Over the weekend, iOS security hacker Jonathan Zdziarski released a presentation claiming to show how Apple had purposefully made backdoor access points for a variety of system and user data on iOS devices, that would usually be locked and encrypted via the passcode. The legitimacy of the claims is still questionable.
Apple has now commented on the matter, unsurprisingly denying any misconduct. Apple reiterates its previous statement: ‘Apple has never worked with any government agency from any country to create a backdoor in any of our products or services’.
The comment says that the information exposed in the presentation is used for diagnostics purposes by “IT departments, developers and Apple” for debugging. According to Apple, this data is never transferred without explicit consent.
https://twitter.com/tim/status/491370587554471936
FTC: We use income earning auto affiliate links. More.
> The comment says that the information exposed in the presentation is used for diagnostics purposes by “IT departments, developers and Apple” for debugging. According to Apple, this data is never transferred without explicit consent.
Umm, I would’ve agree with that if only there wasn’t a problem with that. How about the fact they’re not accessible to developers nor documented for debugging?
Why does every iOS device on the planet needs to have a packet monitor running all the time?
What about the backup encryption being bypassed for those so called debug services?
> ‘Apple has never worked with any government agency from any country to create a backdoor in any of our products or services’.
That doesn’t deny anything. The presentation wasn’t about Apple working with any government agency but rather that Apple have a list of background processes running on the iOS devices leaking details and bypassing encryption.
They’re both accessible to developers and documented.(https://developer.apple.com/library/Mac/qa/qa1176/_index.html)
So Apple admits the backdoors exist, just not at the behest of any government agency? Great!
ಠ_ಠ
It’s not a “backdoor” if its existence is know and DOCUMENTED. It’s like an exit marked EMERGENCY EXIT versus a secret tunnel – it is a “backdoor” in the literal sense of a dictionary but not when it refers to OS or technology … that is the difference – just like there is a HUGE difference in degrees of seriousness of the word BOMB in general conversation versus a “bomb” in a technology/OS situation.
Bomb! BOMB! Pity you didn’t manage to work terrorism in there too.
Documented or not a backdoor is still a backdoor. And legitimate purpose or not a backdoor is still a backdoor.
The fact is there are services running on every iOS device capable of bypassing encryption and dishing out private data. This is regardless of the “Send Diagnostic Data to Apple” setting or whether or not a device is managed by “enterprise”. Every single iOS device has these services enabled and there is no way for the user to turn them off.
I’m not saying there is some grand conspiracy here. Apple isn’t in bed with the NSA or the lizard people. But there is the potential for a massive data leak of private data and something more than dismissive dribble from a PR person needs to be done.
Why must everything be a bloody conspiracy. No one is looking at your personal information, no one cares you’re having an affair with the crazy cat lady down the road, nobody cares if you downloaded a movie illegally, no one cares that in your spare time you send your friend a racist joke. If the government wishes to see your stuff they will do so, but the only reason they would need to do such things would be if your were a safety risk to people. Let’s say 3 months down the line, two nutters with a bag full of fertiliser blow up a school in the name of some god that may or may not exist. These nutters used electronic devices to communicate and plan it. You would all be jumping up and down asking why the government didn’t do more to protect said school and occupants. If you have nothing to hide what does it matter if some random government computer looks at some information for a split second to make sure you’re not a bloody terrorist. They’re not gonna post the info on your Facebook or phone your friends and tell them you like to stick cheese puffs up your nose whilst listening to the sound of music, naked. Don’t do illegal things and there is nothing to bloody worry about.
Thought I agree with some of the sentiment you express, I will never ever be okay with the concept of “don’t do illegal things and there is nothing to bloody worry about.” The concept of privacy I think should not be discounted. Our rights to be left alone have quickly been dismissed by wide swaths of our culture and violated in numerous ways by a number of companies and governments. I’m of the belief that liberty is of higher importance than safety. I liken this to the concept that, at least in the States, it’s better to leave a criminal on the street than to have an innocent person behind bars.
I like your thinking rahhbriley!
I don’t do anything illegal, but stay out of my business. It’s mine and I have a right to keep it private. I don’t want the government in my phone for the same reason I don’t let them search my car… It’s MINE and the contents are MINE and unless you have probable cause to search what’s mine, STAY OUT OF IT. :) I won’t compromise that for the safety of anyone.
“Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.” Benjamin Franklin
When the government violates anyone’s rights in the name of safety, it’s a false sense of security. Just watch all the videos and news stories about police injuring, maiming, and killing innocent people in the name of your safety (The most recent story I’ve seen was a 17 yr old honor roll student who was hospitalized because the police beat her up like the thugs they are… For breaking curfew)… “Safety” is their “god that may or may not exist.”
Apple deployed a well known PR trick there. They denied accusations that were never actually made against them by the researcher, but they did not deny the actual facts that are the real problem here. Like that the forementioned functions could be used to spy on Apple-users or to extract evidence from their phones against their will and consent.
So, in the end Apple did not actually deny that these functions can be used and/or are abused by either criminals or law enforcement and federal agencies. The only thing they actually denied was a straw man they made up themselves.
If you guys didn’t realize, Apple made an indirect denial of the claim. They denied it by stating that they made iOS without backdoors. Please read carefully because this kind misreading causes much confusion and unnecessary gossip.