[FoRK] Massive iOS security fail: Undocumented iOS functions allow monitoring of personal data

Stephen D. Williams sdw at lig.net
Mon Jul 21 12:41:36 PDT 2014

Any device you have ever paired your iOS device with since the last factory reset holds the keys to silently wirelessly access all 
information on your device in easy to utilize ways.  Plus packet sniff all incoming/outgoing traffic realtime.  Secure?  Not so 
much.  Don't lose your Bluetooth headset or wireless speaker! Hopefully it isn't easy to get keys out of most devices, but laptops 
are an easy target, especially if you have one of the many compromised Windows machines.

In case you didn't notice, Samsung contributed Knox to Android: https://www.samsungknox.com/en/androidworkwithknox

Zdziarski said the services could also be abused by ex-lovers, co-workers, or anyone else who is in possession of a computer that 
has ever been paired with an iPhone or iPad. From then on, the person has the ability to wirelessly monitor the device until it is 
wiped. He said he makes personal use of those features to keep tabs on his iPhone-using children.


"Between this tool and other services, you can get almost the same information you could get from a complete backup," Zdziarski said 
in an interview. "What concerns me the most is that this all bypasses the consumer backup encryption. When you click that button to 
encrypt the backup, Apple has made a promise that the data that comes off the device will be encrypted."

Using the hidden services that bypass the encrypted backup protection don't require the use of developer mode and many of them have 
been present in iOS for five years. Zdziarski, who designed many of the initial methods for acquiring forensic data from iOS 
devices, said there also is a packet capture tool present on every iOS device that has the ability to dump all of the inbound and 
outbound HTTP data and runs in the background without and notification to the user.

"It's installed by default and they don't prompt the user. If you're going to start packet sniffing every device that's out there, 
you really should be prompting the user," Zdziarski said.


More information about the FoRK mailing list