back to article HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert

An analysis of Apple's iOS operating system by a security expert has revealed various tools in the software that could be used for surveillance if one were so inclined. Jonathan Zdziarski concluded that the vast majority of iThing owners are unaware of lax mechanisms protecting their data. Data forensics expert and author …

  1. Someone Else Silver badge
    Facepalm

    Like, WOW, man!

    His study has also shown that a user's data may not be as safe as Cupertino is making out.

    Ya think? An American company surreptitiously placing "sekrit" access in its products? I'm shocked...shocked!!...I say....

    1. BillG
      Meh

      Re: Like, WOW, man!

      it's clear Apple owes customers some answers.

      Apple won't want to say anything, and if they are forced they will say something like it's part of their quality control and information is only used in the aggregate and users are not personally identified etc etc. Same ol' Apple B.S.

      1. adnim

        Re: Like, WOW, man!

        "it's clear Apple owes customers some answers."

        It's normal for a master to never answer to their slaves.

        1. Sir Runcible Spoon

          Re: Like, WOW, man!

          "it's clear Apple owes customers some answers."

          "it's clear Apple owns customers."

  2. Anonymous Coward
    Anonymous Coward

    Apple is a piece of shit, really..

    1. Anonymous Coward
      Anonymous Coward

      Android too, except it's actually real (if at least explicit)

      Your Android App requires the following permissions:

      1) Access to Everything

      2) I said Everything

      3) All of it...

      4) I might even make some long distance telephone calls, hope you don't mind.

      Six of one, half dozen of the other.

      1. Anonymous Coward
        Anonymous Coward

        Re: Android too, except it's actually real (if at least explicit)

        "

        1) Access to Everything

        2) I said Everything

        3) All of it...

        4) I might even make some long distance telephone calls, hope you don't mind.

        "

        5) User clicks Do Not Install and gets another app that does the same thing without requiring all those permissions.

  3. Khaptain Silver badge

    APIs

    >Of course, to access all these hidden tools you'd need access to the target's iPhone, and Apple's security is invincible, right? Not so fast there: Zdziarski has also uncovered a way to get around this that, while hard for hackers, wouldn't be too tough for law enforcement.

    I can only presume that this means "with some help from Apple".

    > it's clear Apple owes customers some answers.

    I doubt that Apple will provide much of anything to these kinds of findings, they have a new product about to be launched so their interests lie elsewhere for the moment.

    If Apple have these kinds of undocumented APIs, it is safe to presume that everyone else does too, whether it be with or without the NSAs blessing.

    API : ( Access to Privates Interface) - Don't let coders make you beleive that it means something else.

    1. oiseau
      Flame

      Re: APIs

      Hello:

      > If Apple have these kinds of undocumented APIs, it is safe to presume that everyone else does too,

      > whether it be with or without the NSAs blessing.

      Indeed ...

      Particularly the fellows at Redmond.

      And the XP/Win7 etc. 'end of life' putsch on behalf of MS is nothing but the polishing up of the back door tools to integrate them as seamlessly as possible into the OS.

    2. MicroNix

      Re: APIs

      Contrary to that, if this isn't explained by Apple, then the very launch they are so "focused" on could become the worst launch in their history.

      Ah, the advantages of a closed operating system (to anyone other than the consumer that is)

      1. serendipity

        Re: APIs

        The average consumer wouldn't know what an operating system is, let alone whether it's open or closed. And as the recent OpenSSL debacle has demonstrated, there's plenty of juicy 'accidental' back doors waiting to be exploited in open stuff as well!

    3. ilithium

      Re: APIs

      To be fair, though, if Android contained something like this we'd already know about it, assuming that the version that's put in phones is [almost] the same as the open source version.

      Whilst most people are probably not going to give a monkey's nut about these kind of things, it's a bit disconcerting, particularly in light of Apple ranting about how good a company they are.

      1. Anonymous Coward
        Anonymous Coward

        Re: APIs

        if Android contained something like this we'd already know about it, assuming that the version that's put in phones is [almost] the same as the open source version

        That's a rather massive "if", especially since its originator specialises in getting their grubby hands on any data they can scurry out of your life.

