Researcher Identifies Hidden Data-Acquisition Services in iOS


Userlevel 7
Badge +54
If I had an iPhone I woud find this worrying and I wonder how often people actually reboot their phone.
 
July 21, 2014 by Dennis Fisher
 
"There are a number of undocumented and hidden features and services in Apple iOS that can be used to bypass the backup encryption on iOS devices and remove large amounts of users’ personal data. Several of these features began as benign services but have evolved in recent years to become powerful tools for acquiring user data.
Jonathan Zdziarski, a forensic scientist and researcher who has worked extensively with law enforcement and intelligence agencies, has spent quite a bit of time looking at the capabilities and services available in iOS for data acquisition and found that some of the services have no real reason to be on these devices and that several have the ability to bypass the iOS backup encryption. One of the services in iOS, called mobile file_relay, can be accessed remotely or through a USB connection can be used to bypass the backup encryption. If the device has not been rebooted since the last time the user entered the PIN, all of the data encrypted via data protection can be accessed, whether by an attacker or law enforcement."
 
Full Article

14 replies

Userlevel 5
Interesting read, I ended up repostng this on spiceworks.
Userlevel 7
Badge +56
Here's another article on it from Zdnet:
http://www.zdnet.com/forensic-scientist-identifies-suspicious-back-doors-running-on-every-ios-device-7000031795/
Userlevel 7
Badge +56
So they should allow AV's to run on there iOS devices and I bet Webroot would be very good, like on Android Devices right? :D
 
Daniel 😉
Userlevel 7
@ wrote:
So they should allow AV's to run on there iOS devices and I bet Webroot would be very good, like on Android Devices right? :D
 
Daniel ;)
I second that Webroot would do a excellent job and catch those rascals;)
Userlevel 7
Badge +54
Here is a little bit information about the hidden services.
 
by paganinip on July 22nd, 2014
 


 
"The file_relay tool can be used to steal user’s information from iOS device, including email, location, social media accounts, the address book and the user cache folder, below the description provided in the presentation:
  • Accounts A list of email, Twitter, iCloud, Facebook etc. accounts configured on the device.
  • AddressBook A copy of the user’s address book SQLite database; deleted records recoverable.
  • Caches The user cache folder: suspend screenshots (last thing you were looking at), shared images, offline content, clipboard/pasteboard, map tile images, keyboard typing cache, other personal data.
“Between this tool and other services, you can get almost the same information you could get from a complete backup,” “What concerns me the most is that this all bypasses the consumer backup encryption. When you click that button to encrypt the backup, Apple has made a promise that the data that comes off the device will be encrypted.” Zdziarski said in an interview. "
 
Full Article
Userlevel 7
Comment:How far do we trust Apple now??? In this article it was intnetional done by Apple which has features within the software which can be used by law enforcement and attackers......
================================================================================================
Author:
Zeljka Zorz HNS Managing Editor/ Posted on July 22 2 014
 
A researcher has revealed that Apple has equipped its mobile iOS with several undocumented features that can be used by attackers and law enforcement to access the sensitive data contained on the devices running it.

Jonathan Zdziarski, a well-known iOS forensics expert, was spurred into digging into the OS after he read a report by Der Spiegel that said that the NSA used a software implant to access information on a target's iPhone and turn it into a recording device
 
Help Net Security/ Full Read Here/ http://www.net-security.org/secworld.php?id=17155
Userlevel 7
Badge +56
Here's Apple's response:
 
http://www.macworld.com/article/2456032/apple-responds-to-troubling-allegations-of-ios-backdoor.html
Userlevel 7
Another, slightly more recent story about this iOS 'backdoor' was published earlier today on 'The Guardian'. It's pretty detailed and has some great quotes from Jonathan Zdziarski (the researcher). You can read the full story here
 
And here's an interesting portion of the story:
 
'Apple has explained these services as genuine “diagnostic” features to allow IT departments and store assistants to manage iPhones.
But Zdziarski said these functions break Apple promises in that they “bypass backup encryption while copying more of your personal data than ever should come off the phone for the average consumer”.
“I understand that every OS [operating system] has diagnostic functions, however these services break the promise that Apple makes with the consumer when they enter a backup password; that the data on their device will only come off the phone encrypted,” he said in a blog post in response to Apple’s explanation for the tools’ existence.'
 


 
(Source: The Guardian) 
Userlevel 7
Badge +54
Posted on 24 July 2014.
 
In the wake of the discovery of undocumented features in Apple's iOS that can serve as backdoors, the company has modified a knowledge base article to enumerate and explain the three questionable services found by iOS forensics expert Jonathan Zdziarski.

http://www.net-security.org/images/articles/apple-security.jpg
The pcapd utility, it is explained, "supports diagnostic packet capture from an iOS device to a trusted computer," and is used for "troubleshooting and diagnosing issues with apps on the device as well as enterprise VPN connections."
 
Full Article
Userlevel 7
Once again how can you trust Apple!!! To much going on behind the scenes
Userlevel 7
Badge +62
Hello Webrooters amd Mac users! If it sounds to good to be true then it isn't!

Thank you Jasper for this article. I knew there had to be flaws in this favorite OS of mine!:@

Hopefully Apple will fix these known flaws whether intentionally or not! Itunes and Xcode can assess ones pesonal sensitive data too!!

This here is very disturbing..SMS, Notes, Address Book, GeoLocation data, screenshots of the last thing they were looking at, and a ton of other personal data – then sure… but this data is far too personal in nature to ever be needed for diagnostics," he added.

......the user is never asked for permission to dump all of this data, or notified in any way. The service can be used wirelessly, and it also doesn't respect the device's backup encryption...

Good grief! I am sure all the Apple users aren't aware of this either!!
So, what can a user do to close this backdoor.  If can't be done on wholesale basis, is there anyway to actually encrypt data on iPhone 5s, iOS 7.1.2?
Userlevel 7
Badge +56
@ wrote:
So, what can a user do to close this backdoor.  If can't be done on wholesale basis, is there anyway to actually encrypt data on iPhone 5s, iOS 7.1.2?
Hello and Welcome to the Webroot Community!
 
That is a great question since they don't allow AV's to run on iOS.
 
Daniel 😉
Userlevel 7
Oh, such a mega delicious tautology...only Apple would be arrogant enough to miss that one...ROFL

Reply