iOS reveals multiple secret backdoors, users are monitored every minute
|
Well-known iOS hacker Jonathan Zdziarski has discovered multiple undisclosed "backdoor" services in iOS that he believes could be used by law enforcement, the National Security Agency, or other malicious groups to bypass iOS' encryption and steal sensitive personal information. Zdziarski, an early iOS hacker and author of the book Hacking and Securing iOS Applications, disclosed the news of multiple backdoors in iOS during a speech at the annual HOPE/X hacker and developer conference. In his speech, Zdziarski talked about multiple services running in the background of iOS that he believes are not intended for app developers, Apple employees, or technical support staff. Other backdoors are intended for enterprise system administrators, but are designed in a way that allows them to be used for malicious purposes. "A lot of information should not leave the phone, even when backing up data," Zdziarski said of the information leaked by these background services. A service called com.apple.pcapd captures HTTP data flowing in and out of iOS devices using the libpcap network packet capture function package. According to Zadrsky, this service is activated by default on all iOS devices and can be used to monitor users' information over WiFi networks without their knowledge. Zadrsky specifically questioned the com.apple.mobile.file_relay service, which first appeared in iOS 2 and has been expanded in later versions. He said this service completely bypasses iOS's backup encryption feature and can leak "a lot of intelligence", including the user's address book, CoreLocation log, clipboard, calendar, voicemail, etc. Zadrsky pointed out that hackers can even use this service to steal users' recent photos, recent timeline content, users' DM databases, and authentication tokens from tweets, which can be used to "remotely steal all future Twitter messages." These secret services are not used by iTunes or Xcode, and the data is "too raw" to be used in the Genius Bar or restored to an iOS device. Zadrsky also talked about some of the features in iOS for enterprise customers, including mobile device management options that allow hackers to install customized spyware on devices by forging security certificates. Zadzirski used this method to develop a proof-of-concept spyware app. Apple has since fixed the vulnerability. Some of the backdoor services have been used by commercial law enforcement equipment manufacturers, including Elcomsoft, AccessData and Cellebrite, whose equipment is widely used by US law enforcement agencies to collect evidence from suspects' mobile devices. As a winner of Toutiao's Qingyun Plan and Baijiahao's Bai+ Plan, the 2019 Baidu Digital Author of the Year, the Baijiahao's Most Popular Author in the Technology Field, the 2019 Sogou Technology and Culture Author, and the 2021 Baijiahao Quarterly Influential Creator, he has won many awards, including the 2013 Sohu Best Industry Media Person, the 2015 China New Media Entrepreneurship Competition Beijing Third Place, the 2015 Guangmang Experience Award, the 2015 China New Media Entrepreneurship Competition Finals Third Place, and the 2018 Baidu Dynamic Annual Powerful Celebrity. |
>>: China Mobile: Upgrading to 4G without changing number or registration
Recommend
Can Google Play really pave the way for China with money?
As a winner of Toutiao's Qingyun Plan and Bai...
What is the use of the “blue” in Isatis root?
As a common household medicine for clearing away ...
3 counter-common sense points in channel cooperation
Recently, I met with several newly appointed pres...
Why do women snore more often as they get older?
Reviewer of this article: Chen Haixu, Deputy Dire...
With an efficiency of 75%, the photography industry can double the click-through rate of information flow advertising by doing this!
As costume photography is sought after by more an...
How to remove watermarks from Douyin? Douyin watermark-free analysis software E source code
No third-party interface is called, it is purely ...
"Constipation magic weapon" gorgeously transformed into "magic water"? Uncovering the quack tricks of enema skin care
Perhaps Kaisulu itself did not expect that the or...
Artifact recommendation! 10 niche, easy-to-use and high-end operation tools!
It is said that if the underwear is well chosen, ...
What are the channels for promoting Tik Tok? Here are 5 tips for you!
How to promote Tik Tok ? What are the channels fo...
4 key indicators for measuring corporate video account operations
A few days ago, Xinbang announced that WeChat Vid...
Google sells 5 million virtual reality headsets
[[162600]] In the first half of this year, virtua...
Can home appliances labeled “Level 1 low energy consumption” really save electricity and money?
I don't know when it started, but a colorful ...
2022 Chengdu Tea Tasting Resources Drinking Tea Sharing Navigation Guide Those who have been here are full of praise [Sincere Night View]
Chengdu tea tasting resources: Senior agent Night...
A complete breakdown of the strategy for creating explosive products!
Ask a question I have come into contact with many...
Zhang Kaili’s personal profile: What is the purpose of website structure optimization?
We know that website structure is a very importan...