Your iPhone may well be at risk of spilling a good deal of your personal data, but not in the way you imagine. According to security researcher Jonathan Zdziarski, today's iPhone is actually quite good at fending off a typical hacker, but it also comes with a few convenient -- and secret -- tools that could make it easy for Apple to snoop on you, on behalf of a government agency with authorization to do so.
In a talk at New York's Hackers On Planet Earth conference, Zdziarski detailed his findings as they relate to iOS security. The services he discovered running in the background of over 600 million iOS devices today don't appear to have any known purpose for either end users or developers, and are capable of dumping huge amounts of user data upon request.
Zdziarski seems to have considered all the potential benign uses for these peculiar software additions -- some of which have been a part of iOS for many years, and have evolved over time. He says the information dumped by the device would be unusable to Genius Bar associates or other Apple repair specialists, and the data is too personal in nature to be shared for debugging purposes.
Putting the device in locked mode, with or without Touch ID, doesn't change things. There's really nothing a user can do to protect themselves from these built-in backdoors given that they are part of the design.
The key here is that these backdoors were put in place by Apple, and Apple almost certainly has a purpose for them. Zdziarski notes that commercial forensic companies are already using some of these services in order to mine user data for legal purposes, but is that as far as it goes? We won't know unless Apple offers a detailed explanation, and the chances of that are probably rather slim.
View all of Zdziarski's presentation slides here: (PDF)
[Photo credit: MsSaraKelly]
- Key specs
- Reviews • 40
- Type Smartphone
- Operating system iOS (8)
- Screen size 4.7 inches
- Internal memory 16 GB
- Camera 8 megapixels
- Dimensions 5.44 x 2.64 x 0.27 in
- Weight 4.55 oz
- Released 2014-09-19