iOS reveals multiple secret backdoors, users are monitored every minute

Well-known iOS hacker Jonathan Zdziarski has discovered multiple undisclosed "backdoor" services in iOS that he believes could be used by law enforcement, the National Security Agency, or other malicious groups to bypass iOS' encryption and steal sensitive personal information. Zdziarski, an early iOS hacker and author of the book Hacking and Securing iOS Applications, disclosed the news of multiple backdoors in iOS during a speech at the annual HOPE/X hacker and developer conference. In his speech, Zdziarski talked about multiple services running in the background of iOS that he believes are not intended for app developers, Apple employees, or technical support staff. Other backdoors are intended for enterprise system administrators, but are designed in a way that allows them to be used for malicious purposes. "A lot of information should not leave the phone, even when backing up data," Zdziarski said of the information leaked by these background services. A service called com.apple.pcapd captures HTTP data flowing in and out of iOS devices using the libpcap network packet capture function package. According to Zadrsky, this service is activated by default on all iOS devices and can be used to monitor users' information over WiFi networks without their knowledge. Zadrsky specifically questioned the com.apple.mobile.file_relay service, which first appeared in iOS 2 and has been expanded in later versions. He said this service completely bypasses iOS's backup encryption feature and can leak "a lot of intelligence", including the user's address book, CoreLocation log, clipboard, calendar, voicemail, etc. Zadrsky pointed out that hackers can even use this service to steal users' recent photos, recent timeline content, users' DM databases, and authentication tokens from tweets, which can be used to "remotely steal all future Twitter messages." These secret services are not used by iTunes or Xcode, and the data is "too raw" to be used in the Genius Bar or restored to an iOS device. Zadrsky also talked about some of the features in iOS for enterprise customers, including mobile device management options that allow hackers to install customized spyware on devices by forging security certificates. Zadzirski used this method to develop a proof-of-concept spyware app. Apple has since fixed the vulnerability. Some of the backdoor services have been used by commercial law enforcement equipment manufacturers, including Elcomsoft, AccessData and Cellebrite, whose equipment is widely used by US law enforcement agencies to collect evidence from suspects' mobile devices.

As a winner of Toutiao's Qingyun Plan and Baijiahao's Bai+ Plan, the 2019 Baidu Digital Author of the Year, the Baijiahao's Most Popular Author in the Technology Field, the 2019 Sogou Technology and Culture Author, and the 2021 Baijiahao Quarterly Influential Creator, he has won many awards, including the 2013 Sohu Best Industry Media Person, the 2015 China New Media Entrepreneurship Competition Beijing Third Place, the 2015 Guangmang Experience Award, the 2015 China New Media Entrepreneurship Competition Finals Third Place, and the 2018 Baidu Dynamic Annual Powerful Celebrity.

<<: Outlook on artificial intelligence (AI) applications in consumer goods and retail: Future innovations

>>: China Mobile: Upgrading to 4G without changing number or registration

Do you need to sleep in separate rooms if you have this disease? Huo Qigang often wakes up in the middle of the night because of this disease. Doctors in Zhejiang Province have seen at least 10 patients in half a day. Severe cases may be life-threatening.

Blog

Unexpectedly, the fall of ancient Chinese feudal dynasties was related to volcanic eruptions.

Post-traffic era: Competition in the application distribution market is fierce, and user quality is more important than quantity

With the slowdown in smartphone shipments, China&...

12 misunderstandings about community operations!

There must be many friends around you who are eng...

The nucleic acid test sampling cotton swab contains carcinogens? Here comes the rumor debunking!

[This issue's rumors]: Recently, rumors that ...

Science Illustrations | The manned lunar rocket main engine test run was successful again. Why is this of great significance?

...

iOS reveals multiple secret backdoors, users are monitored every minute

Do you need to sleep in separate rooms if you have this disease? Huo Qigang often wakes up in the middle of the night because of this disease. Doctors in Zhejiang Province have seen at least 10 patients in half a day. Severe cases may be life-threatening.

Unexpectedly, the fall of ancient Chinese feudal dynasties was related to volcanic eruptions.

History of Wenchang Tower

Why do cats always want to occupy the highest spot in the house? Cat: Come and see me!

The most expensive mobile phone in history with a debt of 128 million pounds failed due to technical shortcomings

Is faster-than-light travel coming? Don't worry, listen to what the experts say

2020 DaNei C/C++ Training

How to avoid motion sickness? Check out this motion sickness rescue guide

Start with these four aspects to become a great CTO

What are the Q&A marketing platforms? What are the steps of Q&A marketing?

Recommend

Why is App promotion becoming increasingly difficult?

"Skills, Methods and Principles" in Internet Operations

With these three things on, your content can be as sexy as an influencer!

The latest news on Zhengzhou’s lifting of lockdown in 2022: Has it been lifted? When will express delivery resume?

Post-traffic era: Competition in the application distribution market is fierce, and user quality is more important than quantity

12 misunderstandings about community operations!

The nucleic acid test sampling cotton swab contains carcinogens? Here comes the rumor debunking!

Science Illustrations | The manned lunar rocket main engine test run was successful again. Why is this of great significance?

How to choose the equipment for the family first aid kit?

How can “cultivation games” improve user retention and conversion rates?

Offline payment war among giants: WeChat's offensive is fierce, while Alipay survives in adversity

Hezhou Mini Program Customization Company, how much does it cost to customize an automatic ordering mini program?

Anti-inflammation: the key to slowing down aging?

Mountain eggs, sweet potatoes... What other "local names" are there for potatoes from your hometown?

WeChat product analysis report!