Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > Mac Community > Community Discussion > Politics, Religion, Social Issues

Reply
 
Thread Tools Search this Thread Display Modes
Old Jul 22, 2014, 09:44 PM   #1
MacRumors
macrumors bot
 
Join Date: Apr 2001
Apple Addresses iOS 'Backdoor' Concerns by Outlining Legitimate Uses for Targeted Services [Updated]




Earlier this week, forensic expert Jonathan Zdziarski attracted attention for his disclosures of what appeared to be "backdoors" in iOS that could allow for covert data collection of users' information from their devices. While Apple issued a statement denying that anything nefarious was involved, the company has now posted a new support document (via Cabel Sasser) offering a limited description of the three services highlighted in Zdziarski's talk.
Quote:
Each of these diagnostic capabilities requires the user to have unlocked their device and agreed to trust another computer. Any data transmitted between the iOS device and trusted computer is encrypted with keys not shared with Apple. For users who have enabled iTunes Wi-Fi Sync on a trusted computer, these services may also be accessed wirelessly by that computer.
The three processes include:

- com.apple.mobile.pcapd: Diagnostic packet capture to a trusted computer, used for diagnosing app issues and enterprise VPN connection problems.

- com.apple.mobile.file_relay: Used on internal devices and can be accessed (with user permission) by AppleCare for diagnostic purposes on the user's device.

- com.apple.mobile.house_arrest: Used by iTunes for document transfer and by Xcode during app development and testing.

Security experts will undoubtedly have additional questions about just how these services work and whether there are better and more secure ways of accomplishing the tasks they handle. At the very least, however, today's disclosure demonstrates a willingness by Apple to share information about the legitimate need for these services and should help quell unsupported speculation that Apple has worked with security agencies to implement these tools to allow for covert surveillance.

Update July 23, 9:52 AM: Zdziarski has responded [Google cache] to Apple's posting of the support document, acknowledging the disclosures but arguing that Apple is downplaying the power of these services.
Quote:
I give Apple credit for acknowledging these services, and at least trying to give an answer to people who want to know why these services are there - prior to this, there was no documentation about file relay whatsoever, or its 44 data services to copy off personal data. They appear to be misleading about its capabilities, however, in downplaying them, and this concerns me. I wonder if the higher ups at Apple really are aware of how much non-diagnostic personal information it copies out, wirelessly, bypassing backup encryption. All the while that Apple is downplaying it, I suspect they'll also quietly fix many of the issues I've raised in future versions. At least I hope so. It would be wildly irresponsible for Apple not to address these issues, especially now that the public knows about them.
Zdziarski also emphasizes that he has never suggested Apple is involved in a conspiracy to open up these services for surveillance - only that they could be used by those seeking to access such data.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Article Link: Apple Addresses iOS 'Backdoor' Concerns by Outlining Legitimate Uses for Targeted Services [Updated]
MacRumors is offline   1 Reply With Quote
Old Jul 22, 2014, 09:47 PM   #2
christarp
macrumors regular
 
Join Date: Oct 2013
Really happy with how transparent apple is seeming to be. Hopefully they fully explain the situation and if something is going on they will admit it and fix it. This is the first step in the right direction.
christarp is offline   9 Reply With Quote
Old Jul 22, 2014, 09:53 PM   #3
lolkthxbai
macrumors 6502a
 
Join Date: May 2011
Quote:
Originally Posted by christarp View Post
Really happy with how transparent apple is seeming to be. Hopefully they fully explain the situation and if something is going on they will admit it and fix it. This is the first step in the right direction.
Seems legit. I'm happy with this response from apple. It's always nice to see people are curious about what services are running on their devices.
lolkthxbai is offline   5 Reply With Quote
Old Jul 22, 2014, 09:54 PM   #4
realeric
macrumors 6502a
 
Join Date: Jun 2009
Location: United States
I believe Apple.
realeric is offline   12 Reply With Quote
Old Jul 22, 2014, 09:56 PM   #5
iSteve-O
macrumors regular
 
