A researcher claims to have a found a secret "backdoor" in iOS that lets the company, and potentially groups like the NSA, slip in and swoop up your information. But Apple claims that fanboys are safe.
During the Hope X security conference last week, researcher Jonathan Zdziarski presented a paper that describes the backdoor he found. Zdziarski says that because Apple doesn't fully encrypt information in native apps on the iPhone, information from email accounts, contacts (even if they're deleted), keyboard typing history, websites users have visited, and iCloud data is left up for grabs by other parties. "Once the device is first unlocked after reboot, most of the data-protection encrypted data can be accessed until the device is shut down," he says. "Your device is almost always at risk of spilling all data, since it’s almost always authenticated, even while locked."
Zdziarski doesn't say that Apple did it on purpose, but says that organizations like the NSA could have exploited it.
I have NOT accused Apple of working with NSA, however I suspect (based on released documents) that some of these services MAY have been used by NSA to collect data on potential targets. I am not suggesting some grand conspiracy; there are, however, some services running in iOS that shouldn’t be there, that were intentionally added by Apple as part of the firmware, and that bypass backup encryption while copying more of your personal data than ever should come off the phone for the average consumer.
So, should you be worried? Apple responded to the report by saying that what Zdziarski came across is meant for diagnostics, and not anything malicious. Zdziarski doesn't accept their explanation. "I don’t buy for a minute that these services are intended solely for diagnostics," he wrote on his blog. "The data they leak is of an extreme personal nature. There is no notification to the user. A real diagnostic tool would have been engineered to respect the user, prompt them like applications do for access to data, and respect backup encryption."
Zdziarski's paper has gotten so much attention that reps from Apple reportedly met with the Russian Ministry of Communications to ease the government's worries that their data could have been leaked (and is leaking) to the NSA. The company even offered to open up the iOS code for them, according to a tweet from Nikolay Nikiforov, the Russian Minister of Communications and Mass Media.
Guess the Nokia 3310 never looked so good.