government agencies although with authorisation to do so.

Contador Harrison