Apple knows everything about you and me
|
There are three ways to collect your information: Through the App program, that is, the program development software applies to Apple for location information permission. After Apple locates itself, when you use the App, the system can know where you used the software; Through nearby operator base stations; the Wi-Fi device connected to the user's mobile phone can also record the user's location information. Two ways to store your information: Generate cache_encryptedA.db file and store it in private/var/root/Library/Caches/locationd; Apple phones geotag the information of nearby Wi-Fi hotspots and cell towers, and send it to Apple in an anonymous and encrypted format. Possible harm caused by information leakage: The data sent to Apple includes the unique identification code of the Apple device, and Apple can easily associate the user's real information; The seemingly unrelated massive geographic data can be analyzed to know the owner's occupation, address, bills... If the confidential people are targeted, it may affect the security of national secrets. Apple's iOS system is an operating system developed by Apple itself, and it is also recognized as the most advanced operating system in the world. This independent system is completely closed, and it is difficult for ordinary users to understand the ins and outs. According to CCTV reports, there are three main ways for Apple phones to record user information. Song Guohui, head of the International Open Source Application Security Organization in Shanghai, also said: "We have also found that the iPhone will collect positioning information based on Wi-Fi, base stations and GPS. The accuracy of this positioning can be said to be very high, higher than the accuracy of simple GPS positioning, and the deviation is usually no more than 1-2 streets." So, specifically, how does the Apple phone record your user information? We know that Apple can perform real-time positioning through the apps installed by users in the phone. "For example, Weibo, WeChat, or some taxi apps and navigation that require positioning functions, once turned on, will also locate the user's location." Song Guohui said that although this part of the function is set by the software according to needs, user data information is not only in the App software, but also available to Apple's backend. "For example, if you open an App on your phone in the office, Apple's backend can know where you are through the data of this App, even if you have not turned on the 'Frequently Visited Locations' function." What if the installed App itself does not have a positioning function? "For example, a certain portal news mobile client is a news app. It does not have and does not need to enable the positioning function. However, we found that the location of users who downloaded the app is still located and saved by Apple every time they use the app." The data generated in this way is directly placed in the so-called user information encrypted file in the system background. And all this is unknown to the user and the client itself. Where did these quietly recorded data go in the end? "We have not yet tracked where this data went in the end, but foreign engineers have said that this data was eventually transmitted back to Apple headquarters." Apple has said that the iPhone uses a crowd-sourced database containing Wi-Fi hotspots and cell tower data for real-time calculations. Thousands of iPhones will geotag the Wi-Fi hotspots and cell tower information near them and send it to Apple in an anonymous and encrypted format. "Although Apple says it is anonymous, the data sent back actually also includes the unique identification code of the Apple device, which makes it easy for Apple to associate the user's real information." Song Guohui said. Can theft still be carried out if the relevant functions are turned off? Turning off the phone may not work. If the "frequently visited places" is turned off, can it be guaranteed that user information will not be recorded? Song Guohui believes that the shutdown only prevents users and others from viewing location information through the phone, but Apple's background data is still quietly recorded. Song Guohui said that as long as it is a smart phone, connected to Wi-Fi, has a carrier network, and has opened an App with a location record function, it may be automatically tracked. The reporter tried to turn off the "Frequently Visited Locations" function and indeed found that the "history" disappeared. "But in fact, this is just that you can't see the data, Apple's background data has no effect. They can still record data based on the App you use or the system positioning function. It's simply 'stealing the bell by covering your ears'." As early as three years ago, two British engineers discovered that a hidden file in Apple phones can record the geographical locations that Apple phone users have visited, and store this information through hidden files. The China Information Security Evaluation Center is a professional institution in my country that specializes in information security testing and risk