A major security hole was purposely installed by Apple so that the surveillance agencies could access photos, web history and GPS logs on peoples iPhones and iPads according to a paper published by a forensic scientist Jonathan Zdziarski, also known as “NerveGas” in the hacking circles. As revealed by the hacker, unlike the security holes that creep in unintentionally, this was an intended security breach. After the Snowden affair people are quite wary of such acts by the companies as well as by the government agencies.
Although Apple has issued a statement stating that the company’s “diagnostic functions do not compromise user privacy and security” but according to Zdziarsky that these services and functions “dish out data” whether the user has agreed or not. What exacerbates the problem is that there is no way to disable these diagnostic functions. This is why, according to the hacker, things become so suspicious. The purposely installed security backdoors contain a wide range of hidden tools and protocols that activate with “Paired” computers that have been connected to the iOS device via a USB cable. They also carry a “packet sniffer” that monitors and laws network traffic. A file transfer service enables the snooping agencies to transfer details regarding social media logins, contacts, voicemail messages as well as photo albums. This data remains unencrypted even when a setting to encrypt backup data is turned on.
The Apple’s presence in China is being threatened because the state owned media is arguing that the company’s ability to access user data makes the iPhone is a national security risk. Apple constantly denies that it never worked with the government agency in order to create a security backdoor so that users data can be accessed.
Zdziarski says he isn’t accusing Apple of any malcontent. In a statement he says:
I have NOT accused Apple of working with NSA, however I suspect (based on released documents) that some of these services MAY have been used by NSA to collect data on potential targets. I am not suggesting some grand conspiracy; there are, however, some services running in iOS that shouldn’t be there, that were intentionally added by Apple as part of the firmware, and that bypass backup encryption while copying more of your personal data than ever should come off the phone for the average consumer.
The explanation from Apple is that this backdoor access allows owners – individuals as well as businesses – to manage their devices but Zdziarsky says that the feature can easily be used to have unencrypted access to users’ online logins, contacts and Web history simply via Wi-Fi network.