Security researcher Jonathan Zdziarski has revealed that Apple might have deliberately installed security holes in all of their iOS devices.
In his talk to the HOPE security conference Zdziarski demonstrates “a number of undocumented high-value forensic services running on every iOS device” and “suspicious design omissions in iOS that make collection easier.” He also provides examples of forensic artefacts acquired that “should never come off the device” without user consent.
Zdziarski said Apple did that all the while it shored up the security in the rest of the iOS to make it harder to break in.
The irony is that according to Zdziarski the iPhone is “reasonably secure” to a typical attacker and the iPhone 5 and iOS 7 are more secure from everybody except Apple and the government.
For example, he has noticed that just because you lock your Apple device, it does not mean that your device’s data is encrypted. The only way to encrypt it is to shut it down. This means that as long as your device is on, you are “at risk of spilling all data”.
Commercial forensic tools will be able to perform deep extraction using these backdoor services.
He thinks Apple might have bowed to the demands of the security services and law enforcement to install such security holes to make it easier for them to break in with a warrant.
Apple has stated that it will be transparent when faced with government requests, but Zdziarski thinks that this is still a breach of customers’ trust. The back doors are obviously undocumented and not mentioned to customers at all.