assessment. Wang Jiajie, an engineer at the evaluation center, demonstrated in an interview with reporters that an Apple phone with the "Frequently Visited Locations" function turned on was connected to a computer through a computer data cable. Through special tools, some system directories that ordinary users cannot see were captured. Among these directories, there is a deeply hidden directory, and this is where Apple stores location information. "From the operation video, we can see that the db file named cache_en-cryptedA is saved in private/var/root/Library/Caches/locationd. In our jargon, it is hidden very deeply, a level 6 directory." Although the file name is "encrypted" (translated into Chinese as 'encrypted'), in fact, this file is not encrypted. "When opening the file, there is no need to decode it again, which means that this is just a false 'encryption'. It can be opened without a secret key, but the location is hidden very deeply." Song Guohui also found out. "Apple knew about this problem as early as three years ago, but to this day, the file that stores user location information is still not encrypted. In fact, from iOS4 to iOS7, Apple has been recording user location information, and this has not been agreed and authorized by the user." Yu Yong, co-founder of the Internet Privacy Infringement and Information Security Assistance Alliance (PIPA), said. If the user turns off the phone, can the Apple phone still obtain location information? "There is no conclusion yet, and it is also a question that our research team is more concerned about now." Song Guohui said. Are there other "backdoors": remote monitoring "Apple's stealing of users' location information and other privacy without the user's knowledge is indeed contrary to the normal practice of equipment manufacturers." Song Guohui said that in fact, in addition to collecting users' location information, iCloud will also automatically synchronize users' contacts, text messages, photos and other data to the cloud, which may be convenient for users. However, since iCloud is an Internet software application, there will be some security vulnerabilities, which will inevitably lead to users leaking private data without knowing it. Song Guohui gave an example that since 2013, iCloud has discovered several major security vulnerabilities. For example, in October 2013, Russian security researchers found that its protocol had security flaws in user authentication by analyzing the iCloud protocol, and found security vulnerabilities in the iCloud remote backup protocol, which made it possible to remotely download users' iCloud data without the user's knowledge. "There was also a simple password retrieval logic error on the iCloud password modification page, which led to the theft of users' contacts, photos and 800G of data stored in iCloud." "We also recently discovered that Jonathan Zadelsky, a well-known iOS hacker and member of the early iOS jailbreak development team, discovered an undisclosed API function interface of Apple." On July 21, 2014, Jonathan discovered a hidden "backdoor" and an undisclosed API function interface in Apple's iPhone/iPad devices. "This hidden 'backdoor' program is com.apple.pcapd. When the 'backdoor' is activated, it can monitor all network traffic and website access data, and this 'backdoor' can remotely monitor the network of iPhone devices after being activated. This is not just as simple as stealing user privacy." In addition, Jonathan also found an undisclosed API function interface of Apple (API functions are generally program codes provided by the operating system to obtain specific data). In the end, he found that this undisclosed API function interface can bypass the security mechanism of the iPhone and obtain complete data information in the user's mobile phone, including: user accounts, contacts, text messages, voice memos, keyboard records, GPS data and other user privacy data. On July 27, Apple admitted that there was a "security vulnerability". Apple said that company employees can obtain personal data such as text messages, contacts and photos of iPhone users through an undisclosed technology. However, Apple also emphasized that this function only provides the required information to certain specific personnel, and users need to authorize and unlock the device before obtaining these restricted diagnostic data. How big is the harm? It may affect national security. In the past, information was often divided into security levels according to its importance. The higher the security level, the better the protection measures. However, in the era of big data, the leaks are often not those critical confidential data, but some ordinary daily information. "A mobile phone can analyze a person's trajectory and obtain his preferences, work, etc. With hundreds of millions of mobile phone users, this can analyze the trajectory of a group of people, which may involve the entire industry, economy, and people's livelihood. If the confidential group is locked, it may even affect the security of state secrets." Song Guohui said. On November 5, 2013, Apple Inc. of the United States published a report