Tag Archive: iPhone Repair


600 million Apple devices contain secret backdoors, researcher claims

Apple-iconA security researcher considered to be among the foremost experts in his field says that more than a half-billion mobile devices running Apple’s latest iOS operating system contain secret backdoors.

Jonathan Zdziarski, also known by his online alias “NerveGas,” told the audience attending his Friday morning presentation at the Hackers on Planet Earth conference in New York City that around 600 million Apple devices, including iPhones and tablets, contain hidden features that allow data to be surreptitiously slurped from those devices.

During Zdziarski’s HOPE presentation, “Identifying Backdoors, Attack Points and Surveillance Mechanisms in iOS Devices,” the researcher revealed that several undocumented forensic services are installed on every new iPhone and iPad, making it easier that ever for a third-party to pull data from those devices in order to compromise a target and take hold of their personal information, including pictures, text messages, voice recordings and more.

Among the hidden functions running on iOS devices, Zdziarski said, are programs called “pcapd,” “file_relay” and “file_relay.” If used properly, he added, those programs can allow anyone with the right means and methodology to pull staggering amounts of data from a targeted phone, even when the rightful owner suspects the device is sufficiently locked.

Zdziarski has previously exploited older versions of the iOS operating system and authored several books on mobile security. Even after raising multiple questions with Apple, however, he said he has yet to figure out why, exactly, the tech giant ships iOS devices with programs that appear to do nothing other than leak digital data.

According to the slides Zdziarski presented during Friday’s talk, there’s little reason to believe the functions are used to run diagnostics or help developers.

Most services are not referenced by any known Apple software,” one slide says in part, and “the raw format of the data makes it impossible to put data back onto the phone, making useless for Genius Bar or carrier tech purposes.”

“The personal nature of the data makes it very unlikely as a debugging mechanism,” he added.

A man shows a photograph he took on his iPhone of an Apple store in Beijing

According to the researcher, evidence of the mysterious programs raises more questions than it does answers.

“Why is there a packet sniffer running on 600 million personal iOS devices instead of moved to the developer mount?” he asked in one slide. “Why are there undocumented services that bypass user backup encryption that dump mass amounts of personal data from the phone? Why is most of my user data still not encrypted with the PIN or passphrase, enabling the invasion of my personal privacy by YOU?”

“Apple really needs to step up and explain what these services are doing,” Zdziarski told Ars Technia on Monday after his HOPE presentation was hailed over the weekend by the conference’s attendees as a highlight of the three-day event. “I can’t come up with a better word than ‘backdoor’ to describe file relay, but I’m willing to listen to whatever other explanation Apple has. At the end of the day, though, there’s a lot of insecure stuff running on the phone giving up a lot of data that should never be given up. Apple really needs to fix that.”

Indeed, Apple responded on late Tuesday by saying that the tree functions in question are “diagnostic capabilities to help enterprise IT departments, developers and AppleCare troubleshoot issues.”

“Apple has, in a traditional sense, admitted to having back doors on the device specifically for their own use,” Zdziarski responded quickly on his blog. “Perhaps people misunderstand the term ‘back door’ due to the stigma Hollywood has given them, but I have never accused these ‘hidden access methods’ as being intended for anything malicious, and I’ve made repeated statements that I haven’t accused Apple of working with NSA. That doesn’t mean, however that the government can’t take advantage of back doors to access the same information. What does concern me is that Apple appears to be completely misleading about some of these (especially file relay), and not addressing the issues I raised on others.”

“I give Apple credit for acknowledging these services, and at least trying to give an answer to people who want to know why these services are there – prior to this, there was no documentation about file relay whatsoever, or its 44 data services to copy off personal data. They appear to be misleading about its capabilities, however, in downplaying them, and this concerns me,” he added.

On Apple’s part, the company said they have “never worked with any government agency from any country to create a backdoor in any of our products of services.”

 

Source: RT

Apple poised for iPhone 5 launch

Technology giant Apple has fuelled rumours it will launch a new version of its best-selling iPhone by announcing a “special event” only hours before two of its competitors unveiled two new devices.

The secretive firm sent out invitations for the event next week ahead of Wednesday’s announcement in New York by Nokia and Microsoft where they revealed details of two new phones which will run on Microsoft’s Windows operating system.

The Nokia Lumia 920 and Nokia Lumia 820 are the Finnish company’s attempt to claw back lost ground since it lost its position as the world’s biggest phonemaker to Samsung.

The firm described the 920 as its “flagship” product and it boasts a high powered camera described as the equivalent of “a standalone SLR camera” and can be recharged without being plugged in.

The Apple emails, sent on Tuesday to selected journalists, invite them to an event on Wednesday September 12 and includes the line “it’s almost here”.

It also features a figure 12 with a shadow that appears to be the number 5 – seemingly confirming the company will announce the arrival of the iPhone 5.

The events typically involve Apple executives unveiling new products at their California base – which are carried by videolink live to a central London location.

It is around a year since the firm unveiled the iPhone 4S complete with voice recognition software and an A5 chip allowing it to use much faster graphics for gameplay and to download data twice as fast.

The 4S also has an eight megapixel camera with five lenses, one more than the iPhone4, which results in sharper pictures and allows users to take HD video.

The new phone is expected to sell well. Thousands of gadget fans queued to get their hands on the iPhone 4S when it first went on sale.

Source: The Press Association

New iPhone app enables self-destructing sext messages

Sexting, or the act of sending sexually explicit messages or photographs between mobile phones, continues to grow increasingly popular. Mobile users often have private photos posted to the Internet without their permission, and politicians and celebrities alike have taken explicit photos that using mobile devices that were eventually leaked. Unfortunately for Anthony Weiner, the congressman wasn’t aware of an iPhone app by the name of Snapchat. The program is available for free in Apple’s App Store and allows users to send photos that self-destruct within 1-10 seconds. Images cannot be saved in the app, and Snapchat will even notify users if the recipient takes a screenshot — though there is no way to prevent screenshots from being taken, of course. It should also be noted that images are stored on the developer’s servers, and while the company “attempt(s) to delete image data as soon as possible after the message is transmitted,” it cannot guarantee messages will always be deleted. “Messages, therefore, are sent at the risk of the user,” the company’s privacy policy warns.

Source: Forbes / BGR

Tether: Wireless tethering for only $30 per year

For those of you constantly traveling and unable to access a Wi-Fi connection for your Mac or PC, but unwilling to dish out the $360 a year that some carriers will require for native tethering, you can download Tether’s application for $15 for the first year and $30 for the years following.

While jail breaking is one option for avoiding the cost of tethering, other people may find that paying $30 per-year is worth avoiding the hassle of hacking a phone. Plus, for those of us who have a tendency to drop our phones, voiding the warranty and keep customer support and geniuses at bay is also reason enough to avoid the hack — which is why Tether is such a great service.

Initially launched in November 2011, Tether was originally accepted into Apple’s iTunes App Store. But the app was taken down only a few days later because it violated Apple’s terms. Since then, the team had been creating a workaround. And now, they’ve unveiled the latest version of Tether, built using its patent-pending technology, made possible by HTML5. This time around, the team decided to forgo the app’s submission to Apple altogether, seeing as how acceptance into the iTunes App Store was highly unlikely. Instead, Tether is entirely We-based, letting it bypass Apple’s scrutiny.

The service is available for Blackberry, iPhone and Android, and will currently work for any carrier throughout the world. But it’s a game of cat and mouse. Once the major carriers discern how to distinguish a tethered phone using HTML5 from a non-tethered phone, Tether users will run the risk of being forcibly upgraded to the carrier’s tethering plan, or risk being charged extra for the data sent while being tethered to your computer as per the carrier’s terms of service.

Using Tether isn’t too difficult as the video below will show you. You’ll need to download and install the appropriate software for your operating system, and proceed to create an ad-hoc network on your computer by entering in a password (if desired) for the auto-generated SSID. Note that if once Tether is open on your desktop, your current Wi-Fi connection will be disabled to make way for the tethered connection.

On your phone, find and select the ad-hoc network from list of available Wi-Fi. Then, using your mobile browser, you will be required to log into your paid account on tether.com/web. After logging in, you’re tethered and able to browse the Web on your computer right away.

 

Source: DigitalTrends

iOS loophole gives developers access to photos, sources say a fix is coming

Another day, another iOS security concern. Today’s confidence-defeating news comes from Nick Bilton at the New York Times. Bilton writes at the paper’s Bits blog that a loophole has been discovered in iOS which allows third-party developers access to your iPhone, iPad, or iPod touch’s photo and video location data… as well as the actual photos and videos themselves. It appears that if an app asks for photo location data on your device (and you approve the request for permission), that application will also be able to slurp down the photos and videos stored on your phone without any further notification. The Times report mirrors an earlier story from 9to5 Mac which detailed security issues on the platform.

Bilton had an unnamed developer create a dummy application which would replicate the offending functionality, and the developer was able to easily poach location information as well as photos and video from a test device. Other developers — such as Curio co-founder David E. Chen — sounded off on the issue. Chen told the Times that, “The location history, as well as your photos and videos, could be uploaded to a server. Once the data is off of the iOS device, Apple has virtually no ability to monitor or limit its use.” Camera+ developer John Casasanta said that, “It’s very strange, because Apple is asking for location permission, but really what it is doing is accessing your entire photo library.” The article also suggests that this loophole may have been introduced with the release of iOS 4 in 2010.

We reached out to Apple about the issue, but the company declined to comment.

All hope might not be lost, however. We spoke to sources familiar with the situation, and were informed that a fix is most likely coming for the loophole. According to the people we talked to, Apple has been made aware of the issue and is likely planning a fix with an upcoming release of iOS. Those sources also confirmed that the ability to send your photos and videos to a third-party is an error, not an intended feature. If we had to guess, the fix will likely come alongside a patch for Apple’s other recent security issue — the ability for apps to upload your address book information without warning.

This story has clear echoes of that controversy, which came to light when a developer discovered that the app Path was downloading all of your device’s contact information to the company’s servers. In a follow-up report, we discovered that Path wasn’t the only app grabbing your info.

It will be interesting to see how Apple reacts to security breaches of this nature in the future. The company has long made it clear that it’s working to respect user’s privacy; at a glance it looks like these recent slip-ups are exceptions, not the rule.

Source: The Verge