Undocumented iOS diagnostic features spark iPhone backdoor concerns

News roundup: The revelation of potential iOS backdoors -- and Apple's perceived acknowledgement of them -- has sparked debate over the definition of a backdoor and raised concerns over iOS security.

Of the two major mobile operating systems, Apple Inc.'s iOS is often touted as the most secure. The company is largely perceived as one that protects its devices from multiple attack vectors and security threats.

However, this week that image was questioned following iOS jailbreaker and forensic expert Jonathan Zdziarski's revelation at the Hope X Conference that iOS devices are equipped with diagnostic capabilities that could be used as a backdoor to enable unauthorized access.

According to Zdziarski, the questionable iOS services include a service that bypasses iOS encryption capabilities to obtain broad user data and metadata, a packet sniffer that can intercept network traffic traveling to and from the device and a function originally developed for iTunes that can gather photos and social media data.

In response to Zdziarski's presentation, Apple published information about what it called three iOS "diagnostic functions" that "do not compromise user privacy and security" but can "provide needed information to enterprise IT departments, developers and Apple for troubleshooting technical issues."

While some have perceived Apple's actions as proof that its devices have backdoor functions -- even if they are in the name of diagnostic capabilities -- several security experts have come out in support of Apple. Mark Curphey of SourceClear Inc. told Computerworld this week that the services only work when explicitly enabled by a device user or on a jailbroken device. Controversial security industry observer Violet Blue similarly wrote that at least one of Zdziarski's discoveries has actually been documented by Apple since as early as 2002.

Apple still claims that it "has never worked with any government agency from any country to create a backdoor in any of our products or services." Zdziarski also stated that "I have NOT accused Apple of working with the NSA," however, he does believe that it is possible that "some of these services MAY have been used by NSA to collect data on potential targets."

Despite Apple and other researchers asserting that the services Zdziarski references are hardly new or malicious in nature, Zdziarski believes Apple is downplaying the implications. Even if the services weren't created explicitly for the NSA or even for surveillance as Apple asserts, it is important to note that 600 million iPhone devices may be affected, potentially putting the personal data of 600 million users at risk.

To mitigate the risks, Zdziarski suggests users delete all pairing records on their devices and prevent any future pairing communications -- one of the major risks of this backdoor is that an iOS device can be potentially hacked by a device it paired with in the past. Using Apple Configurator -- available in the app store -- users can prevent pairing even when devices are unlocked, and set enterprise device management restrictions to boost security. Additionally, setting a complex passphrase on the device can also improve protection.

In other news

  • Trend Micro Inc. has dubbed a new online banking attack "Emmental" after the hole-filled Swiss cheese. The multistage attack has already successfully bypassed two-factor authentication systems at European and Japanese banks and taken control of victim bank accounts using phishing, malware and rogue DNS servers, proving once again that too many security strategies are "full of holes."
  • A scheduled 2014 Black Hat talk, "You Don't Have to be the NSA to Break TOR: Deanonymizing Users on a Budget," has been cancelled. According to the Black Hat website, CERT/Carnegie Mellon researcher Alexander Volynkin "will not be able to speak at the conference since the materials that he would be speaking about have not yet [been] approved by CMU/SEI for public release." The presentation, which reportedly would unmask the cloaked users of the Tor network, has prompted Tor creators to investigate the bug, for which they are currently creating a fix.
  • The Wall Street Journal has confirmed that its news graphics systems were hacked Tuesday; it is the latest major publisher to be hacked since 2013's New York Times incident, in which attackers installed at least 45 malware incidents on its network. According to The Wall Street Journal, the affected systems have been taken offline and no user data has been compromised. A hacker named "w0rm" -- who is reportedly the hacker behind previous attacks on other media outlets including the BBC and Vice Media -- took to Twitter to sell user information gathered from the Wall Street Journal systems and credentials for the servers; the post has since been deleted. The publisher is investigating the incident.

Next Steps

Lock the backdoor: Reduce unauthorized access

Learn more about iOS security issues

Is iOS enterprise ready? Uncover more Apple iOS security secrets

Dig deeper on Handheld and Mobile Device Security Best Practices

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close