admitting that Apple provided information to 88% of the requests for specific devices made by the United States. Yu Yong believes that this report of Apple is tantamount to overturning its previous claim that "unless the user explicitly agrees to submit the current geographic information to a third party, it will be strictly confidential." "Although Apple has always been promoting the collection of big data and future technological innovation, I think that even if this behavior is based on good intentions, it is a great infringement on user privacy and rights. It may even collect citizens' personal information and provide it to software vendors, advertisers and even national intelligence agencies." Russian media reported that Russia proposed to Apple and SAP that they open source code to the Russian government to ensure that their products will not become tools for monitoring Russian state agencies. "The personal information security of citizens is not a trivial matter. From a business perspective, it may only be the collection and analysis of big data of user behavior, but if it is put from the perspective of national security, this kind of information leakage may accidentally become a 'time bomb' that endangers national security." "I found that many citizens actually have a weak awareness of protecting their own information." Yu Yong said that now smartphones usually record the owner's ID information, mobile phone number, email, bank card number and password, photos, address book, chat history, consumption records, bills, family information, house information, physical location, etc. "This information is as valuable as the money in your wallet. Losing information can often cause greater losses than losing your wallet." From many fraud cases cracked by the police, it can be found that many telephone and Internet frauds are caused by the leakage of personal information. "For individuals, this is a privacy leak. From a higher level, it may even endanger national security." Yu Yong said that he has several public servant friends who work in a confidential unit of the state. They are all required not to use Apple phones. "If the whereabouts of the national government or people closely related to national security are tracked and stolen, the problem will be relatively more serious." As a winner of Toutiao's Qingyun Plan and Baijiahao's Bai+ Plan, the 2019 Baidu Digital Author of the Year, the Baijiahao's Most Popular Author in the Technology Field, the 2019 Sogou Technology and Culture Author, and the 2021 Baijiahao Quarterly Influential Creator, he has won many awards, including the 2013 Sohu Best Industry Media Person, the 2015 China New Media Entrepreneurship Competition Beijing Third Place, the 2015 Guangmang Experience Award, the 2015 China New Media Entrepreneurship Competition Finals Third Place, and the 2018 Baidu Dynamic Annual Powerful Celebrity. |
>>: Large capacity, zero attenuation, CATL Tianheng energy storage system debuts at ESIE 2024
Recommend
Common commands of the Android system tool dumpsys, effectively obtain device information and discover application crash problems
dumpsys "dumpsys is an executable file in th...
China Automotive Industry Research Institute: Chinese cars will occupy nine of the top ten Russian car sales in August 2024
Recently, China Automotive Industry Research Inst...
Happy Notes_Life Structured Training Camp Course Sharing Baidu Cloud Download
Happy Notes_Life Structured Training Camp Course ...
What is sleep paralysis? People who are often "pressed" should be careful!
Ms. Li, 24 years old, often works overtime and st...
Should I upgrade to iOS 13.6.2 after Apple pushes it? If my phone still works, I suggest not to upgrade.
Not long ago, Apple pushed the iOS 13.5.1Beta ver...
Changan launches the Ruicheng CC coupe with a sporty feel. Is there any chance that it will compete with the Volkswagen CC for market share?
Just as men always focus on her figure and appear...
How to promote and attract traffic to the mini program mall and how to promote WeChat mini program traffic?
WeChat currently has nearly 1 billion users, and ...
He turned a Ferrari into an electric car
Standing next to a Ferrari, you can hear the deaf...
Can Android imitate Zhihu's creative advertising be played like this?
1. Overview It seems that I saw a very unique way...
How to plan a successful vulnerability marketing event?
Loophole marketing , as the name suggests, is a m...
128G mobile phone memory is the most cost-effective! Did you choose the right one?
In recent years, we always see some articles titl...
Why Russians rarely buy iPhones and iPads?
On September 17, sales of Apple's iPhone smar...
Yang Jingkun: "Play with short videos with your phone and shoot cool Vlogs with zero basics"
Yang Jingkun's resource introduction of "...
The longest flight time is nearly 4 hours, and it can fly even at -40℃! The world's first hydrogen-powered ultra-long-range drone made its maiden flight successfully
Author Li Chuanfu August 26, 2024 is a memorable ...
Why is Huawei confused? Ren Zhengfei said there is no one to lead the way
At the National Science and Technology Innovation...