iOS devices are still safe -- from everybody except Apple and the NSA

Security researcher says undocumented services allow Apple and law enforcement to access the contents of any iOS device

Forensic researcher Jonathan Zdziarski has outlined details of how undocumented services in iOS are purportedly used to collect personal data by law enforcement and government agencies, according to ZDNet.

The services, which sport names like "lockdownd," "pcapd," and "mobile.file_relay," are allegedly used to bypass lock screens and collect data from iOS devices, and they're accessible by USB and Wi-Fi. (Zdziarski adds "maybe cellular" to that list as well.)

Zdziarski presented his findings at the HOPE/X (Hackers on Planet Earth) conference in New York, where he noted that while Apple has worked hard to make iOS secure against "typical attackers," the company has also ensured it can "access data on end-user devices on behalf of law enforcement." The end result is that iOS has been made "more secure from everybody except Apple and the government."

According to the slide deck presented by Zdziarski, there are plenty of reasons to believe the services aren't used benignly for debugging. The data collected is of a "personal nature," implying it's of no use for debugging. The data itself is collected in a raw format that "makes it impossible to put data back onto the phone" and is therefore useless for backing up and restoring. The services can be accessed without the use of iOS's developer mode, and -- most damaging to Apple -- the services are not referenced by any other Apple software or Apple's own documentation.

Even more troubling is the way these services bypass device encryption. In iOS 7, once a device is unlocked after booting, encrypted data can still be accessed even while the device is locked. "Your device is almost always at risk of spilling all data," Zdziarski notes, "even while locked."

Zdziarski further alleges that these services have allowed a number of third-party forensic software makers, among them Cellebrite and Elcomsoft, to make and sell data extraction products to law enforcement. Elcomsoft, a Russian software firm offering a broad portfolio of forensic tools, made news back in June when it offered a tool that allowed backup files to be harvested from an iCloud account without the Apple ID of the account holder. The tool took advantage of a behavior in iCloud that allows authentication tokens to be harvested from a user's computer rather than the device itself.

Apple has implemented a number of privacy changes into iOS 8, as discussed by iOS developer Luis Abreu, a move that Computerworld's Jonny Evans interprets as "a competitive advantage against Android." If these services prove to be as problematic as they sound, much of Apple's goodwill in this area will be hard to win back. Google, for instance, could make much hay out of the way Android's code is easier to inspect than iOS's.

It's also worth wondering whether iOS is the only platform that sports such clandestine features. As InfoWorld's Roger Grimes noted in an email, "Do [these] issues also appear on competitor's platforms? I bet many of them do, and if so, what should those vendors and the industries be doing to minimize the risks?"

This story, "iOS devices are still safe -- from everybody except Apple and the NSA," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter.

Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Join the discussion
Be the first to comment on this article. Our Commenting Policies