A researcher has shared his findings that Apples new iPhone ‘backdoor’ features on installed its phones could potentially be used for surveillance of its users.
The Apple iPhone backdoor feature was recently introduced as standard diagnostic features allowing its users to manage their iPhones. Security experts have already commented that these forensic style services could be used to access personal data, although there is currently no proof that it has been used for surveillance.
The researcher- Jonathan Zdziarski has released the presentation he gave at a HOPE/ X (Hackers On Planet Earth) conference detailing his findings and investigation. This presentation shows how there were a number of previously undocumented “forensic services” and “surveillance mechanisms” within iOS through Apples iPhone backdoor policy.
Apple’s PR has “admitted that, in the classic sense of the word, they do indeed have iPhone backdoor in iOS, however claim that the purpose is for “diagnostics” and “enterprise”. Zdziarski believes that “the problem with this is that these services dish out data (and bypass backup encryption) regardless of whether or not “Send Diagnostic Data to Apple” is turned on or off, and whether or not the device is managed by an enterprise policy of any kind.” Unfortunately, there isn’t a mechanism to disable these features and as a result, “every single device has these features enabled and there’s no way to turn them off, nor are users prompted for consent to send this kind of personal data off the device. This makes it much harder to believe that Apple is actually telling the truth here.”
Although many people are now questioning Apple’s iPhone backdoor feature and demanding an explanation, Apple continues to defend itself and comment that an attacker would need to be in control of that pairing file and in proximity of a target iPhone to retrieve data.