Forensic Scientist Reveals Backdoor in iOS that allows Access to Encrypted Data


UPDATE: Apple has responded that the processes identified by Zdziarski are there only for diagnostic purposes. Rene Ritchie at iMore has clarified that what Zdziarski has actually discussed is dependent on “Trust Relationships”. When you plug in your iPhone or iPad to a computer, you are prompted to “Trust this computer”. The information on your device is only accessible if that type of trust agreement has been created between your device and some hardware (usually your computer). Zdziarski is concerned about the ability for a third party to steal the pairing records created when you trust a computer, or spoofing your iPhone or iPad into creating a “Trust Relationship” with hardware like a public USB charger.

ZDNet has an alarming article detailing a recent security talk from Jonathan Zdziarski revealing backdoors that exist in iOS that he suggests that Apple created with the purpose of making secure data available to law enforcement. He suggests that this can be done through USB, WiFi, or possibly even cellular. Although this would allow Apple to obtain personal data off your device, he couldn’t find a way that it could be used to restore data. He concludes that the only purpose could be to pull data off for other purposes than to help the customer.

The only truly secure state for the phone, according to Jonathan Zdziarski, is password-protected and powered off.  A very interesting and eye-opening read. (PLEASE SEE UPDATE WITH APPLE RESPONSE AT BEGINNING OF POST!)