Personal data of iPhone users including photos, text messages and contact list can be accessed and extracted by employees of Apple Inc. This information first came to light in 2014 when Apple confirmed that they used unpublicized techniques to retrieve personal information from their users. But what does this mean for Apple users?
Security researcher Jonathan Zdziarski revealed in a 2014 conference presentation that the Apple’s diagnostic services retrieve an enormous amount of personal data of users and store them on “trusted computers,” which Apple claims that they use only to help their engineers. He also added that iPhone users don’t receive any notifications regarding the use of such services, and have no control over disabling these services. It is also not possible for the users to find out what are the computers that have been granted the “trusted status” to extract personal information or block connections in future. Through a video demonstration, Jonathan showed that no iPhone user could “unpair” their phone, and the only way to stop these computers from accessing one’s iPhone is by wiping their phone.
Apple and the NSA
Apple happened to be among a small number of companies accused of being participants in the PRISM data-mining project run by the National Security Agency. PRISM came to light after Edward Snowden, a former NSA analyst, released classified documents that showed how the NSA stole pictures, audio files, videos, emails, phone logs, and documents from iPhones and allowed analysts to track iPhone users. Initially, Apple denied these accusations and stated that it was not involved with the PRISM project in any way, nor did it allow government agencies to access the servers of the company. However, even more leaks revealed that spyware was developed by the NSA to target iPhone users, which would allow intelligence agencies to get access to live feeds of microphones, messages, location data and other data within the device using backdoors that Apple could have secured, but didn’t.
Apple’s Security Measures
To calm the situation, Apple said that iOS has been designed to prevent anyone from compromising user security and privacy through the diagnostic functions, but that they can still provide the needed information to developers and IT departments so they can resolve technical issues. Furthermore, Apple also stated that an iPhone user needs to have their device unlocked and should also agree to “trust” a computer before granting access to the diagnostic data.
Collecting Personal Data
Although, Zdziarski agrees with Apple that they didn’t intend to share information with spies it was also his conclusion that Apple extracted way more information than that was necessary without offering any disclosure. Rich Mogull, a security industry analyst, and Securosis CEO, held the opinion that Jonathan’s work was technically accurate if overhyped. Mogull added that Apple authorities are collecting a lot more information than they might need and, to collect that information, they compromise the phone’s underlying security. Mogull also says that government investigators will make the most of all such legal tools, and even more if need be. When Apple was asked if they had incorporated the use of such tools for helping out law enforcements, there was no reply.
Edward Snowden’s Revelations
In his interview with the NBC, Edward Snowden disclosed the government agencies’ various spying techniques. In one segment of the interview, Snowden showed how an iPhone user’s device could be potentially hacked to take photos, record audios or shoot videos without the user knowing anything about it. This is possible because of the use of DROPOUTJEEP software, which has been incorporated into iOS. This software implant functions to remotely pull or push files from an iPhone, retrieve text messages, voicemail, and contact list, provide information on the phone’s geolocation and location of the nearest cell tower and grant access to the camera and microphone. The communications made via the implant are all encrypted and kept covert. This information was first released in 2008 by Der Speigel, a news magazine from Germany, based on “alleged” documents of the NSA that were forwarded to the former by Snowden.
While time has passed since Zdziarski, Apple, and Edward Snowden first disclosed how Apple could spy on iPhone users. Given how the company responded, it’s not clear if Apple ever stopped using their program or solved any security and privacy issues completely. Apple has the technology and the resources to not only monitor but also access and extract personal information from iPhone users.