Security researcher says iOS may be vulnerable to government snooping by design

password-cracker

Is iOS spying on you for Apple?

According to forensic scientist Jonathan Zdziarski, quite possibly: Several undocumented services run regularly in the background on over 600 million iOS devices, which could be sending data to Apple.

At a recent talk at the Hackers on Planet Earth conference in New York, Zdziarski identified “a number of undocumented high-value forensic services running on every iOS designs” and “suspicious design omissions in iOS that make collection easier.”

What does that mean? In short, Zdziarski showed that these services could be used to take forensic artifacts off an iPhone or iPad that should never leave the device. He says that while iOS is “reasonably secure” to a typical attacker, Apple itself and, by extension, the government, can gain access to this data relatively easily.

One problem is in the way that iOS 7 encrypts data. Since simply screen-locking your iPhone doesn’t encrypt the most recent data, the only way to trigger it manually is to shut down, or power off your iPhone. “Your device is almost always at risk of spilling all data, since it’s almost always authenticated, even while locked,” Zdziarski writes.

In conjunction with undocumented iOS services, this means that your iPhone’s encryption can be bypassed through USB, Wi-Fi and maybe even cellular. And the data itself seems useless for Genius Bar or carrier purposes.

Zdziarski is willing to admit that Apple may not have nefarious plans, but he asks the simple question: “Why is most of my user data still not encrypted with the PIN or passphrase, enabling the invasion of my personal privacy by YOU?” He concludes that Apple is dishing out a lot of data behind our backs, and that these make “tasty attack points for .gov and criminals.”

Could this be the next great iOS security scandal?

  • markstickley

    If the ‘most recent data’ is not encrypted, that must mean older data IS encrypted. I think the key is when the data is encrypted. If, for example, it’s when the phone is plugged in then it’s reasonable to assume that Apple made the decision to conserve battery as encryption is fairly processor intensive.

  • Adrayven

    Hardly anything to worry about.. It’s like he’s saying their out to get you.. ..wait.. he IS saying that.. it’s a fear monger looking for more book sales.

    The key is they do encrypt the data, just don’t provide a ‘encrypt now’ button.. It generally happens when your phone screen is off or charing while it’s not in use to minimize lag as well as maximize battery. Encryption always comes at the cost of performance and battery..

    • Honesty007

      Typical dumb comment in response to someone not saying everything from Apple is perfect.

      • PMB01

        Typical dumb comment in response to someone pointing out facts.

    • icarusty

      Hardly anything to worry about? Did you read the report? EVERYTHING can be accessed – call logs, messages, notes, files, once you have tethered it to your computer. Remote camera and microphone activation is also possible.

      Furthermore, if there was no problem, why not document the service?

  • Andy Shorrock

    Or is Mr Zdziarski just suffering from paranoia?

About the author

John BrownleeJohn Brownlee is a Contributing Editor. He has also written for Wired, Playboy, Boing Boing, Popular Mechanics, VentureBeat, and Gizmodo. He lives in Boston with his wife and two parakeets. You can follow him here on Twitter.

(sorry, you need Javascript to see this e-mail address)| Read more posts by .

Posted in News | Tagged: , , , |