Apple’s iOS operating system is notorious for being fairly secure from external attacks, but what about internal threats? There have been reports of backdoors being found in the operating system, which allow Apple and subsidiaries of the law (i.e. the NSA) to access devices that run it.
According to forensic scientist Jonathan Zdziarski, who spoke at the Hackers on Planet Earth (HOPE) conference in New York, Apple’s security-oriented operating system isn’t as secure as its users think it is. These backdoors are supposedly used for debugging and nothing else, but due to the information that they are collecting, this purpose is highly unlikely. The information being removed from the operating system is of a personal nature, and is collected in a raw format. This means that it cannot be returned to the device, which also makes this data obsolete for backup and recovery purposes.
Perhaps the most shady thing about this entire situation is that these services are not referenced by other Apple software or documentation, and how these services work around device encryption. This is most commonly seen in iOS 7.0, the most recent installment of iOS software. After booting up a device and initially unlocking it, encrypted information can be accessed and retrieved. Locking your device does nothing to prevent this.
Zdziarski says, “Your device is almost always at risk of spilling all data, even while locked.” He also suggests that third-party forensic software companies have been granted permission to access these backdoors, which allow them to sell this information to law enforcement. In fact, Russian software firm Elcomsoft sells a tool which can let someone access backup files for an iCloud account, but the real catch is that this can be done without the account holder’s Apple ID.
iOS 8 (currently in development) is said to have improved privacy features which could potentially provide advantages over the Android mobile OS, but if these problems in the operating system remain a prevalent issue, Apple’s reputation could be on the line.
It’s also worth thinking about whether iOS is the only mobile operating system which allows such shady activity. If Apple fails to remediate these problems in future versions of iOS, they may lose favor with the public for devices from Android or the rising star, Windows Phone 8.1.
If you are looking to purchase new, secure mobile devices for your business, Tektonic can help you pick out the best of the best, and equip you with security solutions that can keep you safe from external threats. Call (416) 256-9928 and see what we can do for your business.
What are your thoughts on these potential backdoor threats? Let us know in the comments!