Apple has acknowledged that user’s personal data including text messages, contact and photos can be extracted from their iPhones by the company employees using previously unpublished techniques.
This data extraction technique can serve as a backdoor for law enforcement agencies to access even user’s encrypted information from “trusted” computers to which the devices have been connected, security researcher Jonathan Zdziarski claimed during a recent presentation.
Addressing the Hackers on Planet Earth conference in New York, Zdziarski pointed out how users are kept unaware of the fact that their iPhone is able to extract a surprising amount of data and even cannot disable them. He said there’s no way of knowing which computers have previously been paired with the device as a trusted connection.
Calling out the flaw as being a security backdoor, Zdziarski said he did not intend to accuse Apple of anything malicious or of working with NSA or other law enforcement agencies. He just wants to highlight the issue and that it could be used by people with malicious intent to access user’s personal data.
Clarifying its stand on the issue, Apple said that the data is for diagnostic purpose meant to help engineers and that it isn’t involved with any of the law enforcement agencies to create any security backdoor. Cupertino made it clear that users must have unlocked their device and agreed to trust a computer before it can access this limited diagnostic data.
Apple claimed that its iOS operating system has been designed in a way that the diagnostic data extracted does not compromise on its users’ privacy, but still provides enterprise IT departments, developers and Apple with information required for troubleshooting technical issues faced by users.