This week, we reported on a potential backdoor in iOS devices that would allow anyone with a couple extra minutes on their hands the ability to download the entirety of the data contained on someone’s phone in an instant.
The piece was written off information presented at the Hope X conference in New York last weekend by security researcher Jonathan Zidziarski, who claimed he had stumbled upon a potentially massive hole in the iOS architecture, one which could have major implications for the company behind it if his allegations turned out to be true.
Since the event, a spokesperson for Apple came forward to quickly squash out any concerns users of their mobile phones and tablets may have had, stating that while they were fully aware of the backdoor and had refused to outwardly acknowledge its existence until this point, they were confident that no one would find it under the pretense that only trained Apple Store geniuses were keen enough to pick up on its fairly faint scent.
“We have designed iOS so that its diagnostic functions do not compromise user privacy and security, but still provides needed information to enterprise IT departments, developers and Apple for troubleshooting technical issues. A user must have unlocked their device and agreed to trust another computer before that computer is able to access this limited diagnostic data. The user must agree to share this information, and data is never transferred without their consent.”
Zidziarski’s primary concern was not that this path of entry was openly available to developers however, but rather that either the NSA or FBI had been informed of its existence so they could more seamlessly conduct investigations on individuals without hitting the roadblocks designed to keep their information safe from anyone who might try to pry, whether it was legally sanctioned or otherwise.
Apple was sure to address this point specifically:
“As we have said before, Apple has never worked with any government agency from any country to create a backdoor in any of our products of services.”
On the surface, it would appear we have no reason to suspect Apple is not dedicated to keeping the security of their customer’s information safe, as they have joined with the likes of Microsoft, Yahoo, and AOL for every letter written to Congress which called for an immediate end to the mass surveillance programs of the NSA.
That said, it’s always the company you least suspect that has the most to hide, and with Apple surging ahead in the marketplace from the brink of near-bankruptcy only 15 years ago to becoming one of the top producers of personal technology in the world today, it wouldn’t be entirely out of the realm of possibility to suspect they might be assisting law enforcement more than they’ve publicly let on.
Despite Apple’s response and a flurry of antagonistic tweets sent his way from half the security community at large, Zdziarski remains convinced that what he discovered is not as innocuous as we’ve been led to believe by the same entity who’s dedicated significant capital to dispelling any concern over the issue, and recommends that all owners of iOS devices keep a healthy skepticism about the hole until more details surface in the coming weeks.