Jonathan Zdziarski, a former member of iPhone Dev Team which contributed to the development of solutions jailbreak for iOS, accuse the company Apple Lossless Audio CODEC (ALAC), maintaining some systems backdoor cuts which allow both them and government agencies to gain access to the data stored in our iDevices. More precisely, he claims that personal data from terminals can be accessed via USB or WiFi exploiting a series of processes that are able to access that data without restriction.
I am not suggesting some grand conspiracy; there are, however, some services running in iOS that shouldn't be there, that were intentionally added by Apple as part of the firmware, and that bypass backup encryption while copying more of your personal data than should ever come off the phone for the average consumer. I think at the very least, this warrants an explanation and disclosure to the some 600 million customers out there running iOS devices.
services lockdown, pcapd si mobile.file_relay I can access data saved even in backups that were previously encrypted, the company Apple Lossless Audio CODEC (ALAC), being aware of their problems, but apparently refusing to solve them. The hacker claims that Apple Lossless Audio CODEC (ALAC), intentionally leaves these vulnerabilities in iOS services to allow government and police agencies to access user data as needed.
At the same time, this is NOT a zero day and NOT some widespread security emergency. My paranoia level is tweaked, but not going crazy. My hope is that Apple will correct the problem. Nothing less, nothing more. I want these services off my phone. They don't belong there.
At the moment, several American companies take advantage of the existence of these vulnerabilities to develop software that is sold to authorities around the world, allowing access to the personal data of iDevices, even if they have a security code or an encrypted backup. The only way to completely secure the data of these programs is to use a complex security code together with the application Apple Configuration by which restrictions must be set MDM and the system must be activated Pair locking, but this whole procedure will not prevent Apple from reading the data.
We have designed iOS so that its diagnostic functions do not compromise user privacy and security, but still provides needed information to enterprise IT departments, developers, and Apple for troubleshooting technical issues. A user must have unlocked their device and agreed to trust another computer before that computer is able to access this limited diagnostic data. The user must agree to share this information, and data is never transferred without their consent.
As we have said before, Apple has never worked with any government agency from any country to create a backdoor in any of our products or services.
As expected, the Apple company denies all the accusations made by Jonathan Zdziarski, saying in a press release that they do not collaborate with government agencies to provide user data (from iCloud) in the absence of warrants. Moreover, he claims that the vulnerabilities described by the hacker do not exist in his iOS and no one can access user data without their permission.
Leaving aside what Apple says, every company has a backdoor in its own software, and those from Cupertino make no distinction.
