Hidden iOS Services Bypass Security


(Click image for larger view and slideshow.)


Apple's iPhone and iPad run undisclosed services that allow security features to be bypassed, according to a prominent computer security researcher.


In a presentation at the HOPE/X hacking conference in New York on Friday, forensic researcher Jonathan Zdziarski described several undocumented iOS services that can function backdoors, allowing ostensibly encrypted data to be accessed and subverting user privacy.


[It's round two for an old type of virus you thought was dead. Read Retro Macro Viruses: They're Baaack.]

Zdziarski in a blog post stresses that he is not accusing Apple of working with the NSA, but he voices suspicion that the NSA might have used some of these services to access data on iOS devices, as described in a recent Der Spiegel report.


'I am not suggesting some grand conspiracy,' Zdziarski explains. 'There are, however, some services running in iOS that shouldn't be there, that were intentionally added by Apple as part of the firmware, and that bypass backup encryption while copying more of your personal data than ever should come off the phone for the average consumer.'


Zdziarski says he hopes Apple will correct the issue because these services should not be present. He claims to have emailed both CEO Tim Cook and former CEO Steve Jobs about these 'backdoors,' some of which have existed for years, and to have received no response.


In a paper describing his findings, the services com.apple.pcapd and com.apple.mobile.file_relay are among the most questionable code routines that Zdziarski discusses. The former launches a silent packet sniffer that allows the the client to copy the network traffic and HTTP header data coming in and out of the device. The latter accepts a list of requested data sources, and delivers an archive of the data requested, bypassing Apple's built-in backup encryption system in the process.



These services and related ones, which have been augmented over the years by Apple, appear to represent an effort to provide law enforcement agencies with easier access to device data. Yet it's accepted wisdom among computer security experts that backdoors are a bad idea because they're potentially exploitable by anyone -- investigators, intelligence agencies, or cyber criminals.


'When parties communicate using services with [lawful intercept] features, there is an increased likelihood that an unauthorized and/or malicious adversary with the right technical knowledge and access to the system could capture communications contents without detection,' a Center for Democracy and Technology report noted last year.


Zdziarski questions why Apple allows a packet sniffer to run on some 600 million iOS devices, why there are undocumented services that bypass user backup encryption, and why most iOS user data is still not encrypted to protect it from Apple.


Nobody wants to be the next data breach headline. But ensuring that cyber-security defenses are operating effectively and efficiently is a monumental challenge given the sheer volume of information coming at us. Here's how to streamline your program. Get the Metrics That Work: Practical Cyber-Security Risk Measurements report today (registration required).

Apple did not respond to a request for comment.


Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful ... View Full Bio


Comments

Post a Comment

Popular posts from this blog

5 Reasons iPhone 6 Won't Be Popular

Image
The majority of users are waiting for the next smartphone from Apple - iPhone 6 – this year. Unfortunately, the hype around iPhone began to gradually subside with each passing year after the 4th model launched. Therefore, it is possible that the sixth iPhone model of  will not be nearly as popular as it was in the beginning. Global audience perceived iPhone 4S and iPhone 5 much cooler than its early models New iPhones will not cause that “wow”-effect, which was in the beginning, when Steve Jobs' presentations caused a delight and admiration of every new Apple gadget. Some leaked photos of iPhone 5S prototype show that it does not differ from its predecessor at all. Therefore, all hopes for something radically new in design and features are laid on iPhone 6. And if Apple is no longer holds its standards, that seem to be a little bit old-fashioned already, it is unlikely that iPhone 6 will be interesting for people next year. 5 main reasons can be found to think like
Read more

Eset nod32 ativirus 6 free usernames and passwords

Image
                              Hi friends,after little long time I'm going to write again about eset nod 32 antivirus.As I told in previous post if you are user on windows 8 Eset nod 32 is the best antivirus for your personal computer.the latest product eset nod 32 antivirus 6 has special features with 100% really working.Not need to purchase full version from buying it.Download the eset nod 32 trial version and activate your est antivirus from below updated usernames and passwords. Firstly I would like to tell something about est nod32 antivirus 6. The latest product having: Eset smarter scan  Scan while downloading something Anti-Theft Idle-state scanning Clean and safe E-mail Removable media security system tools         Download Eset nod32 antivirus 6 Trial version Here     After downloading Eset nod32 Antivirus activate it using below usernames and passwords. Username: EAV-30326836                                       Password: ccka4dvsuv Expire: 16-10-2013 Username:EAV-79084
Read more

Apple's self

USA TODAY Apple's self-driving car racing toward reality, report saysUSA TODAYSAN FRANCISCO - Apple's self-driving car effort, code-named Project Titan , is more reality than rumor, according to documents obtained by the British newspaper The Guardian. Engineers working for the Cupertino-based tech hardware giant met in May with ...Apple Is Getting Closer to a Self-Driving CarTIMEApple is reportedly looking at places to test its self-driving carThe VergeApple eyes former naval base in California to test 'Project Titan' self ...Apple InsiderThe Independent -Business Insider -Cult of Macall 10 news articles »
Read more