Apple's iOS is renowned for its security when it comes to protection against hackers and malicious software. In fact, that is one major thing the company has always prided it self on. It has also been one of the major arguments in the favor of creating a device locked, closed operating systems. Well, it looks like that just might not be the case anymore. Forensic scientist Jonathan Zdziarski has today posted slides in his talk at New York which highlight several backdoors present in the iOS. These vulnerabilities are identified primarily as Identifying Backdoors, Attack Points, and Surveillance Mechanisms.
Zdziarski is also know as the 'Nerve Gas' hacker in the iOS world. He has worked on several jailbreaking projects and is a well known expert regarding iOS security. These vulnerabilities aren't the traditional kind i.e. those that let hackers or malicious software gain access to your device and wreak havoc. No. In this ever growing conscious world of governmental spying on our private data, Zdziarski has discovered a bunch of services which can bypass encrypted data and can be accessed via USB, wifi and "maybe cellular." He also notes that simply setting a passcode on the lockscreen does not encrypt data on your iPhone. Rather, you have to switch the device off to completely encrypt data.
Zdziarski has released a 57 page PDF on his website about this issue. In one of the slides he acknowledges Apple's design when it comes towards protecting consumer security. The iPhone, as shown above, is reasonably secure to the typical attacker, according to Zdziarski. In fact, he writes that the iPhone 5 and iOS 7 are secure against everyone except Apple and the government. What Apple has done here is that it has provided itself, and the government to access your data, something which has been highlighted in Apple's Law Enforcement Process Guidelines.
Zdziarski also notes that data in the iOS is encrypted with a hardware deduced key, instead of being encrypted via the passcode on the lockscreen. This means that the only way to encrypt your data is to power off your iOS device or your iPhone. "Your device is almost always at risk of spilling all data, since it’s almost always authenticated, even while locked." Once the device is unlocked after a reboot, all of this data becomes accessible once again. This is a result of several undocumented background services running on you iOS device.
Undocumented iOS services recognized by Zdziarski include services such as "lockdownd," "pcapd" and "mobile.file_relay. These have the capability to bypass encrypted backups through USB, Wi-fi and maybe cellular. But whats more suspicious about these services is that they are not mentioned in any Apple software. Plus, the data being compromised is personal in nature. This therefore makes it useless for debugging entirely. In addition, the data can not be restored to the device therefore eliminating any use for carriers or the genius bar. According to Zdziarski,
Zdziarski also ends up criticizing the fingerprint reader on the iPhone, claiming that it does not end up working miracles for your data security. According to him,
Whats even more interesting here is that several forensic software manufacturers have been using this data for profit. According to Zdziarski manufacturers such as Cellebrite, AccessData and Elcomsoft are currently using the backdoor services highlighted above for profits. Wow. Zdziarski then goes on to lay down several questions for Apple asking them to provide explanations for things like
Zdziarski finally then concludes the 57 page PDF by saying what all of us feel like saying to Apple after this gross violation of consumer trust and privacy.