I’m so glad I’m a techno-weenie! My old phone is just a phone and that’s the way I like it. No texting, no surfing… just a few important calls now and then. ~ BP
July 23, 2014
A highly skilled hacker who presented at the recent Hackers On Planet Earth (HOPE/X) conference in New York has dropped a massive bomb on the state of smartphone privacy. Jonathan Zdziarski, an active member in the iPhone development community who helped work on many early iOS “jailbreak” iterations, says Apple has deliberately engineered back door surveillance systems into the iPhone, allowing both the company and the government easy access to users’ personal data.
During his presentation, Zdziarski, who goes by the hacker alias “NerveGas,” showed detailed slides explaining how iOS is inherently insecure — on purpose. His investigation into the coding behind iOS revealed that the seemingly user-friendly system, which is used on hundreds of millions of Apple iPhones, contains a number of “undocumented high-value forensic services” and “suspicious design omissions,” both of which make it relatively easy for private data to be extracted from users’ phones.
NSA developed program to gain ‘almost complete access’ to iPhone
While Apple has apparently installed reasonable safeguards to protect against average civilian hackers, he says, the device giant has intentionally created wide-open back doors for Apple and the government to easily access users’ personal data. The National Security Agency (NSA) is one such government agency that, according to a leaked document from 2008, was able to gain “almost complete access” to the iPhone.
“In December 2013, an NSA program dubbed DROPOUTJEEP was [revealed] by security researcher Jacob Appelbaum that reportedly gave the agency almost complete access to the iPhone,” wrote Jason D. O’Grady for ZDNet. “The leaked document, dated 2008, noted that the malware required ‘implant via close access methods’ (presumably physical access to the iPhone) but ominously noted that ‘a remote installation capability will be pursued for a future release.’”
iPhone constantly at risk of ‘spilling all data,’ says Zdziarski
Zdziarski named three specific undocumented iOS services — “lockdownd,” “pcapd” and “mobile.file_relay” — that appear to have been installed on more than 600 million iPhones for the purpose of collecting data. Other intentional failures like the iPhone’s “unmarried” authentication passcode allow for third-party access to the device without users’ consent.
“Your device is almost always at risk of spilling all data, since it’s almost always authenticated, even while locked,” explained Zdziarski, noting that this constant state of authentication appears to be an intentional design “flaw.”
Even law enforcement could pull iPhone data during a routine traffic stop with the right tools
All of these vulnerabilities and more, says Zdziarski, allow for complex forensic tools to gain access to the iPhone. Even a common law enforcement officer, given that his department has these tools in its arsenal, could theoretically gain access to the contents of an iPhone during a routine traffic stop or arrest, before the phone’s owner gets a chance to manually shut it down and activate an encryption service.
There are also ways to piggy-back the contents of an iPhone through certain “black bag” acquisition techniques, he says. These include compromised iPhone docking stations, for instance, or alarm clocks. This technique is known as “juice jacking,” and Zdziarski says law enforcement and the Feds have shown interest in the technology.
“Why is there a packet sniffer running on 600 million personal iOS devices instead of moved to the developer mount?” asked Zdziarski in a long list of questions to Apple. “Why are there undocumented services that bypass user backup encryption that dump mass amounts of personal data from the phone? Why is most of my user data still not encrypted with the PIN or passphrase, enabling the invasion of my personal privacy by YOU?”