iOS security makes it very easy for Apple, governments and law enforcement to snoop into users’ data, alleges security researcher and forensic scientist Jonathan Zdziarski. ZDNet spotted the slide show he put together and presented at the Hackers on Planet Earth conference. His presentation is entitled “Identifying Backdoors, Attack Points, and Surveillance Mechanisms in iOS Devices.”
Background services put holes in iOS security
The researcher said there are several services that are running in the background of iOS. While some would think these services are aimed at developers, he says they don’t seem to offer anything to developers or even Apple Inc. (NASDAQ:AAPL)’s staff or support workers. He added that other services are clearly targeted at administrators of enterprises but that they are set up in a way that allows them to be exploited by outside parties.
He said Apple’s iPhone is “reasonably secure” from typical attackers and that iOS 7 and the iPhone 5 specifically are more secure than earlier versions. However, he said the government and Apple itself could easily exploit the background services he uncovered and that Apple has made sure that it has easy access to the data on its users’ devices so that it can hand over the data when law enforcement demands it. He cites Apple’s own guidelines for dealing with law enforcement which describe it further.
One big issue the researcher mentioned was with encryption. He said simply locking the screen of an iPhone doesn’t actually encrypt the data that is on it. He said the only way to do that is to turn the iPhone completely off. He noted that Apple devices are “almost always authenticated, even while locked,” thus making it easy for them to “spilling all data.”
Problems with iOS security
Zdziarski said a lot of the data that can be pulled off iOS devices should never even leave them, even when they are being backed up. For example, he said one HTTP data “packet sniffer” service that runs on every single iOS device could potentially be accessed over Wi-Fi without the user ever knowing.
The one service he seems to have the biggest problem with is one that first showed up in iOS 2 but has since been developed with each successive release of the operating system. He said the service bypasses the encryption and then exposes “a forensic trove of intelligence.” Hackers could potentially access the user’s contacts, clipboard, notes, voicemails, calendars and CoreLocation logs.
Zdziarski alleges that a number of forensic software makers like Elcomsoft, AccessData and Cellebrite turn a profit by using the back door iOS security services to collect user data and then sell it to law enforcement.