On July 18, Jonathan Zdziarski, a former iOS jailbreaker and current iOS forensic scientist and law enforcement consultant, gave a talk at the HOPE X conference in New York City. Zdziarski's talk was on backdoors, attack points and surveillance mechanisms in iOS. In the talk he alleged that there are a number of ways for government agencies, including law-enforcement, to get at the personal data you store on your iPhone, iPod touch, and/or iPad. Zdziarski posted slides from the talk, based on an earlier journal publishing, on his website a couple of days ago. They've since been shared via other websites and social networks, and a lot of confusion and concern has arisen.
When reached for comment, Apple reiterated to iMore that it has never worked with any government agency to create a backdoor in any product or service:
"We have designed iOS so that its diagnostic functions do not compromise user privacy and security, but still provides needed information to enterprise IT departments, developers and Apple for troubleshooting technical issues," Apple told iMore. "A user must have unlocked their device and agreed to trust another computer before that computer is able to access this limited diagnostic data. The user must agree to share this information, and data is never transferred without their consent."
As we have said before, Apple has never worked with any government agency from any country to create a backdoor in any of our products or services."
So, what's going on here?
When you connect your iPhone or iPad to iTunes on Mac or Windows — and choose to trust that computer — a pairing record is created that maintains that trust for future connections. Zdziarski claimed that if someone takes physical possession of that computer, they can steal those pairing records, connect to your device, and retrieve your personal information and/or enable remote logging. If they don't have your computer, Zdziarski claimed they can try and generate a pairing record by tricking you into connecting to a compromised accessory, like a dock (juice jacking), and/or by using mobile device management (MDM) tools intended for enterprise to get around safeguards like Apple's Trusted Device requestor.
Because the NSA surveillance controversy is still fresh in many people's minds, Zdziarski added a "don't panic" statement on his blog, emphasizing that he wasn't accusing Apple of working with the NSA, but does suspect that the NSA might be using the techniques he outlined to collect data.
Zdziarski also praised iOS 7 security, saying that Apple has hardened its devices against typical attacks, including making changes that have shut down a "number of privately used spyware apps." However, he'd like to see them strengthen it further with asymmetric encryption of incoming messages and media, the file system equivalent to "session keys," a boot password, and a backup password.
Apple is rolling out new security and privacy protections as part of its upcoming iOS 8 software update, scheduled for release this fall. These improved features include MAC address randomization to prevent stores from tracking you as you walk around to shop, "while-in-use" rather than "always-on" location permissions to prevent apps from tracking you when they don't need to, better privacy controls for your contacts, always-on VPN to secure your connections, and more.
Bottom line, security is constant vigilance, and companies are only ever as good as the speed and efficacy of their last patch. Following Zdziarski's presentation, there'll be a lot more attention paid to just these kinds of data leaks, and that's good for all of us. Until then, if you're concerned about privacy and security, Apple provides several tools and features you can use to further lock down your iPhone, iPod touch, and/or iPad:
- How to prevent unauthorized pairing with your iPhone or iPad using Apple Configurator
- 5 ways to increase security and privacy on iPhone and iPad