  4. David 14

    For security - consider BlackBerry

    That is as simple as it gets, really. I have been a longtime blackberry user who has decided to move to Android, but am doing so knowing that I am accepting much more risk in doing so. It means I will not store banking passwords, etc. on my mobile... and I will look to run anti-malware on my device.

    BlackBerry may not be as app-rich of an ecosystem, but the darned things are pretty solid in terms of core function, reliability and security..... or at least, that is what the USA's NSA want's us to think... lol.

    1. noodle heimer

      Re: For security - consider BlackBerry

      Blackberry rolls over for law enforcement on a regular basis. And there are few rollovers for law enforcement that aren't also accessible by hackers.

      http://en.rsf.org/blackberry-gives-way-to-pressure-11-10-2011,41159.html gives a summary of several instances of government pressure and varying degrees of caving.

      1. nematoad
        Headmaster

        Re: For security - consider BlackBerry

        "...a summary of several instances of government pressure and varying degrees of caving."

        What's speleology got to do with this?

        If you are going to use a cliche, at least get it right.

        It should be "... a summary of several instances of government pressure and varying degrees of caving in"

        1. Someone Else Silver badge
          Headmaster

          @nematoad -- Re: For security - consider BlackBerry

          It should be "... a summary of several instances of government pressure and varying degrees of caving in"

          Never end a sentence with a preposition.

          1. Graham Dawson Silver badge

            Re: @nematoad -- For security - consider BlackBerry

            Ending a sentence with a proposition is something up with which we shall not put!

            The phrase "cave in" is a non-hyphenated compound word that, whilst it might apparently contain the preposition "in", is not itself a preposition. A sentence ending with "cave in" is grammatically valid, though for clarity it might be best to hyphenate it as "cave-in".

            Never say never.

          2. Frankee Llonnygog

            Re: @nematoad -- For security - consider BlackBerry

            Actually, it's OK if the preposition is part of a phrasal verb. If not, the correct form might be something like:

            'varying degrees of inward caving'

          3. Faye Kane ♀ girl brain

            preppie positional phase

            ==-

            Two guys at a Boston streetcorner:

            MIT guy: Excuse me, can you tell me where the bookstore is at?

            Other guy: At HAH-vaad, we don't end a sentence with a preposition.

            MIT guy: [Looks down at sidewalk] You're right. I'll rephrase it. [Looks up] Can you tell me where the bookstore is at, ASSHOLE?

            —Faye Kane ♀ girl brain

            Sexiest astrophysicist you'll ever see naked

        2. Frankee Llonnygog

          Re: For security - consider BlackBerry

          Speleology? Spelunking, surely. You're merely an Ortsgruppen among grammar Nazis. Must try harder.

        3. Faye Kane ♀ girl brain

          HEY, SMARTMOUTH SMARTASS:

          Arrogant semiotic pedantics like this is why girls won't let you fu ck them. Even I won't, and I'm a geek myself. Stupid guys do everything fast and hard and brutally, with naught a whit of thought as to whether it's "correct."

          LEARN, Poindexter.

          You're supposedly good at that.

          ♥,

          -faye kane ♀ girl brain

          Sexiest astrophysicist you'll ever see naked

          Pix: tiny url dot com slash nakedfaye1

      2. Anonymous Coward
        Anonymous Coward

        Re: For security - consider BlackBerry

        Blackberry rolls over for law enforcement on a regular basis. And there are few rollovers for law enforcement that aren't also accessible by hackers.

        I hear good things of their implementation of QNX, though, and that's from people who I know to be thorough in their fact checking. I plan to check them out, provided they have adopted standards like IMAP and ActiveSync instead of this BES malarky - it's what put me off last time round.

        1. Anonymous Coward
          Anonymous Coward

          Re: For security - consider BlackBerry

          "I hear good things of their implementation of QNX, though, and that's from people who I know to be thorough in their fact checking. I plan to check them out, provided they have adopted standards like IMAP and ActiveSync instead of this BES malarky - it's what put me off last time round."

          IMAP and ActiveSync already there. I use ActiveSync on a Z10, seems to work very well. BB10 does a good job of messaging.

    2. Anonymous Coward
      Anonymous Coward

      Re: For security - consider BlackBerry

      Blackberry can't track one's location since their GPS receiver is as deaf as a tree stump (Playbook).