Join Date: Oct 2011
With all these security flaws, no wonder the President doesn't use an iPhone.
iSteve-O is offline   6 Reply With Quote
Old Jul 22, 2014, 09:57 PM   #6
MikhailT
macrumors 68040
 
Join Date: Nov 2007
Great first steps, now one more step is to allow the user to opt out on all diagnostic information. One of the problems with _Don't send info to Apple_ is that while it is disabling the sharing of information to Apple, it does not prevent those services from recording the information in the first place. That means your iOS device is still hoarding all sorts of personal information without your knowledge and consent, even though you're not sharing it with Apple. The info can be retrieved illegally and/or with legit forensic tools.

So, Apple needs to step up there and have a simple option to disable all diagnostic information, period. I don't care about legitimate users for these services, they're not required and they're storing information I don't want iOS to store in the first place that's not encrypted with my passcode.

Last edited by MikhailT; Jul 22, 2014 at 10:04 PM.
MikhailT is offline   13 Reply With Quote
Old Jul 22, 2014, 09:59 PM   #7
iCore24
macrumors regular
 
Join Date: Jan 2013
Location: Michigan
Call me an Apple fanboy or whatever, But I 100% (more realistically around 92.8%) trust Apple.

I know Steve Jobs cared 100% about this company. The man stopped working only when it was physically impossible for him to go to work. I heard he even was talking about the iPhone 5 a day before he died to Tim Cook.

I know I know I shouldn't compare Steve to Tim. But I also believe Tim cares just as much as Steve did about Apple. They are honest and truly care about its products.

Im lovin their transparency now!

Last edited by iCore24; Jul 23, 2014 at 02:30 AM.
iCore24 is offline   4 Reply With Quote
Old Jul 22, 2014, 10:03 PM   #8
Zellio
macrumors 6502a
 
Zellio's Avatar
 
Join Date: Feb 2012
In b4 that 1984 commercial with all the Apple users watching Tim Cook
__________________
2012 iMac i7,16 gb,680mx/2009 iMac I5/27" ACD
2012 13" MacBook Retina,8 gb,256 ssd/2010 11.6" MacBook Air
iPad Air/iPad Mini Retina/CoreDuo MacMini/iMac G3/G4/Apple Tv 1,3/iPod Nano 6/iPod 5.5 80
Zellio is offline   1 Reply With Quote
Old Jul 22, 2014, 10:03 PM   #9
PocketSand11
macrumors 6502a
 
PocketSand11's Avatar
 
Join Date: Jun 2014
Location: ~/
This doesn't sound legit. Even if these genuinely are not meant to be backdoors, these are still three security holes that they show no sign of fixing.
__________________
'08 MP, '09 MBP, JB iPhone 5
Fun fact: iPhone 5 aspect ratio = 640/1136 ≈ .5634. 9/16 = .5625. 639/1136 = .5625. Its screen is exactly one pixel too wide to be 9:16.

Last edited by PocketSand11; Jul 23, 2014 at 12:13 AM.
PocketSand11 is offline   11 Reply With Quote
Old Jul 22, 2014, 10:11 PM   #10
BigBeast
macrumors 6502
 
Join Date: Mar 2009
Quote:
Originally Posted by PocketSand11 View Post
[...]these are still three security holes[...]
I don't think that means what you think it means.
__________________
2012 cMBP 2.6GHz Core i7 16gb 512 SSD iPhone 5S iPad Air
BigBeast is offline   15 Reply With Quote
Old Jul 22, 2014, 10:11 PM   #11
Robert.Walter
macrumors regular
 
Join Date: Jul 2012
Quote:
Originally Posted by iSteve-O View Post
With all these security flaws, no wonder the President doesn't use an iPhone.
(Prez would need a case if he did since he would likely fumble and drop it like so many other things...)

