Apple has many different services on its iOS devices that collect diagnostic data, yet not all of them are well understood or documented. Security researcher Jonathan Zdziarski thought he found some backdoors into iOS by way of some of those previously undocumented diagnostic features.
Zdziarski presented his findings at the HOPE (Hackers on Planet Earth) conference on July 18. Apple denies Zdziarski’s claims.
“I have NOT accused Apple of working with NSA [National Security Agency]; however, I suspect (based on released documents) that some of these services may have been used by NSA to collect data on potential targets,” Zdziarski wrote in a blog post.
Among the services that Zdziarski warns about is the com.apple.pcadp function. In his presentation slides, he noted that com.apple.pcadp starts a libpcap service on a user’s iOS device. The libpcap service is an open-source packet sniffer technology. Zdziarski noted that the com.apple.pcadp service is active on every iOS device and can be targeted over WiFi for remote monitoring.
“Why do we need a packet sniffer running on 600 million personal iOS devices?” Zdziarski asked on one of his slides.
Apple now has a public response on what com.apple.pcadp is all about and what the other diagnostic capabilities on iOS actually enable.
“pcapd supports diagnostic packet capture from an iOS device to a trusted computer,” Apple noted in a support document. “This is useful for troubleshooting and diagnosing issues with apps on the device as well as enterprise VPN connections.”
Apple adds that more information on the use of pcapd is also available in its developer library online.
Another service that Zdziarski warned about is the com.apple.mobile.house_arrest feature. In Zdziarski’s presentation, he explained that it’s a feature that enables iTunes to copy documents both to and from third-party applications.
He warned that the folders that can be accessed include sensitive account storage areas, which could include pictures and other user data.
Apple explains in its support document that the com.apple.mobile.house_arrest function is used by iTunes to transfer documents to and from an iOS device for apps that support this functionality.
“This is also used by Xcode to assist in the transfer of test data to a device while an app is in development,” Apple stated.
Apple emphasized that iOS’ various diagnostic capabilities all rely on a secure trust model and data is encrypted. “Each of these diagnostic capabilities requires the user to have unlocked their device and agreed to trust another computer,” Apple stated. “Any data transmitted between the iOS device and trusted computer is encrypted with keys not shared with Apple.”
The iOS backdoor allegations raised by Zdziarski are the second such set of privacy allegations leveled against Apple this month. In early July, Chinese broadcaster CCTV alleged that Apple was collecting information on Chinese user locations and represented a national security threat. Apple also refuted that claim, explaining that its Frequent Locations function does not transmit data to Apple.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
