iPhone/iPad sales reps never have to ask that question. Every iPhone and IPad has a built-in backdoor. Accessible over any Wi-Fi network. How convenient.
BTW, this is not a bug, it is a feature. According to John Zorabedian, Apple calls it a “diagnostic function.” In other words, this is no accidental bug, this is a feature!
See John’s complete report at: iSpy? Researcher exposes backdoor in iPhones and iPads.
After you read John’s post, re-blog it or point to it on Apple/iPhone/iPad forums, lists, etc.
Perhaps the default screen on iPhones and iPads should read:
You are in a crowded shopping mall. You are naked.
Just to remind users of the security status of these Apple devices.
If you create a topic map on hardware/software security, iPhones and IPads are of type: insecure.
UPDATE: The Apple backdoor that wasn’t by Violet Blue.
From Violet’s post:
Since Mr. Zdziarski presented “Identifying back doors, attack points, and surveillance mechanisms in iOS devices“, his miscasting of Apple’s developer diagnostics as a “backdoor” was defeated on Twitter, debunked and saw SourceClear calling Zdziarski an attention seeker in Computerworld, and Apple issued a statement saying that no, this is false.
In fact, this allegedly “secret backdoor” was added to diagnostic information that has been as freely available as a page out of a phone book since 2002.
Interesting. So if you are called an “attention seeker” in Computerworld and a vendor denies your claim, the story is false?
In the Computerworld account:
Apple swiftly rejected Zdziarski’s accusations, pointing out that end users are in complete control of the claimed hacking process — the person owning the device must have unlocked it and “agreed to trust another computer before the computer is able” to access the diagnostic data the claimed NerveGas attack focuses on.
Isn’t that what Zorabedian said:
For the backdoor to be exploited by a spy, your iDevice needs to be synced to another computer via a feature called iOS pairing.
Once your iDevice is paired to your PC or Mac, they exchange encryption keys and certificates to establish an encrypted SSL tunnel, and the keys are never deleted unless the iPhone or iPad is wiped with a factory reset.
That means a hacker could insert spyware on your computer to steal the pairing keys, which allows them to locate and connect to your device via Wi-Fi.
Sounds to me like Apple and Zorabedian agree on the necessary conditions for the exploit.
Curious that Violet Blue jumps over the technical agreement between Apple and Zorabedian to take the later to task for name calling and attention seeking. The latter accusation being too ironic for words.