Apple have been found to have 3 backdoor programs installed for "diagnostic" purposes on 600 million devices worldwide.
Twitter user @JZdziarski, released a paper titled "Identifying Back Doors, Attack Points, and Surveillance Mechanisms in iOS Devices" last Friday at a hacker convention in New York.
The paper details 3 programs that apple have included in the core of iOS that could be used by 3rd parties to;
- Monitor internet traffic
- Dump presonal data
- Dump documents
Here is a brief breakdown of the 3 programs identified.
1. Packet Sniffer - com.apple.pcapd
- Dumps all network traffic and HTTP request/response data traveling into and out of the device.
- Can be targeted via WiFi for remote monitoring.
- No visual indication to the user that the packet sniffer is running
2. File Transfer - com.apple.mobile.file_relay
- Found in /usr/libexec/mobile_file_relay on device.
- Transmits large swaths of raw file data.
- Completely bypasses Apple’s backup encryption for end-user security.
- Once thought benign, has evolved considerably, even in iOS 7, to expose much personal data.
- Very intentionally placed and intended to dump data from the device by request.
3. iTunes Copy - com.apple.mobile.house_arrest
- Originally used to allow iTunes to copy documents to/from third party applications.
- Even though iTunes doesn’t permit it through GUI, the service allows access to the Library, Caches, Cookies, Preferences folders as well .
- These folders provide highly sensitive account storage, social/Facebook caches, photos and other data stored in “vaults”, and much more.
So why is it there...?
- iTunes...? Nope.
- Apple Support...? Nope.
- Developer Debugging...? Nope.
- Did they forget...?
- Apple has been maintaining and enhancing this code, even with iOS 7; they know it’s there.
- It’s not buried; it’s listed in Services.plist
- While house_arrest security issues might be “bugs”, file relay and pcap most certainly aren’t
What can you do...?
- Apple Configurator is Free in the Mac App Store.
- Allows you to set enterprise MDM restrictions on your device.
- Can be used to prevent pairing even when unlocked.
- Pair once with your desktop, then never again.
- Won’t help you if device sent to Apple; should still use a complex passphrase.
- Removable later if you change your mind.