Avaleht
uus teema   vasta Administratiivsed foorumid »  Uudisvihjed »  Paistab, et Applel järgmine "peavalu": Undocumented iOS Features left Hidden Backdoors Open in 600 Million Apple Dev märgi kõik teemad loetuks
märgi mitteloetuks
vaata eelmist teemat :: vaata järgmist teemat
Hinnavaatlus :: Foorum :: Uudised :: Ärifoorumid :: HV F1 ennustusvõistlus :: Pangalink :: Telekavad :: HV toote otsing
autor
sõnum Saada viide sõbrale.  :: Teata moderaatorile teata moderaatorile
otsing:  
tahanteada
Lõuapoolik
Lõuapoolik

liitunud: 04.04.2003




sõnum 24.07.2014 20:40:50 Paistab, et Applel järgmine "peavalu": Undocumented iOS Features left Hidden Backdoors Open in 600 Million Apple Dev vasta tsitaadiga

Paistab, et Applel järgmine "peavalu": icon_razz1.gif

Undocumented iOS Features left Hidden Backdoors Open in 600 Million Apple Devices

A well known iPhone hacker and forensic scientist has unearthed a range of undocumented and hidden functions in Apple iOS mobile operating system that make it possible for a hacker to completely bypass the backup encryption on iOS devices and can steal large amounts of users’ personal data without entering passwords or personal identification numbers.

Data forensics expert named Jonathan Zdziarski has posted the slides (PDF) titled “Identifying Backdoors, Attack Points, and Surveillance Mechanisms in iOS Devices” showing his findings, from his talk at the Hackers On Planet Earth (HOPE X) conference held in New York on Friday.

Jonathan Zdziarski, better identified as the hacker "NerveGas" in the iPhone development community, worked as dev-team member on many of the early iOS jailbreaks and is also the author of five iOS-related O'Reilly books including "Hacking and Securing iOS Applications."

The results of his overall research on the iOS devices indicate a backdoor into iOS device’ operating system, although it is not at all that much widely open as a number of reports have suggested.

You can protect your iOS device settings, Messages, Camera Roll, documents, saved games, email account passwords, Wi-Fi passwords, and passwords that you enter into websites using iTunes Backup feature. iTunes also allows users to protect their backup data with an encryption.

Edasi juba kogu pikk jutt lingil:
http://thehackernews.com/2014/07/undocumented-ios-features-left-hidden.html
------------------------------
Paistab, et lugu saigi siis ka järje: icon_cool.gif

Apple confirms iOS backdoors, researcher says explanation is misleading

In the wake of the discovery of undocumented features in Apple's iOS that can serve as backdoors, the company has modified a knowledge base article to enumerate and explain the three questionable services found by iOS forensics expert Jonathan Zdziarski.

The pcapd utility, it is explained, "supports diagnostic packet capture from an iOS device to a trusted computer," and is used for "troubleshooting and diagnosing issues with apps on the device as well as enterprise VPN connections."

The file_relay service is also used for diagnostics and by Apple engineering to qualify customer configurations. "This service is separate from user-generated backups, does not have access to all data on the device, and respects iOS Data Protection," they claim.

Finally, house_arrest "is used by iTunes to transfer documents to and from an iOS device for apps that support this functionality," as well as during app development to transfer test data.

Zdziarski commented on this by saying that the problem with pcapd is that it can be be activated on any device wirelessly, without the user’s knowledge or permission and can, therefore, be used for snooping by third parties in a privileged position.

"Apple is being completely misleading by claiming that file relay is only for copying diagnostic data. If, by diagnostic data, you mean the user’s complete photo album, their SMS, Notes, Address Book, GeoLocation data, screenshots of the last thing they were looking at, and a ton of other personal data – then sure… but this data is far too personal in nature to ever be needed for diagnostics," he added.

He also pointed out that, again, the user is never asked for permission to dump all of this data, or notified in any way. The service can be used wirelessly, and it also doesn't respect the device's backup encryption, he says.

He says that, yes, iTunes and Xcode use the house_arrest service, but it can also be used to access sensitive app information, including private conversations and OAuth tokens. "This is not a back door, rather a privileged access that’s available here that really doesn’t need to be there (or at least could be engineered differently)," he pointed out.

He made sure to note that he doesn't claim that these backdoors were put there intentionally at the behest of the NSA or other authorities.

"What does concern me is that Apple appears to be completely misleading about some of these (especially file relay), and not addressing the issues I raised on others," he noted, adding that he hopes that the company will quietly fix many of these in future versions of the mobile OS. "It would be wildly irresponsible for Apple not to address these issues, especially now that the public knows about them," he concluded.

http://www.net-security.org/secworld.php?id=17165
tagasi üles
vaata kasutaja infot saada privaatsõnum
näita postitusi alates eelmisest:   
uus teema   vasta Administratiivsed foorumid »  Uudisvihjed »  Paistab, et Applel järgmine "peavalu": Undocumented iOS Features left Hidden Backdoors Open in 600 Million Apple Dev
[vaata eelmist teemat] [vaata järgmist teemat]
 lisa lemmikuks
näita foorumit:  
 ignoreeri teemat 
sa ei või postitada uusi teemasid siia foorumisse
sa ei või vastata selle foorumi teemadele
sa ei või muuta oma postitusi selles foorumis
sa ei või kustutada oma postitusi selles foorumis
sa ei või vastata küsitlustele selles foorumis
sa ei saa lisada manuseid selles foorumis
sa ei või manuseid alla laadida selles foorumis



Hinnavaatlus ei vastuta foorumis tehtud postituste eest.