      Security through non-functionality.

  5. Graham Marsden
    Mushroom

    No comment about the article as such...

    ... but kudos for the Wargames reference :-)

    Shall we play a game?

    1. ilithium

      Re: No comment about the article as such...

      How about a nice game of chess? ;)

      1. MrT

        The reference seems deeper than that...

        ... the only game that teaches the best lesson is the one that isn't listed ;-)

      2. Faye Kane ♀ girl brain

        How about a nice game of chess?

        ==-

        > How about a nice game of chess?

        [Later] I'm sorry Frank, I think you missed it.

  6. tin 2
    Unhappy

    Might explain...

    ...why my 4S on iOS7 runs like dogshit. The OS is too busy recording details about every last packet that goes through it to devote any CPU or memory to the apps.

    1. Destroy All Monsters Silver badge
      Paris Hilton

      Re: Might explain...

      So who activated the sniffer?

      1. tin 2

        Re: Might explain...

        I did say *might*. Perhaps I will revert to my initial thoughts that Apple have forgotten how to code efficiently.

        Still stands: the OS is too busy & memory hungry for the apps to run anywhere near as well as they did on iOS 6.

  7. Bob Vistakin
    Facepalm

    You're securing it wrong

    Users are so damn stupid - won't they ever learn to use Apple's products correctly?

    1. Anonymous Coward
      Anonymous Coward

      Re: You're securing it wrong

      You gotta hold it the right way ;-)

    2. Carling

      Re: You're securing it wrong

      There is know way to secure any wall garden CrapApple devices. Never has been, Never will Be, Apple users are eye candy controlled zombies who can't think for themselves,

      Like Steve Jobs said "We control the widgets, The widgets control the widget users", Never did he speak truer words, has for me I don't use Apple, Facebook, Google or M$ products, I can think for and act for myself. Smartphones are for the not so smart people who haven't got the brains they were born with,

      1. Anonymous Coward
        Anonymous Coward

        Re: You're securing it wrong

        "There is know way to secure any wall garden CrapApple devices. Never has been, Never will Be, Apple users are eye candy controlled zombies who can't think for themselves"

        But at least they know the difference between know and no...

    3. Carling
      Megaphone

      Re: You're securing it wrong

      Quote:- Users are so damn stupid - won't they ever learn to use Apple's products correctly?

      Reply :- Don't kid yourself, There is only one way to use Apple product. That's the way Mac programmed it, to control their widget users, The only good Apple users are the ones that have jail broke theirs. They are the ones with common sense

      1. Anonymous Coward
        Anonymous Coward

        Re: You're securing it wrong

        "There is only one way to use Apple product. That's the way Mac programmed it"

        I love supporting Apple devices there's only one way to do things...the right way.

  8. Frank N. Stein

    Well, if Apple builds back doors into their products like everyone else, then having a closely guarded app store doesn't prevent the hackers from reverse engineering that back door info, does it? What's the point of choosing any platform for it's better security, if every platform is Swiss cheese, security wise, anyway?

    1. Anonymous Coward
      Anonymous Coward

      It doesn't matter how secure your phone is, you still have to connect it to a public facing network in order to use it. So the likes of Vodafone can track you, monitor your usage and sell your data to the advertisers. (as they are currently doing with their targeted advertising texts!) They are also more likely to respond to police inquiries about your usage at specific times than Apple/Google/Microsoft as well.

      1. Anonymous Coward
        Anonymous Coward

        It doesn't matter how secure your phone is, you still have to connect it to a public facing network in order to use it

        Yup, which produces some of that annoying meta data like location. However, a mobile device should treat *any* network as hostile for data connectivity, be it GPRS (remember that?), 3/4/nG or WiFi.

  9. Anonymous Coward
    Anonymous Coward

    No, they're not sekret spying tools

    pcapd - so top sekret it's been a documented developer tool for years

    https://developer.apple.com/library/mac/qa/qa1176/_index.html

    lockdownd - the daemon which provides information to things like device activation, DRM services, ability to use emergency call or connect to itunes

    http://theiphonewiki.com/wiki/Lockdownd

    mobile.file_relay - appears to be the service which supports applications sending and receiving files through itunes sharing or local network sharing. Here's someone's client implementation on github from 4 years ago.

    https://github.com/bryanforbes/libimobiledevice/blob/master/src/file_relay.c

    Calling these "undocumented" is simply incompetent, and bringing the NSA into it is just alarmist bull.

