Jonathan Zdziarski's HOPE X talk, Identifying Backdoors, Attack Points, and Surveillance Mechanisms in iOS Devices, suggests that hundreds of millions of Iphone and Ipad devices ship from Apple with intentional back-doors that can be exploited by law enforcement, identity thieves, spies, and employers.
The original paper (paywall), published in Elsevier's Digital Investigation sparked a non-denial denial from Apple, basically admitting that the back-doors were there, but misleadingly suggesting that they were only for enterprise administration.
But as you can see from Zdziarski's slides (PDF), neither this nor other excuses really hold water. The backdoors are actively maintained code that can be accessed over networks, possibly over cellular networks, without developer tools, and even on devices that are not in enterprise mode. The backdoors expose deep and sensitive data that is nominally encrypted and locked, and there are tools and systems in the field that rely on them, including law-enforcement tools for slurping up data from people who've been detained -- a practice the Supreme Court recently held to be illegal.
Additionally, Zdziarski points out that some NSA leaks reference a secret tool called DROPOUTJEEP, for attacking Ios devices; he speculates that this backdoor may be the key to DROPOUTJEEP's functionality.
Questions for Apple:
Why is there a packet sniffer running on 600 million
personal iOS devices instead of moved to the developer
Why are there undocumented services that bypass user
backup encryption that dump mass amounts of personal
data from the phone?
Why is most of my user data
not encrypted with the
PIN or passphrase, enabling the invasion of my personal
privacy by YOU?
Why is there still no mechanism to review the devices my
iPhone is paired with, so I can delete ones that don’t
In July 2012, professional poker-player Phil Ivey won $4.8M from the baccarat tables at Atlantic City’s Borgata Hotel Casino & Spa in 17 hours; on other occasions, he took a total of $9M out of the Borgata: he did it by asking the house to deal Gemaco Borgata cards, whose backs contained minute asymmetries in […]
The five Volkswagen executives who were criminally charged in the USA for their role in the Dieselgate scandal have been advised not to travel to the USA because they are liable to arrest there: they’ve also been told that leaving Germany is risky because they might be arrested and extradited to the USA.
When you open the box for a Storm Trooper snuggie blanket, you’ll discover a card telling you that by buying the blanket, you’ve waived your right to sue the manufacturer and will subject yourself to binding arbitration if your blanket gives you cancer or burns you to death or any of the other bad things […]
Computer hacking isn’t just something happening to the DNC. Major software companies need white-hat hackers to ensure the security of their products and users, and I came across a Computer Hacker Professional Certification Package that conveniently teaches those advanced IT techniques online.This course package will prepare you for various computer security certification exams with over 60 hours […]
One of the best ways to progress a career in project management is through earning recognized certifications. These certifications carry significant clout and don’t require expensive tuition or student loans. This Ultimate Project Management Certification Bundle is a great example of an affordable way to get ahead. It includes training for 9 certifications including PMP, […]
There’s nothing quite like the rush of playing against a real human opponent. But from a developer standpoint, creating fun multiplayer experiences is incredibly complex. Fortunately, the Unity3D game engine has made all aspects of game creation, including multiplayer functionality, as accessible as ever.This Unity Course Bundle introduces all of the necessary elements of creating […]