The hacker nicknamed “NerveGas,” also known as the forensic scientist Jonathan Zdziarski, claims to have identified back doors, attack points and surveillance mechanisms running on all Apple iOS devices. Zdziarski, who was a development team member on many of the early iOS jailbreaks, recently detailed his findings at the HOPE/X conference in New York (View the full slide show here-PDF).
Essentially, Zdziarski is accusing Apple of intentionally adding some services to the iOS firmware that bypass backup encryption and copy personal data that should not come off users’ phones. The hacker stated that to the company’s credit, Apple has made the iPhone 5 and iOS 7 more secure against everyone — except the government and Apple itself.
In a statement on his website, Zdziarski emphasized that he is not suggesting there’s “some grand conspiracy.”
“I think at the very least, this warrants an explanation and disclosure to the some 600 million customers out there running iOS devices,” Zdziarski stated. “My hope is that Apple will correct the problem. Nothing less, nothing more. I want these services off my phone. They don’t belong there.”
Apple claimed the programs are only for diagnostic functions, responding on July 21 to Financial Times reporter Tim Bradshaw, who in turn posted the Apple response on Twitter:
“We have designed iOS so that its diagnostic functions do not compromise user privacy and security, but still provides needed information to enterprise IT departments, developers and Apple for troubleshooting technical issues. A user must have unlocked their device and agreed to trust another computer before that computer is able to access this limited diagnostic data. The user must agree to share this information, and data is never transferred without their consent.
As we have said before, Apple has never worked with any government agency from any country to create a backdoor in any of our products of services.”
Unappeased, Zdziarski issued his own response the same day. “I don’t buy for a minute that these services are intended solely for diagnostics,” he wrote. “The data they leak is of an extreme personal nature. There is no notification to the user.”
Apple seems to be on the defensive more and more when it comes to security measures. In December, following revelations that the NSA had a spying program called DROPOUTJEEP that targeted iPhones, Apple strongly denied any knowledge of the program and promised to defend its customers from security attacks. And earlier this month, the company had to refute accusations by the Chinese government that iPhones were being used to track the locations of Chinese citizens.
Hacker finds suspicious programs in Apple's iOS
ABOUT AUTHOR