iOS reveals multiple secret backdoors, users are monitored every minute

Well-known iOS hacker Jonathan Zdziarski has discovered multiple undisclosed "backdoor" services in iOS that he believes could be used by law enforcement, the National Security Agency, or other malicious groups to bypass iOS' encryption and steal sensitive personal information. Zdziarski, an early iOS hacker and author of the book Hacking and Securing iOS Applications, disclosed the news of multiple backdoors in iOS during a speech at the annual HOPE/X hacker and developer conference. In his speech, Zdziarski talked about multiple services running in the background of iOS that he believes are not intended for app developers, Apple employees, or technical support staff. Other backdoors are intended for enterprise system administrators, but are designed in a way that allows them to be used for malicious purposes. "A lot of information should not leave the phone, even when backing up data," Zdziarski said of the information leaked by these background services. A service called com.apple.pcapd captures HTTP data flowing in and out of iOS devices using the libpcap network packet capture function package. According to Zadrsky, this service is activated by default on all iOS devices and can be used to monitor users' information over WiFi networks without their knowledge. Zadrsky specifically questioned the com.apple.mobile.file_relay service, which first appeared in iOS 2 and has been expanded in later versions. He said this service completely bypasses iOS's backup encryption feature and can leak "a lot of intelligence", including the user's address book, CoreLocation log, clipboard, calendar, voicemail, etc. Zadrsky pointed out that hackers can even use this service to steal users' recent photos, recent timeline content, users' DM databases, and authentication tokens from tweets, which can be used to "remotely steal all future Twitter messages." These secret services are not used by iTunes or Xcode, and the data is "too raw" to be used in the Genius Bar or restored to an iOS device. Zadrsky also talked about some of the features in iOS for enterprise customers, including mobile device management options that allow hackers to install customized spyware on devices by forging security certificates. Zadzirski used this method to develop a proof-of-concept spyware app. Apple has since fixed the vulnerability. Some of the backdoor services have been used by commercial law enforcement equipment manufacturers, including Elcomsoft, AccessData and Cellebrite, whose equipment is widely used by US law enforcement agencies to collect evidence from suspects' mobile devices.

As a winner of Toutiao's Qingyun Plan and Baijiahao's Bai+ Plan, the 2019 Baidu Digital Author of the Year, the Baijiahao's Most Popular Author in the Technology Field, the 2019 Sogou Technology and Culture Author, and the 2021 Baijiahao Quarterly Influential Creator, he has won many awards, including the 2013 Sohu Best Industry Media Person, the 2015 China New Media Entrepreneurship Competition Beijing Third Place, the 2015 Guangmang Experience Award, the 2015 China New Media Entrepreneurship Competition Finals Third Place, and the 2018 Baidu Dynamic Annual Powerful Celebrity.

<<: Outlook on artificial intelligence (AI) applications in consumer goods and retail: Future innovations

>>: China Mobile: Upgrading to 4G without changing number or registration

@Pregnant Mom: Extremely unfriendly! Beware of Toxoplasma gondii in "cats"

Blog

Refined user growth case!

Blog

Japanese electric cars are finally here. GAC Honda's first pure electric sedan with the Aion logo is about to be launched

Blog

What is the difference between eggs that cost a few yuan and eggs that cost dozens of yuan? Are red-skinned eggs more nutritious?

Blog

Marketing promotion: How to take advantage of the popularity and come up with creative copywriting?

Blog

Selling 23 houses in one day on Douyin? Revealing the “new way” of selling products through short videos!

Blog

Three tricks of social marketing, let you break away from the traditional sales model and quickly fission to detonate performance Baidu Cloud download

Blog

Recommend

Cortana UI is like this now, why don’t you chat with it?

Hey, Cortana: Your mission is to make your daily ...

How much is the CBA championship prize money? How much prize money does the Guangdong team, the ten-time CBA champion, get?

As the fourth quarter of the third game of the fi...

It's your car, but not entirely. What are the methods used by manufacturers to remotely lock it? This article will help you avoid pitfalls

The car you buy is not your car, or in other word...

iOS reveals multiple secret backdoors, users are monitored every minute

@Pregnant Mom: Extremely unfriendly! Beware of Toxoplasma gondii in "cats"

Refined user growth case!

Japanese electric cars are finally here. GAC Honda's first pure electric sedan with the Aion logo is about to be launched

What is the difference between eggs that cost a few yuan and eggs that cost dozens of yuan? Are red-skinned eggs more nutritious?

Marketing promotion: How to take advantage of the popularity and come up with creative copywriting?

Selling 23 houses in one day on Douyin? Revealing the “new way” of selling products through short videos!

Three tricks of social marketing, let you break away from the traditional sales model and quickly fission to detonate performance Baidu Cloud download

Featured recommendation: Detailed explanation of the use of xUtils framework

What should operators do before, during and after an online event?

Tesla's future is in China? 40% of Tesla's global sales in 2022 may come from China

Recommend

Cortana UI is like this now, why don’t you chat with it?

How much is the CBA championship prize money? How much prize money does the Guangdong team, the ten-time CBA champion, get?

How to explain sleeping in using physics?

What are the benefits of promoting WeChat mini programs?

Is “supplementing what is lacking” precise nutrition? This is the key to cracking the code of longevity!

4 ways to build an Internet brand!

It's your car, but not entirely. What are the methods used by manufacturers to remotely lock it? This article will help you avoid pitfalls

Neither Trump's coming to power nor Wei Jianjun's cold water can change the chip narrative of China's electric vehicles

The algorithm recommendation mechanism of Toutiao and Douyin is not as "stupid" as people say on the Internet!

All things grow with the help of the sun. Is it possible to grow without it?

Ford invested $4 billion to build autonomous driving, but can it catch up with Waymo?

How does BuzzFeed, the American version of Toutiao, achieve viral communication?

What is the abnormal weather phenomenon this year 2022? Why is it so abnormal? Specifically these are the three reasons!

Just count on your fingers, how much radiation is exposed when going through security check?

What is the relationship between Zhu Yuanzhang and Bach?