Researcher Finds Hidden Data-Dumping Services In iOS 98
Trailrunner7 writes There are a number of undocumented and hidden features and services in Apple iOS that can be used to bypass the backup encryption on iOS devices and remove large amounts of users' personal data. Several of these features began as benign services but have evolved in recent years to become powerful tools for acquiring user data.
Jonathan Zdziarski, a forensic scientist and researcher who has worked extensively with law enforcement and intelligence agencies, has spent quite a bit of time looking at the capabilities and services available in iOS for data acquisition and found that some of the services have no real reason to be on these devices and that several have the ability to bypass the iOS backup encryption. One of the services in iOS, called mobile file_relay, can be accessed remotely or through a USB connection can be used to bypass the backup encryption. If the device has not been rebooted since the last time the user entered the PIN, all of the data encrypted via data protection can be accessed, whether by an attacker or law enforcement, Zdziarski said. Update: 07/21 22:15 GMT by U L : Slides.
Jonathan Zdziarski, a forensic scientist and researcher who has worked extensively with law enforcement and intelligence agencies, has spent quite a bit of time looking at the capabilities and services available in iOS for data acquisition and found that some of the services have no real reason to be on these devices and that several have the ability to bypass the iOS backup encryption. One of the services in iOS, called mobile file_relay, can be accessed remotely or through a USB connection can be used to bypass the backup encryption. If the device has not been rebooted since the last time the user entered the PIN, all of the data encrypted via data protection can be accessed, whether by an attacker or law enforcement, Zdziarski said. Update: 07/21 22:15 GMT by U L : Slides.
Pedos, drug lords, and terrorists take notice!! (Score:5, Funny)
Re:DON'T PANIC (Score:4, Funny)
Try BeOS.
Not a high profile target for the feds, the police or the Russian mob.
Re:DROPOUTJEEP backdoor (Score:4, Funny)
Not a MS shill. But a consultant. Just because I'm a whore, doesn't mean I'm cheap.
Re:DON'T PANIC (Score:4, Funny)
The only secure Android phone is what is running Cyanogenmod.
No... the only secure Android phone is the one you pulled the battery out on.
iPhone is trickier... since there's no removable battery: it is very hard to secure. Best bet is to wrap it in tin foil and let the battery drain down on its own, then when it reaches 0% it will be secure