Apple is known for its better security than others, but a security reseacher has found a way to hack an iPhone which completely allows to something like hijack the iPhone.
A backdoor that Apple itself built into iOS for developers allows to spy on iPhones and iPads by governments, hackers, cyber criminals, according to the researcher Jonathan Zdziarski.
How it is Possible?
It is possible to see what is going on in the iOS devices through exploiting that backdoor, and to exploit that —the device must be synced to another computer via a feature called iOS Pairing.
Once it is paired to PC or a Mac, the device exchanges keys and certificates to establish an encrypted SSL tunnel, and then the device keys which are stored on the synced system, never deleted unless the iOS device is wiped with a Factory Reset.
This successful practical allows an attacker to locate and connect to your iOS device via Wi-Fi, these keys can be easily stolen through a spyware on the computer.
Researcher, Zdziarski shared this serious practical at the HOPE X hacker conference on 18 July to state that Apple’s backdoor give access to personal data that’s beyond what developers or Apple itself need.
Upon further talk on this topic, he also discussed about the Former NSA Employee, Edward Snowden, he said—NSA had used backdoors in iPhone, Android and BlackBerry, so, the NSA may have used Apple’s backdoors for easy access to iPhones and iPads.
On this serious issue, Apple issued a statement, about the access through pairing:
We have designed iOS so that its diagnostic functions do not compromise user privacy and security, but still provides needed information to enterprise IT departments, developers and Apple for troubleshooting technical issues.
A user must have unlocked their device and agreed to trust another computer before that computer is able to access this limited diagnostic data. The user must agree to share this information, and data is never transferred without their consent.
As we have said before, Apple has never worked with any government agency from any country to create a backdoor in any of our products or services.
In the statement, Apple denies any relation with the NSA, but on this researcher said, I don’t think Apple is in cahoots with the NSA, but these features (or bugs) should not be in iOS.
Apple’s seeming admission to having these back doors, however legitimate a use they serve Apple, unfortunately have opened up some serious privacy weaknesses as well.
I think at the very least, this warrants an explanation and disclosure to the some 600 million customers out there running iOS devices.
Let’s see what happens in the Next Apple iOS update, but it is clear that this bug is a serious issue for a highly secure iOS and it also Would have been used by NSA to spy on iOS devices, or being used.