iSpy? Researcher exposes backdoor in iPhones and iPads

Filed Under: Apple, Cryptography, Featured, iOS, Mobile

iphone. Image courtesy of st.djura/Shutterstock.How much of your personal data on your iPhone or iPad would you be willing to bet law enforcement or a hacker can grab from your device, even if you've encrypted it?

How about all of it?

A "backdoor" that Apple built into iOS for developers can be used to spy on iPhones and iPads by governments, law enforcement, or cyber criminals, according to forensics researcher Jonathan Zdziarski.

For the backdoor to be exploited by a spy, your iDevice needs to be synced to another computer via a feature called iOS pairing.

Once your iDevice is paired to your PC or Mac, they exchange encryption keys and certificates to establish an encrypted SSL tunnel, and the keys are never deleted unless the iPhone or iPad is wiped with a factory reset.

That means a hacker could insert spyware on your computer to steal the pairing keys, which allows them to locate and connect to your device via Wi-Fi.

Because iPhones and iPads automatically connect to Wi-Fi networks with names they recognize, an attacker could then set up a hotspot using a spoofed network name to get your device to connect, and grab all your data.

Zdziarski used his talk at the HOPE X hacker conference on 18 July to state that Apple's backdoors give access to personal data that's beyond what developers or Apple itself need.

In mentioning that the Snowden leaks revealed the National Security Agency (NSA) had used backdoors in iPhone, Android and BlackBerry, Zdziarski also implied that the NSA may have used Apple's backdoors for easy access to iPhones and iPads.

Apple issued a statement to reporters, acknowledging the access through pairing.

But what Zdziarski described as a backdoor, Apple calls "diagnostic functions" - Apple said developers and IT departments need them for "troubleshooting."

Apple's statement also flatly denies any cooperation with the NSA, or government agencies "from any country."

We have designed iOS so that its diagnostic functions do not compromise user privacy and security, but still provides needed information to enterprise IT departments, developers and Apple for troubleshooting technical issues.

A user must have unlocked their device and agreed to trust another computer before that computer is able to access this limited diagnostic data. The user must agree to share this information, and data is never transferred without their consent.

As we have said before, Apple has never worked with any government agency from any country to create a backdoor in any of our products or services.

On his own blog, Zdziarski explained further that he doesn't think Apple is in cahoots with the NSA, but he said these features (or bugs) should not be in iOS.

Zdziarski said:

Apple’s seeming admission to having these back doors, however legitimate a use they serve Apple, unfortunately have opened up some serious privacy weaknesses as well.

I think at the very least, this warrants an explanation and disclosure to the some 600 million customers out there running iOS devices.

The lack of disclosure of these security loopholes is a bit puzzling, but Apple seems to have, at least, done the disclosing part now.

Will Apple back down?

Will the programmers in Cupertino be instructed to remove the libraries, or perhaps limit their use to developers debugging their apps?

Chances are that's not going to happen, not least because Apple obviously went to some trouble to get all this stuff working in the first place.

Image of iPhone courtesy of st.djura /

, , , , , ,

You might like

5 Responses to iSpy? Researcher exposes backdoor in iPhones and iPads

  1. Steve · 442 days ago

    This article describes the issue as a "backdoor", but to me, as described, it's more of a discovered exploit, not a backdoor, which is usually defined as something a developer put in to allow them easy secret access later.. For this exploit, the attacker first has to compromise a PC that your device has been paired with, to extract the SSL keys. Now, this isn't necessarily that hard or far fetched, but it's hardly Apple's fault if your PC gets hacked into!! Once the attacker has your SSL keys, those keys act as your password, and the phone basically has to respect the keys/passwords that it has been setup with. I don't consider this an apple problem - I consider this another reason to be careful not to let your system get infected with malware

  2. Tim · 442 days ago

    I could see an argument for providing an interface for a user to see what pairings a device has with the ability to delete them... but a backdoor ? Seriously, that's hyperbole. By that definition any computer that has an SSH daemon running on it that accepts public Key auth has a "backdoor" because if someone manages to hack into a system on which you have your keys and steals them, they can get in.

  3. These services have nothing to do with diagnostics. This is a backdoor, and if Apple doesn't change it, it will likely be because of a NSL issued by the NSA.

    Time will tell...

  4. Ted · 440 days ago

    So, if I understand the article correctly, my iPhone first has to be paired with my PC, which it is not and I see no reason to ever have it be paired with my PC. And then, some schmuck has to hack into my computer or my Wifi network, which isn't going to happen because my router has a firewall and requires a WPA2-PSK 64 character hex password. I don't think I'll be losing sleep anytime soon.

    • Tiffany · 424 days ago

      well lets hope and pray you dont go over your 5 gigs of icloud storage because if you never sync with itunes to do a backup then you are gonna lose that stuff if something happens to your phone,

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

John Zorabedian is a blogger, copywriter and editor at Sophos. He has a background in journalism, writing about technology, business, politics and culture. He lives and works in the Boston area.