Well-known iOS hacker Jonathan Zdziarski has discovered multiple undisclosed "backdoor" services in iOS that he believes could be used by law enforcement, the National Security Agency, or other malicious groups to bypass iOS' encryption and steal sensitive personal information. Zdziarski, an early iOS hacker and author of the book Hacking and Securing iOS Applications, disclosed the news of multiple backdoors in iOS during a speech at the annual HOPE/X hacker and developer conference. In his speech, Zdziarski talked about multiple services running in the background of iOS that he believes are not intended for app developers, Apple employees, or technical support staff. Other backdoors are intended for enterprise system administrators, but are designed in a way that allows them to be used for malicious purposes. "A lot of information should not leave the phone, even when backing up data," Zdziarski said of the information leaked by these background services. A service called com.apple.pcapd captures HTTP data flowing in and out of iOS devices using the libpcap network packet capture function package. According to Zadrsky, this service is activated by default on all iOS devices and can be used to monitor users' information over WiFi networks without their knowledge. Zadrsky specifically questioned the com.apple.mobile.file_relay service, which first appeared in iOS 2 and has been expanded in later versions. He said this service completely bypasses iOS's backup encryption feature and can leak "a lot of intelligence", including the user's address book, CoreLocation log, clipboard, calendar, voicemail, etc. Zadrsky pointed out that hackers can even use this service to steal users' recent photos, recent timeline content, users' DM databases, and authentication tokens from tweets, which can be used to "remotely steal all future Twitter messages." These secret services are not used by iTunes or Xcode, and the data is "too raw" to be used in the Genius Bar or restored to an iOS device. Zadrsky also talked about some of the features in iOS for enterprise customers, including mobile device management options that allow hackers to install customized spyware on devices by forging security certificates. Zadzirski used this method to develop a proof-of-concept spyware app. Apple has since fixed the vulnerability. Some of the backdoor services have been used by commercial law enforcement equipment manufacturers, including Elcomsoft, AccessData and Cellebrite, whose equipment is widely used by US law enforcement agencies to collect evidence from suspects' mobile devices. As a winner of Toutiao's Qingyun Plan and Baijiahao's Bai+ Plan, the 2019 Baidu Digital Author of the Year, the Baijiahao's Most Popular Author in the Technology Field, the 2019 Sogou Technology and Culture Author, and the 2021 Baijiahao Quarterly Influential Creator, he has won many awards, including the 2013 Sohu Best Industry Media Person, the 2015 China New Media Entrepreneurship Competition Beijing Third Place, the 2015 Guangmang Experience Award, the 2015 China New Media Entrepreneurship Competition Finals Third Place, and the 2018 Baidu Dynamic Annual Powerful Celebrity. |
>>: China Mobile: Upgrading to 4G without changing number or registration
As a winner of Toutiao's Qingyun Plan and Bai...
As a common household medicine for clearing away ...
Recently, I met with several newly appointed pres...
Reviewer of this article: Chen Haixu, Deputy Dire...
As costume photography is sought after by more an...
No third-party interface is called, it is purely ...
Perhaps Kaisulu itself did not expect that the or...
It is said that if the underwear is well chosen, ...
How to promote Tik Tok ? What are the channels fo...
A few days ago, Xinbang announced that WeChat Vid...
[[162600]] In the first half of this year, virtua...
I don't know when it started, but a colorful ...
Chengdu tea tasting resources: Senior agent Night...
Ask a question I have come into contact with many...
We know that website structure is a very importan...