Prez doesn't need to worry about digital security when he has the whole NSA working for, and against, him...
Robert.Walter is offline   2 Reply With Quote
Old Jul 22, 2014, 10:14 PM   #12
mbh
macrumors 6502
 
Join Date: Jul 2002
I think Apple knows what kind of scrutiny they are under (fair or unfair, you have to admit it's extreme) and so are unlikely to lie about something like this. Can you imagine the headlines if one of these security researchers actually proved that something they said wasn't true? Right now all we have are accusations, which are a dime a dozen. Tim Cook burps at lunch and there are conspiracy theories on the internet within the hour.
mbh is offline   9 Reply With Quote
Old Jul 22, 2014, 10:20 PM   #13
cdmoore74
macrumors 68000
 
Join Date: Jun 2010
Quote:
Originally Posted by iCore24 View Post
Call me an Apple fanboy or whatever, But I 100% trust Apple.

I know Steve Jobs cared 100% about this company. The man stopped working only when it was physically impossible for him to go to work. I heard he even was talking about the iPhone 5 a day before he died to Tim Cook.

I know I know I shouldn't compare Steve to Tim. But I also believe Tim cares just as much as Steve did about Apple. They are honest and truly care about its products.

Im lovin there transparency to prove these Apple bashers wrong!

Never trust anything 100%. I don't even trust my wife 100% of the time. Hell, I don't trust myself 100% of the time.
cdmoore74 is offline   19 Reply With Quote
Old Jul 22, 2014, 10:23 PM   #14
lewisd25
macrumors 6502
 
Join Date: Jul 2007
Any service with the name "house_arrest" raises some red flags.
lewisd25 is offline   13 Reply With Quote
Old Jul 22, 2014, 10:24 PM   #15
cdmoore74
macrumors 68000
 
Join Date: Jun 2010
How does this title sound?

Google Addresses Android 'Backdoor' Concerns by Outlining Legitimate Uses for Targeted Services

If you mood changes from positive to negative then you know your a Apple fanboy.
cdmoore74 is offline   19 Reply With Quote
Old Jul 22, 2014, 10:29 PM   #16
Rigby
macrumors 6502a
 
Join Date: Aug 2008
Location: San Jose, CA
I tend to believe Apple when they say they didn't install these services for nefarious purposes. But it doesn't change the fact that they expose way more information that is needed for the stated purposes, and that they are not well protected. The diagnostic services should be disabled by default until they are needed (e.g. there could be a switch in the Restrictions settings). I also see no justification for making them accessible via Wifi if they are indeed meant for legitimate diagnostics only.
Rigby is offline   3 Reply With Quote
Old Jul 22, 2014, 10:37 PM   #17
JAT
macrumors 603
 
Join Date: Dec 2001
Location: Mpls, MN
So, we are now to the point where discussions of iOS processes are PRSI??

Somebody may be taking things a little too seriously.
__________________
-- Spiky
JAT is offline   6 Reply With Quote
Old Jul 22, 2014, 10:38 PM   #18
newagemac
macrumors 68000
 
Join Date: Mar 2010
Ok great. Now when is google going to address the far more numerous security questions that researchers have posed regarding Android?

... Crickets???
newagemac is offline   2 Reply With Quote
Old Jul 22, 2014, 10:39 PM   #19
WissMAN
macrumors regular
 
Join Date: Jun 2009
I tend to trust Apple or anyone for that matter until I have a reason not to. In this case I don't know enough about the found code to think it nefarious.

With other comments made by apple I tend to think they know that partnering with the "other side" would be disastrous for their reputation and future.
WissMAN is offline   1 Reply With Quote
Old Jul 22, 2014, 10:40 PM   #20
Watabou
macrumors 68030
 
Watabou's Avatar
 
Join Date: Feb 2008
Location: United States
Quote:
Originally Posted by cdmoore74 View Post
How does this title sound?

Google Addresses Android 'Backdoor' Concerns by Outlining Legitimate Uses for Targeted Services

If you mood changes from positive to negative then you know your a Apple fanboy.
If you make that above post, then you know you're a Google fanboy.

Now can we please stop making these types of posts? This is probably the new "Safari is snappier" type of posts. Take any front page post vilifying Apple, change the headline to Google and then mention how Apple fanboys will be pissed, will take a negative tone and then will promptly **** their pants.
__________________
Haswell 15" rMBP (2.3Ghz, 16GB, 750M GT) | iPhone 5 | Last.fm
Watabou is offline   6 Reply With Quote
Old Jul 22, 2014, 10:51 PM   #21
MikhailT
macrumors 68040
 
Join Date: Nov 2007
Quote:
Originally Posted by WissMAN View Post
I tend to trust Apple or anyone for that matter until I have a reason not to. In this case I don't know enough about the found code to think it nefarious.

With other comments made by apple I tend to think they know that partnering with the "other side" would be disastrous for their reputation and future.
Did you see the slides from the security researcher? It is not that technical, you can see what kind of general information is being stored on the local device storage.

These information are not required for anything, it doesn't break anything by disabling them all from storing the info on the devices.

Imagine this on your Mac, every site you visit in Safari is being stored in the diagnostic file because it could be diagnostically useful for Apple to grab that file and reproduce what you did before Safari crashed. Now, imagine if you intentionally clear your history in Safari but it is not removed from the diagnostic file at all because well, it's for a diagnostic purpose.

Do you think it is okay to record what you did for diagnostic purposes even though you have never turned on the diagnostic mode nor consented to have it shared with Apple?
MikhailT is offline   10 Reply With Quote
Old Jul 22, 2014, 10:53 PM   #22
wiz329
macrumors 6502
 
Join Date: Apr 2010
Quote:
Originally Posted by iCore24 View Post
Call me an Apple fanboy or whatever, But I 100% trust Apple.

I know Steve Jobs cared 100% about this company. The man stopped working only when it was physically impossible for him to go to work. I heard he even was talking about the iPhone 5 a day before he died to Tim Cook.

I know I know I shouldn't compare Steve to Tim. But I also believe Tim cares just as much as Steve did about Apple. They are honest and truly care about its products.

Im lovin there transparency to prove these Apple bashers wrong!

Steve caring 100% about his company =! Apple doesn't collect data on its users.
wiz329 is offline   6 Reply With Quote
Old Jul 22, 2014, 10:57 PM   #23
gotluck
macrumors 68040
 
gotluck's Avatar
 
Join Date: Dec 2011
Location: East Central Florida
Quote:
Originally Posted by cdmoore74 View Post
How does this title sound?

Google Addresses Android 'Backdoor' Concerns by Outlining Legitimate Uses for Targeted Services

If you mood changes from positive to negative then you know your a Apple fanboy.
Haha I would agree.

I like apples response fwiw
__________________
iPad Air LTE 7.1.2 JB (T-Mobile) - GS 4 Google Edition 4.4.4 ART (AT&T) - Windows 7 PC's - iPhone 4 6.1 JB
gotluck is offline   1 Reply With Quote
Old Jul 22, 2014, 10:58 PM   #24
MaSx
macrumors regular
 
Join Date: Jan 2010
Quote:
Originally Posted by christarp View Post
Really happy with how transparent apple is seeming to be. Hopefully they fully explain the situation and if something is going on they will admit it and fix it. This is the first step in the right direction.
You must be kidding. Apple would never want to admit it, until it's shown and proven dot by dot. Only then...you will hear something close to admitting, maybe.
__________________
| iPhone 3GS | iPhone 4S | iPhone 5 | iPad Air | iPhone 5S - Pass | iPhone 5' - Atlast!! |
MaSx is offline   5 Reply With Quote
Old Jul 22, 2014, 10:59 PM   #25
Wolfpup
macrumors 68030
 
Join Date: Sep 2006
Quote:
Originally Posted by lolkthxbai View Post
Seems legit. I'm happy with this response from apple. It's always nice to see people are curious about what services are running on their devices.
Yeah, this does sound legit. I'm happy Apple responded quickly and pretty thoroughly.

I'll be listening to Security Now tomorrow and reserve final judgement until after that, but this sounds very legit, thankfully!
Wolfpup is offline   2 Reply With Quote


Reply
MacRumors Forums > Mac Community > Community Discussion > Politics, Religion, Social Issues

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Forum Jump

All times are GMT -5. The time now is 01:24 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC