Forensic Expert Questions Covert 'Backdoor' Services Included in iOS by Apple

[alexgowers]

IMHO you are more likely to give away sensitive data online on Facebook etc that can be used to compromise your bank, email and various accounts than to worry about backdoors in phones.

They are probably explainable, i don't claim to be a knowledge on this kind of thing so I don't know enough to make a judgement. But You should all know that any device connected to the internet is open no matter how much you wish it was private, so don't do bad things on it OK.

 

[iChrist]

I don't know man. People complain about Apple losing their edge in their TV ads. And yet when it comes to wild data leak claims like this, Apple suddenly become the best marketing ?

All they said was no, we don't do it. It's up to you to believe or not.

Does ANYONE say they do it?

 

[OldSchoolMacGuy]

Interesting, so this was before Microsoft released Cofee for law enforcement?

Our first version launched in 2005 so yes, it pre-dated COFFEE.

 

[esaleris]

A simple question (which I posted a few posts back):

Are these backdoors available without physical access to the device?

 

[ebouwman]

I don't understand why people get so worked up about this sort of thing.

<snip>

We should all stop being so suspicious, and learn to fully trust the NSA and GCHQ. These guys are serious, trained professionals - not spotty nerds who are out to steal credit card numbers or pictures of your girlfriend!

Actually according to snowden this is what they were doing. NSA guys were passing around nude photos.... So ya....

 

[Rigby]

A simple question (which I posted a few posts back):

Are these backdoors available without physical access to the device?

The services described by Zdziarski can be accessed over the phone's Wifi connection (but not cellular), or over USB. It is basically the same service that iTunes uses to sync (which, as you know, is also possible over USB and Wifi). The attacker needs to obtain a cryptographic key to authenticate himself to the phone. There are various ways to obtain such a key (one way is to copy it from a computer that the iPhone has been previously connected to).

 

[burne]

This article says otherwise.

The original post of Zdziarski is quite different. (something nasty) 'this article'.

Are these backdoors available without physical access to the device?

You need quite extensive access to the infrastructure of your target to be able to access these 'backdoors'.

If you have access to the key pairs I use to communicate with my iPhone access to my text messages is not a real problem. You'll have access to all the files I consider sensitive enough not to copy to my phone or icloud or dropbox or my own 'clouds'.

 

[Mums]

If the information from this article is true, it's actually quite scary.
It's like selling a TV with a built-in, hidden webcam that can peer into your private life without you knowing it.

Like 1984.

 

[Rigby]

The original post of Zdziarski is quite different. (something nasty) 'this article'.

You should read his paper. Apple exposes some services via usbmux that don't seem to have a legitimate use other than spying. For example, there is a packet capture service (pcapd) that allows an attacker to remotely monitor the phone's complete network traffic, and a service that provides access to the same (and more) data accessible by the backup service while bypassing that service's encryption feature. Apple should provide an explanation and/or remove these services.

You need quite extensive access to the infrastructure of your target to be able to access these 'backdoors'.

Actually no, you don't.

You'll have access to all the files I consider sensitive enough not to copy to my phone or icloud or dropbox or my own 'clouds'.

The attacker will also have access to your location cache and various other sensitive usage data.

 

[Mums]

I hate all the 'wouldn't happen under Jobs' comments that get thrown around on these boards, but in this circumstance I think they may actually have some truth. Having read Jobs' biography (as an aside, if you haven't, then you definitely should - great book), he was very much against this kind of thing.

I can imagine him telling Obama exactly where to go at any meeting where he may have suggested iOS backdoors. Even if he had to back down for legal obligations, you know he'd have fought hard against it. For some reason, I can't imagine Tim having as much vigour, though I have no hard evidence to base that opinion on and I hope I'm wrong.

Jobs' death appears to have been quite convenient. All respect to him.

----------

Why the conspiracy theory paranoia? The government has pretty much been caught red handed violating the constitution, trampling over the 4th amendment, abusing power etc.

Continue to question and always assume our centralized, increasingly power hungry and paranoid government will use tools like this to abuse its citizens.

You as a citizen are duty bound to keep an eye on this kind of thing and question it at every turn. Nothing wrong with that and you shouldn't feel like you are conspiracy theorist but instead a guardian of our rights and a good citizen.

Get lazy and freedom erodes. Keep fighting and we keep our rights.

At some point the sheeple will accept that there is a conspiracy. And, by the way, the conspirators have taken over Apple. Tim is a manipulated puppet - like Obama.

 

[wovel]

I don't understand why people get so worked up about this sort of thing.

Those backdoors are there for your protection. They are put there for the exclusive use of the governments who we democratically elected. i.e.: the good guys.

We should all stop being so suspicious, and learn to fully trust the NSA and GCHQ. These guys are serious, trained professionals - not spotty nerds who are out to steal credit card numbers or pictures of your girlfriend!

As long as these backdoors are secure (and surely they are!), then we have nothing to fear.

Well, to start with, not everyone using an iPhone lives under a democratically elected government.

 

[dec.]

blah blah blah blah it's Apple so it's harmless

<if article was about Google/Android> thread burns

Just a personal question out of curiosity. Whenever there is some malware, bug, something-not-so-pretty (e. g. Schmidt & The Bilderbergers) about Android or Google discovered, do you go onto Android-themed forums and post "<if article was about Apple/iOS> thread burns"?

 

[NY Guitarist]

When I sign a EULA I have a right to full disclosure to what is in the contract.

Apple, please explain this backdoor.

 

[scoobydoo99]

Actually, it's quite believable considering Apple may be ordered by the courts to do so. Let's not forget Obama's meetings with tech execs. It's believed Microsoft was forced to cripple BitLocker due to such an order, and it's strongly believed they either stole or found the encryption algorithm for Truecrypt. Apple did have CarrierIQ imbedded in its operating system (removed in iOS 5).

First, they're not being "ordered". It doesn't have to come to that. All the government has to do is "ask" and tech companies jump in bed with them. Second, it wouldn't be "the courts" asking, it would come directly from intelligence agencies (and/or executive branch). There is no court coercion at all. That would be too public and traceable. This is much more sinister, and there's really no way to stop it.

Face it, we lost. All that's left to do is wait for the end. Of course, it might be 50-100 years or even more, so most of us can continue enjoying our gargantuan SUVs and Starbucks lattes as things spiral downward.

----------

Only drug dealers and criminals would have to be worry about this.

Kids... be sure those back doors are not meant to see the porn you are watching.

What is amazing is the ego of the people who say: ohhh... I do not trust Apple any more! And they are in the internet posting. An smart person just do not post anything in first place in public places.

Then you are complaining when a plane goes down or when there is a terrorist act: where was the CIA?

Today they can track your messages, position, everything! and trust me, that is an issue that has stopped gang members from committing murders. If I have an iPhone and I get murdered, the police will know where I was and the messages exchanged and they can compare my position with the suspects.

I am very free for Apple to be doing that, as I say, I live in the real world, I am not a show off ego maniac kid.

I would NEVER ask "where was the CIA" <shudder>

Government spying doesn't stop gang members from committing murders, and even if it DID, it wouldn't be legal without a court order (i.e. not just a subpoena).

Given a choice, I'd prefer gang murders over government agents. The gang thugs can't send me to Guantanamo for this post (they don't even know about it). The government thugs, on the other hand, know everything and can do anything.

 

[captain kaos]

There is no reason to believe Apple would ever do anything to deliberately compromise the security of our data. Apple is the one company that strives to do everything to protect us and our privacy from prying eyes.

So you think the amazing company, with all its know-how hasn't spotted these holes in their OS?

 

[benthewraith]

If I have an iPhone and I get murdered, the police will know where I was and the messages exchanged and they can compare my position with the suspects.

Yes, they'll know because they'll ask the cell company that information. Not because they're looking at some NSA database.

 

[captain kaos]

I don't understand why people get so worked up about this sort of thing.

Those backdoors are there for your protection. They are put there for the exclusive use of the governments who we democratically elected. i.e.: the good guys.

We should all stop being so suspicious, and learn to fully trust the NSA and GCHQ. These guys are serious, trained professionals - not spotty nerds who are out to steal credit card numbers or pictures of your girlfriend!

As long as these backdoors are secure (and surely they are!), then we have nothing to fear.

