Earlier this week, forensic data scientist Jonathan Zdziarski made a bold claim: iOS may be vulnerable to government snooping by design. According to Zdziarski, iOS had multiple backdoors installed that made any device running the OS “almost always at risk of spilling all data,” which in turn made for some “tasty attack points for .gov and criminals.”
Apple, of course, denied having ever worked with the government to install any backdoors. But that didn’t change the fact that these unsecured services do exist, and worse, have gone entirely undocumented. But thankfully, Apple has rectified at least that last problem, penning a new support document that explains what each of Zdziarski’s snoopsome services actually does.
In the support document, Apple writes:
Each of these diagnostic capabilities requires the user to have unlocked their device and agreed to trust another computer. Any data transmitted between the iOS device and trusted computer is encrypted with keys not shared with Apple. For users who have enabled iTunes Wi-Fi Sync on a trusted computer, these services may also be accessed wirelessly by that computer.
These processes include:
com.apple.mobile.pcapd – pcapd supports diagnostic packet capture from an iOS device to a trusted computer. This is useful for troubleshooting and diagnosing issues with apps on the device as well as enterprise VPN connections.
com.apple.mobile.file_relay – file_relay supports limited copying of diagnostic data from a device. This service is separate from user-generated backups, does not have access to all data on the device, and respects iOS Data Protection. Apple engineering uses file_relay on internal devices to qualify customer configurations. AppleCare, with user consent, can also use this tool to gather relevant diagnostic data from users’ devices.
com.apple.mobile.house_arrest – house_arrest is used by iTunes to transfer documents to and from an iOS device for apps that support this functionality. This is also used by Xcode to assist in the transfer of test data to a device while an app is in development.
While Apple seems to use these processes for troubleshooting, that doesn’t change the fact that they are leaking unencrypted data, as Zdziarski proved. Apple needs to fix this in iOS 8.