iPhone: Reminds me of a Gibson.
Have you ever wanted to be able to magically hack mobile phones like hackers do in the movies? If recent claims are true that security holes, backdoors, and packet sniffers are present in every iPhone, iPad, or other iOS device -- you can!
Speaking at the HOPE/X hacker conference, security researcher Jonathan Zdziarski gave a presentation on the alleged backdoors and packet sniffing tools found in iOS. Simultaneously he gave Apple (NASDAQ: AAPL) a PR disaster and headache -- free of charge.
In IT Blogwatch, bloggers hack the planet.
Filling in for our humble blogwatcher Richi Jennings, is a humbler Stephen Glasskeys.
Serdar Yegulalp encrypts everything, including his name: [You're fired -Ed.]
Forensic researcher Jonathan Zdziarski has outlined details of how undocumented services in iOS are purportedly used to collect personal data by law enforcement and government agencies.
...Zdziarski presented his findings at the HOPE/X (Hackers on Planet Earth) conference in New York, where he noted that while Apple has worked hard to make iOS secure against "typical attackers," the company has also ensured it can "access data on end-user devices on behalf of law enforcement." The end result is that iOS has been made "more secure from everybody except Apple and the government." MORE
Feeling insecure, Jason D. O'Grady shuts down completely:
Zdziarski, better known as the hacker "NerveGas" in the iPhone development community, worked as dev-team member on many of the early iOS jailbreaks and is the author of five iOS-related O'Reilly books including "Hacking and Securing iOS Applications."
...[He] also notes that simply screen-locking an iPhone doesn't encrypt the data..."Your device is almost always at risk of spilling all data, since it’s almost always authenticated, even while locked." MORE
Straight from ze horze'z mouth: [Ahem -Ed.]
Before the journalists blow this way out of proportion, this was a talk I gave to a room full of hackers...how some features in iOS have evolved over the PAST FEW YEARS, and of course a number of companies have taken advantage of some of the capabilities. I have NOT accused Apple of working with NSA, however I suspect (based on released documents) that some of these services MAY have been used by NSA to collect data on potential targets.
...With that said, enjoy the slides and the paper; I think it’s solid academic quality research. MORE
Then, Iain Thomson conforms to legislation:
Zdziarski's analysis shows that 600 million iOS devices...have data discovery tools that are separate from those used by Apple for standard backup and storage. These include a file-relay service that can snoop out data, bypassing the Backup Encryption service offered by Apple.
...In addition there is...a packet sniffer...that fires up without notifying the iOS device's owner.
...One possibility is that the software is needed so that the gadgets conform to the 1994 Communications Assistance for Law Enforcement Act (CALEA), which requires tech firms to have systems in place to allow properly accredited law enforcement limited access for wiretapping. MORE
Tim Bradshaw acts as iGoBetween:
Apple statement denies working with "any government agency ... to create a backdoor in any of our products" MORE
Meanwhile, Jill Scharr asks "Why, oh why?":
Why do these [backdoor] features exist?
...Could the features be there for developers? No, said Zdziarski.
...Are they there for Apple's engineers? No: Engineering tools don't need to be installed on every single iPhone.
...Is it simply forgotten code? No: Zdziarksi has seen these tools grow more capable with each iteration of iOS. MORE
Subscribe now to the Blogs Newsletter for a daily summary of the most recent and relevant blog posts at Computerworld.