Home
An expert security researcher said that there are secret backdoors in more than half a billion mobile devices which are having Apple’s latest iOS.
Jonathan Zdziarski, usually known by his internet world name “NerveGas” was attending a presentation in at ‘Hackers on Earth’ conference in New York on Friday morning where he told the audience “600 million Apple devices which include iPhones, Tablets & iPads have veiled features that allow data to be sneakily transfer.
During his presentation, “Identifying Backdoors, Attack Points and Surveillance Mechanisms in iOS Devices,” Zdziarski publicized that a number of forensic services are installed on every new iPhone & iPad which makes it easier for third party to take out the data from these devices in order to illegally take over and manipulate their private data including text messages, pictures and other application data.
600-million-apple-devices-contain-secret-backdoors
NerveGas further said in iOS devices, there are many unseen functions running there are some functions namely “file_relay” and “pcapd” which lets hackers to pull shocking quantity of data from a phone and does not create any disturbance which may cause user to doubt any strange activity happening.
Zdziarski has written numerous books on mobile phone security and has already exploited and fully explained older versions of the iOS. He has also raised various questions with Apple, however, he said he is amazed and has to discover why the technology revolutionist sale out iOS devices with programs which apparently are useless but are actively involved in digital data leakage.
The slides used by Zdziarski in HOPE/X Talk on Friday, there is a negligible reason to consider that these suspicious programs are used in helping developers or in diagnostics.
“Most services are not referenced by any known Apple software”
Another slide says, “The raw format of the data makes it impossible to put data back onto the phone, making useless for Genius Bar or carrier tech purposes.”
He added “The personal nature of the data makes it very unlikely as a debugging mechanism”.
According to the researcher, evidence of the mysterious programs raises more questions than it does answers.
As Zdziarski said, the mistrustful existence of these programs raise more questions than the answers it provides.
In one of his slides he asked, “Why is there a packet sniffer running on 600 million personal iOS devices instead of being moved to the developer mount?”
“Why are there undocumented services that bypass user backup encryption that dump mass amounts of personal data from the phone? Why is most of my user data still not encrypted with the PIN or passphrase, enabling the invasion of my personal privacy by YOU?”
After the HOPE presentation which really urged the attendees to think about the doubtful presence of the suspicious programs, Jonathan Zdziarski told Ars Technia “I can’t come up with a better word than ‘backdoor’ to describe file relay, but I’m willing to listen to whatever other explanation Apple has. At the end of the day, though, there’s a lot of insecure stuff running on the phone giving up a lot of data that should never be given up. Apple really needs to fix that.”
Finally, Apple responded to all this on late Tuesday that the functions which are questioned are “diagnostic capabilities to help developers, AppleCare troubleshoot issues & enterprise IT departments.
Zdziarski quickly posted a shocking reply on his blog in response to Apple’s answer, “Apple has, in a traditional sense, admitted to having backdoors on the devices specifically for their own use.”
He further wrote “Perhaps people misunderstand the term ‘backdoor’ due to the stigma Hollywood has given them, but I have never accused these ‘hidden access methods’ as being intended for anything malicious, and I’ve made repeated statements that I haven’t accused Apple of working with NSA. However, that doesn’t mean that the government can’t take advantage of back doors to access the same information. What does concern me is that Apple appears to be completely misleading about some of these (especially file relay), and not addressing the issues I raised on others.”
“I give Apple credit for acknowledging these services, and at least trying to give an answer to people who want to know why these services are there – prior to this, there was no documentation about file relay whatsoever, or its 44 data services to copy off personal data. They appear to be misleading about its capabilities, however, in downplaying them, and this concerns me,” he added.
In reaction to these words by Jonathan, Apple said they have “never worked with any government agency from any country to create a backdoor in any of our products of services.”
Jonathan Zdziarski, usually known by his internet world name “NerveGas” was attending a presentation in at ‘Hackers on Earth’ conference in New York on Friday morning where he told the audience “600 million Apple devices which include iPhones, Tablets & iPads have veiled features that allow data to be sneakily transfer.
During his presentation, “Identifying Backdoors, Attack Points and Surveillance Mechanisms in iOS Devices,” Zdziarski publicized that a number of forensic services are installed on every new iPhone & iPad which makes it easier for third party to take out the data from these devices in order to illegally take over and manipulate their private data including text messages, pictures and other application data.
600-million-apple-devices-contain-secret-backdoors
NerveGas further said in iOS devices, there are many unseen functions running there are some functions namely “file_relay” and “pcapd” which lets hackers to pull shocking quantity of data from a phone and does not create any disturbance which may cause user to doubt any strange activity happening.
Zdziarski has written numerous books on mobile phone security and has already exploited and fully explained older versions of the iOS. He has also raised various questions with Apple, however, he said he is amazed and has to discover why the technology revolutionist sale out iOS devices with programs which apparently are useless but are actively involved in digital data leakage.
The slides used by Zdziarski in HOPE/X Talk on Friday, there is a negligible reason to consider that these suspicious programs are used in helping developers or in diagnostics.
“Most services are not referenced by any known Apple software”
Another slide says, “The raw format of the data makes it impossible to put data back onto the phone, making useless for Genius Bar or carrier tech purposes.”
He added “The personal nature of the data makes it very unlikely as a debugging mechanism”.
According to the researcher, evidence of the mysterious programs raises more questions than it does answers.
As Zdziarski said, the mistrustful existence of these programs raise more questions than the answers it provides.
In one of his slides he asked, “Why is there a packet sniffer running on 600 million personal iOS devices instead of being moved to the developer mount?”
“Why are there undocumented services that bypass user backup encryption that dump mass amounts of personal data from the phone? Why is most of my user data still not encrypted with the PIN or passphrase, enabling the invasion of my personal privacy by YOU?”
After the HOPE presentation which really urged the attendees to think about the doubtful presence of the suspicious programs, Jonathan Zdziarski told Ars Technia “I can’t come up with a better word than ‘backdoor’ to describe file relay, but I’m willing to listen to whatever other explanation Apple has. At the end of the day, though, there’s a lot of insecure stuff running on the phone giving up a lot of data that should never be given up. Apple really needs to fix that.”
Finally, Apple responded to all this on late Tuesday that the functions which are questioned are “diagnostic capabilities to help developers, AppleCare troubleshoot issues & enterprise IT departments.
Zdziarski quickly posted a shocking reply on his blog in response to Apple’s answer, “Apple has, in a traditional sense, admitted to having backdoors on the devices specifically for their own use.”
He further wrote “Perhaps people misunderstand the term ‘backdoor’ due to the stigma Hollywood has given them, but I have never accused these ‘hidden access methods’ as being intended for anything malicious, and I’ve made repeated statements that I haven’t accused Apple of working with NSA. However, that doesn’t mean that the government can’t take advantage of back doors to access the same information. What does concern me is that Apple appears to be completely misleading about some of these (especially file relay), and not addressing the issues I raised on others.”
“I give Apple credit for acknowledging these services, and at least trying to give an answer to people who want to know why these services are there – prior to this, there was no documentation about file relay whatsoever, or its 44 data services to copy off personal data. They appear to be misleading about its capabilities, however, in downplaying them, and this concerns me,” he added.
In reaction to these words by Jonathan, Apple said they have “never worked with any government agency from any country to create a backdoor in any of our products of services.”