Feeds

iOS slurpware brouhaha: It's for diagnostics, honest, says Apple

Hidden packet sniffer claims hit Cupertino

Secure remote control for conventional and virtual desktops

Faced with a growing backlash, Apple has added a page to its support website explaining iOS's previously unexplained data-slurping tools – which were recently highlighted by security researcher Jonathan Zdziarski.

The utilities – which includes a silent packet sniffer, a file relay system that bypasses Apple's Backup Encryption, and other information-shifting systems – sparked alarm this week: Cupertino hadn't officially warned millions of its iThing users about the built-in mechanisms nor the potential for attackers to harvest personal data from iOS devices using said entry points.

In the support document, Apple says the mysterious subsystems can only work when used between a desktop and iOS device that trust each other. Unfortunately, that doesn't completely stop miscreants and the feds from abusing that trust – thanks to the pairing system detailed by Zdziarski in an academic paper in March and presentation [PDF] at the Hackers On Planet Earth (HOPE X) conference.

Apple's side of the story

Apple says iOS's undocumented packet sniffer, com.apple.mobile.pcapd, is used for setting up enterprise VPN tunnels, and for troubleshooting problems on iPhones, iPads and iPods. The file relay, com.apple.mobile.file_relay, is designed to be used by its engineers and AppleCare staff, and the company insists that it "does not have access to all data on the device."

The third component under the microscope, com.apple.mobile.house_arrest, is used by Xcode to transfer test data to a device and to shift documents around in iTunes, Apple claims.

Cupertino's explanations haven't impressed Zdziarski. In a detailed blog post, he has taken apart Apple's documentation, and highlights some fairly worrying aspects of the code as it stands.

Researcher's rebuttal

He points out that in all cases, the under-fire software in iOS is activated and run without the owner's consent or knowledge. Some of the tools may be just for developers and enterprise IT managers, but that it is built into every iOS device as standard is just plain weird or lazy.

The network packet sniffer in particular can be activated silently in the background and used to send a whole host of personal data from the gadget wirelessly, provided the correct pairing data is available. There's no way for normal folk to know if their iPhone, iPad or iPod is leaking data.

As for the file relay system, Zdziarski scoffed at Apple's insistence that it is only needed for diagnostic data. The software can download text messages, notes, a device's address book, personal photos, location data, and screenshots – something a diagnostics engineer would never need, he argued.

In addition, the file relay bypasses the inbuilt data encryption to gather all this information – and this can be done wirelessly and without the user's knowledge or consent. "File relay is far too sloppy with personal data, and serves up a lot more than 'diagnostics' data," he concludes.

As for the House Arrest function, Zdziarski agrees that iTunes and Xcode use the software, but points out that it also accesses a wealth of personal data, including the OAuth tokens that can be used to access personal accounts and private conversations, which isn’t strictly speaking needed for the functions Apple states.

"I give Apple credit for acknowledging these services, and at least trying to give an answer to people who want to know why these services are there – prior to this, there was no documentation about file relay whatsoever, or its 44 data services to copy off personal data," he wrote. (Bear in mind Zdziarski's website has been buckling under the weight of visitors hitting it.)

"They appear to be misleading about its capabilities, however, in downplaying them, and this concerns me. I wonder if the higher ups at Apple really are aware of how much non-diagnostic personal information it copies out, wirelessly, bypassing backup encryption."

In response to some of the more excitable media reports of NSA backdoors being built in by Apple, Zdziarski tells users not to panic. Many of the problems with the software are down to their overly broad reach and have flaws that could be used by an outside attacker, but there's no evidence that they were put there for any reason other than poor engineering. ®

Intelligent flash storage arrays

More from The Register

next story
Webcam hacker pervs in MASS HOME INVASION
You thought you were all alone? Nope – change your password, says ICO
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Meet OneRNG: a fully-open entropy generator for a paranoid age
Kiwis to seek random investors for crowd-funded randomiser
USB coding anarchy: Consider all sticks licked
Thumb drive design ruled by almighty buck
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.