iPhones and iPads at Risk of SMS, Picture Hijacking

This weekend at the Hope X conference in New York City, security researcher and iOS pioneer jailbreaker Jonathan Zdziarski spoke to an eager crowd of IT specialists and mobile enthusiasts as he unveiled his latest discovery/creation: malware that can use multiple access points to hop from the desktop in your home to an iPhone with a single push of a button. [Note: updated below]

Once inside the phone, attackers can easily roam through a user’s photos, messages, contacts, and even their recent call list.

This level of freedom is nearly unachievable with most other cracks. While one would think that would make this crack especially attractive to the underground, the complex nature of its attack path has kept most rings from picking it up as a go-to method for exploiting a phone they want to use for nefarious purposes.

Zdziarski minced very little of his speech when he threw out accusations that the hole may have been intentionally placed by Apple in development of iOS in order to give the NSA and local law enforcement a quick, easy, and stealthy way to download immense amounts of data out of a phone without the owner becoming aware in the short amount of time the crack took to pull off.

On top of the extremely hard-to-locate nature of the bug, the specific way the exploit works has led him to believe that only a select few people could have been informed or aware of its existence in the first place.

These facts only further bolster the idea that instead of the problem being an unintentional mishap on behalf of a tired coder at the Cupertino mobile giant, the hole was maliciously placed and hidden in order to give cops an extra leg up when they attempt to monitor data from a suspect’s phone who is an active target of a criminal investigation.

“Apple really needs to step up and explain what these services are doing,” Zdziarski told Ars by phone on Monday. “I can’t come up with a better word than ‘backdoor’ to describe file relay, but I’m willing to listen to whatever other explanation Apple has. At the end of the day, though, there’s a lot of insecure stuff running on the phone giving up a lot of data that should never be given up. Apple really needs to fix that.”

Zdziarski also pulled no punches when he spoke of the depth of the problem, claiming that around 600 million iPhones and iPads are affected by the backdoor and could be fatally flawed if Apple doesn’t quickly step up to the plate to either directly claim culpability in the matter, or at least admit that it missed a spot in its security measures and has a detailed plan on how the issue can be resolved before iOS 8 hits the shelves sometime this September to coincide with the upcoming release of the iPhone 6.

Neither Tim Cook nor an Apple spokesperson have responded to the allegations of wrongdoing on its part, however we’re sure that now that the cat is out of the bag, it won’t be long before the company reluctantly takes the podium with a pre-padded, expertly prepared explanation that will likely dodge attempts by the media to construe this as anything else except pretty much exactly what it looks like.

Update: Apple has since provided the following statement.

We have designed iOS so that its diagnostic functions do not compromise user privacy and security, but still provides needed information to enterprise IT departments, developers and Apple for troubleshooting technical issues. A user must have unlocked their device and agreed to trust another computer before that computer is able to access this limited diagnostic data. The user must agree to share this information, and data is never transferred without their consent.

As we have said before, Apple has never worked with any government agency from any country to create a backdoor in any of our products of services.