Apple has detailed some of the diagnostic capabilities in iOS following claims from a forensic scientist that such capabilities open up security holes into the operating system.
At a security conference last Friday, forensic scientist and author Jonathan Zdziarski said the NSA may have exploited certain features and services in iOS to gather data on potential targets by using back doors built into the operating system. In response, Apple acknowledged in a statement on Monday that specific services allow access to certain data for the purpose of diagnostics but asserted that it has never worked with any government agency to intentionally build back doors into iOS.
Since details of NSA spying programs have emerged via former NSA contractor Edward Snowden, Apple and other tech players have been accused of building back doors into their devices and services. Such security holes would give the government as well as third parties easy access into a company's products for the purpose of capturing user data. The existence of such intentional back doors would damage a company's reputation and sales, so the tech industry has been on the defensive to deny these allegations.
In a blog posted on Tuesday, Zdziarski said Apple's seeming admission to these so-called diagnostic back doors opens up privacy weaknesses because they bypass the backup password security offered in iOS. Zdziarski also raised doubts about these back doors by saying, "I don't buy for a minute that these services are intended solely for diagnostics."
How has Apple responded? In a technical support document that was modified on Wednesday, Apple attempted to explain how and why the diagnostic capabilities in question are used in iOS.
iOS offers the following diagnostic capabilities to help enterprise IT departments, developers, and AppleCare troubleshoot issues.
Each of these diagnostic capabilities requires the user to have unlocked their device and agreed to trust another computer. Any data transmitted between the iOS device and trusted computer is encrypted with keys not shared with Apple. For users who have enabled iTunes Wi-Fi Sync on a trusted computer, these services may also be accessed wirelessly by that computer.
pcapd supports diagnostic packet capture from an iOS device to a trusted computer. This is useful for troubleshooting and diagnosing issues with apps on the device as well as enterprise VPN connections. You can find more information at developer.apple.com/library/ios/qa/qa1176.
file_relay supports limited copying of diagnostic data from a device. This service is separate from user-generated backups, does not have access to all data on the device, and respects iOS Data Protection. Apple engineering uses file_relay on internal devices to qualify customer configurations. AppleCare, with user consent, can also use this tool to gather relevant diagnostic data from users' devices.
house_arrest is used by iTunes to transfer documents to and from an iOS device for apps that support this functionality. This is also used by Xcode to assist in the transfer of test data to a device while an app is in development.
Apple also pointed to a support document on the familiar "Trust this computer" alert that iOS users receive when they plug their device into a PC. Another support page explains what happens when you sync your data with iTunes.
In another blog posted Wednesday, Zdziarski said he gave Apple credit for revealing details about these services and trying to explain why they exist. However, he also said he believes Apple is downplaying the risks of certain services.
"I wonder if the higher ups at Apple really are aware of how much non-diagnostic personal information it copies out, wirelessly, bypassing backup encryption," Zdziarski said. "All the while that Apple is downplaying it, I suspect they'll also quietly fix many of the issues I've raised in future versions. At least I hope so. It would be wildly irresponsible for Apple not to address these issues, especially now that the public knows about them."