Home » Security » Identifying Backdoors, Attack Points, and Surveillance Mechanisms in iOS Devices

HOPE

Jonathan Zdziarski gave a great presentation at HOPE this year that I think anyone with an iOS device should read.

“Jonathan Zdziarski is considered to be among the foremost experts in iOS related digital forensics and security. As an iOS security expert in the field (sometimes known as the hacker NerveGas), his research into the iPhone has pioneered many modern forensic methodologies used today, and has been validated by the United States’ National Institute of Justice. Jonathan has extensive experience as a forensic scientist and security researcher specializing in reverse engineering, research and development, and penetration testing, and has performed a number of red-team penetration tests for financial and government sector clients. He frequently consults with law enforcement and military on high profile cases and assists federal, state, and local agencies in their forensic investigations, and has trained many federal, state and local agencies internationally. He has written several books related to the iPhone including iPhone Forensics, iPhone SDK Application Development, iPhone Open Application Development, and his latest, Hacking and Securing iOS Applications.” – http://x.hope.net/

From Johnathan Zdziarski blog:

In addition to the slides, you may be interested in the journal paper published in theInternational Journal of Digital Forensics and Incident Response. Please note: they charge a small fee for all copies of their journal papers; I don’t actually make anything off of that, but it does support the journal.

Here is a link to the PDF of my slides:

iOS_Backdoors_Attack_Points_Surveillance_Mechanisms

DON’T PANIC

Before the journalists blow this way out of proportion, this was a talk I gave to a room full of hackers explaining that while we were sleeping, this is how some features in iOS have evolved over the PAST FEW YEARS, and of course a number of companies have taken advantage of some of the capabilities. I have NOT accused Apple of working with NSA, however I suspect (based on released documents) that some of these services MAY have been used by NSA to collect data on potential targets. I am not suggesting some grand conspiracy; there are, however, some services running in iOS that shouldn’t be there, that were intentionally added by Apple as part of the firmware, and that bypass backup encryption while copying more of your personal data than ever should come off the phone for the average consumer. I think at the very least, this warrants an explanation and disclosure to the some 600 million customers out there running iOS devices. At the same time, this is NOT a zero day and NOT some widespread security emergency. My paranoia level is tweaked, but not going crazy. My hope is that Apple will correct the problem. Nothing less, nothing more. I want these services off my phone. They don’t belong there.

With that said, enjoy the slides and the paper; I think it’s solid academic quality research.

Comments

comments

Latest

youtube red original YouTube Red Originals Paying off For YouTube
SEO Strategies Smart Tips When Creating SEO Strategies In 2018
security The 5 Best Ways To Secure Your Business Against Cybercrime
Mobile Games 4 Knock-out Features That Take Mobile Games to the Next Level
Laravel framework 6 reasons why to choose Laravel framework for web development

Tech Geek Today

Tech Geek Today

MonTueWedThuFriSatSun
    123
45678910
11121314151617
18192021222324
252627282930 
       
 123456
78910111213
21222324252627
28293031   
       
      1
2345678
16171819202122
23242526272829
30      
   1234
567891011
12131415161718
262728293031 
       
   1234
567891011
12131415161718
19202122232425
262728    
       
1234567
891011121314
22232425262728
293031    
       
    123
45678910
11121314151617
18192021222324
25262728293031
       
  12345
6789101112
20212223242526
27282930   
       
      1
9101112131415
16171819202122
23242526272829
3031     
    123
45678910
11121314151617
252627282930 
       
 123456
78910111213
14151617181920
21222324252627
28293031   
       

Subscribe To The Technology Geek

Archives