It has been an ongoing speculation and cause of controversy that mobile phones particularly Apple’s Iphones are being used to spy on its users. Just recently, it has been revealed that certain applications may capture images, videos and sounds even if the phone is shut down.
In 2014, there are over 63 million iPhone users in the US alone and roughly 300 million active users worldwide by the end of 2013.
Personal data including text messages, contact lists and photos can be extracted from iPhones through previously unpublicized techniques by Apple Inc employees, the company acknowledged this week. This is theb same techniques to outwit backup encryption could be used by law enforcement or anyone with access to the “trusted” computers to which the devices have been connected, according to the security expert who prompted Apple’s admission.
In a conference presentation this week, researcher Jonathan Zdziarski demonstrates how the services collate a surprising amount of data for what Apple now says are diagnostic services meant to help computer and web engineers.
Users are not notified prior that the services are running and would not be able to halt them, Zdziarski said. There is no way for iPhone users to know what computers have previously been granted trusted status via the backup process or block future connections.
He quoted, “There’s no way to unpair except to wipe your phone,” in a video demonstration he posted Friday showing what he could extract from an unlocked phone through a trusted computer.
As word spread about Zdziarski’s initial presentation at the Hackers on Planet Earth conference, some cited it as evidence of Apple collaboration with the National Security Agency while Apple denied creating any “back doors” for intelligence agencies.
In a statement, “We have designed iOS so that its diagnostic functions do not compromise user privacy and security, but still provides needed information to enterprise IT departments, developers and Apple for troubleshooting technical issues.” Apple said. “A user must have unlocked their device and agreed to trust another computer before that computer is able to access this limited diagnostic data.”
Apple also posted its first descriptions of the tools on its own website. Zdziarski and others who conversed with the company said they expected it to make at least some changes to the programs in the future.
Zdziarski first said he did not believe that the services were intended for spy craft but he points out that they extracted more information than what was needed, with too little disclosure.
Security industry analyst and chief executive officer of Securosis Rich Mogull said Zdziarski’s work was overhyped but technically accurate.
He said, “They are collecting more than they should be, and the only way to get it is to compromise security”.
Mogull also agreed with Zdziarski that since the tools exist, the authority will use them in cases where the desktop computers of targeted individuals can be confiscated, hacked or breached via their employers.
“They’ll take advantage of every legal tool that they have and maybe more,” Mogull said of government investigators.
Asked if Apple had used the tools to fulfill law enforcement requests, Apple did not immediately respond.
For all the attention to the previously unknown tools and other occasional bugs, Apple’s phones are widely considered more secure than those using Google Inc’s rival Android operating system, in part because Google does not have the power to send software fixes directly to those devices.