Jonathan Zdziarski's HOPE X talk, Identifying Backdoors, Attack Points, and Surveillance Mechanisms in iOS Devices, suggests that hundreds of millions of Iphone and Ipad devices ship from Apple with intentional back-doors that can be exploited by law enforcement, identity thieves, spies, and employers.
The original paper (paywall), published in Elsevier's Digital Investigation sparked a non-denial denial from Apple, basically admitting that the back-doors were there, but misleadingly suggesting that they were only for enterprise administration.
But as you can see from Zdziarski's slides (PDF), neither this nor other excuses really hold water. The backdoors are actively maintained code that can be accessed over networks, possibly over cellular networks, without developer tools, and even on devices that are not in enterprise mode. The backdoors expose deep and sensitive data that is nominally encrypted and locked, and there are tools and systems in the field that rely on them, including law-enforcement tools for slurping up data from people who've been detained -- a practice the Supreme Court recently held to be illegal.
Additionally, Zdziarski points out that some NSA leaks reference a secret tool called DROPOUTJEEP, for attacking Ios devices; he speculates that this backdoor may be the key to DROPOUTJEEP's functionality.
Questions for Apple:
Why is there a packet sniffer running on 600 million
personal iOS devices instead of moved to the developer
Why are there undocumented services that bypass user
backup encryption that dump mass amounts of personal
data from the phone?
Why is most of my user data
not encrypted with the
PIN or passphrase, enabling the invasion of my personal
privacy by YOU?
Why is there still no mechanism to review the devices my
iPhone is paired with, so I can delete ones that don’t
Salesforce.com and Google are two of the technology giants who have expressed interest in a possible buyout of the struggling social media firm Twitter, according to various reports. Reuters describes today’s news leak as “the start of what is likely to be a slow-rolling auction of the high-profile but money-losing social media company.” CNBC reported […]
Robert Croucher owns Hatton & Berkeley, a firm that sent “speculative invoices” to people it accused of illegally downloading the Robert Redford movie “The Company You Keep” — letters so egregious that Lord Lucas described the company as “scammers” and the letters as “extortion,” urging Britons to “put them in the bin.”
Normally, companies that give “performance pay” to their execs can only write off the first $1M: but when Wells Fargo gave $125M to Carrie Tolstedt (shown above receiving American Banker’s 2010 award for being “the most powerful woman in banking”) as she “retired” after overseeing a 5-year period in which Wells Fargo’s top brass were […]
If you own a dog, you’ve most likely heard of BarkBox – the monthly subscription box for dogs. What started as a simple idea to try out the subscription model on pet owners has since developed a cult following of dog lovers. If you haven’t given it a try yet, this one month free deal is the […]
With the iPhone headphone jack having gone by the wayside, we’re excited about the addition of the FRANKLIN Bluetooth Headphones in our store. These headphones are foldable so they’re easy to carry around, but most importantly, they pack impressive sound. Our biggest struggle with Bluetooth headphones is the worry of them dying at the worst moment. This pair lasts an impressive 8-10 […]
Evan Kimbrell, founder of the digital agency Sprintkick, recently released a series of online courses that feature some of the best advice we’ve come across. These courses are well worth your time, and will save you from making many typical mistakes down the line if you ever want to start your own business.With this Business […]