Advertisement
Advertisement

Apple denies iPhones leak user data as researcher reveals hidden backdoor

James Temperton
23 Jul 2014
iPhone 5s Lightning port
Advertisement

File left behind when iPhone is paired with a computer could give government snoops access to personal data

All iPhones have a secret backdoor that allows snoops to grab your photos, contacts and location info. A security researcher investigating Apple's iOS operating system found that it leaked user data, potentially allowing government spies to access people's data. Apple has furiously denied the claims, saying that the researcher has merely found a "diagnostic" feature used to fix broken phones.

The shocking claims that Apple has deliberately built backdoor access into iOS come from security researcher Jonathan Zdziarski, who was looking for undocumented features in the operating system. The features, Zdziarski claims, allow anyone access to vast swathes of personal data stored on any iPhone.

Responding to the claims Apple said that it had never worked with any government agency to create backdoors in any of its products of services. Zdziarski claimed that even though Apple might not be working with security agencies such as NSA, the backdoor built into iOS may have been used by government spies.

According to research the backdoor in iOS can only be exploited when an iPhone is docked to a computer. At this point a file is created and stored on both devices and can then be used to access personal data stored on the phone.

Apple explained that the data is transferred as part of the iOS backup process, but research has revealed that the apparently encrypted information can easily be accessed.

In a blog post responding to Apple's denial of the backdoor, Zdziarski said the company had missed the point: "These services break the promise that Apple makes with the consumer when they enter a backup password; that the data on their device will only come off the phone encrypted," he explained.

In order for the data to be scraped from an iPhone it has to be connected to a computer, something both Zdziarski and Apple were at pains to emphasise. But Zdziarski explains that once paired the file left behind on a computer could give hackers of government snoops access to previous personal data.

This file potentially gives anyone access to location data, photos, calendar appointments, contacts, messages and more, all without the user knowing that anything had been taken. Zdziarski said that such personal information should never be allowed to leave the device without being securely encrypted.

Apple has denied all claims that there is a built-in backdoor on iOS, while Zdziarski has pleaded with the company to better explain what is going on:

"I think at the very least, this warrants an explanation and disclosure to the some 600 million customers out there running iOS devices. My hope is that Apple will correct the problem. Nothing less, nothing more. I want these services off my phone. They don’t belong there," he said.

Read more

News