The Apple backdoor that wasn't

The Apple backdoor that wasn't

Summary: On Monday, several media outlets mistakenly reported that Apple had installed "backdoors" on millions of iPhones and iOS devices. UPDATED.

SHARE:
TOPICS: Security, Apple, iOS, iPhone
66
apple backdoor

Before the iPhone came out, and long before anyone heard the name "Ed Snowden," the most common use of the word "backdoor" was relegated to an industry that applied the term as a colorful anatomical descriptive, helping potential customers select the preferred access point for their adult entertainment.

Last weekend, a hacker who's been campaigning to make a point about Apple security by playing fast and loose with the now widely-accepted definition of "backdoor" struck gold when journalists didn't do their homework and erroneously reported a diagnostic mechanism as a nefarious, malfeasant, secret opening to their private data.

Speaking at the Hackers On Planet Earth conference in New York, Jonathan Zdziarski said that Apple’s iOS contains intentionally created access that could be used by governments to spy on iPhone and iPad users to access a user's address book, photos, voicemail and any accounts configured on the device.

The researcher erroneously stated that Apple "confirmed" his allegations when in fact the company had done the opposite.

As he has been doing since the Snowden documents started making headlines last year, Mr. Zdziarski re-cast Apple's developer diagnostics kit in a new narrative, turning a tool that could probably gain from better user security implementation into a sinister "backdoor."

The "Apple installed backdoors on millions of devices" story is still making headlines, despite the fact that respected security researchers started debunking researcher Jonathan Zdziarski's claims the minute people started tweeting about his HopeX talk on Sunday.

Since Mr. Zdziarski presented "Identifying back doors, attack points, and surveillance mechanisms in iOS devices", his miscasting of Apple's developer diagnostics as a "backdoor" was defeated on Twitter, debunked and saw SourceClear calling Zdziarski an attention seeker in Computerworld, and Apple issued a statement saying that no, this is false.

In fact, this allegedly "secret backdoor" was added to diagnostic information that has been as freely available as a page out of a phone book since 2002.

The packet capture software used for diagnostics referenced by Mr. Zdziarski in support of his claims is similar in functionality as the one that's installed on every Apple laptop and desktop computer for diagnostics.

So his numbers of "backdoors" allegedly installed by Apple for wide-ranging nefarious purposes are off by like, a billion.

Special Feature

IT Security in the Snowden Era

IT Security in the Snowden Era

The Edward Snowden revelations have rocked governments, global businesses, and the technology world. When we look back a decade from now, we expect this to be the biggest story of 2013. Here is our perspective on the still-unfolding implications along with IT security and risk management best practices.

It appears that no one reporting Zdziarski's claims as fact attended his talk, watched it online, and less than a handful fact-checked or consulted outside experts.

Which is, incidentally, what I did. I saw the talk begin to gain momentum on Twitter, then quickly flushed the idea of a story when the researchers I consulted kindly told me there was no "there" there.

Mind you, I'm quick to call Apple on its issues.

Among many other articles about Apple security vulns and hacks, I was first to report seeing an iPhone getting hacked in 60 seconds with a malicious charger, and when Apple said that intercepting (and spoofing) iMessage was only "theoretical" I provided video proof of the exploit.

Regardless of the problems with Mr. Zdziarski's sermon, the (incorrect) assertion that Apple installed backdoors for law enforcement access was breathlessly reported this week by The Guardian, Forbes, Times of India, The Register, Ars Technica, MacRumors, Cult of Mac, Apple Insider, InformationWeek, Read Write Web, Daily Mail and many more (including ZDNet).

People were told to essentially freak out over iPhones allowing people who know the passcode and pairing information to use the device.

If you're the kind of person that walks into a public library, plugs in your iPhone and gives the public computer and every rando who accesses it permission to access everything on your phone forever, then okay, maybe you should freak out.

The entire incident has cemented mistrust about journalists in infosec communities, and their reactions to the media mess hasn't been kind.