    1. diodesign (Written by Reg staff) Silver badge

      Re: No, they're not sekret spying tools

      "pcapd - so top sekret it's been a documented developer tool for years"

      No - the developer doc you linked to is about analyzing traffic from another device on the network, not by the device itself which is what pcapd does, allegedly. The doc you linked to says "iOS does not support packet tracing directly". That's contradicted by Jonathan's claims.

      The other things you link to are not documented by Apple officially (AFAIA). They may well have been known for a while. There's no harm in a serious security researcher joining up all the dots for everyone.

      Unless you're just happy doodle dandy with everything as it stands.

      C.

      1. Anonymous Coward
        Anonymous Coward

        Re: No, they're not sekret spying tools

        I've no issue with anyone asking Apple to explain things in more detail, and in the current environment all such companies need to allay fears about privacy, but the assumption that they're in bed with the NSA handing over all our data, based on not having an official explanation, is frankly ridiculous.

        It was the same with the discovery of a location cache, everyone blogged about how Apple was spying and the sky was falling in, until Apple explained what it was for and common sense ensued.

        "Unless you're just happy doodle dandy with everything as it stands" - pretty much, yes. "As it stands" there are some poorly documented, not secret functions and no evidence of any spying. Much as I might enjoy becoming a conspiracy loon in the absence of any real details on these functions I think I'll wait to see what Apple actually have to say.

        1. Anonymous Coward
          Anonymous Coward

          Re: No, they're not sekret spying tools

          pcap is the packet capturing library used by wireshark, and pretty much every other packet analysing tool on any platform.

          pcapd is a daemon, running on an iphone, that provides the possibility of doing packet captures on an iphone, ported to run on that platform, that's been demonstrated (by this guy) to allow you to do packet captures on the device, like anyone familiar with pcap would expect.

          Apple docco says there is no native way to do packet captures on iOs devices.

          EIther that's a lie, or some developer has gone rogue, and installed a pcap daemon in iOs without Apple knowing.

          Neither possibility bothers you? Cool.

          Bothers me.

          1. Anonymous Coward
            Anonymous Coward

            Re: No, they're not sekret spying tools

            Either that or that, eh? Thanks for clearing that up with impeccable logic and hard evidence.

            1. Anonymous Coward
              Anonymous Coward

              Re: No, they're not sekret spying tools

              Okay doke. What's your explanation for a packet capturing daemon in an operating system that the vendor says doesn't have one?

            2. Fred Flintstone Gold badge

              Re: No, they're not sekret spying tools

              @DMDeck16, Either that or that, eh? Thanks for clearing that up with impeccable logic and hard evidence.

              Given your earlier, much more nuanced reply I will assume you ran out of caffeine there :) - I think the question is valid (although I'd be grateful if someone could point me at the docs which confirm that "Apple docco says there is no native way to do packet captures on iOs devices" because it's AFAIK pretty much a standard diagnostics tool on any Unix-alike platforms).

              There is nothing wrong with raising questions, but I also agree with you that being all alarmist about it is stupid. However, that's what the press trained us to expect now - anything is either the end of the world or not worth reporting (reminds me of a clip that showed what a falling tea cup looks like in a US movie - it explodes - but sadly I cannot locate it on Youtube).

              I would like to see this sort of work done on *any* mobile platform. The only functional weapon against subversion is transparency.

              1. Anonymous Coward
                Anonymous Coward

                Re: No, they're not sekret spying tools

                Thankyou, caffeine reinstated. I suspect the pcap daemon has a legitimate use but is not officially supported for end users or it is used during internal development and should have been disabled. ie at best misunderstood, at worst cockup. But conspiracy is far more interesting and entertaining.

                I think Apple need to explain themselves pronto, but my point is that leaping to conclusions of conspiracy immediately makes all rational discussion that much more difficult. Eg another media outlet is reporting this as "Backdoors and surveillance mechanisms in iOS devices", another says "Your iPhone May Be Rigged to Spy on You" and so, tediously, on.