I don't no where to start with this one. The democratically elected groups are the good guys?! It must be lovely living in that cloud cookoo land you're in!

 

[SoGood]

Disappointing news. I'd like to see how they explain this.

Why? Hardly surprising! Explain? Backdoors would also exist in Android and Windows Phones. Any of the US based smartphone OSs would have "US intelligence compatible" backdoors. Similarly, other countries would have their version. Don't be naive!

 

[Rigby]

Why? Hardly surprising! Explain? Backdoors would also exist in Android and Windows Phones. Any of the US based smartphone OSs would have "US intelligence compatible" backdoors.

For one, because Apple has explicitly denied having implemented backdoors for government agencies:

http://techcrunch.com/2013/12/31/ap...ware-of-alleged-dropoutjeep-snooping-program/

I'll reserve judgment until Apple has had an opportunity to explain this, but if it turns out that these services really don't have a legitimate use, Apple has severely violated its customers' trust.

 

[SoGood]

For one, because Apple has explicitly denied having implemented backdoors for government agencies:

http://techcrunch.com/2013/12/31/ap...ware-of-alleged-dropoutjeep-snooping-program/

I'll reserve judgment until Apple has had an opportunity to explain this, but if it turns out that these services really don't have a legitimate use, Apple has severely violated its customers' trust.

One can reserve judgement. With what Snowden has disclosed, nothing is out the realm of possibility with those intelligence agencies. It's like legalese, there's always a hole in those statement and promises. There's always a way around it, from the definition of "backdoor" to "government agencies". It's all about plausible deniability. SOP for those intelligence agencies.

Not that I am too worried about it as I have nothing that's of value to them. What does worry me is some rogue with those inside knowledge and apply the craft for criminal purposes.

 

[Rigby]

Not that I am too worried about it as I have nothing that's of value to them. What does worry me is some rogue with those inside knowledge and apply the craft for criminal purposes.

Just the fact that Snowden was able to walk out with tons of data (without the NSA even knowing what he took) shows that these guys cannot be trusted with large amounts of sensitive data.

Also, one should not forget that government agencies are not the only ones who can exploit the services described by Zdziarski. Anybody can buy forensic software that uses these capabilities for little money from companies like Elcomsoft.

 

[the8thark]

I could only hope to someday be considered alongside those great men and women. But the thing about changing the world is it's hard. Really hard. There are sacrifices—especially involving family—that I'm not sure I'm able to make. When I look at my baby daughter, however, I consider the ramifications of not taking action. Which is worse? Putting a mark on my family, our risking future liberty? Given the growing stance of governments worldwide against privacy and freedom, a lot of people should be asking themselves that very question. Take what you do best, and use it to create a better tomorrow. That is the goal.

You can. That's why the child is there at the end. You can change your part of the world to make it a better place.

Also watch this.
https://www.youtube.com/watch?v=-3UZ4CykqQo
It's from a game but it explains "better tomorrow" so so well.

 

[Reason077]

Well, to start with, not everyone using an iPhone lives under a democratically elected government.

Fair point, though I'm sure Apple are not in the business of providing backdoor access to the likes of Russia or Syria.

China, though, I'm not so sure...

 

[seble]

I'm shocked at apple. But in all honestly, not really sure why. The statement they released was a load of crap, as, if you read the guys full report, it wasn't even designed for enterprise and IT departments to retrieve 'limited' diagnostic data, it's far more extensive than that as to what they can retrieve.

I actually am less surprised about them having something like this on their iOS software, but I'm now beginning to question what crap they have loaded onto OSX, and if I can trust apple to hold any of my data. It's a question of trust, and Apple has very quickly severely diminished mine.

 

[nebo1ss]

For one, because Apple has explicitly denied having implemented backdoors for government agencies:

http://techcrunch.com/2013/12/31/ap...ware-of-alleged-dropoutjeep-snooping-program/

I'll reserve judgment until Apple has had an opportunity to explain this, but if it turns out that these services really don't have a legitimate use, Apple has severely violated its customers' trust.

Sometimes you have to examine the details of the statement. They specifically said they never worked with the NSA. They did not say they never worked with any security agency in the US or Globally.