'I meant a different kind of backdoor'

The researcher erroneously stated that Apple "confirmed" his allegations when in fact the company had done the opposite.

In light of much debunking in security communities and Apple's statement, Zdziarski published a blog post backpedaling on the interpretation of "backdoor" -- yet still affirmed his narrative.

According to OWASP, a "backdoor" is defined as: 

  • A hidden entrance to a computer system that can be used to bypass security policies (MS definition).
  • An undocumented way to get access to a computer system or the data it contains.
  • A way of getting into a guarded system without using the required password. 

When Apple explained the diagnostics toolset and published a detailed support document, Zdziarski said that Apple's acknowledgement of its not-secret developer tools only proved him right, and that this meant Apple was admitting to his claims of making iOS vulnerable to authorities' snooping by design.

Zdziarski says he "doesn't believe for a minute that these services are intended solely for diagnostics."

And with one word -- "believe" -- we have the nut of what's becoming a big problem in the state of security and journalism for everyone.

Whose definition of backdoor to believe, among other things, is left for us to decide.

Update July 25, 2014 8:50pm PST: In response to this article, Mr. Zdziarski wrote and published "Dispelling Confusion and Myths: iOS Proof-of-Concept," after which he Tweeted an unfortunate series of personal insults to Ms. Blue. When ZDNet reached out to Mr. Zdziarski for comment to include here, he refused.

Topics: Security, Apple, iOS, iPhone

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

66 comments
Log in or register to join the discussion
  • Really?

    "Last weekend, a hacker who's been campaigning to make a point about Apple security by playing fast and loose with the now widely-accepted definition of "backdoor" struck gold when journalists didn't do their homework and erroneously reported a diagnostic mechanism as a nefarious, malfeasant, secret opening to their private data."

    Now that you have apparently collected your check from Apple, tell us what kind of diagnostic Apple will need to do that requires access to my photos, address book, audio recordings, facebook account, twister account, my text messages, my phone calls, and my emails etc.
    Justice007
    • independent verification of data leakage

      How would they test and confirm data leakage without a channel for independent verification of data. :-) {snicker}
      greywolf7
    • Sounds like a google phone to me

      You seem to have really embellished what data was at risk here.

      If you take an iphone to the Genius Bar they show you what data it collects in the appointment. It's not really a secret
      MarknWill
      • Oh!!!

        And what they show you must be accurate right? Also, point out what I embellished.
        Justice007
        • conspiracy theorist

          get out your tin foil hat, everyone is out to get you.
          chetbr
          • Oh boy

            Thanks for your enlightening contribution. We are all better off now thanks to you. As they say, when you lack the mental ability to engage, you verbally attack. Thanks for trying though.
            Justice007
      • LOL

        Really, so whatever they show you is the answer? There can't be anything else right? Obviously your knowledge of computers is limited.... Otherwise you wouldn't just believe what someone tells you.
        Jimster480
    • They won't need any

      They will buy your info from Facebook and twitter who already have it all because you gave it to them.
      ctopher5669
    • Too bad you didn't read the article...

      and follow the links.

      "file_relay supports limited copying of diagnostic data from a device. This service is separate from user-generated backups, does not have access to all data on the device, and respects iOS Data Protection."

      Good for you, though, for making the !first! ignorant comment.
      msalzberg
      • Well

        From what the security expert found, they do more than Apple is letting on. So maybe you should take a look at what he had to say. But let me guess, Apple has spoken, and Apple never lies. It is up to Apple to proof that they don't if they want to retain me and a few others I know as customers. Apple like very other company care about profit first and fore most. I will not kid myself into thinking that I am high on their list of priority.
        Justice007
        • "security expert"???

          are you really that gullible? maybe one troll can't recognise another??
          paddle.
          • Oh yes

            I must be a Troll for I haven't excepted Apple as God. Evryone who doesn't sing Apple praises is a Troll. Jonathan Zdziarski is educated and know. How about you? Is it that your claim to fame is that you own some Apple products? I own some as well. Go back to your mom's basement.
            Justice007
          • Correction

            I meant educated and known within the field.
            Justice007
          • Idiot

            Zdziarski has been refuted by every other security researcher in the business.

