Apple confirms iOS backdoors, researcher says explanation is misleading
In the wake of the discovery of undocumented features in Apple’s iOS that can serve as backdoors, the company has modified a knowledge base article to enumerate and explain the three questionable services found by iOS forensics expert Jonathan Zdziarski.
The pcapd utility, it is explained, “supports diagnostic packet capture from an iOS device to a trusted computer,” and is used for “troubleshooting and diagnosing issues with apps on the device as well as enterprise VPN connections.”
The file_relay service is also used for diagnostics and by Apple engineering to qualify customer configurations. “This service is separate from user-generated backups, does not have access to all data on the device, and respects iOS Data Protection,” they claim.
Finally, house_arrest “is used by iTunes to transfer documents to and from an iOS device for apps that support this functionality,” as well as during app development to transfer test data.
Zdziarski commented on this by saying that the problem with pcapd is that it can be be activated on any device wirelessly, without the user’s knowledge or permission and can, therefore, be used for snooping by third parties in a privileged position.
“Apple is being completely misleading by claiming that file relay is only for copying diagnostic data. If, by diagnostic data, you mean the user’s complete photo album, their SMS, Notes, Address Book, GeoLocation data, screenshots of the last thing they were looking at, and a ton of other personal data – then sure-¦ but this data is far too personal in nature to ever be needed for diagnostics,” he added.
He also pointed out that, again, the user is never asked for permission to dump all of this data, or notified in any way. The service can be used wirelessly, and it also doesn’t respect the device’s backup encryption, he says.
He says that, yes, iTunes and Xcode use the house_arrest service, but it can also be used to access sensitive app information, including private conversations and OAuth tokens. “This is not a back door, rather a privileged access that’s available here that really doesn’t need to be there (or at least could be engineered differently),” he pointed out.
He made sure to note that he doesn’t claim that these backdoors were put there intentionally at the behest of the NSA or other authorities.
“What does concern me is that Apple appears to be completely misleading about some of these (especially file relay), and not addressing the issues I raised on others,” he noted, adding that he hopes that the company will quietly fix many of these in future versions of the mobile OS. “It would be wildly irresponsible for Apple not to address these issues, especially now that the public knows about them,” he concluded.