Apple has issued a statement in response
to the allegations saying that the company's,
"diagnostic functions do not
compromise user privacy and security," but Zdziarski has
responded by noting that these
services "dish out data" regardless of whether the user has
agreed to diagnostics.
"There is no way to disable these
mechanisms," Zdziarski writes on his personal blog. "This makes
it much harder to believe that Apple is actually telling the
The backdoors reportedly cover a range
of hidden tools and protocols that activate with "paired" computers
- machines connected to an iPhone or iPad via USB that the user has
granted security access to.
Apple says that this allows individuals
and businesses to manage their devices, but Zdziarski has pointed
out that the system offers unecrypted access to users' online
log-ins, contacts and web history and could be compromised by anyone
with access to the same Wi-Fi network.
"Pairing records can be stolen a
number of different ways, ranging from a shared coffee shop
computer to an ex-lover whose computer you used to trust,"
The Register speculates that
the protocols are there to conform with America's 1994
Communications Assistance for Law Enforcement Act - legislation that
requires technology companies to maintain backdoors for the benefit
of law enforcement agencies.
Zdziarski, however, told the site that
the level of access Apple provides "exceeds anything that law
The allegations could be especially
damaging for Apple in China, where the national broadcaster CCTV
recently suggested that the iPhone's ‘Frequent Locations' feature
a threat to national security.
Apple refutes Chinese security claims
Apple has responded by repeating that it
"never worked with any government
agency from any country to create a backdoor in any of our
products or services".
Zdziarski has since repeated his
assertions that the amount of information offered by these backdoors
"These services break the promise
that Apple makes with the consumer when they enter a backup
password; that the data on their device will only come off the
"The consumer is also not aware of
these mechanisms, nor are they prompted in any way by the
device. There is simply no way to justify the massive leak of
data as a result of these services, and without any explicit
consent by the user."
He adds that he is in no way accusing
Apple of working directly with security agencies but that he
"some of these services may have
been used by [the] NSA to collect data".