News

New Techniques Show iPhone Data Extraction

Previously unpublicized techniques show how personal data including text messages, contact lists and photos can be extracted from iPhones through trusted devices.

Researcher Jonathan Zdiarski showed in a presentation at the Hackers on Planet Earth conference this week, how the services take a surprising amount of data for what Apple says are “diagnostic services meant to help engineers”.

The users are not notified that the services are running and can not disable them. There is no way for iPhone users to know what computers have previously been granted trusted status via the backup process or block any future connections.

The same techniques to circumvent the backup encryption could however also be used by law enforcement or others with access to the “trusted” computers to which the devices have been connected.

In a video demonstration where Zdiarski showed what he could extract from an unlocked phone and a trusted computer, he also told us that the only way to un-pair your iPhone is to wipe it. The NSA collaboration rumors started right away, but Apple denied creating any “back doors” for intelligence agencies.

”We have designed iOS so that its diagnostic functions do not compromise user privacy and security, but still provides needed information to enterprise IT departments, developers and Apple for troubleshooting technical issues,” Apple said. “A user must have unlocked their device and agreed to trust another computer before that computer is able to access this limited diagnostic data.”

Zdziarski said he did not believe that the services were aimed at spy agencies, but that they do extract way more information than needed, with little to no disclosure.

Security industry analyst Rich Mogull said Zdziarski’s work was overhyped but technically accurate. ”They are collecting more than they should be, and the only way to get it is to compromise security.”

Mogull also agreed with Zdziarski that since the tools exist, law enforcement will use them in cases where the desktop computers of targeted individuals can be confiscated, hacked or reached via their employers.

For all the attention to the previously unknown tools and other occasional bugs, Apple’s phones are widely considered more secure than those using Google Inc’s rival Android operating system, in part because Google does not have the power to send software fixes directly to those devices.

Thank you Reuters for providing us with this information.

Image courtesy of Apple.

Bohs Hansen

Disqus Comments Loading...

Recent Posts

MSI MPG B650 Carbon WIFI (Socket AM5) DDR5 ATX Motherboard

ColourPrimary ColourBlackDimensionsLength30.5 cmWidth24.4 cmLightingLightingYesLighting ColourRGBWiFi & LANLAN ports1x 2.5 Gbit/sStorage PortsSATA 6G (internal)6M.2 PCIe 4.0…

9 hours ago

Asus ROG Strix B760-I Gaming WIFI (LGA 1700) DDR5 ITX Motherboard

MotherboardMotherboard ChipsetIntel B760CPUCPU ManufacturerIntelCPU Socket1700Form FactorMotherboard formfactorMini-ITXDimensionsLength17 cmWidth17 cmInternal PortsCPU Power Supply1x 8-PinUSB 3.0 /…

9 hours ago

Zotac GeForce RTX 3050 Twin Edge LHR 8192MB GDDR6 PCI-Express Graphics Card

ColourPrimary ColourBlackGraphics CardGPU SeriesRTX 30 SeriesFeaturesVirtual Reality ReadyYesClock SpeedsMax. Memory Clock14000 MHzMax. GPU Clock (Boost)1777…

9 hours ago

Kolink Observatory MX Mesh ARGB Midi Tower Case

Mid-tower PC case with dual-tone design and half-hinged tempered glass panel Mesh front panel and…

9 hours ago

LG 27″ 3840×2160 IPS 144Hz 1ms FreeSync/G-Sync HDMI 2.1 Widescreen Gaming Monitor

The UHD 4K display supports the express high-fidelity colour for reproducing vivid scenes. This monitor…

9 hours ago

Kolink Inspire Series K6 ARGB Micro-ATX Case 

Striking front panel with brushed aluminium look and ARGB lighting Tempered glass side panel and…

9 hours ago