QUESTIONS FOR APPLE: Forensic scientist identifies suspicious 'back doors' running on every iOS device
the slides (PDF) from his talk at the Hackers On Planet Earth (HOPE/X) conference in New York called Identifying Backdoors, Attack Points, and Surveillance Mechanisms in iOS Devices... In his talk Zdziarski demonstrates "a number of undocumented high-value forensic services running on every iOS device" and "suspicious design omissions in iOS that make collection easier." He also provides examples of forensic artifacts acquired that "should never come off the device" without user consent.
... Zdziarski's questions for Apple include:
• Why is there a packet sniffer running on 600 million personal iOS devices instead of moved to the developer mount?
• Why are there undocumented services that bypass user backup encryption that dump mass amounts of personal data from the phone?
• Why is most of my user data still not encrypted with the PIN or passphrase, enabling the invasion of my personal privacy by YOU?
• Why is there still no mechanism to review the devices my iPhone is paired with, so I can delete ones that don’t belong?
And his summary slide (page 57 of the PDF) sums it up nicely:
• Apple is dishing out a lot of data behind our backs
• It’s a violation of the customer’s trust and privacy to bypass backup encryption
• There is no valid excuse to leak personal data or allow packet sniffing without the user’s knowledge and permission.
• Much of this data simply should never come off the phone, even during a backup.
• Apple has added many conveniences for enterprises that make tasty attack points for .gov and criminals
Overall, the otherwise great security of iOS has been compromised… by Apple… by design.
Yet another reason to stick with open source. At least you can see what you're getting.
Hat tip: BadBlue Tech News.
First we find out about Obama's back door (thank you, Reggie Love,) and now this.
Post a Comment