Jonathan Zdziarski, un fost membru al iPhone Dev Team care a contribuit la dezvoltarea de solutii de jailbreak pentru iOS, acuza compania Apple de mentinerea unor sisteme backdoor care ii permit atat ei, cat si agentiilor guvernamentale sa obtina acces la datele stocate in iDevice-urile noastre. Mai exact, el sustine ca datele personale din terminale pot fi accesate prin USB sau WiFi exploatand o serie de procese care sunt capabile sa acceseze acele date fara restrictie.
I am not suggesting some grand conspiracy; there are, however, some services running in iOS that shouldn’t be there, that were intentionally added by Apple as part of the firmware, and that bypass backup encryption while copying more of your personal data than ever should come off the phone for the average consumer. I think at the very least, this warrants an explanation and disclosure to the some 600 million customers out there running iOS devices.
Serviciile lockdownd, pcapd si mobile.file_relay pot accesa datele salvate chiar si in backup-uri ce au fost in prealabil criptate, compania Apple fiind constienta despre problemele lor, insa refuzand aparent sa le rezolve. Hackerul sustine ca Apple lasa in mod intentionat aceste vulnerabilitati in serviciile iOS-ului pentru a permite agentiilor guvernamentale si a celor politienesti sa acceseze datele utilizatorilor la nevoie.
At the same time, this is NOT a zero day and NOT some widespread security emergency. My paranoia level is tweaked, but not going crazy. My hope is that Apple will correct the problem. Nothing less, nothing more. I want these services off my phone. They don’t belong there.
In momentul de fata cateva companii americane profita de existenta acestor vulnerabilitati pentru a dezvolta software ce este vandut autoritatilor din lumea intreaga, el permitand accesarea datelor persoanle ale iDevice-urilor, chiar daca acestea au un cod de siguranta sau un backup criptat. Singura metoda de a securiza complet datele de aceste programe este utilizarea unui cod de siguranta complex impreuna cu aplicatia Apple Configurator prin care trebuie setate restrictii MDM si trebuie activat sistemul Pair locking, insa toata aceasta procedura nu va impiedica Apple sa citeasca datele.
We have designed iOS so that its diagnostic functions do not compromise user privacy and security, but still provides needed information to enterprise IT departments, developers, and Apple for troubleshooting technical issues. A user must have unlocked their device and agreed to trust another computer before that computer is able to access this limited diagnostic data. The user must agree to share this information, and data is never transferred without their consent.
As we have said before, Apple has never worked with any government agency from any country to create a backdoor in any of our products or services.
Dupa cum era de asteptat, compania Apple neaga toate acuzatiile facute de catre Jonathan Zdziarski, spunand intr-un comunicat de presa ca nu colaboreaza cu agentii guvernamentale pentru a oferi datele utilizatorilor(din iCloud) in lipsa unor mandate. Mai mult decat atat, sustine ca vulnerabilitatile descrise de catre hacker nu exista in iOS-ul sau si nimeni nu poate accesa datele utilizatorilor fara permisiunea acestora.
Lasand la o parte ceea ce spune Apple, orice companie are un backdoor in propriul software, iar cei din Cupertino nu fac distinctie.
