APPLE has shed some light on the diagnostic capabilities in its iOS operating system, in a response to allegations that it purposefully installed a "backdoor" on its mobile devices.
Despite already having debunked claims that it had provided a "backdoor" for government agencies such as the US National Security Agency (NSA), Apple has since gone over three iOS services, explaining how they work and why they exist.
The services - com.apple.mobile.pcapd, com.apple.mobile.file_relay and com.apple.mobile.house_arrest - were mentioned by security expert Jonathan Zdziarski in his talk at the HOPE/X conference earlier this week, where he alleged that Apple had installed a backdoor for "user surveillance" purposes.
Apple says in its support document, for example, that "pcapd supports diagnostic packet capture from an iOS device to a trusted computer."
"This is useful for troubleshooting and diagnosing issues with apps on the device as well as enterprise VPN connections," the firm added.
Zdziarki claimed that Apple's iOS operating system could be exploited earlier this week. While he noted that iOS security is "generally great", he claimed that Apple has surveillance mechanisms in place that, while intended for ease of use in enterprise environments, could allow someone to bypass personal security and access data without an iPhone or iPad user's knowledge.
For example, Zdziarki reported that services such as "lockdownd," "pcapd" and "mobile.file_relay" can bypass encrypted backups to obtain data and can be accessed via USB, WiFi and possibly a 3G or 4G connection.
He went on to say that he wasn't accusing Apple of working with the US government, but instead pointed out that certain services built within iOS "should not be there".
Zdziarki said on his website after his presentation, "I have NOT accused Apple of working with NSA, however I suspect (based on released documents) that some of these services MAY have been used by NSA to collect data on potential targets.
"I am not suggesting some grand conspiracy; there are, however, some services running in iOS that shouldn't be there, that were intentionally added by Apple as part of the firmware, and that bypass backup encryption while copying more of your personal data than ever should come off the phone for the average consumer."
Apple promptly responded to the claims, and while it didn't deny that such services exist in iOS, it said that it only uses them to improve the user experience.
An Apple spokesperson said to the Financial Times' Tim Bradshaw, "We have designed iOS so that its diagnostic functions do not compromise user privacy and security, but still provides needed information to enterprise IT departments, developers and Apple for troubleshooting technical issues.
"A user must have unlocked their device and agreed to trust another computer before that computer is able to access this limited diagnostic data. The user must agree to share this information, and data is never transferred without their consent.
"As we have said before, Apple has never worked with any government agency from any country to create a backdoor in any of our products of services." µ
Think happy thoughts
IE zero-day is being actively exploited, Redmond warns
Crapsicab firm's application for a full licence gets rejected
Subscriptions for everyone!