The iPhone is by far the most secure device around. But please don’t be complacent, as criminals, governments and criminal governments work really hard to subvert device security, no back door required.
Big brother data
We already know the surveillance arsenal includes fake cellphone masts, dodgy exploits delivered through doctored cables and complex packet injection attacks.
Now Der Spiegel has revealed additional techniques in its latest leak from Edward Snowden, a GCHQ document called "iPhone target analysis and exploitation with unique device identifiers."
This shows agencies have been using device UDID numbers to help them keep track of individuals who may have hit their surveillance lists.
These surveillance lists seem rather extensive: In 2012, activist hackers from AntiSec published 1,000,001 UDIDs, saying these were extracted from a list of 12 million UDID numbers they had stolen from the FBI.
(They claimed the list included user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses and more.)
The agency denied the claim and a relatively unknown firm called Blue Toad eventually claimed it had lost this data (which doesn’t really explain why it had it).
Apple has now ceased using UDID in its devices in order to protect customer privacy.)
UDID IT?
Der Spiegel reveals three ways in which GCHQ could exploit UDID: