Security Expert claims iOS "Undocumented Services" allow for data collection

There is a lot of information flying around the internet about security this month. Much of this is due to the looming Black Hat and DEF CON conferences that kick off in August. While many of the articles hitting the net are malware centric we are hearing about a few more that punch more than a few holes in the security of some very popular devices. We have seen Blackberry poke at Samsung and their Knox secure phone layer and vice versa. The biggest one that we have seen is the 58 page document published by security expert Jonathan Zdiarski about the iPhone.

Zdiarski claims that iOS has generally good security, but there were services built into the phone that appeared to be tailor made for surveillance and that could be compromised by malicious individuals to gain access to almost all parts of the phone or device. Zdiarski has stopped short of making any real claims of collusion with the NSA by Apple but he makes it clear that he thinks these services were placed with intent.

“I am not suggesting some grand conspiracy; there are, however, some services running in iOS that shouldn't be there, that were intentionally added by Apple as part of the firmware, and that bypass backup encryption while copying more of your personal data than ever should come off the phone for the average consumer.”

Apple has claimed that a user must have their phone unlocked and agree to trust a connected system to allow for a limited amount of diagnostic information to me collected. This is contrary to what Zdiarski states in the report. In it he states specifically that having a locked phone does not mean all files are encrypted.

He says that after you unlock the phone for the first time (after a reboot or power cycle) undocumented services allow for access to these files. He also notes that library and Caches folders are not encrypted in iOS7. Some of these services (which again are not documented in iOS information) can bypass the backup encryption provided to users and can be accessed wirelessly and possibly via cellular networks.

One very damning feature was what appears to be a packet sniffer. The service com.appl.pcapd can do quite a bit including dump network and http request response data. This services is always on and the end user has no indication that it is running. The service can be monitored remotely via WiFi (other access might be possible). The purpose of this packet sniffer really does go beyond any real diagnostic need.

There is lots more in the full PDF (you can view it here), and we recommend that you read it if you are an iPhone owner. It is quite the eye opener. Even if Apple is not working directly with the NSA documents leaked by Edward Snowden suggest that these services have been used to compromise just about every aspect of the iPhone. We have also heard that these same services have possibly been exploited by even more malicious individuals.

Tell us what you think in our Forum

No comments

Leave your comment

In reply to Some User