                The jury has spoken before the evidence has even been heard. It's tiresome because there are plenty of examples of privacy abuse taking place WITH evidence all over the place in IT, government, corporations, public sector, which hardly raise an eyebrow because they're not as sexy as the idea of iPhones and Apple spying on you.

                Apple's done an excellent job of managing security (see their latest whitepaper) but their propensity to stay tight lipped isn't going to see this one go away.

                http://www.apple.com/ipad/business/docs/iOS_Security_Feb14.pdf

                1. Anonymous Coward
                  Anonymous Coward

                  Re: No, they're not sekret spying tools

                  "I suspect the pcap daemon has a legitimate use but is not officially supported for end users or it is used during internal development and should have been disabled. ie at best misunderstood, at worst cockup"

                  Oh right, that's a much more convincing, evidence based assessment right there. You suspect. Cracking.

                2. Anonymous Coward
                  Anonymous Coward

                  Re: No, they're not sekret spying tools

                  "Apple's done an excellent job of managing security (see their latest whitepaper) "

                  They quite clearly haven't, if you've read this article. It's hard to argue that slant, against the evidence in the article.

                3. Faye Kane ♀ girl brain

                  Re: No, they're not sekret spying tools

                  ==-

                  > " there are plenty of examples of privacy abuse taking place WITH evidence all over the place in IT, government, corporations, public sector,"

                  That's exactly why we don't trust Apple. PARTICULARLY when they get caught and then stonewall us.

                  faye kane ♀ girl brain

              2. Anonymous Coward
                Anonymous Coward

                Re: No, they're not sekret spying tools

                @Fred Flintstone and @DMDeck16

                Do you guys not bother to read and understand either the article, the links in the article, or even the thread you're participating in, before posting comments?

                The docs that say "there is no native way to do packet captures on iOs devices" are linked in the article, and IN THIS THREAD YOU'RE REPLYING TO. The article author has also explained that's the case in this thread, again, in case you missed it.

                Here's the link for the third time, and the quote;

                https://developer.apple.com/library/mac/qa/qa1176/_index.html

                "iOS does not support packet tracing directly."

                1. Anonymous Coward
                  Anonymous Coward

                  Re: No, they're not sekret spying tools

                  "AFAIK (pcap is) pretty much a standard diagnostics tool on any Unix-alike platforms"

                  Not when you're building a consumer / business grade mobile phone it isn't. It really is not.

                  Show me another phone with a pcap daemon built into it, out of the box.

                  1. Anonymous Coward
                    Anonymous Coward

                    Re: No, they're not sekret spying tools

                    Nor it is installed by default on any Unix-alike platform - and not as a daemon. These are the tools that can break a lot of laws even in your home network if used improperly.

  10. Mark 85
    Alert

    So given this revelation and others lately including IARPA, NSA, GCHQ, et al... I guess we should be afraid... very afraid. Or maybe we should just rejoice and feel secure that these fine folks are looking out for us.

    1. Hans 1
      Coffee/keyboard

      @Mark85

      >Or maybe we should just rejoice and feel secure that these fine folks are looking out for us.

      You owe me a new keyboard!

  11. Lars Silver badge
    Unhappy

    I suppose

    What we can learn from this is that it's harder and harder to hide backdors in the code and at the same time it's ever as hard for big companies like Apple or why not Sony (back then) to grasp it. Rather funny really (to choose a stupid word) but how do those programmers doing the coding sell it, do they say, Y,es Sir, this software is undetectable with a straight face. If not, would they get the boot. Are only the big brands involved in this terrosist/snoopping psychosis. Why do I have this feeling that Big Brother is getting madder and madder, not because he needs to, but because there are more and more opportunities to get madder and madder in a world he has less and less ability to technically understan.

    1. Charles 9

      Re: I suppose

      The thing is, it's reaching the point where they don't NEED to hide it anymore. The government is such that no sense of privacy is increasingly the norm, and if you don't like it, you probably won't be doing much good anymore. IOW, by this point, the spooks don't care because they're EVERYWHERE.

      1. Anonymous Coward
        Coat

        Re: I suppose

        Well I guess I'd better give up using electronic devices for my secret project to infiltrate ECHELON and obfuscate their traffic.

