iOS reveals multiple secret backdoors, users are monitored every minute

Well-known iOS hacker Jonathan Zdziarski has discovered multiple undisclosed "backdoor" services in iOS that he believes could be used by law enforcement, the National Security Agency, or other malicious groups to bypass iOS' encryption and steal sensitive personal information. Zdziarski, an early iOS hacker and author of the book Hacking and Securing iOS Applications, disclosed the news of multiple backdoors in iOS during a speech at the annual HOPE/X hacker and developer conference. In his speech, Zdziarski talked about multiple services running in the background of iOS that he believes are not intended for app developers, Apple employees, or technical support staff. Other backdoors are intended for enterprise system administrators, but are designed in a way that allows them to be used for malicious purposes. "A lot of information should not leave the phone, even when backing up data," Zdziarski said of the information leaked by these background services. A service called com.apple.pcapd captures HTTP data flowing in and out of iOS devices using the libpcap network packet capture function package. According to Zadrsky, this service is activated by default on all iOS devices and can be used to monitor users' information over WiFi networks without their knowledge. Zadrsky specifically questioned the com.apple.mobile.file_relay service, which first appeared in iOS 2 and has been expanded in later versions. He said this service completely bypasses iOS's backup encryption feature and can leak "a lot of intelligence", including the user's address book, CoreLocation log, clipboard, calendar, voicemail, etc. Zadrsky pointed out that hackers can even use this service to steal users' recent photos, recent timeline content, users' DM databases, and authentication tokens from tweets, which can be used to "remotely steal all future Twitter messages." These secret services are not used by iTunes or Xcode, and the data is "too raw" to be used in the Genius Bar or restored to an iOS device. Zadrsky also talked about some of the features in iOS for enterprise customers, including mobile device management options that allow hackers to install customized spyware on devices by forging security certificates. Zadzirski used this method to develop a proof-of-concept spyware app. Apple has since fixed the vulnerability. Some of the backdoor services have been used by commercial law enforcement equipment manufacturers, including Elcomsoft, AccessData and Cellebrite, whose equipment is widely used by US law enforcement agencies to collect evidence from suspects' mobile devices.

As a winner of Toutiao's Qingyun Plan and Baijiahao's Bai+ Plan, the 2019 Baidu Digital Author of the Year, the Baijiahao's Most Popular Author in the Technology Field, the 2019 Sogou Technology and Culture Author, and the 2021 Baijiahao Quarterly Influential Creator, he has won many awards, including the 2013 Sohu Best Industry Media Person, the 2015 China New Media Entrepreneurship Competition Beijing Third Place, the 2015 Guangmang Experience Award, the 2015 China New Media Entrepreneurship Competition Finals Third Place, and the 2018 Baidu Dynamic Annual Powerful Celebrity.

<<: Outlook on artificial intelligence (AI) applications in consumer goods and retail: Future innovations

>>: China Mobile: Upgrading to 4G without changing number or registration

What can become popular on Tik Tok?

Blog

Why do hackers always pick on Sony?

Blog

The eighth-generation Toyota Camry was shot at the Guangzhou Auto Show: a more radical appearance to rival the tenth-generation Accord

Blog

From Lao Luo's first Douyin show, let's look at the three key points of live streaming sales

Zhiji L6 is officially on the market. How long can the extreme price war strategy of increasing configuration and reducing prices last?

April is traditionally a slow season for Chinese ...

iOS reveals multiple secret backdoors, users are monitored every minute

What can become popular on Tik Tok?

Why do hackers always pick on Sony?

The eighth-generation Toyota Camry was shot at the Guangzhou Auto Show: a more radical appearance to rival the tenth-generation Accord

From Lao Luo's first Douyin show, let's look at the three key points of live streaming sales

Five programming languages you must master in the next two years_Mobile Technology Semi-monthly Issue 41_51CTO.com

Product operation and promotion: plan a real event!

5 factors that influence the price quotes of bloggers on Xiaohongshu

How to operate a good community? Share 4 community skills!

5 major techniques for attracting new users to public accounts, this time all the old secrets are revealed!

Is the customization cost of Diqing Tea Mini Program high? Diqing Tea Mini Program Customization Cost and Traffic

Recommend

The "all-black snowfall forecast map" scared netizens! What is going on with this rare weather?

Everything on the cloud is connected to the Internet of Things, Coocaa System 8's way to break the circle

How would life change if the Earth was flat?

50th Anniversary: Nissan and Italdesign Create the Ultimate GT-R50

What channels are used to purchase traffic for mobile games? This article tells you!

Essential Psychological Principles for Event Planning! Recommended collection

How much does it cost to customize the Wuhai online recharge mini program?

iPhone system is getting harder to use, Apple is forcing more users to switch to Android

What are the issues that need to be paid attention to when developing mini programs?

7 routines for brand event marketing!

The Kingdom of Genes Part 3: What? The “human genome” we have is not the “complete version”?

Zhiji L6 is officially on the market. How long can the extreme price war strategy of increasing configuration and reducing prices last?

7 essential skills for operations - marketing promotion steps!

Some are placed in the front, some are placed in the back, so where should the propeller of an airplane be placed?

"Front-end Engineering Lecture" solves the problem of front-end efficiency engineering in one stop