Forensic scientist identifies suspicious 'back doors' running on every iOS device

Summary: During his talk at HOPE/X Jonathan Zdziarski detailed several undocumented services (with names like 'lockdownd,' 'pcapd,' 'mobile.file_relay,' and 'house_arrest') that run in the background on over 600 million iOS devices.

By Jason D. O'Grady for The Apple Core | July 21, 2014 -- 11:30 GMT (04:30 PDT)

"The presentation notes that commercial forensic tools perform deep extraction using these "back door" services and that law enforcement can acquire a device during a routine traffic stop or during arrest, before it can be shut down and encryption enabled. Zdziarski also notes that the Feds have always been interested in so-called "black bag" acquisition techniques (compromised docking stations, alarm clocks, etc.), also known as "juice jacking."

Undocumented iOS services exposed by Zdziarski (like "lockdownd," "pcapd" and "mobile.file_relay") can bypass encrypted backups and be accessed via USB, wifi and "maybe cellular." What's most suspicious about the undocumented services (and the data they collect) is that they're not referenced in any Apple software, the data is personal in nature (thus unlikely to be for debugging) and is stored in raw format, making it impossible to restore to the device (making it useless to carriers or during a trip to the Genius Bar). Zdziarski does a good job of refuting most plausible explanations for the code. "

VULT CULT

2014-07-21

Hmm ... I think I'll pass on getting an iPhone.

Forensic scientist identifies suspicious 'back doors' running on every iOS device

No comments:

Post a Comment

Another unpleasant weekend is coming.