Apple denies installing iOS 'backdoor' services for government agencies
In response to allegations that Apple installs "backdoor" services in iOS that could be used to harvest and deliver personal information to government agencies, the company on Monday issued a statement denying any such activity and explains the steps taken to ensure customer data privacy.
Presentation slide from Jonathan Zdziarski's "Identifying Back Doors, Attack Points, and Surveillance Mechanisms in iOS Devices."
According to a statement sent by email to Financial Times journalist Tim Bradshaw, who subsequently posted a snippet of the note on Twitter, Apple reaffirmed it has never work with any government agency to create a backdoor in any consumer product or service.
Various services were brought into question, including some that can seemingly bypass iOS backup encryption to serve up data from a user's address book, clipboard, voice mailbox, calendar, notebook and more. Other examples include enterprise features that allow nefarious hackers to install custom spyware on a device by forging a security certificates.
Data privacy has quickly become a hot-button topic as mobile devices become increasingly capable with each successive generation. Many user-experience features are intrinsically tied with personal data, such as automated task scheduling, cloud-based photo storage or saving credit card information on-device for easy online payments.
These issues were brought to the fore when former defense contractor Edward Snowden exposed America's deep surveillance programs, many of which leveraged digital data generated by consumer electronics and computers.
In a bid for transparency, Apple in January released an update regarding statistics on information requests made by U.S. governmental agencies. Separately, CEO Tim Cook vowed to "absolutely" press Congress for greater transparency on the issue of surveillance.
Presentation slide from Jonathan Zdziarski's "Identifying Back Doors, Attack Points, and Surveillance Mechanisms in iOS Devices."According to a statement sent by email to Financial Times journalist Tim Bradshaw, who subsequently posted a snippet of the note on Twitter, Apple reaffirmed it has never work with any government agency to create a backdoor in any consumer product or service.
A report earlier today cited forensic scientist and iOS hacker Jonathan Zdziarski as saying he discovered a number of suspicious background services in Apple's mobile operating system that could potentially be used to gather unsolicited user information. Zdziarsky recently presented his findings at the HOPE/X conference in New York.We have designed iOS so that its diagnostic functions do not compromise user privacy and security, but still provides needed information to enterprise IT departments, developers and Apple for troubleshooting technical issues. A user must have unlocked their device and agreed to trust another computer before that computer is able to access this limited diagnostic data. The user must agree to share this information, and data is never transferred without their consent.
As we have said before, Apple has never worked with any government agency from any country to create a backdoor in any of our products of services.
Various services were brought into question, including some that can seemingly bypass iOS backup encryption to serve up data from a user's address book, clipboard, voice mailbox, calendar, notebook and more. Other examples include enterprise features that allow nefarious hackers to install custom spyware on a device by forging a security certificates.
Data privacy has quickly become a hot-button topic as mobile devices become increasingly capable with each successive generation. Many user-experience features are intrinsically tied with personal data, such as automated task scheduling, cloud-based photo storage or saving credit card information on-device for easy online payments.
These issues were brought to the fore when former defense contractor Edward Snowden exposed America's deep surveillance programs, many of which leveraged digital data generated by consumer electronics and computers.
In a bid for transparency, Apple in January released an update regarding statistics on information requests made by U.S. governmental agencies. Separately, CEO Tim Cook vowed to "absolutely" press Congress for greater transparency on the issue of surveillance.
Comments
It's not the government you need to watch out for.
It's the jailbreaker "hackers" and their unapproved apps.
But this smells just a little like the typical twice-yearly "shocking scandals" about "if you give your iPhone to a stranger, and give them your password, and bring them snacks while they work and rub their feet, they might be able to get at your stuff!"
If these folks are going to make such claims they need to show their proof. I mean they have combed every line of code to know what's there right. So spill it.
And do the homework to know what's iOS, user or an app
Why would Apple need to make a backdoor for the government? Why would the government need their own entrance to go digging when all the data is handed to them already? Apple already shares their users' info with them (as well as Google, Microsoft, Facebook, etc.).
I'd rather see the phrase criminal enterprises used in place of hackers here. A hacker isn't always a criminal.
In any event you are right, give a person a back door to enter and somebody will find a key to the door. Given that I really think this so called scientist is full of crap. He really should put up or shut up! Frankly his tactics here are similar to those in the global warming community. Scare people without any need to actually offer up proof.
I'd rather see the phrase criminal enterprises used in place of hackers here. A hacker isn't always a criminal.
In any event you are right, give a person a back door to enter and somebody will find a key to the door. Given that I really think this so called scientist is full of crap. He really should put up or shut up! Frankly his tactics here are similar to those in the global warming community. Scare people without any need to actually offer up proof.
Yup. But the original post used the phrase "iOS hacker," so I quoted put the word "hackers" in quotes.
And you were doing so well. Here's just a tiny bit of the overwhelming data that indicates global warming:
Arctic Temperatures Highest in 44,000 Years (Discovery)
http://news.discovery.com/earth/global-warming/arctic-temperatures-highest-in-44000-years-131025.htm
Global Analysis - June 2014 (record high June global average temperature) (NOAA)
http://www.ncdc.noaa.gov/sotc/global/
Global Average Temperatures are Close to 11,000 Year Peak (Scientific American)
http://www.scientificamerican.com/article/global-average-temperatures-are-close-to-11000-year-peak/
The Discovery of Global Warming (American Institute of Physics)
http://aip.org/history/climate/20ctrend.htm
California Drought (CA.gov)
http://ca.gov/drought/
I could go on.
...
...
...
