The last sentence, which is the one Ritchie emphasized in his headline and at the top of his blogpost, is very carefully worded. Zdziarski doesn't allege that Apple worked with the NSA, or any other agency, to create a backdoor. He alleges that Apple itself created undocumented services, which can be used by Apple, and potentially by someone like the NSA, to extract personal data.
Zdziarski did his own parsing of the Apple statement, in a new post on his blog: "[I]t looks like Apple might have inadvertently admitted that, in the classic sense of the word, they do indeed have back doors in iOS, however [they] claim that the purpose is for 'diagnostics' and 'enterprise.'"
Ritchie succinctly summarizes the mechanism identified by Zdziarski, which involves two explicit decisions by the end user: "When you connect your iPhone or iPad to iTunes on Mac or Windows -- and choose to trust that computer -- a pairing record is created that maintains that trust for future connections. Zdziarski claimed that if someone takes physical possession of that computer, they can steal those pairing records, connect to your device, and retrieve your personal information and/or enable remote logging. If they don't have your computer, Zdziarski claimed they can try and generate a pairing record by tricking you into connecting to a compromised accessory, like a dock (juice jacking), and/or by using mobile device management (MDM) tools intended for [the] enterprise to get around safeguards like Apple's Trusted Device requestor."
In his own post, Zdziarski repeats his contention that pairing records can be stolen in all kinds of ways, and acknowledges that every operating system has legitimate diagnostic capabilities. But he's not convinced by the Apple statement.
"I don't buy for a minute that these services are intended solely for diagnostics," he writes. "The data they leak is of an extreme personal nature. There is no notification to the user. A real diagnostic tool would have been engineered to respect the user, prompt them like applications do for access to data, and respect backup encryption. Tell me, what is the point in promising the user encryption if there is a back door to bypass it?"
In a separate post, Zdziarski says he is not accusing Apple of working with the NSA nor is he "suggesting some grand conspiracy."
"[T]here are, however, some services running in iOS that shouldn't be there, that were intentionally added by Apple as part of the firmware, and that bypass backup encryption while copying more of your personal data than ever should come off the phone for the average consumer," he writes. "I think at the very least, this warrants an explanation and disclosure to the some 600 million customers out there running iOS devices....My hope is that Apple will correct the problem. Nothing less, nothing more. I want these services off my phone. They don't belong there."
Sign up for CIO Asia eNewsletters.