Monday, July 21, 2014

iOS Devices are Still Safe -- from everybody except Apple and the NSA

According to a security researcher, undocumented services in iOS allow Apple -- and law enforcement -- to access the contents of any iOS device, including encrypted ones. 
Forensic researcher Jonathan Zdziarski has outlined details of how a number of undocumented services in iOS are purportedly used to collect personal data by law enforcement and government agencies, according to ZDNet.

The services, which sport names like "lockdownd," "pcapd" and "mobile.file_relay," are allegedly used to bypass lock screens and collect data from iOS devices, and are accessible by USB and WiFi. (Zdziarski adds "maybe cellular" to that list as well.)

Zdziarski presented his findings at the HOPE/X (Hackers On Planet Earth) conference in New York,
where he noted that while Apple has worked hard to make iOS secure against "typical attackers," the company has also ensured that it can "access data on end user devices on behalf of law enforcement. "The end result is that iOS has been made "more secure from everybody except Apple and the government." (more)