Apple denies creating iOS 'backdoor' for the government
comments
A security expert has warned Apple's iOS software contains potentially sinister tools that could be used by governments to spy on iPhone and iPad users.
Speaking at the 'Hackers on planet Earth' conference in New York, Jonathan Zdziarski said that most users are unaware of the lack of protection for iPhone data.
He added files found hidden within the firm's software contain a file-relay service that can be used to access the user's address book, photos, voicemail and any accounts configured on the device.
However, Apple has denied the claims the backdoor was created deliberately for government or surveillance purposes.
A security expert has claimed that Apple's iOS operating system has potentially sinister tools that could be used for government surveillance. Speaking at the 'Hackers on planet Earth' conference in New York, Jonathan Zdziarski said most users are unaware of the lack of protection for iPhone data
His investigation followed earlier reports of the NSA spying on Apple products, which suggested a 'backdoor' in iOS could provide hackers with valuable information.
A backdoor is a hidden remote access port that can allow outside sources to access a device with little detection.
According to a report by Iain Thomson in The Register, iOS devices have data discovery tools that are separate from those used by Apple.
The conclusion was based on an analysis of 600 million iOS devices, with handsets running the most recent versions of the software at particular risk.
Apple and its CEO Tim Cook (right) have previously strenuously denied any collusion with the NSA in a backdoor spying program aimed at users of iPhones (pictured left). The conclusion was based on an analysis of 600 million iOS devices, with handsets running the most recent versions of the software at particular risk
A backdoor is a hidden remote access from an outside source to the device (stock image pictured) that enables the hacker to have almost full access with little detection
Mr Zdziarski added there is a file dubbed 'com.apple.pcapd' on the device that fires up without notifying the iOS device's owner.
He explained this can record network traffic and HTTP request/response data from the device and could be targeted via Wi-Fi.
'This software isn't some legacy code left on the device by Apple engineers for testing - it has been actively updated and expanded in various iOS revisions,' The Register claimed.
Backdoors are not the type of thing an average hacker can easily exploit, and so far there has been no evidence they've been used for identity theft or a criminal attack
Apple responded by saying the services identified by Mr Zdziarski are not deliberately provided for government agencies to exploit.
The company added they are for 'diagnostic' purposes, and to allow IT workers to manage their company's devices.
More information about Apple's diagnostic capabilities is available from the firm's support pages.
'The problem with this is that these services dish out data (and bypass backup encryption) regardless of whether or not 'Send Diagnostic Data to Apple' is turned on or off, and whether or not the device is managed by an enterprise policy of any kind,' Mr Zdziarski said on his blog.
'Every single device has these features enabled and there's no way to turn them off, nor are users prompted for consent to send this kind of personal data off the device.'
In January, Apple strenuously denied it played any role in the National Security Agency's alleged efforts to hack the iPhone.
Documents published in Germany's Der Spiegel revealed the NSA actively worked on software that enabled it to remotely access iPhones and their text messages, photographs, contacts, location, voice mail and even their video.
The report included an NSA graphic dated 2008 that outlined a system in development called DROPOUTJEEP, described as a 'software implant' that allows infiltrators to push and pull and retrieve data from iPhones such as contact lists.
Der Spiegel referred to it as a 'trojan,' or malware that helps hackers get into protected systems.
The report did not suggest Apple had cooperated with the U.S. spying agency on so-called backdoors.
The Cupertino-based, company said at the time that it had never worked with the NSA to deliberately weaken its products, promising that it would 'defend our customers from security attacks, regardless of who's behind them.'
The investigation followed earlier reports of the NSA (headquarters pictured) spying on Apple products, which suggested a 'backdoor' in iOS could provide hackers with valuable information. Apple said at the time that it had never worked with the NSA to deliberately weaken its products
Put the internet to work for you.
0 comments:
Post a Comment