Apple iPhone Backdoor???

RusliRusli Posts: 1,001 Adventurer

Much have been reported here... but some how you need to get the facts straight!

 

http://www.cnet.com/news/apple-we-dont-build-backdoors-into-our-products-or-services/

 

Apple: We don't build back doors into our products

Amid new alleged security flaws, the company denies building back doors in its devices or services that allow for government or other third-party snooping.

    by Lance Whitney
    @lancewhit
    July 22, 2014 9:05 AM PDT

Apple has issued a statement insisting that it does not build any back doors into its products or services.

In the following statement posted on Twitter by Financial Times journalist Tim Bradshaw, Apple denied working with any government agency to create back doors in its products:

    We have designed iOS so that its diagnostic functions do not compromise user privacy and security, but still provides needed information to enterprise IT departments, developers and Apple for troubleshooting technical issues. A user must have unlocked their device and agreed to trust another computer before that computer is able to access this limited diagnostic data. The user must agree to share this information, and data is never transferred without their consent.

    As we have said before, Apple has never worked with any government agency from any country to create a backdoor in any of our products of services.

Charges of back door holes have dogged Apple and other tech companies in the wake of the leak of classified government documents by former National Security Agency consultant Edward Snowden. Such security vulnerabilities would allow government agencies, as well as third-party hackers and other malicious entities, to easily gain entry into devices in order to access user data. If true, such charges would damage a company's reputation and sales by implying that they're willing to cooperate with the government at the expense of the trust of their customers.

Apple and other tech players have already responded in the past to deny such allegations. Apple's latest statement is a response to a recent claim from forensic scientist and author Jonathan Zdziarski that the NSA may have exploited certain features and services in iOS to gather data on potential targets. Detailing his claim at a security conference last Friday, Zdziarski did not assert that Apple has cooperated with the NSA in creating back doors, but merely that such back doors seem to exist.

"I have NOT accused Apple of working with NSA, however I suspect (based on released documents) that some of these services MAY have been used by NSA to collect data on potential targets," Zdziarski said in a blog post. "I am not suggesting some grand conspiracy; there are, however, some services running in iOS that shouldn't be there, that were intentionally added by Apple as part of the firmware, and that bypass backup encryption while copying more of your personal data than ever should come off the phone for the average consumer. I think at the very least, this warrants an explanation and disclosure to the some 600 million customers out there running iOS devices."

Apple's response on Monday didn't exactly impress Zdziarski. In another blog posted later in the day, the forensic scientist chided Apple for "inadvertently" admitting that certain back doors do exist in iOS, but that they exist for the purpose of diagnostics for enterprise IT customers. Zdziarski said Apple's seeming admission to these back doors opens up privacy weaknesses in that they bypass the backup password security offered in iOS.

"I understand that every OS has diagnostic functions, however these services break the promise that Apple makes with the consumer when they enter a backup password; that the data on their device will only come off the phone encrypted," Zdziarski said. "The consumer is also not aware of these mechanisms, nor are they prompted in any way by the device. There is simply no way to justify the massive leak of data as a result of these services, and without any explicit consent by the user."

Zdziarski also raised skepticism over Apple's claim that the back doors are used solely for diagnostics.

"I don't buy for a minute that these services are intended solely for diagnostics." Zdziarski said. "The data they leak is of an extreme personal nature. There is no notification to the user. A real diagnostic tool would have been engineered to respect the user, prompt them like applications do for access to data, and respect backup encryption. Tell me, what is the point in promising the user encryption if there is a backdoor to bypass it?"

CNET contacted Apple for comment on Zdziarski's further claims and will update the story with any further information.

 

 

Comments

  • RusliRusli Posts: 1,001 Adventurer

    Well .... In Security We Trust!

     

    http://www.cnet.com/news/apple-responds-to-complaint-over-diagnostic-back-doors-in-ios/

     

    Apple responds to complaint over diagnostic 'back doors' in iOS

    In response to alleged security holes, Apple reveals details on how its diagnostic services access certain data on iOS devices.

        by Lance Whitney
        @lancewhit
        July 23, 2014 7:26 AM PDT

    Apple has detailed some of the diagnostic capabilities in iOS following claims from a forensic scientist that such capabilities open up security holes into the operating system.

