iOS reveals multiple secret backdoors, users are monitored every minute

Well-known iOS hacker Jonathan Zdziarski has discovered multiple undisclosed "backdoor" services in iOS that he believes could be used by law enforcement, the National Security Agency, or other malicious groups to bypass iOS' encryption and steal sensitive personal information. Zdziarski, an early iOS hacker and author of the book Hacking and Securing iOS Applications, disclosed the news of multiple backdoors in iOS during a speech at the annual HOPE/X hacker and developer conference. In his speech, Zdziarski talked about multiple services running in the background of iOS that he believes are not intended for app developers, Apple employees, or technical support staff. Other backdoors are intended for enterprise system administrators, but are designed in a way that allows them to be used for malicious purposes. "A lot of information should not leave the phone, even when backing up data," Zdziarski said of the information leaked by these background services. A service called com.apple.pcapd captures HTTP data flowing in and out of iOS devices using the libpcap network packet capture function package. According to Zadrsky, this service is activated by default on all iOS devices and can be used to monitor users' information over WiFi networks without their knowledge. Zadrsky specifically questioned the com.apple.mobile.file_relay service, which first appeared in iOS 2 and has been expanded in later versions. He said this service completely bypasses iOS's backup encryption feature and can leak "a lot of intelligence", including the user's address book, CoreLocation log, clipboard, calendar, voicemail, etc. Zadrsky pointed out that hackers can even use this service to steal users' recent photos, recent timeline content, users' DM databases, and authentication tokens from tweets, which can be used to "remotely steal all future Twitter messages." These secret services are not used by iTunes or Xcode, and the data is "too raw" to be used in the Genius Bar or restored to an iOS device. Zadrsky also talked about some of the features in iOS for enterprise customers, including mobile device management options that allow hackers to install customized spyware on devices by forging security certificates. Zadzirski used this method to develop a proof-of-concept spyware app. Apple has since fixed the vulnerability. Some of the backdoor services have been used by commercial law enforcement equipment manufacturers, including Elcomsoft, AccessData and Cellebrite, whose equipment is widely used by US law enforcement agencies to collect evidence from suspects' mobile devices.

As a winner of Toutiao's Qingyun Plan and Baijiahao's Bai+ Plan, the 2019 Baidu Digital Author of the Year, the Baijiahao's Most Popular Author in the Technology Field, the 2019 Sogou Technology and Culture Author, and the 2021 Baijiahao Quarterly Influential Creator, he has won many awards, including the 2013 Sohu Best Industry Media Person, the 2015 China New Media Entrepreneurship Competition Beijing Third Place, the 2015 Guangmang Experience Award, the 2015 China New Media Entrepreneurship Competition Finals Third Place, and the 2018 Baidu Dynamic Annual Powerful Celebrity.

<<: Outlook on artificial intelligence (AI) applications in consumer goods and retail: Future innovations

>>: China Mobile: Upgrading to 4G without changing number or registration

Review of the method of making a poster that can increase the number of fans per day, and a practical growth strategy

iOS reveals multiple secret backdoors, users are monitored every minute

Review of the method of making a poster that can increase the number of fans per day, and a practical growth strategy

Uber-ized future business: From control economy to negotiation economy

WP8.1 can be easily flashed back to WP8

230,000 patents shared for free: This giant wants to end the global mobile phone patent war

New media operation and promotion tips for increasing followers!

Where is the small county in Zhejiang that is “least like Zhejiang”?

There are 7 ways to promote on Xiaohongshu. Have you ever made a mistake?

Are cats naturally aloof? They actually care about their owners!

IEEE Deep Dialogue with Yann LeCun, Head of Facebook Artificial Intelligence: Freeing Deep Learning from Its Constraints

How to make product design more youthful? I summarized these 5 points

Recommend

He searched the Pan-Himalayan region to find the grass for the lamb chops.

Why are young people of this generation suddenly obsessed with "spending money to climb stairs"? !

Giants are accelerating their layout in Southeast Asia, becoming the next battlefield for Chinese technology companies

What new product operators must know about operational planning!

Add WeChat to receive Taobao customer operation materials worth 4980 for free!

With the slowdown in functional innovation, what else can domestic mobile phone ROMs compete for?

E-commerce promotion activities operation analysis

This amazing fish: It took only 90 days to complete hundreds of millions of years of visual "evolution"

What happened on the day the dinosaurs went extinct? Sturgeons know the answer

Practical traffic diversion skills for Douyin (Part 2)

Can't eat Longkou vermicelli on an empty stomach? Netizens are shocked! This is what the doctor said

Get APP product operation analysis in 2019!

ASUS AMD R9 390X: The best engine besides GTX980 Ti

Why do telephone scams prefer using the 170 number?

4 stages and 8 methods to attract new members and retain new members in WeChat groups