For those of you who haven't read through the slides presented by Jonathan Zdziarski, a former McAfee research scientist turned jailbreaker, it's worth the time wading through 58 pages. http://www.zdziarski.com/blog/wp-content/uploads/2014/07/iOS_Backdoors_Attack_Points_Surveillance_Mechanisms.pdf
One of the more interesting paragraphs was:
... Please note the only categories of user generated active files that can be provided to law enforcement, pursuant to a valid search warrant, are: SMS, photos, videos, contacts, audio recording, and call history. Apple cannot provide: email, calendar entries, or any third-party App data.
Jonathan includes many statements and printouts of plist files as well as information and questions provided to Apple that he says hasn't been answered. This doesn't surprise me because Apple states that they won't necessarily contact you with a reply but I am worried about many of the things he's found. Of course, he jobs have been to find ways to thwart malware attacks but also how to jailbreak iOS. He's providing some proof but as usual, he needs physical access to the iPhone to get the vast majority of the data off the iPhone. As for law enforcement forcing access, the Supreme Court recently ruled that a simple warrant is all that's required for them to search the cell phone of anyone they arrest. I wouldn't think it would be that difficult to get one. Once they have the phone, it's like having any computer, they can get in with the tools they have. The only way around this issue is to be honest and not do anything illegal so it doesn't matter what they find.
Frankly his tactics here are similar to those in the global warming community. Scare people without any need to actually offer up proof.
Are you qualified to evaluate the evidence? If so, have you done so? If not, you are basically saying that the climate scientists who *ARE* qualified to evaluate the evidence are overwhelmingly used to scare people? And they do this because...? It makes them feel good? They get another pittance of a grant to continue the study?
On the other hand, the ones screaming that global warming is not true are paid by Koch Bros, the oil and gas companies, and others who stand to make more money the more global warming (as an end result) they contribute to?
Hmm. Let me see who I'd believe. Millionaires and billionaires who continue to make more money, or scientists who don't get paid all that much?
Of interest: http://www.nydailynews.com/news/national/richard-muller-koch-brothers-funded-scientist-declares-global-warming-real-article-1.969870
http://www.scientificamerican.com/article/who-funds-contrariness-on/
Zdziarski is a Joke. Don't even get me started.
I trust Apple as much as they allow me to verify what's going on my own devices, which currently means I don't trust them at all unless I'm on a jailbroken device which in turn can't be trusted for being jailbreakable.
A company that doesn't trust the owner of a device has galls to ask to be trusted itself...
...that's what I call irony!
The Koch brothers have every right to defend their interests and "climate change" legislation is clearly against their interests. From their Wkipedia page: "The Koch brothers have played an active role in opposing climate change legislation. In 2011, the EPA reported that Koch Industries "emitted over twenty-four million tons of carbon dioxide", as much as is typically emitted by five million cars."
This is not the case in a totalitarian state, where it doesn't matter what "they" find. A simple apostrophe will do to land you in hot water.
On the other hand, the ones screaming that global warming is not true are paid by Koch Bros, the oil and gas companies, and others who stand to make more money the more global warming (as an end result) they contribute to?
Your implication that none in favor of global warming are paid and all opposed to it are is utterly ludicrous.
The Koch brothers have every right to defend their interests and "climate change" legislation is clearly against their interests. From their Wkipedia page: "The Koch brothers have played an active role in opposing climate change legislation. In 2011, the EPA reported that Koch Industries "emitted over twenty-four million tons of carbon dioxide", as much as is typically emitted by five million cars."
Normally I agree with the posts you write SS, but here I think you are backing the wrong horse.
I would argue that the billions of other people on the planet should have the right to a world without global warming and its associated changes in weather patterns that threaten crops and living spaces with droughts or coastal flooding. I maintain that their collective rights outweigh rich bastards like the Kochs and I don't care how many politicians they have in their pockets. And please don't use the 'job creator' bollocks. Jobs come and jobs go but eventually people will realise that some things are seriously messed up here and by then it will be too late to fix.
/rant & have a nice day :-)
... Frankly his tactics here are similar to those in the global warming community. Scare people without any need to actually offer up proof.
Climate scientists around the world, in over 12,00 peer-reviewed papers found a 97% consensus that human activity is the cause of global warming. The likely outcome for life on our home planet if things continue on their present trajectory is horrendous. If there is a "global warming community" (which is a strange phrase) then it must refer to 97% of climate scientists and the rest of us who have concluded that when people who spend their lives working with this stuff (unlike me and, I expect, you) find a 97% consensus on the subject, then we'd better take on board what they say.
Those who deny this science, unsurprisingly, are invariably found to be companies and politicians that benefit financially from selling those products (usually fossil fuels or directly related products) which maintain our suicidal position.
Why would climate scientists want to "scare people without any need to actually offer up proof"? Scientists have to offer proof of their theories - that's how science works, otherwise when wizard69 says that "The moon is made of blue cheese" we would simply agree. Would you expect all scientists to simply conclude "Yep, that sounds plausible. He must be right. The moon IS made of blue cheese"? or do you expect that scientists would demand your proof before they believed you? Climate scientists are saying - this is what we have found. This is how it is. This is where we are heading. We need to sort this out. Fast.
Your implication that none in favor of global warming are paid and all opposed to it are is utterly ludicrous.
Sounds fairly similar to the accusations often levied against anyone posting anything not in favour of Apple that they're a paid up Google or Samsung shill.
I think this has more basis than that. Has any professional who has spoken out against climate change been totally unaffiliated with any industry that has an interest in lax environmental regulation? There seems to be a depressing inevitability that they all end up being exposed as on the dime of the Kochs or Exxon or Shell, or similar.
It's not the government you need to watch out for.
It's the jailbreaker "hackers" and their unapproved apps.
Amen!