Security Market Segment LS
Thursday, 24 July 2014 12:19

Apple’s half denial confirms iOS ‘back door’ Featured

By

A US researcher has mounted a very strong case that Apple has deliberately left security holes in iOS. Apple’s response is underwhelming.

Apple, stung by allegations that it has deliberately left ‘back doors’ in its iOS iPhone and iPad operating system, has issued a half-denial that is already adding fuel to the fire. A back door is a method of bypassing authentication in a computer system.

Allegations that iOS and other operating systems have such intentionally engineered weaknesses that allow user data to be accessed have been around for some time. They have achieved currency since Ed Snowden’s revelations about how the US and other government conduct massive surveillance programs on their citizenry, and how the NSA has expressly asked software companies to create back doors in their products to make surveillance easier.

Those disclosures have also spurred publicity about the extent to which software and Internet companies are complicit, and even cooperative, with government surveillance efforts. Google, Facebook, Microsoft an d Yahoo, amongst others, have publicly stated that they are not part of such programs.

Now Apple has issued a kind of semi-denial. Its hand has been forced by an extraordinarily detailed analysis from Jonathan Zdziarski, author of Author of ‘Hacking and Securing iOS Applications’ and an experienced student of Apple and iOS forensics.

Zdziarski’s analysis is publicly available and other undocumented services that bypass user backup encryption. His analysis explains in great technical details how this is done.

“Apple is dishing out a lot of data behind our backs. It’s a violation of the customer’s trust and privacy to bypass backup encryption. There is no valid excuse to leak personal data or allow packet sniffing without the user’s knowledge and permission.

“Much of this data simply should never come off the phone, even during a backup.  Apple has added many conveniences for enterprises that make tasty attack points for .gov and criminals. Overall, the otherwise great security of iOS has been compromised - by Apple, and by design.”

"I don’t buy for a minute that these services are intended solely for diagnostics. The data they leak is of an extreme personal nature. There is no notification to the user. A real diagnostic tool would have been engineered to respect the user, prompt them like applications do for access to data, and respect backup encryption."

Apple’s CEO Tim Cook has responded. “We have designed iOS so that its diagnostic functions do not compromise user privacy and security, but still provides needed information to enterprise IT departments, developers and Apple for troubleshooting technical issues.

“A user must have unlocked their device and agreed to trust another computer before that computer is able to access this limited diagnostic data. The user must agree to share this information, and data is never transferred without their consent.

“As we have said before, Apple has never worked with any government agency from any country to create a backdoor in any of our products of services.”

That statement falls well short of a denial. Indeed, Zdziarski’s analysis appears irrefutable. He has since posted his response on his website.

“Apple responded to allegations of hidden services running on iOS devices with this knowledge base article. In it, they outlined three of the big services that I outlined in my talk.

“So again, Apple has, in a traditional sense, admitted to having back doors on the device specifically for their own use. Perhaps people misunderstand the term ‘back doo’ due to the stigma Hollywood has given them, but I have never accused these ‘hidden access method’” as being intended for anything malicious, and I’ve made repeated statements that I haven’t accused Apple of working with NSA.

“That doesn’t mean, however that the government can’t take advantage of back doors to access the same information. What does concern me is that Apple appears to be completely misleading about some of these, and not addressing the issues I raised on others.

The issue has set the blogosphere alight. Some Apple fans say they trust the company implicitly to do the right thing, others say they will never use Apple again. But the main effect seems to have been to sow further seeds of doubt about the extent to which the whole IT industry has, wittingly or unwittingly, helped the wholesale spying on innocent citizens by their own government.


Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinatrs and campaigns and assassistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Graeme Philipson

Graeme Philipson sadly passed away in Jan 2021 and a much valued senior associate editor at iTWire. He was one of Australia’s longest serving and most experienced IT journalists. He is the author of the only definitive history of the Australian IT industry, ‘A Vision Splendid: The History of Australian Computing.’He was in the high tech industry for more than 30 years, most of that time as a market researcher, analyst and journalist. He was founding editor of MIS magazine, and is a former editor of Computerworld Australia. He was a research director for Gartner Asia Pacific and research manager for the Yankee Group Australia. He was a long time weekly IT columnist in The Age and The Sydney Morning Herald, and is a recipient of the Kester Award for lifetime achievement in IT journalism. Graeme will be sadly missed by the iTWire Family, Readers, Customers and PR firms.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments