ExtremeHacking
Today : | Time : | safemode : ON
> / Main Website / Cyber Surakha Abhiyan / Hackers Charity / Linkedin / facebook / twitter /
Name Author Perms Com Modified Label

Apple Strongly Denies Claims of Installing iOS Backdoor Unknown rwxr-xr-x 0 7/23/2014

Filename Apple Strongly Denies Claims of Installing iOS Backdoor
Permission rw-r--r--
Author Unknown
Date and Time 7/23/2014
Label
Action
Ethical Hacking Institute in Pune
./Arizona Team

The allegations from a data forensic expert and security researcher that iOS contains a “backdoor” permitting third parties to potentially gain access to large amount of users' personal data instigated Apple to give a strong response.



























The company has completely denied to the claims published over the weekend by Jonathan Zdziarski, a forensic scientist and iOS security expert.


The researcher, better identified as the hacker moniker "NerveGas", detailed a number of undocumented features in a paper presentation titled, “Identifying Backdoors, Attack Points, and Surveillance Mechanisms in iOS Devices” showing his findings, from his talk at the Hackers On Planet Earth (HOPE X) conference held in New York on Friday.

ALLEGATIONS ON APPLE
The issue, what he explained in his finding, arises from the way Apple encrypts or fails to encrypt data from the iPhone's native apps, leaving over 600 million personal iOS devices vulnerable to third parties.

"Once the device is first unlocked after reboot, most of the data-protection encrypted data can be accessed until the device is shut down," Zdziarski wrote in his presentation. "Your device is almost always at risk of spilling all data, since it’s almost always authenticated, even while locked."

The researcher claimed to have found several undocumented features within iOS that could be used to access users’ information, including photos, address-book information, voicemail messages, and more.

The personal information stored on your phone is at great risk, which includes a full copy of the user's address book including deleted entries, stored photos, the voicemail database and audio files, any account data configured on the device such as iCloud, email, Facebook, Twitter, and other services, the user cache of screenshots, keystrokes and the device's clipboard, as well as location information.

APPLE RESPONDED STRONGLY

In response, Apple has released a statement to Tim Bradshaw, a tech reporter at the Financial Times, denying those allegations and wrote:
“We have designed iOS so that its diagnostic functions do not compromise user privacy and security, but still provides needed information to enterprise IT departments, developers and Apple for troubleshooting technical issues. A user must have unlocked their device and agreed to trust another computer before that computer is able to access this limited diagnostic data. The user must agree to share this information, and data is never transferred without their consent.”

Apple also says in its statement that as it has said before, it “has never worked with any government agency from any country to create a backdoor in any of our products or services.”

APPLE PUBLISHED SUPPORT PAGE
Apple has described several diagnostic capabilities offered in iOS in response to the backdoor access claims. The company has published a support document on its website outlining the three iOS diagnostic capabilities pointed out by the researcher. They are as follows:

com.apple.mobile.pcapd
pcapd supports diagnostic packet capture from an iOS device to a trusted computer. This is useful for troubleshooting and diagnosing issues with apps on the device as well as enterprise VPN connections. You can find more information at developer.apple.com/library/ios/qa/qa1176.
com.apple.mobile.file_relay

file_relay supports limited copying of diagnostic data from a device. This service is separate from user-generated backups, does not have access to all data on the device, and respects iOS Data Protection. Apple engineering uses file_relay on internal devices to qualify customer configurations. AppleCare, with user consent, can also use this tool to gather relevant diagnostic data from users’ devices.

com.apple.mobile.house_arrest
house_arrest is used by iTunes to transfer documents to and from an iOS device for apps that support this functionality. This is also used by Xcode to assist in the transfer of test data to a device while an app is in development.

In addition, Apple reiterates on the support document page that access to these diagnostic capabilities requires an unlocked iOS device and a trusted computer, which protects against data extraction from an unknown Mac or PC. It also notes that any transferred data is encrypted with keys not shared with the company.

www.arizonainfotech.com
CEH CHFI ECSA ENSA CCNA CCNA SECURITY MCITP RHCE CHECKPOINT ASA FIREWALL VMWARE CLOUD ANDROID IPHONE NETWORKING HARDWARE TRAINING INSTITUTE IN PUNE, Certified Ethical Hacking, IT Security Training Information Security Traning Courses in Pune, ceh certification in pune, Ethical Hacking Course in Pune
 

Cyber Suraksha Abhiyan | Sadik Shaikh © 2015 Sadik Shaikh | CEH V9 | ETHICAL HACKING Course Training Institute in India-Pune
Extreme Hacking Template design by Sadik Shaikh | Cyber Suraksha Abhiyan