Jonathan Zdziarski's HOPE X talk, Identifying Backdoors, Attack Points, and Surveillance Mechanisms in iOS Devices, suggests that hundreds of millions of Iphone and Ipad devices ship from Apple with intentional back-doors that can be exploited by law enforcement, identity thieves, spies, and employers.
The original paper (paywall), published in Elsevier's Digital Investigation sparked a non-denial denial from Apple, basically admitting that the back-doors were there, but misleadingly suggesting that they were only for enterprise administration.
But as you can see from Zdziarski's slides (PDF), neither this nor other excuses really hold water. The backdoors are actively maintained code that can be accessed over networks, possibly over cellular networks, without developer tools, and even on devices that are not in enterprise mode. The backdoors expose deep and sensitive data that is nominally encrypted and locked, and there are tools and systems in the field that rely on them, including law-enforcement tools for slurping up data from people who've been detained -- a practice the Supreme Court recently held to be illegal.
Additionally, Zdziarski points out that some NSA leaks reference a secret tool called DROPOUTJEEP, for attacking Ios devices; he speculates that this backdoor may be the key to DROPOUTJEEP's functionality.
Questions for Apple:
Why is there a packet sniffer running on 600 million
personal iOS devices instead of moved to the developer
Why are there undocumented services that bypass user
backup encryption that dump mass amounts of personal
data from the phone?
Why is most of my user data
not encrypted with the
PIN or passphrase, enabling the invasion of my personal
privacy by YOU?
Why is there still no mechanism to review the devices my
iPhone is paired with, so I can delete ones that don’t
James Cawley is a 50 year old Elvis impersonator from Ticonderoga, NY; his friend William Ware Theiss was costume-designer for the original Star Trek series, and left Cawley the blueprints for the original Star Trek Enterprise sets in his will — so Cawley rented out a 13,000 sqft shuttered supermarket and built an exquisite replica […]
For the past week, Naked Capitalism has run a series of articles by transportation industry expert Hubert Horan on the economic shenanigans of Uber, which cooks the numbers it shows investors, drivers and the press to make it seem like something other than a black box that uses arrogance and lawlessness to make a bet […]
If you’re one of the 60% of Pebble employees who didn’t get a job offer from Fitbit, the company’s new owner, you’re probably not having a great Christmas season — but that trepedation is shared by 100% of Pebble customers, who’ve just learned (via the fine print on an update on the Pebble Kickstarter page) […]
The Boing Boing Store’s Gift Guide is full of ideas for pretty much anyone in your life like hipster ice cub trays, Xbox controllers, Halo Boards, and even diamond necklaces. As always, all products in the Boing Boing Store come at great discounts, too. Shop by price bucket starting at under $20. Under $20:Bloxx Jumbo Ice Trays […]
Unlike traditional lighters, the SaberLight features an electronic plasma beam that’s both rechargeable and butane-free. This sleek lighter is even approved by TSA, so you’ll never be stuck buying lighters you’ll just have to throw away partially used. For some people, like me, this is a pretty big game-changer. The SaberLight’s beam is actually both hotter and cleaner […]
Holiday shopping is in full swing, and the Striiv Touch is one of the best gift ideas I’ve landed on. Its simple design works for females and males, and its wide range of features makes it suitable for even the non-fitness enthusiasts in your life.Unlike traditional fitness trackers, the Striiv Touch also acts as a smartwatch. It […]