A minor firestorm has erupted in the mobile device world after claims made by Jonathan Zdziarski, who is described at MacRumors as a “forensic scientist and iPhone jailbreak expert,” that the Apple iOS operating system has hidden backdoors.
The claims were made at the Hackers On Planet Earth (HOPE/X) conference this week in New York City. According to MacRumors, services such as “lockdownd,” “pcapd” and “mobile.file_relay” can “bypass” encryption and allow data collection. It quoted Zdziarski’s statement, which hardly makes him seem like an alarmist. He writes that Apple added elements of firmware “that shouldn’t be there,” which can compromise personal data:
I think at the very least, this warrants an explanation and disclosure to the some 600 million customers out there running iOS devices. At the same time, this is NOT a zero day and NOT some widespread security emergency. My paranoia level is tweaked, but not going crazy. My hope is that Apple will correct the problem. Nothing less, nothing more. I want these services off my phone. They don’t belong there.
Ubergizmo links to a Twitter denial of Zdziarski’s claims. The response says that Apple designed iOS to provide diagnostic information to IT departments, developers and Apple without compromising user privacy and security. It denies that the company has ever worked with any governmental agency to insert backdoors in its products.
This is not the first time this month that questions about what Apple’s iPhone iOS does and doesn’t do with consumer information have been raised. Chinese state broadcaster CCTV said earlier this month that the frequent locations feature in iOS 7 poses a threat:
Ma Ding, director of the Institute for Security of the Internet at People’s Public Security University in Beijing, told Chinese state broadcaster CCTV on Friday that the frequent locations function could be used to gather “extremely sensitive data,” and even state secrets.
Apple posted an explanation in English and Chinese describing what the service is intended to do.
It is unclear if functions such as those described by Zdziarski would need to be present to carry out the nefarious goals suggested by the CCTV report, or if it could be done within the normal operating parameters of the feature. It is clear that people and companies of all sorts are watching Apple very carefully. It also is worthwhile to apply the old political axiom: If a candidate or office holder is explaining, he or she is losing, even if the explanation is perfectly reasonable.
Carl Weinschenk covers telecom for IT Business Edge. He writes about wireless technology, disaster recovery/business continuity, cellular services, the Intenet of Things, machine-to-machine communications and other emerging technologies and platforms. He also covers net neutrality and related regulatory issues. Weinschenk has written about the phone companies, cable operators and related companies for decades and is senior editor of Broadband Technology Report. He can be reached at cweinsch@optonline.net and via twitter at @DailyMusicBrk.