During a presentation at Hackers On Planet Earth (HOPE/X), one forensic scientist outlined why a few key additions to Apple’s mobile operating system, iOS, has him questioning their existence, and hoping the company removes them before too long.
Jonathan Zdziarski is a forensic scientist and an iPhone jailbreak expert, and during a presentation at this year’s HOPE/X conference, he outlined some issues he has come across in iOS. Specifically, several “backdoor” services that the Cupertino-based company has included in the software. These covert security mechanisms are implemented by Apple, as stated by Zdziarski and reported by ZDNet, make data collection easier not only for Apple, but also for government agencies.
The services that Zdziarski located include: “lockdownd,” “mobile.file_relay,” and “pcapd” and each of these mechanisms can be used to bypass encrypted backups to acquire data through a WiFi connection, via USB or possibly through a cellular connection. Moreover, Zdziarski points out that they are not carrier tools, or even developer tools, as the information these mechanisms can obtain is personal to the user, and not information used by carrier testing or app debugging.
A silver lining does exist, as he points out that Apple’s iOS is relatively secure against malicious attacks from external sources. However, that’s counterbalanced by design omissions and included services within the mobile OS that make it vulnerable to inspection by forensic tools.
Zdziarski wants to make it clear that he’s not a conspiracy theorist or anything like that, or that he believes this is a widespread security risk. However, he does state that he wants this addressed by Apple, and more than anything else removed from his (and everyone else’s) device:
“I am not suggesting some grand conspiracy; there are, however, some services running in iOS that shouldn’t be there, that were intentionally added by Apple as part of the firmware, and that bypass backup encryption while copying more of your personal data than ever should come off the phone for the average consumer. I think at the very least, this warrants an explanation and disclosure to the some 600 million customers out there running iOS devices. At the same time, this is NOT a zero day and NOT some widespread security emergency. My paranoia level is tweaked, but not going crazy. My hope is that Apple will correct the problem. Nothing less, nothing more. I want these services off my phone. They don’t belong there.“
Perhaps troubling to some, though, would be Zdziarski pointing out that companies like Cellebrite are already using these mechanisms baked into iOS to their advantage, utilizing them in their forensic services they provide to law enforcement agencies.
If you want an immediate way to address the situation, Zdziarski does outline some key steps. First, to implement a complex passcode on your iOS-based device. Also, he suggests that users can use the Apple Configurator application to set Mobile Device Management (MDM) restrictions, while also enabling Pair locking. This will delete all pairing records. It’s a limited fix, and it only protects against third-party forensic services, but it will still leave the device open to Apple’s own tools.