        Hang on, there's someone at the door...

    2. Anonymous Coward
      Anonymous Coward

      Re: I suppose

      Rather funny really (to choose a stupid word) but how do those programmers doing the coding sell it, do they say, Y,es Sir, this software is undetectable with a straight face.

      Could you detect it with a bent face, then?

  12. Crisp

    You don’t just type 'Joshua' for full access.

    Hmmm, A password with 50 trillion combinations....

    I'll try Geoff.

    1. Fred Flintstone Gold badge

      Re: You don’t just type 'Joshua' for full access.

      Upvote for the Eddie Izzard reference :)

  13. Alan Denman

    And Apple get the green light whereever sold

    Obviously, regimes, inlcuding the one that protects the US need to have some control over their population.

    Secret societies do not exist for our benefit, so at times it can be said to be for our benefit too.

    1. Anonymous Coward
      Anonymous Coward

      Re: And Apple get the green light whereever sold

      You believe they are there because the government, I believe they are there mostly to exfiltrate data for business purposes. I believe the marketing department at Apple has more to say about it than the NSA or whatever else.

  14. Caesarius
    Stop

    Raw Data

    "The data is also in too raw a format to be of any use to a Genius Bar tech support team."

    I am offended that he seems to be trying to pull the wool over my eyes. OK, most Genius Bar staff might be unable to hack the raw data, but the implication is that no-one can hack it.

    There are, after all, code breaking competitions where the challenge is to decrypt a block of raw data.

    1. Richard 22

      Re: Raw Data

      I think you misunderstand - he's saying that the data is not of direct use to the Genius Bar tech support in their day-to-day activities of supporting users. He's not saying that they (or anyone else) would be incapable of putting together a tool to extract said data and use it for other purposes, rather that there doesn't seem to be a legitimate use for the data for tech support.

      That's how I read it anyway.

    2. Irongut

      Re: Raw Data

      No he's pointing out that an Apple Genius is anything but. Those mouth breathing sales people are not true techies. A true tech could hack it no bother.

  15. Anonymous Coward
    Anonymous Coward

    Thats it

    Im banning my girlfriend from running her idevices on my wifi.

    1. Anonymous Coward
      Anonymous Coward

      Re: Thats it

      HAH!!

      Good luck with that!

    2. Hans 1

      Re: Thats it

      >Im banning my girlfriend from running her idevices on my wifi.

      Time for a BB Z30 ?

    3. Anonymous Coward
      Anonymous Coward

      Re: Thats it

      As long as she doesn't ban you on running your idevice on her...

  16. Tom 38

    "I don’t buy for a minute that these services are intended solely for diagnostics. The data they leak is of an extreme personal nature. There is no notification to the user. A real diagnostic tool would have been engineered to respect the user, prompt them like applications do for access to data, and respect backup encryption."

    Don't recall any of those features in gdb or Dr Watson tbh..

  17. Anonymous Coward
    Anonymous Coward

    What makes him a "forensic scientist"?

    He analyses how iphones work, hacks banks, does pentests, etc.

    Where does the forensic science part come in?

    1. John Gamble
      Headmaster

      Dictionaries Still Exist

      "What makes him a "forensic scientist"?

      "He analyses how iphones work, hacks banks, does pentests, etc."

      Forensic:

      adj. Relating to, used in, or appropriate for courts of law or for public discussion or argumentation.

      adj. Of, relating to, or used in debate or argument; rhetorical.

      adj. Relating to the use of science or technology in the investigation and establishment of facts or evidence in a court of law: a forensic laboratory.

      1. Anonymous Coward
        Anonymous Coward

        Re: Dictionaries Still Exist

        Ah, okay, it means he gets called to be an expert witness in court cases. Good enough.

  18. Anonymous Coward
    Anonymous Coward

    DIagnostic?

    It's kind of funny how tools that are supposed to help enterprise IT department are not documented anywhere.

    So let's pretend I'm in IT for a large enterprise, let's pretend I specialised in mobility and iOS, those tools might be very useful for me, and I might even have inquired about the possibility of running a pcap on my devices, I suspect Apple would have volunteered that information as of course I'm their exact target audience for those tools (according to their PR / media disaster recovery service)?

    I suspect I don't need to tell you that strangely enough none of those have ever been mentioned.

    Anonymous coward as I might not like Apple's men in black (maybe they already erased me once about the pcapd!).

    1. DrGoon

      Re: DIagnostic?

      Apple does a good deal of its business with 'enterprise IT departments' behind the closed doors of confidential meetings that are protected by legally binding non-disclosure agreements. What they sell to one 'enterprise IT department' may not be the same as what they sell to another 'enterprise IT department'. It's quite possible that the secret utilities buried in the iOS are for the use of one 'enterprise IT department' and that they feel compelled to make them generally available due to the nature of 'bring your own device' policies within that enterprise.

      Of course it could also well be the case that the 'enterprise IT department' in question is that which serves 'the corporation' better known as a three letter agency.

  19. Slrman

    Nope, no iPhones for me

    One more reason why I do not and will not have an Apple phone or tablet. I do have an iMac a by now elderly 2008 model. my phone and my tablet are from LG and Samsung, respectively.

    Yes, I know they may have their secrets, too. But Apple seems to be increasingly underhanded with their spying. If they need it for "Analysis and Diagnostics" why don't they install it only of devises it provides to employees? Alternately, they could provide then free or at low cost to people that agree to that level of intrusiveness?

    When you have to hide what you're doing, it's a good sign that you know you shouldn't be doing it.

  20. Anonymous Coward
    Anonymous Coward

    One more reason why I do not and will not have an Apple phone or tablet. I do have an iMac a by now elderly 2008 model. my phone and my tablet are from LG and Samsung, respectively.

    Hahaha - and you really think those are better? Either platform has problems, and these reports need independent confirmation first - and decent answers.

  21. rvt

    if apple had something to hide they wouldn't have put pcap in it's name.

    So it's:

    1) honeypot

    2) nothing to be worried about

    make your pick

  22. Christian Berger

    What did you expect?

    Apple is one of the few companies that doesn't give out their source code. What other reason, except for betraying the user can there be for this?

    I think we should ban binary only software. It's not just to much of a security risk, it's also a question of consumer rights. If I buy a car or a vacuum cleaner I have every right to modify it in any way I want. Why don't I have that right with software? Why can't I just patch out features I don't like or patch in features I'd like to have?

    1. psyq

      Re: What did you expect?

      Nobody is stopping you from modifying software you purchased, but nobody is forced to provide you with everything needed for the most convenient way. With binary code, you'll have to do it in assembler but nobody stops you in principle.

      Did your vacuum cleaner company give you the production tooling and source files used to build the vacuum? No? Did your car vendor hand the source code for the ECU? Did they give you VHDL code for the ICs? Assembly instructions? No? Bas*ards!

      As far as for banning, I'd first start with banning stupidity. But, for some reason it would not work.

    2. ckm5

      Re: What did you expect?

      https://www.apple.com/opensource/

      See also http://en.wikipedia.org/wiki/Darwin_(operating_system)#Release_history

  23. 101

    This is what happens when you bite the Apple....

    Re: The hacks "...are not deliberately provided for government agencies to exploit. Instead, they are for "diagnostic" purposes and to allow enterprise IT bods to manage workers' devices."

    Sounds like an NSA PR lawyer wrote the response. One interpretation could be Apple wants to ensure employers who provide devices to workers can "manage" them (workers?). Bizarre, no?

    Of course full access for every government in the world is a possibility, too.

    Whatever is going on we know one thing:

    Don't trust Apple.

  24. Anonymous Coward
    Anonymous Coward

    >> "pcapd - so top sekret it's been a documented developer tool for years"

    > "No - the developer doc you linked to is about analyzing traffic from another device on the network, not by the device itself which is what pcapd does, allegedly. The doc you linked to says "iOS does not support packet tracing directly". That's contradicted by Jonathan's claims."

    I was right. In http://support.apple.com/kb/HT6331 Apple references the exact same developer document and explains where pcapd fits in.

    1. Anonymous Coward
      Anonymous Coward

      Unfortunately that doesn't prove you "were right", it just proves that both you and the person who wrote apple's response don't understand what you're talking about. Sorry. Or possibly Apple hope nobody asks why that response doesn't address the concerns that were raised. At all.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like