Jonathan Zdziarski's HOPE X talk, Identifying Backdoors, Attack Points, and Surveillance Mechanisms in iOS Devices, suggests that hundreds of millions of Iphone and Ipad devices ship from Apple with intentional back-doors that can be exploited by law enforcement, identity thieves, spies, and employers.
The original paper (paywall), published in Elsevier's Digital Investigation sparked a non-denial denial from Apple, basically admitting that the back-doors were there, but misleadingly suggesting that they were only for enterprise administration.
But as you can see from Zdziarski's slides (PDF), neither this nor other excuses really hold water. The backdoors are actively maintained code that can be accessed over networks, possibly over cellular networks, without developer tools, and even on devices that are not in enterprise mode. The backdoors expose deep and sensitive data that is nominally encrypted and locked, and there are tools and systems in the field that rely on them, including law-enforcement tools for slurping up data from people who've been detained -- a practice the Supreme Court recently held to be illegal.
Additionally, Zdziarski points out that some NSA leaks reference a secret tool called DROPOUTJEEP, for attacking Ios devices; he speculates that this backdoor may be the key to DROPOUTJEEP's functionality.
Questions for Apple:
Why is there a packet sniffer running on 600 million
personal iOS devices instead of moved to the developer
Why are there undocumented services that bypass user
backup encryption that dump mass amounts of personal
data from the phone?
Why is most of my user data
not encrypted with the
PIN or passphrase, enabling the invasion of my personal
privacy by YOU?
Why is there still no mechanism to review the devices my
iPhone is paired with, so I can delete ones that don’t
In the age of Internet, discussions about the federal government and its functions are informed by and rely on our unprecedented access to federal documents. Anyone can freely view public records online, such as proposed Congressional legislation and presidential executive orders. Accessing public court documents, however, is a bit trickier. As Katherine Mangu-Ward wrote for the Wall Street Journal in 2011, “no aspect of government remains more locked down than the secretive, hierarchical judicial branch.”
It’s not just that smart cars’ Android apps are sloppily designed and thus horribly insecure; they are also deliberately designed with extremely poor security choices: even if you factory-reset a car after it is sold as used, the original owner can still locate it, honk its horn, and unlock its doors.
Josh Jacobson is a Nintendo cartridge hacker who makes homebrew cartridges for games that were never released for NES/SNES, complete with label art and colored plastic cases that makes them look like they came from an alternate universe where (for example), there was a Nintendo version of Sonic the Hedgehog.
Having a luxurious bed isn’t just a fairy tale from a catalog; it is a real, affordable possibility with offerings like this Olive+Owen bedroom set. If you’re thinking of doing some “spring cleaning”, this bed set is an easy way to completely upgrade your room in one purchase.This 20-piece collection has all of the expected slumberland elements, […]
Python is immensely popular in the data science world for the same reason it is in most other areas of computing—it has highly readable syntax and is suitable for anything from short scripts to massive web services. One of its most exciting, newest applications, however, is in machine learning. You can dive into this booming […]
Learning new skills is a great way to improve your resume and stand out from other candidates. Especially in a workforce in which many job-seekers have a wide variety of qualifications. With lifetime access to Virtual Training Company, you won’t have to choose a specific focus. You can pick up new expertise whenever you deem it […]