Skip to comments.Security researcher says iOS may be vulnerable to government snooping by design
Posted on 07/21/2014 9:46:58 AM PDT by dangerdoc
Is iOS spying on you for Apple?
According to forensic scientist Jonathan Zdziarski, quite possibly: Several undocumented services run regularly in the background on over 600 million iOS devices, which could be sending data to Apple.
At a recent talk at the Hackers on Planet Earth conference in New York, Zdziarski identified a number of undocumented high-value forensic services running on every iOS designs and suspicious design omissions in iOS that make collection easier.
What does that mean? In short, Zdziarski showed that these services could be used to take forensic artifacts off an iPhone or iPad that should never leave the device. He says that while iOS is reasonably secure to a typical attacker, Apple itself and, by extension, the government, can gain access to this data relatively easily.
One problem is in the way that iOS 7 encrypts data. Since simply screen-locking your iPhone doesnt encrypt the most recent data, the only way to trigger it manually is to shut down, or power off your iPhone. Your device is almost always at risk of spilling all data, since its almost always authenticated, even while locked, Zdziarski writes.
In conjunction with undocumented iOS services, this means that your iPhones encryption can be bypassed through USB, Wi-Fi and maybe even cellular. And the data itself seems useless for Genius Bar or carrier purposes.
Zdziarski is willing to admit that Apple may not have nefarious plans, but he asks the simple question: Why is most of my user data still not encrypted with the PIN or passphrase, enabling the invasion of my personal privacy by YOU? He concludes that Apple is dishing out a lot of data behind our backs, and that these make tasty attack points for .gov and criminals.
Could this be the next great iOS security scandal?
Are you trying to tell us something we already know. It’s not just Apple products either. If you don’t comply you can’t sell the product. They’ll make sure of it.
Shocking. Shocked I am. Obama meets constantly with tech companies. I had no idea he, the most transparent president evah’, would insist on pre-configured back doors for his Stasi.
The data isn’t encrypted unless you shutdown? People rarely restart their devices.
It’s probably all in the terms of service fine print that we never bother to read.
I was a little put off the first time I searched for something on my computer and the next time I browsed on my phone, I had ads for that product. They certainly have our number.
I wouldn’t be surprised if the manufacturer had programs running that snoop on us, and if the government had forced the manufacturer to let the government browse our private data.
But this article doesn’t prove it.
I worked with a guy who was always talking about black choppers with guns in mount, spying TV’s, mind control, and a lot more. Luckily he died from cancer 12 years ago because he could not handle what is really happening now. I think he was right.