Skip to main content

Security researcher says many of his iOS ‘backdoor’ vulnerabilities are fixed in iOS 8 GM, but not all

Jonathan Zdziarski, who flared up the initial round of iOS surveillance claims a couple of months ago, is now reporting that some of these flaws have been rectified with iOS 8. Apple said that these services were used for debugging purposes, and had no connection to government agencies. It then proceeded to detail these processes in a support note.

Zdziarski’s post explains that many issues have been addressed, particularly with File Relay. Before, this service blindly sent data from the device to an external source, without authentication. In iOS 8, he says that the service has been disabled. It seems that data is no longer available either through physical connection or wirelessly. Zdziarski notes law enforcement will not be able to use current tools to access any of this previously-exposed information.

He also details some other areas where improvements have been made. Wireless access to app containers, user media and other data has been removed completely. This means potential exploits will require a wired link, removing a big potential attack vector.

However, he notes that USB access to data is still possible (using the same gateway that iTunes uses for device communication) as is wireless backup. He recommends enabling backup encryption (and strong passwords) for maximum security. Concerned individuals should also be vigilant about turning off their phone when going through detainment, as protected data is not re-encrypted until the phone is rebooted.

While closing off the file_relay service greatly improves the data security of the device, one mechanism that hasn’t been addressed adequately is the ability to obtain a handle to application sandboxes across a USB connection, even while the device is locked. This capability is used by iTunes to access application data, but also presents a vulnerability: commercial forensics tools can (and presently do) take advantage of this mechanism to dump the third party application data from a seized device, if they have access to (or can generate) a valid pairing record with the device. For example, if you are detained at an airport or arrested and both your laptop and your phone is seized, or if your phone is seized unlocked (without a laptop present), a number of forensics tools including those from Oxygen, Cellebrite, AccessData, Elcomsoft and others are capable of dumping third party application data across USB.

Full details about Zdziarski’s findings can be found on his blog.

 

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

  1. standardpull - 10 years ago

    I do think it is fair to say that you shouldn’t hand your phone over to just anybody in an unlocked state, and that if you sync your phone to a computer you really need to trust that computer.

    • huges84 - 10 years ago

      The researcher is saying that your phone can be locked and it may be accessed from a computer that it was never synced with by police using USB and special software.

  2. herb02135go - 10 years ago

    Because Apple never does anything half-assed.
    This is 75 – percent – assed.

Author

Avatar for Benjamin Mayo Benjamin Mayo

Benjamin develops iOS apps professionally and covers Apple news and rumors for 9to5Mac. Listen to Benjamin, every week, on the Happy Hour podcast. Check out his personal blog. Message Benjamin over email or Twitter.


Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications