Experts Find ‘Backdoor’ in iOS Functions that Allows Personal Data Monitoring




/ 10 years ago

ios-storage-encryption

A forensic scientists warned people about the fact that Apple has undocumented functions in its iOS operating system which allows people to wirelessly connect and extract pictures, text messages and other sensitive data, without the need of either a password or PIN.

iOS jailbreaker and forensic expert, Jonathan Zdziarski, has apparently revealed the functions at the Hope X conference, where he stated that any device that has ever been paired with the target handset can be used to access the functions. Zdziarski has also stated that he is unsure of Apple engineers enabled the mechanism intentionally in order to make room for easier surveillance by the NSA or law enforcement groups.

The most concerning service of all is the com.apple.mobile.file_relay. It is said to generate a huge amount of data, including account data for email services, Twitter, iClound, a full copy of the address book including deleted entries, the user cache folder, geographic position logs, a complete dump of the user photo album, and many more. All the data is available and accessible without requiring any additional security protocols, such as passwords or PINs.

pcapd1

Zdziarski has also added two other services, the com.apple.pcapd and com.apple.mobile.house_arrest, stating that the latter may have legitimate uses for app developers or support engineers. However, the data generated can be used to spy on users by government agencies or anyone who knows how to access the logs. For example, the pcapd allows people to wirelessly monitor all network traffic traveling into and out of the device, even when the handset is not running in a special developer or support mode. In addition, the house_arrest allows the copying of sensitive files and documents from Twitter, Facebook, and many other applications.

While the services are available and can be read by all, Zdziarski tells that not every hacker out there is out to get your data. He said that only “technically knowledgeable people who have access to a computer, electric charger, or other device that has ever been modified to digitally pair with a targeted iPhone or iPad” can access the data.

Thank you Arstechnica for providing us with this information
Images courtesy of Arstechnica


Topics: , , , , , , , , , , , , ,

Support eTeknix.com

By supporting eTeknix, you help us grow and continue to bring you the latest newsreviews, and competitions. Follow us on FacebookTwitter and Instagram to keep up with the latest technology news, reviews and more. Share your favourite articles, chat with the team and more. Also check out eTeknix YouTube, where you'll find our latest video reviews, event coverage and features in 4K!

Looking for more exciting features on the latest technology? Check out our What We Know So Far section or our Fun Reads for some interesting original features.

eTeknix Facebook eTeknix Twitter eTeknix Instagram eTeknix Instagram
  • Be Social With eTeknix

    Facebook Twitter YouTube Instagram Reddit RSS Discord Patreon TikTok Twitch
  • Features


Send this to a friend
})