"The problem with this is that these services dish out data (and bypass backup encryption) regardless of whether or not 'Send Diagnostic Data to Apple' is turned on or off, and whether or not the device is managed by an enterprise policy of any kind," Zdziarski responded on his blog. Instead, they are for "diagnostic" purposes and to allow enterprise IT bods to manage workers' devices. ® Updated to addĪfter publication, Apple apparently briefed journalists that the services identified by Zdziarski are not deliberately provided for government agencies to exploit. While Zdziarski says he doesn't want to be sensationalist about his findings, it's clear Apple owes customers some answers.Ĭook & Co were unavailable for comment at time of going to press. Zdziarski said he was inspired to delve deeper into iOS security after reading a report in Der Spiegel that the NSA was targeting iOS gadgets and the systems they are paired with. If you're the NSA, with a Tailored Access Operations division that specializes in this sort of thing, getting into Apple's backdoor is easy as pie. Getting access to pairing data would be tricky for a hacker working alone, but if law enforcement impounds someone's desktop, it's easy for a cop or g-man to crack any iOS device the PC is paired with. The pairing data is exchanged via TCP port 62078, and an attacker could log onto the device in seconds if they share the same Wi-Fi network. While pairing is done over USB, if someone has access to this pairing data, the device becomes much easier to crack. Only a factory reset wipes this pairing data from the iOS device. When an iOS device pairs with a desktop system to sync data, the mobile operating system establishes a trusted connection and stores a set of keys and certificates on the PC and the device, and stores it in a single file on both machines. Of course, to access all these hidden tools you'd need access to the target's iPhone, and Apple's security is invincible, right? Not so fast there: Zdziarski has also uncovered a way to get around this that, while hard for common-or-garden hackers, wouldn't be too tough for law enforcement. It could be that there's some kind of secret court order requiring this, but if there is then the public needs to know about and understand that." "The existence of these interfaces exceeds anything that law requires. "I think Apple has exceeded any requirements the CALEA law has with these tools," he said. One possibility is that the software is needed so that the gadgets conform to the 1994 Communications Assistance for Law Enforcement Act ( CALEA), which requires tech firms to have systems in place to allow properly accredited law enforcement limited access for wiretapping.īut Zdziarski told El Reg that the software didn’t look fit for that purpose. It is separate from the packet-tracing techniques described on the Apple developer website. This software isn't some legacy code left on the device by Apple engineers for testing – it has been actively updated and expanded in various iOS revisions, according to Zdziarski.īut it's not something Apple has talked about, or even officially documented, and seems to have little to offer other than for those who seek to slurp data off iOS devices.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |