Apple has been under increasing scrutiny regarding its civil liberties record after security researcher Jacob Applebaum showed evidence gathered from an NSA whistleblower that a program called DROPOUT JEEP existed to gain access to a user’s iPhone. Applebaum postulated that developing this system would have been nearly impossible without Apple’s involvement. For its part, Apple denied it was involved.
But now security researcher Jonathan Zdziarski has presented a paper claiming that up to 600 million Apple iPhones and iPads have a security back door that can be accessed to retrieve data from the devices. Apple claims what Zdziarski discovered does “not compromise user privacy and security.”
Zdziarski claims different:
“There is no way to disable these mechanisms,” Zdziarski writes on his personal blog. “This makes it much harder to believe that Apple is actually telling the truth here.”…The backdoors reportedly cover a range of hidden tools and protocols that activate with “paired” computers — machines connected to an iPhone or iPad via USB that the user has granted security access to.
Apple says that this allows individuals and businesses to manage their devices, but Zdziarski has pointed out that the system offers unecrypted access to users’ online log-ins, contacts and web history and could be compromised by anyone with access to the same Wi-Fi network.
The user of these products, before now at least, were completely unaware that their personal data was being leaked like this when they used Apple products. Millions of Apple product users may have been compromised if whomever has access used the back door and who knows where the data went then.
Zdziarski has speculated “some of these services may have been used by the NSA to collect data” while others claim Apple created them to comply with the Communications Assistance for Law Enforcement Act of 1994 which requires tech companies to have back doors available for law enforcement.