Diagnostic tools in iOS have access to far more personal data than previously thought, bypass encryption

Diagnostic tools in iOS have access to far more personal data than previously thought, bypass encryption
This is a story that emerged several days ago, and over the past few days, the non-tech-centric media started touting about Apple spying on its users through secret backdoors set up specifically for the government’s three-letter agencies (FBI, CIA, NSA, etc.), and other outlets are saying no such backdoors exist in the sense of the word.

So which is it? Well, it is a bit of both depending on how you look at it. From our view, it looks like this follows similar news we shared a couple months ago about how encryption of data is managed and (not) respected on iOS devices.

Before delving into some of the details we should point out that no one, including the person who has been sharing his findings, is trying to make it look like the “sky is falling,” or that is the "zombie apocalyspe."  That these features even exist probably should not come as a surprise to anyone as they have been around for years. Taking the nuance of who-said-what-to-whom-during-when out of the picture for a moment, this information is quite interesting, and revealing.

Jonathan Zdziarski is a forensic scientist, hacker, and reverse engineer. He is an established security authority when it comes to iOS and has written a number of books related to iOS development, the iPhone SDK, as well how to hack and secure iOS apps. What is all the hub-bub about?

First, is this about a backdoor? Yes. Is this something that any Tom-Dick-or-Harry can exploit? No. Does this reflect a number of services that any common person would ask, “Why does that need to be set-up in such a way?” We suspect many of you would say, “Yes.” Should you panic? In Zdziarski’s own words, “DON’T PANIC.”

As you may or may not know, or suspect, Apple does have tools baked into iOS that allow developers, IT departments, and Apple itself, to access an iOS device for purposes of troubleshooting, diagnostics, and file transfers. However, these tools ostensibly are prone to exploitation like any software or operating system. Given the number of services and amount of data in this case though, it is noteworthy.

For Zdziarski, the issue is not that these tools exist, it is due to the fact that there are over 40 services running on an iOS device that hold a great deal of personal data, and they are all accessible through these tools, bypassing encryption (as shown in the video below). Despite the legitimate uses these tools have, some of them could be activated and accessed without the user’s knowledge.

We should point out that the iPhone (or iPad) does need to be paired to a “trusted” device, but pairing can be spoofed, especially if such a pairing file resides on a compromised computer that syncs with an iPhone.  That file could be copied and stolen and then used from another source.  The iOS device would not know the difference, and its pair file does not go anywhere until it is wiped. The iOS device does not need to be jailbroken or tied into a private network either, and the services could be activated wirelessly.

From a security consultant’s point of view, that would be regarded as a vulnerability. As for the data that is accessible, it is not mere metadata, or what anyone could argue as diagnostic in nature. Indeed, once enabled, there is access to the complete photo album, SMS and iMessage messages, notes, contact list, screenshots, and GPS location data.

In his proof of concept video below, Zdziarski shows how once paired, data can be exploited in a number of different ways, under a variety of “threat models.” As you can see, this is not a scenario that makes it a “wild, wild west” for someone if their phone is lost or stolen. However, these services do bypass the user encryption.

The video is about 25 minutes long. The iPhone being used is running iOS 7.1.2, backup encryption is enabled with a PIN lock, and Wi-Fi sync was turned off. As we noted earlier, Zdziarski is not pushing a panic button, but he does believe it is something that needs to be a bit more visible in the public discourse, especially given the number of services running and the amount of information that is available by using these tools.



source: Jonathan Zdziarski (1, 2)

FEATURED VIDEO

15 Comments

1. techperson211

Posts: 1280; Member since: Feb 27, 2014

Now that's how apple roll. Secured OS.

2. techperson211

Posts: 1280; Member since: Feb 27, 2014

It just work. Amazing.

5. techperson211

Posts: 1280; Member since: Feb 27, 2014

Why is it like the author kinda sound defensive in this article for apple? Hmmmm....

4. 0xFFFF

Posts: 3806; Member since: Apr 16, 2014

"Now that's how apple roll. Secured OS." So much for those secure fingerprints. More BS from Apple.

3. 0xFFFF

Posts: 3806; Member since: Apr 16, 2014

This is not surprising. The more researchers look, the more evidence they will find that the NSA really knew what they were talking about when they deemed iPhone users to be nothing more than "iZombies" and that their iPhones were totally owned by Apple/NSA.

6. PhoneArenaUser

Posts: 5498; Member since: Aug 05, 2011

Not surprised! Only tech incompetent people thinks that iOS and OS X are super secure.

7. hafini_27

Posts: 949; Member since: Oct 31, 2013

Surprise! Nope, not one bit.

8. wilsong17 unregistered

Just google Siriproxy and read about the mighty efforts Apple took to shut down various Siriproxies. Apple's attitude was to spend money on symptoms rather than fix the problem. All Apple has done is use its mighty PR machine to spread carefully crafted Plausible Deniability.

9. Trolloftheyear

Posts: 66; Member since: Jul 16, 2014

Lots of restrictions for the security.

10. iZman48

Posts: 8; Member since: Jul 17, 2014

Say the title and just read to read the comments. Must say not disappointed. Lol

11. Nkolsen

Posts: 60; Member since: Mar 28, 2013

Omg. I have never seen such an article before. Talking about being defensive, this article totally get the gold medal.

12. tedkord

Posts: 17356; Member since: Jun 17, 2009

Did you think so? I didn't get that much from it.

13. tacarat

Posts: 854; Member since: Apr 22, 2013

Smartphones are just little computers. How can anybody be surprised or object that Apple or Devs would have ways to get admin privileges? Oh, wait. Humans are irrational. Never mind.

14. HildyJ

Posts: 338; Member since: Aug 11, 2012

And let's not forget that a major thrust of Apple propaganda is that you don't need to worry about security because Apple does it for you. I wouldn't be surprised if Apple was contacted by the NSA within days of filing the first iPhone patents and they cooperated immediately. After all, why does a dev need to read your texts or track where you've been? OTOH, the NSA?

15. 0xFFFF

Posts: 3806; Member since: Apr 16, 2014

Probably. All of Google's systems and software since the early days were designed hand in hand with the NSA. There were often dozens of NSA staffers working at Google's then HQ in Palo Alto.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.