Apple can extract personal information including text messages, photos and contact lists from iPhone users, without the smartphone owner even being aware that their data is being mined, researchers have revealed.
It isn't the first time in recent weeks that iPhone security has been called into question. Earlier this month, Apple was forced to respond to accusations from Chinese state-run broadcaster CCTV that the iPhone represents a threat to China's national security.
The security loopholes, which until now hadn't been publicised by Apple, allow the firm's employees to access data stored on the device, circumventing even encrypted information. Apple hadn't previously spoken of its ability to extract personal data from iPhones, but has since insisted the practice is made available in an effort to help engineers.
Personal information about an iPhone user can be drawn from computers to which the device has previously been connected, security researcher Jonathan Zdziarski revealed during a recent presentation. In theory, it means the practice creates a back door for law enforcement to mine personal information from an iPhone, without the knowledge of the person of interest.
Zdziarski also pointed out how users aren't notified about how the iPhone is able to extract this personal information and that there's no way of knowing which computers have previously been paired with the device as a trusted connection.
"There's no way to `unpair' except to wipe your phone," Zdziarski explained during a presentation about his discovery at the Hackers on Planet Earth conference, in which he demonstrated what information could be extracted from an unlocked phone by a trusted computer.
Some have argued that the technique, combined with Apple's previous non-disclosure of it, can be viewed as evidence of the firm collaborating with the National Security Agency's surveillance programmes. However, Apple has quickly moved to deny this accusation.
"We have designed iOS so that its diagnostic functions do not compromise user privacy and security, but still provide needed information to enterprise IT departments, developers and Apple for troubleshooting technical issues," Apple said in a statement.
"A user must have unlocked their device and agreed to trust another computer before that computer is able to access this limited diagnostic data."
However, following the technique's disclosure to the public by Zdziarski, Apple has posted information about it on its website for the first time. The disclosure goes a little way to answering concerns voiced by Zdziarski, who said the practice saw Apple gathering much more information than it needed and with too little disclosure.
This paper seeks to provide education and technical insight to beacons, in addition to providing insight to Apple's iBeacon specification
Focus on cost efficiency, simplicity, performance, scalability and future-readiness when architecting your data protection strategy