July 21, 2014
Forensic scientist and author Jonathan Zdziarski has some mixed news for privacy advocates. Apple’s iOS 7 is “reasonably secure” from attack from a malicious hacker. However, through the use of backdoor security mechanisms, Cupertino has “worked hard to ensure that it can access data on end-user devices on behalf of law enforcement,” according to Zdziarski.com (via MacRumors). According to Zdziarski:
I am not suggesting some grand conspiracy; there are, however, some services running in iOS that shouldn’t be there, that were intentionally added by Apple as part of the firmware, and that bypass backup encryption while copying more of your personal data than ever should come off the phone for the average consumer. I think at the very least, this warrants an explanation and disclosure to the some 600 million customers out there running iOS devices. At the same time, this is NOT a zero day and NOT some widespread security emergency. My paranoia level is tweaked, but not going crazy. My hope is that Apple will correct the problem. Nothing less, nothing more. I want these services off my phone. They don’t belong there.Zdziarski says that it is possible to limit access to these backdoor services -- at least to block third-party forensic software. His solution will not protect the device contents if it is sent to Apple for analysis. To do so, users should enable a complex passcode in iOS and use the enterprise Apple Configurator application to set Mobile Device Management (MDM) restrictions and enable Pair locking, which will delete all pairing records. Last month, the United States Supreme Court ruled 9-0 that police need a warrant to search cell phones. Therefore, I don't have a problem with Apple making it easier for law enforcement officials to check user devices -- once they get a warrant to do so. See also: BlackRock co-founder Susan Wagner joins Apple's board, replaces Bill Campbell, Apple has started to encrypt iCloud emails between service providers, and Apple, IBM announce significant partnership to push iOS devices for business.