Apple's iOS 'dishing out a lot of data behind our backs,' security researcher charges

Posted:
in iPhone edited July 2014
Noted forensic scientist and iOS hacker Jonathan Zdziarski has uncovered a number of undocumented "backdoor" services in Apple's mobile operating system that he argues could be exploited by law enforcement agencies, the NSA, or other malicious actors to bypass encryption and siphon sensitive personal data from iOS devices.




Zdziarski -- an early member of iOS jailbreaking teams and author of the O'Reilly title Hacking and Securing iOS Applications -- presented his discoveries as part of a talk at the annual HOPE/X conference, a long-running hacking and development conference in New York. The slides from that talk were first noted by ZDNet.

In the talk, Zdziarski touches on a number of services that run in the background on iOS but, he believes, do not appear to serve developers, Apple's engineering staff, or support personnel in any way. Others are designed for the benefit of enterprise administrators, but are crafted in such a way that they could be used for nefarious purposes.

"Much of this data simply should never come off the phone, even during a backup," Zdziarski wrote in one slide, referring to the information made available by those background services.

One service, com.apple.pcapd, captures HTTP data packets that flow to and from a user's device via libpcap. The service is active on every iOS device, according to Zdziarski, and could possibly be targeted via Wi-Fi for monitoring without the user's knowledge.




Zdziarski takes particular issue with the com.apple.mobile.file_relay service, which came around in iOS 2 but has been significantly expanded with successive release. This service completely bypasses iOS backup encryption, he says, exposing a "forensic trove of intelligence" including the user's address book, CoreLocation logs, the clipboard, calendars, notes, and voicemails.

In one particularly poignant example, Zdziarski says that an attacker could make use of this service to grab recent photos from a user's Twitter stream, their most recent timeline, their DM database, and authentication tokens that could be used "to spy on all future [Twitter] correspondence remotely."

Neither iTunes nor Xcode make use of these hidden services, Zdziarski notes, and the data is "in too raw a format" for Genius Bar use and cannot be restored to the device in any way.




Zdziarski also panned some of Apple's enterprise-friendly features, including mobile device management options that could allow an attacker to load custom spyware on a device by forging a security certificate. Zdziarski created a proof-of-concept spyware application for iOS in this way, he said, though Apple closed the loophole through which it collected data by denying applications the ability to create socket connections to the device itself.

A few of these services have already been tapped by manufacturers of commercial forensic devices, Zdziarski says, including companies like Elcomsoft, AccessData, and Cellebrite. Cellebrite products are widely used by U.S. law enforcement agencies to extract the contents of mobile devices seized from suspects.

Apple's iOS security is "otherwise great," Zdziarski wrote, noting that Apple has "worked hard to make iOS devices reasonably secure against typical attackers."
«13

Comments

  • Reply 1 of 45
    if you think Apple is bad you should look at Android cause Android is worse!

    I'd hate to be an Android owner, becuase the NSA pwns all of Android phones. And windoze

    Apple is Awesome!
  • Reply 2 of 45
    MacProMacPro Posts: 18,003member
    This will be lost on the noise ...

    Apple's iOS security is "otherwise great," Zdziarski wrote, noting that Apple has "worked hard to make iOS devices reasonably secure against typical attackers."
  • Reply 3 of 45
    sockrolidsockrolid Posts: 2,788member
    Yet more reasons to never jailbreak.
    You never know what jailbreak apps really do.
  • Reply 4 of 45

    I want to see this guy demonstrate this function.

     

    I'm so sick of people talking about what "could be happening" or that it's "possible". Quit talking out of your ass to make a name for yourself and show us a working, functioning exploit where you've successfully pulled data off a device. Like he claims forensics agencies are doing.

     

    Otherwise STFU.

  • Reply 5 of 45
    mstonemstone Posts: 11,510member
    Quote:
    Originally Posted by Torrid Foster View Post



    if you think Apple is bad you should look at Android cause Android is worse!



    I'd hate to be an Android owner, becuase the NSA pwns all of Android phones. And windoze



    Apple is Awesome!

    NSA is turning out just like in the sci-fi movies such as Minority Report, Fifth Sense, etc. In the future no one will have any real privacy.

  • Reply 6 of 45
    SpamSandwichSpamSandwich Posts: 30,734member
    Apple isn't above valid criticism. If these complaints are valid, I'm confident Apple will look into them.
  • Reply 7 of 45
    Quote:

    Originally Posted by EricTheHalfBee View Post

     

    I want to see this guy demonstrate this function.

     

    I'm so sick of people talking about what "could be happening" or that it's "possible". Quit talking out of your ass to make a name for yourself and show us a working, functioning exploit where you've successfully pulled data off a device. Like he claims forensics agencies are doing.

     

    Otherwise STFU.


     

    Zdziarski said the services could also be abused by ex-lovers, co-workers, or anyone else who is in possession of a computer that has ever been paired with an iPhone or iPad. From then on, the person has the ability to wirelessly monitor the device until it is wiped. He said he makes personal use of those features to keep tabs on his iPhone-using children.

     

    "The forensic tools I've written for myself privately I use for parental monitoring where when I set the phone up I'll pair it with my desktop and then at any point in the future I can just easily scan the network, find my kids' devices and dump all their application data, see who they're talking to, and what their doing online," he explained."

    http://arstechnica.com/security/2014/07/undocumented-ios-functions-allow-monitoring-of-personal-data-expert-says/

  • Reply 8 of 45
    fallenjtfallenjt Posts: 3,971member

    Go ahead NSA. I don't give a sht. I got nothing to hide.

  • Reply 9 of 45
    haggarhaggar Posts: 1,568member
    Quote:
    Originally Posted by Torrid Foster View Post



    if you think Apple is bad you should look at Android cause Android is worse!



    I'd hate to be an Android owner, becuase the NSA pwns all of Android phones. And windoze



    Apple is Awesome!

    I would rather see iOS issues addressed, rather than people just saying "But Android is worse".

  • Reply 10 of 45
    mstonemstone Posts: 11,510member
    Quote:
    Originally Posted by fallenjt View Post

     

    Go ahead NSA. I don't give a sht. I got nothing to hide.


    Yeah, but it is none of their business either. They don't need to read the txt I send my wife.

  • Reply 11 of 45
    haggar wrote: »
    I would rather see iOS issues addressed, rather than people just saying "But Android is worse".

    He's read to many Daniel Eran Dilger articles. I avoid them like the plague.
  • Reply 12 of 45
    I want to see this guy demonstrate this function.

     
    I'm so sick of people talking about what "could be happening" or that it's "possible". Quit talking out of your ass to make a name for yourself and show us a working, functioning exploit where you've successfully pulled data off a device. <span style="line-height:1.4em;">Like he claims forensics agencies are doing.</span>


    <span style="line-height:1.4em;">Otherwise STFU.</span>

    Totally agree. He just wants his 15 minutes. I say to him demonstrate it so apple knows what to fix or so that users can take cautionary steps. Otherwise he's all hot air.
  • Reply 13 of 45
    anantksundaramanantksundaram Posts: 18,956member
    Quote:
    Originally Posted by fallenjt View Post

    Go ahead NSA. I don't give a sht. I got nothing to hide.

     

    Sounds brave, but the issue isn't whether you think you have anything to hide, it's whether the NSA thinks you have anything to hide.
  • Reply 14 of 45
    vaporlandvaporland Posts: 358member
    I'm so sick of people talking about what "could be happening" or that it's "possible".

    ...quit talking out of your ass.... STFU.</span>

    You don't get to present at these conferences if you're an idiot. The standards for appearing there are fairly high.

    The standard for posting comments on AI forums, not so much.

    You should take your own advice (in bold above).

    Keep in mind that people challenged the government in court for years about being spied on, only to be told "you can't prove it - go away"

    Then Snowden reveled their immoral / illegal activity, now the cases are moving forward again.

    It is difficult to get a man to understand something, when his salary depends upon his not understanding it - Upton Sinclair
  • Reply 15 of 45
    nagrommenagromme Posts: 2,834member
    I'm glad these questions are being asked, and these details are being dug up.

    I hope I will also be glad when the answers emerge!

    It's always possible to improve.
  • Reply 16 of 45
    bobjohnsonbobjohnson Posts: 154member
    Quote:

    Originally Posted by ExceptionHandler View Post


    Totally agree. He just wants his 15 minutes. I say to him demonstrate it so apple knows what to fix or so that users can take cautionary steps. Otherwise he's all hot air.

     

    Perhaps you should take a moment to peruse the slide deck linked in the article, where you will find several working examples. 

  • Reply 17 of 45
    magman1979magman1979 Posts: 1,110member
    mstone wrote: »
    NSA is turning out just like in the sci-fi movies such as Minority Report, Fifth Sense, etc. In the future no one will have any real privacy.
    I hate to say it, but I saw this day coming. As soon as the Edward Snowden leaks came out, detailing all the major tech companies complicity with the NSA, I knew there had to be something, somewhere embedded in the iOS code. This was just a treasure trove for the likes of the NSA, which they'd be fools to ignore.

    Now, the real question, will Apple man up to this, acknowledging it in spite of their gag order from the NSA, and shut them out, or be a good little US corporate citizen and claim these reports are false and move along as if nothing happened? If they do the latter, they will lose a TREMENDOUS amount of credibility.

    I sincerely hope Apple sets the example, stands up to the NSA, and expunges all code of this nature from their systems. Only time will tell.
  • Reply 18 of 45
    mstonemstone Posts: 11,510member
    Quote:
    Originally Posted by ExceptionHandler View Post

     
    Totally agree. He just wants his 15 minutes. I say to him demonstrate it so apple knows what to fix or so that users can take cautionary steps. Otherwise he's all hot air.


    It is possible to extract data from the phone, at least with physical possession. Apple provides that service to law enforcement, although there is an extremely long waiting list. If Apple has a back door then it is not impossible for others to figure out how to gain access as well.

     

    http://www.cnet.com/news/apple-deluged-by-police-demands-to-decrypt-iphones/

  • Reply 19 of 45
    tzeshantzeshan Posts: 1,876member

    I think this researcher is saying if you modify the firmware then the iPhone may be snooped.  iOS update may change the firmware.  But apps can not. 

  • Reply 20 of 45
    magman1979magman1979 Posts: 1,110member


    Totally agree. He just wants his 15 minutes. I say to him demonstrate it so apple knows what to fix or so that users can take cautionary steps. Otherwise he's all hot air.
    Not necessarily. Have you thought about perhaps he's not releasing the details to the public to prevent this from being exploited by nefarious people outside the NSA?

    I rather he do it the way he has, then give the facts over to Apple R&D for them to remove the code and plug the leaks.
Sign In or Register to comment.