General Discussion

IDemo

(16,926 posts) Mon Jul 21, 2014, 09:00 PM Jul 2014

Hidden network packet sniffer in MILLIONS of iPhones, iPads – expert

Plus host of spying tools. But Apple's backdoor not totally open for all, guru tells us

An analysis of iOS by a security expert digging into claims of the NSA spying on Apple products has revealed some unexplained surveillance tools in the operating system.

His study has also shown that a user's data may not be as safe as Cupertino is making out.

Data forensics expert and author Jonathan Zdziarski wrote an academic paper on the topic in March, and gave a talk [PDF] at the Hackers On Planet Earth (HOPE X) conference in New York on Friday showing his findings. The results of his research indicate a backdoor into iOS, although it's not as wide open as some reports have suggested.

<>

This data includes a copy of the user's address book, stored photos, the voicemail database and audio files, any accounts configured on the device such as iCloud, Facebook or Twitter, a cache of screenshots, keystrokes and the device's clipboard, GPS data, and – on iOS 7 – metadata disk sparseimage of the iOS file system.

http://www.theregister.co.uk/2014/07/21/ios_firmware_contains_packet_sniffer_and_host_of_secret_spying_tools/

6 replies

= new reply since forum marked as read

Highlight:

Hidden network packet sniffer in MILLIONS of iPhones, iPads – expert (Original Post) IDemo Jul 2014 OP

Not really surprising. Trillo Jul 2014 #1

Trillo

(9,154 posts)

1. Not really surprising.

Reply to IDemo (Original post)

Mon Jul 21, 2014, 09:32 PM

Jul 2014

The scope of the information would seem specifically designed to enable Internet stalking.

IDemo

(16,926 posts)

2. More from Zdziarski -

Reply to IDemo (Original post)

Mon Jul 21, 2014, 10:50 PM

Jul 2014

Apple Responds, Contributes Little

Posted on July 21, 2014 by Jonathan Zdziarski

In a response from Apple PR to journalists about my HOPE/X talk, it looks like Apple might have inadvertently admitted that, in a classic sense, they do indeed have back doors in iOS, however claim that the purpose is for “diagnostics” and “enterprise”.
The problem with this is that these services dish out data (and bypass backup encryption) regardless of whether or not “Send Diagnostic Data to Apple” is turned on or off, and whether or not the device is managed by an enterprise policy of any kind. So if these services were intended for such purposes, you’d think they’d only work if the device was managed/supervised or if the user had enabled diagnostic mode. Unfortunately this isn’t the case and there is no way to disable these mechanisms. As a result, every single device has these features enabled and there’s no way to turn them off, nor are users prompted for consent to send this kind of personal data off the device.

(more) http://www.zdziarski.com/blog/?p=3447

Gulp, this will not go over well..