Apple’s iOS spyware

iOS hacker Jonathan Zdziarski has put together a presentation about the deliberate backdoors Apple maintains in iOS.

Firstly, the iOS data encryption uses a hardware-determined encryption key to protect SMS, photos, videos, contacts, audio recording, and call history, no matter what passcode you choose. This key is referred to in code as “NSProtectionNone”, suggesting that the programmers understood the implications and picked the internal label as a snarky way of saying so. So Apple can provide your secret data encryption key to authorities at any time, and will do so.

Secondly, a background task called lockdownd provides a set of undocumented ‘services’ to Apple or anyone else who has the appropriate authentication tokens. Services include adding web proxies remotely, push-installing software, and pulling data from the device.

Thirdly, every iOS device has a packet sniffer built in, which can be remotely activated and operates invisibly to the user.

Finally, a task called file_relay allows Apple to remotely dump your address book, voicemail recordings, calendar, SMS messages, screenshots, e-mail accounts, and so on.

I challenge anyone technical to read the details and not conclude that iOS is deliberately designed to support spying.

There is hope, though, even if you have an iOS device. Because business users require actual security, the iOS Configurator used by big business to manage employee iPhones allows most of the spyware to be turned off. Check the presentation for details.

Update 2014-07-23

Apple confirms backdoors, downplays their severity.

4 thoughts on “Apple’s iOS spyware

    1. Because I didn’t know there was a blog entry.

      It’s not a 0day and not a widespread security hole. Sure. So?

Comments are closed.