    At a security conference last Friday, forensic scientist and author Jonathan Zdziarski said the NSA may have exploited certain features and services in iOS to gather data on potential targets by using back doors built into the operating system. In response, Apple acknowledged in a statement on Monday that specific services allow access to certain data for the purpose of diagnostics but asserted that it has never worked with any government agency to intentionally build back doors into iOS.
    Related stories

        Apple: We don't build back doors into our products
        Apple, IBM cozy up on iOS business apps
        China calls Apple's iPhone a national security threat
        Apple patent looks to smarten up the iPhone's security lock

    Since details of NSA spying programs have emerged via former NSA contractor Edward Snowden, Apple and other tech players have been accused of building back doors into their devices and services. Such security holes would give the government as well as third parties easy access into a company's products for the purpose of capturing user data. The existence of such intentional back doors would damage a company's reputation and sales, so the tech industry has been on the defensive to deny these allegations.

    In a blog posted on Tuesday, Zdziarski said Apple's seeming admission to these so-called diagnostic back doors opens up privacy weaknesses because they bypass the backup password security offered in iOS. Zdziarski also raised doubts about these back doors by saying, "I don't buy for a minute that these services are intended solely for diagnostics."

    How has Apple responded? In a technical support document that was modified on Wednesday, Apple attempted to explain how and why the diagnostic capabilities in question are used in iOS.

        iOS offers the following diagnostic capabilities to help enterprise IT departments, developers, and AppleCare troubleshoot issues.

        Each of these diagnostic capabilities requires the user to have unlocked their device and agreed to trust another computer. Any data transmitted between the iOS device and trusted computer is encrypted with keys not shared with Apple. For users who have enabled iTunes Wi-Fi Sync on a trusted computer, these services may also be accessed wirelessly by that computer.

        1. com.apple.mobile.pcapd

        pcapd supports diagnostic packet capture from an iOS device to a trusted computer. This is useful for troubleshooting and diagnosing issues with apps on the device as well as enterprise VPN connections. You can find more information at developer.apple.com/library/ios/qa/qa1176.

        2. com.apple.mobile.file_relay

        file_relay supports limited copying of diagnostic data from a device. This service is separate from user-generated backups, does not have access to all data on the device, and respects iOS Data Protection. Apple engineering uses file_relay on internal devices to qualify customer configurations. AppleCare, with user consent, can also use this tool to gather relevant diagnostic data from users' devices.

        3. com.apple.mobile.house_arrest

        house_arrest is used by iTunes to transfer documents to and from an iOS device for apps that support this functionality. This is also used by Xcode to assist in the transfer of test data to a device while an app is in development.

    Apple also pointed to a support document on the familiar "Trust this computer" alert that iOS users receive when they plug their device into a PC. Another support page explains what happens when you sync your data with iTunes.

    In another blog posted Wednesday, Zdziarski said he gave Apple credit for revealing details about these services and trying to explain why they exist. However, he also said he believes Apple is downplaying the risks of certain services.

    "I wonder if the higher ups at Apple really are aware of how much non-diagnostic personal information it copies out, wirelessly, bypassing backup encryption," Zdziarski said. "All the while that Apple is downplaying it, I suspect they'll also quietly fix many of the issues I've raised in future versions. At least I hope so. It would be wildly irresponsible for Apple not to address these issues, especially now that the public knows about them."

     

    Other reference links:-

     

    http://www.cnet.com/news/apple-says-its-unaware-of-nsa-iphone-backdoor-program/

     

    http://www.cnet.com/news/security-firm-rsa-took-millions-from-nsa-report/

     

    http://www.zdziarski.com/blog/?p=3447

     

    http://www.zdziarski.com/blog/?p=3466

     

    http://support.apple.com/kb/HT6331?viewlocale=en_US&locale=en_US

     

    http://support.apple.com/kb/HT138

     

    http://support.apple.com/kb/HT6331?viewlocale=en_US&locale=en_US

     

    http://support.apple.com/kb/HT5868

     

     

  • RusliRusli Posts: 1,001 Adventurer

    Kudos to the blogger!

This discussion has been closed.