Apple iPhones allow extraction of deep personal data, researcher finds

SAN FRANCISCO Sun Jul 27, 2014 8:08am IST

People line up to buy iPhone at a China mobile store in Wuhan, Hubei province in China, January 17, 2014. REUTERS/Stringer/Files

People line up to buy iPhone at a China mobile store in Wuhan, Hubei province in China, January 17, 2014.

Credit: Reuters/Stringer/Files

Related Topics

Stocks

   

SAN FRANCISCO (Reuters) - Personal data including text messages, contact lists and photos can be extracted from iPhones through previously unpublicized techniques by Apple Inc employees, the company acknowledged this week.

The same techniques to circumvent backup encryption could be used by law enforcement or others with access to the "trusted" computers to which the devices have been connected, according to the security expert who prompted Apple's admission.

In a conference presentation this week, researcher Jonathan Zdziarski showed how the services take a surprising amount of data for what Apple now says are diagnostic services meant to help engineers.

Users are not notified that the services are running and cannot disable them, Zdziarski said. There is no way for iPhone users to know what computers have previously been granted trusted status via the backup process or block future connections.

“There’s no way to `unpair' except to wipe your phone,” he said in a video demonstration he posted Friday showing what he could extract from an unlocked phone through a trusted computer.

As word spread about Zdziarski’s initial presentation at the Hackers on Planet Earth conference, some cited it as evidence of Apple collaboration with the National Security Agency.

Apple denied creating any “back doors” for intelligence agencies.

“We have designed iOS so that its diagnostic functions do not compromise user privacy and security, but still provides needed information to enterprise IT departments, developers and Apple for troubleshooting technical issues,” Apple said. “A user must have unlocked their device and agreed to trust another computer before that computer is able to access this limited diagnostic data.”

But Apple also posted its first descriptions of the tools on its own website, and Zdziarski and others who spoke with the company said they expected it to make at least some changes to the programs in the future.

Zdziarski said he did not believe that the services were aimed at spies. But he said that they extracted much more information than was needed, with too little disclosure.

Security industry analyst Rich Mogull said Zdziarski’s work was overhyped but technically accurate.

“They are collecting more than they should be, and the only way to get it is to compromise security,” said Mogull, chief executive officer of Securosis.

Mogull also agreed with Zdziarski that since the tools exist, law enforcement will use them in cases where the desktop computers of targeted individuals can be confiscated, hacked or reached via their employers.

“They’ll take advantage of every legal tool that they have and maybe more,” Mogull said of government investigators.

Asked if Apple had used the tools to fulfill law enforcement requests, Apple did not immediately respond.

For all the attention to the previously unknown tools and other occasional bugs, Apple’s phones are widely considered more secure than those using Google Inc's rival Android operating system, in part because Google does not have the power to send software fixes directly to those devices.

(Reporting by Joseph Menn; Editing by Lisa Shumaker)

FILED UNDER:
Comments (0)
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.

  • Most Popular
  • Most Shared

Shares Hit Record

Sensex, Nifty rise to second consecutive record high

Sensex surges 500 points on BOJ easing, L&T gains

The BSE Sensex and Nifty surged to record highs for a second consecutive session on Friday after Bank of Japan's surprise expansion of its massive stimulus programme raised hopes for additional foreign inflows, boosting blue-chips such as Larsen & Toubro.  Full Article 

REUTERS SHOWCASE

Wilful Negligence?

Wilful Negligence?

SEBI piles pressure on Sahara to sell overseas hotels  Full Article 

Indian Economy

Indian Economy

India's fiscal deficit in H1 almost 83 pct of full-year target.  Full Article 

M&M Earnings

M&M Earnings

M&M Q2 net profit down 4 percent, hit by poor monsoon.  Full Article 

Ban on E-Cigs?

Ban on E-Cigs?

Govt considers ban on e-cigarettes, sale of single smokes.  Full Article 

Commodities

Commodities

Silver futures in India hit four-year low on global cues.  Full Article 

BOJ Policy

BOJ Policy

BOJ shocks markets with surprise easing as inflation slows.  Full Article 

Shadow Banking

Shadow Banking

China's shadow banking sector growing rapidly, third largest in world - FSB.  Full Article 

Reuters India Mobile

Reuters India Mobile

Get the latest news on the go. Visit Reuters India on your mobile device  Full Coverage