Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
IOS Security Communications Encryption Iphone Privacy Apple

Private Data On iOS Devices Not So Private After All 101

Posted by timothy from the it's-totally-intuitive dept.
theshowmecanuck (703852) writes with this excerpt from Reuters summarizing the upshot of a talk that Jonathan Zdziarski gave at last weekend's HOPE conference: Personal data including text messages, contact lists and photos can be extracted from iPhones through previously unpublicized techniques by Apple Inc employees, the company acknowledged this week. The same techniques to circumvent backup encryption could be used by law enforcement or others with access to the 'trusted' computers to which the devices have been connected, according to the security expert who prompted Apple's admission. Users are not notified that the services are running and cannot disable them, Zdziarski said. There is no way for iPhone users to know what computers have previously been granted trusted status via the backup process or block future connections. If you'd rather watch and listen, Zdziarski has posted a video showing how it's done.
This discussion has been archived. No new comments can be posted.

Private Data On iOS Devices Not So Private After All More

Private Data On iOS Devices Not So Private After All

Comments Filter:

  • Re:Stallman was right (Score:5, Informative)

    by Anonymous Coward on Saturday July 26, 2014 @10:45AM (#47538291)

    Fortunately, if someone wants a "smartphone" that is under full control of the user, there are a few choices: Openmoko Neo Freerunner, OpenPhoenux GTA04 or latest device in development - Neo900 ( http://neo900.org/ )

    The last one even goes further and implements monitoring over some unavoidably closed parts, like GSM modem (and all of them have proper modem isolation, so the modem cannot access the main RAM, possibly rendering any software encryption moot like on most of recent mainstream smartphones)

  • Article got it wrong (Score:5, Informative)

    by strredwolf ( 532 ) on Saturday July 26, 2014 @10:48AM (#47538297) Homepage Journal

    Almost all the reports are getting the gist of the paper wrong -- any press summation that doesn't go into the paper to understand it will get it wrong. The paper goes into deep detail that Apple has several services that, while protected by several layers of security that could be bypassed, can transfer data in the clear. There are also several services that don't have any obvious connecting software.

    It's a rather deep hacker-style dive into iOS.

    A good video about this is by TWiT Network. At http://twit.tv/sn465 [twit.tv] Security Now ep 465 has expert Steve Gibson explain the actual paper.

  • FUD (Score:3, Informative)

    by Anonymous Coward on Saturday July 26, 2014 @11:02AM (#47538371)

    The it only works with a trusted device AND the device being unlocked.

    If you gave your device PIN to someone, they already have your data and don't need to do this.

  • Apple's Admission? (Score:4, Informative)

    by Anonymous Coward on Saturday July 26, 2014 @11:24AM (#47538449)

    When did Apple admit to anything? They said the researcher was wrong and described the settings that he found and what they are used for! I would trust Apple over Google any day! Eric Schmidt has lied so many times along with his colleagues that the whole company isn't trustful!

    http://support.apple.com/kb/HT6331

    http://www.macrumors.com/2014/07/22/apple-ios-backdoors-support-document/

  • Re:Yeah (Score:1, Informative)

    by BasilBrush ( 643681 ) on Saturday July 26, 2014 @12:41PM (#47538787)

    In the TFA case, apple has control over your keys.

    False. The private keys are unique to the phone and the paired device. The public keys are shared between the two when they are paired. Apple doesn't have have the private keys (or the public keys for that matter), and thus cannot read either side of the communication.

  • Nothing new here (Score:4, Informative)

    by maccodemonkey ( 1438585 ) on Saturday July 26, 2014 @01:11PM (#47538929)

    iPhones have always been able to sync data out of their secure storage to the user's computer since launch. How did people think USB sync worked? Magical leprechauns that flew out of your phone carrying the data?

    Heck, one of these is the developer daemon that runs on the phone to install apps from Xcode. Again, how exactly did people think Xcode did that?

    These tools all require the phone be logged in, and that the right key exchange take place.

    I can't tell if the "security researcher" here is just trolling, has never actually used an iPhone, it is just stupid.

  • Re:Stallman was right (Score:4, Informative)

    by HiThere ( 15173 ) <charleshixsn@@@earthlink...net> on Saturday July 26, 2014 @03:22PM (#47539603)

    Not sure about that particular case, but there are some legal requirements that, I believe, entail controls that are not user controlable. Things like frequency, signal encoding, etc. Those seem liike reasonable constraints, so long as we aren't using spread spectrum, which, IIUC, is illegal.

    Given that, modem isolation is probably the just and reasonable approach to take.

Slashdot Top Deals

Math is like love -- a simple idea but it can get complicated. -- R. Drabek

Close