            Get real...
            paddle.
          • Links

            Provide the links please, behind the computer screen Mr. Tough Guy.
            Justice007
          • the gullibility of the media

            is full of people with little clue about the tech in question.
            This backsoor issue is vastly misunderstood by the media, including Ms Violet.
            I have seen what a Siriproxy can do with iOS devices and how powerful the vulnerability can become in the wrong hands. Apple fans and the biased media are quick to swallow the PR machine output. Mainly because they simply don't understand what potential a backdoor presents irrespective of its intended function.
            You can argue about semantics, but backdoors exist in iOS on several levels.
            Sorry but Violet and a huge chunk of gullible media is wrong to debunk the accusations of this particular tech expert.
            The guy has a valid point and the defense is resorting to nothing more than Plausible deniability, which is just weak sauce.
            warboat
      • read between the lines

        "file_relay supports limited copying of diagnostic data from a device. This service is separate from user-generated backups, does not have access to all data on the device, and respects iOS Data Protection."

        Apple faithful translation:
        File-relay does not copy any important stuff from your device. It doesn't touch your backups, and doesn't have access to ANY of your data and respects the Worlds Most Advanced Mobile Operaring System"

        Pessimists translation:
        File_relay supports limited copying, so it can copy anything up to less than 100% of diagnostic data. Diagnostic data = warm and safe sounding term for whatever data we rip from the device. This service is seperate from user generated backups but it doesn't mean it cannot get the same data as what you backed up. It has access to less than 100% of all data on the device. It respects iOS Data Protection which is clearly muddy waters.

        Haxors Interpretation:
        File_relay is a powerful vulnerability for you to exploit iOS.
        warboat
    • "What kind of diagnostic Apple will need to do that" level of access?

      In most cases very little access is required, so in most cases your point is well taken. However a range of problems require low level diagnostics (such as a trace), and for better or worse these may expose personal information. For example, in some cases a problem only occurs with particular data, making it necessary to access that data.
      So Apple's diagnostic methods are standard in this regard. Nevertheless, and again to your point (and Violet's), Apple and the industry can and should implement additional safeguards that allow access only when it's both required and approved by the owner of the information.
      Spatha@...
      • Fair

        Your point is well taken and made. You see, we don't always need to chop each other's head off to make our point.
        Justice007
    • As per usual, a critic of Apple methods is about to be crucified.

      Lets just go to the facts as we know they exist because they are facts of what Jonathan Zdziarski has said and what Apple has said.

      Jonathan Zdziarski:

      "I have NOT accused Apple of working with NSA, however I suspect (based on released documents) that some of these services MAY have been used by NSA to collect data on potential targets. I am not suggesting some grand conspiracy; there are, however, some services running in iOS that shouldn’t be there, that were intentionally added by Apple as part of the firmware, and that bypass backup encryption while copying more of your personal data than ever should come off the phone for the average consumer. I think at the very least, this warrants an explanation and disclosure to the some 600 million customers out there running iOS devices. At the same time, this is NOT a zero day and NOT some widespread security emergency"

      What Apple has said:

      "Apple has never worked with any government agency from any country to create a backdoor in any of our products or services"

      "iOS: About diagnostic capabilities

      iOS offers the following diagnostic capabilities to help enterprise IT departments, developers, and AppleCare troubleshoot issues.

      Each of these diagnostic capabilities requires the user to have unlocked their device and agreed to trust another computer. Any data transmitted between the iOS device and trusted computer is encrypted with keys not shared with Apple. For users who have enabled iTunes Wi-Fi Sync on a trusted computer, these services may also be accessed wirelessly by that computer.

      1. com.apple.mobile.pcapd

      pcapd supports diagnostic packet capture from an iOS device to a trusted computer. This is useful for troubleshooting and diagnosing issues with apps on the device as well as enterprise VPN connections. You can find more information at developer.apple.com/library/ios/qa/qa1176.

      2. com.apple.mobile.file_relay

      file_relay supports limited copying of diagnostic data from a device. This service is separate from user-generated backups, does not have access to all data on the device, and respects iOS Data Protection. Apple engineering uses file_relay on internal devices to qualify customer configurations. AppleCare, with user consent, can also use this tool to gather relevant diagnostic data from users' devices.

      3. com.apple.mobile.house_arrest

      house_arrest is used by iTunes to transfer documents to and from an iOS device for apps that support this functionality. This is also used by Xcode to assist in the transfer of test data to a device while an app is in development."

      Now, lets follow along a bit here. With some real connect the dots research and reading of the additional players here.

      First of all, the Computerworld article that apparently debunks Zdziarski's suspicions is based entirely on questions to, and answers provided by Mark Curphey, founder and CEO of SourceClear. If your lazy and just accept that Mark Cuphey sounds like an important guy because SourceClear apparently "develops modern security platforms focused on developers" and you figure if this completely independent important IT guy says he dosnt believe anything negative about this, well at least look at the fact that the companies home webpage sports a couple of nice and shiny iMacs on it.

      AND THATS NOT, I REPEAT NOT to say this condemns any company or particular individual for any particular position, but we know full well that the ABM crowd does not find tolerable denials and explanations of potentially poor Microsoft behavior when the explanations come by way of ...oh lets say Ed Bott for example. We know that because on more than one occasion we have seen the tirades fly at Ed when he does try and explain any potentially negative things about a Microsoft decision.

      Im sorry, but when you actually read what Mark Curphey actually says to Computerworld, its not nearly as comforting as one would have thought coming from someone who seems to at least support the Mac way of doing things. Computerworld said he says:

      "While he agrees these diagnostic services "may indeed be useful in backdoors or computer forensics," he said "they could also be useful for developers and mobile device management software," adding, "two things Apple openly promotes."

      Umm...ok. Is he telling us though that these things COULD be used for 'backdoors or computer forensics'??? And is that not what Zdziarski's concerns were?? And that Zdziarski was afraid there might already be cases where it has been used??

      Lets see what Apple has to say about the notion that ITS POSSIBLE THESE THINGS COULD BE USED FOR BACKDOORS AND COMPUTER FORENSICS:

      " "

      That's right. Nothing. Nothing followed by more nothing.

      Well lets see what Apple has to say about the question of HAVE THESE THINGS EVER BEEN USED FOR A BACKDOOR INTO SOMEONES DEVICE FOR PURPOSES THE USER WAS NOT TRUTHFULLY TOLD OF:

      " "

      That's right. More nothing.

      Now.

      Before we go around chopping off peoples friggin' heads because they made a nasty inference about iOS, lets just figure out if what they said was a lie or the truth. At least before the lynching this time, instead of after the lynching. Because this has happened before. And Apple didn't walk away with perfectly clean hands after the IT web pages had crucified the infidels who said they found a vulnerability that affected all operating systems including OSX.

      I havnt seen a bloody thing, what so ever yet, that is coming from Apple saying:

      "THESE BACKDOORS DO NOT EXIST."

      I havnt seen a bloody thing, what so ever yet, that is coming from Apple saying:

      "THESE THINGS CANNOT BE USED AS BACKDOORS IN ANY WAY"

      I havnt seen a bloody thing, what so ever yet, that is coming from Apple saying:

      "NOBODY HAS EVER USED ONE OF THESE THINGS AS A BACKDOOR"

      I havnt seen a bloody thing, what so ever yet, that is coming from Apple saying:

      "NOBODY CAN USE ONE OF THESE THINGS AS A BACKDOOR AND THEY WILL NOT EVER BE USED AS A BACKDOOR"

      Just feel free at any time Apple to say this and it will put the whole thing to rest because only then will Jonathan Zdziarski be wrong according to what Apple says.

      Up until now, Apple hasn't actually disagreed.

      Lets wait until they do before we hang the guy alright?
      Cayble