Researcher Finds Hidden Data-Dumping Services In iOS 98
Trailrunner7 writes There are a number of undocumented and hidden features and services in Apple iOS that can be used to bypass the backup encryption on iOS devices and remove large amounts of users' personal data. Several of these features began as benign services but have evolved in recent years to become powerful tools for acquiring user data.
Jonathan Zdziarski, a forensic scientist and researcher who has worked extensively with law enforcement and intelligence agencies, has spent quite a bit of time looking at the capabilities and services available in iOS for data acquisition and found that some of the services have no real reason to be on these devices and that several have the ability to bypass the iOS backup encryption. One of the services in iOS, called mobile file_relay, can be accessed remotely or through a USB connection can be used to bypass the backup encryption. If the device has not been rebooted since the last time the user entered the PIN, all of the data encrypted via data protection can be accessed, whether by an attacker or law enforcement, Zdziarski said. Update: 07/21 22:15 GMT by U L : Slides.
Jonathan Zdziarski, a forensic scientist and researcher who has worked extensively with law enforcement and intelligence agencies, has spent quite a bit of time looking at the capabilities and services available in iOS for data acquisition and found that some of the services have no real reason to be on these devices and that several have the ability to bypass the iOS backup encryption. One of the services in iOS, called mobile file_relay, can be accessed remotely or through a USB connection can be used to bypass the backup encryption. If the device has not been rebooted since the last time the user entered the PIN, all of the data encrypted via data protection can be accessed, whether by an attacker or law enforcement, Zdziarski said. Update: 07/21 22:15 GMT by U L : Slides.
2 Questions (Score:4, Interesting)
1) Can this method be used to bypass iCloud?
2) Does anyone have a write-up of how it works? I've got a lost-to-pawn iPad that need wiped, and will likely have more come into the shop in the future.
DROPOUTJEEP backdoor (Score:4, Interesting)
This may be the backdoor known as DROPOUTJEEP [iclarified.com], which was described in some Snowden-leaked documents last year.
Looks like Apple sold out, put in a backdoor, and then lied about it.
Legitimate engineering uses (Score:5, Interesting)
Apple is often prone to adding capabilities without thinking through the security implications. But this researcher should do some more research into what constitutes legitimate engineering uses.
From TFA:
“Some of this data shouldn’t be on the phone. HFSMeta creates a disk image of everything that’s on the phone, not the content but the metadata,” Zdziarski said. “There’s not even an engineering use for that.”
I can imagine plenty of legitimate uses of just metadata. For example, the old iOS backup mechanism basically took a snapshot of everything and something like HFSMeta could be used to identify the files that have changed so only those files are backed up.