Backdoor discovered in Apple iOS devices that undermines iPhone security

Backdoor access. Morid1n, CC BY-NC-ND

Apple prides itself on the fact that its iOS, used on iPhones and iPads, is considered to be the most secure mobile and tablet-based operating system on the market. This is a fact that has – until now – been unchallenged when it comes to malware.

But recent research by systems security researcher Jonathan Zdziarski has highlighted some interesting and worrying “backdoors” to Apple’s operating system. Using some novel forensics techniques, he has shown how third parties can potentially gain access to users’ personal data.

What are the vulnerabilities?

Zdziarski discovered that there is a file transfer service that bypasses the back-up encryption offered by Apple. This may be used by Apple employees as a troubleshooting tool when trying to fix damaged devices. But it begs the question: why can this service extract unencrypted files and why is it open to remote access?

Taking each vulnerability of the iOS in turn, Zdziarski notes that some do not appear to have been exploited yet. But he leaves open the idea that they are there to be used either by Apple, or in a Snowdenesqe world by government agencies like the NSA.

What is worrying is that these discoveries appear to be new code added to later versions of the iOS. This means Apple can’t claim that it is code left over from previous versions of the iOS. Though Apple has denied building back doors into their phones, the question remains of why this access has been added without users being given prior warning.

As a networking specialist, an addition I personally find very interesting is Zdziarski’s discovery of a “packet sniffer”. All devices connected to a network, send data packets. A packet sniffer allows network engineers to discover what is moving around our networks. But a tool like a packet sniffer can be misused – to listen in, for example, on network communications between individuals. Listed in the code as “com.apple.pcapd”, this can be run without you being notified.

This means that suddenly all your mobile broadband and wireless traffic is open to investigation – live, in real time and by someone you have never met. From DropBox to your iPhoto upload, email and any web traffic you are using via Safari is now open to analysis to those with the right networking know-how.

Potentially it isn’t difficult to create a logging server to collect all of this data and sift through at any time to see what you have. While this may currently be used in some support capacity by Apple, now that I am aware of its existence, I am also aware of the potential for compromise. It may only take a change in law or a cunning hack for someone unknown to get to see all your network data from your mobile device.

How worried should I be?

I take every reasonable precaution with my mobile devices and those used by my family to ensure that we are not unnecessarily vulnerable. But, with this paper revealing some very detailed analysis of the iOS operating system, options are limited when it comes to protecting your personal information from entry via these built-in “back doors”.

Unfortunately, apart from switching off your data connection or living inside a big metal box, making sure you never connect your phone to any form of mobile broadband or wireless network, there is little that you can do. Sadly, no other phone is better – but somehow the gold standard of security that Apple prides itself on has become a little tarnished.

Apple needs to tell the tech community as well as all its customers what these services accomplish. It must assure us that they are not vulnerable to compromise. To date Apple has denied that there is anything to be concerned about.

The worst that can happen for Apple and its millions of customers is that someone goes one better than the Oleg Pliss attack and digs a more serious hole in this system.

Facts matter. Your tax-deductible donation helps deliver fact-based journalism.