{"id":714,"date":"2014-07-23T15:44:32","date_gmt":"2014-07-23T19:44:32","guid":{"rendered":"http:\/\/www.ccrepairservices.com\/blog\/?p=714"},"modified":"2014-07-23T15:48:16","modified_gmt":"2014-07-23T19:48:16","slug":"ispy-researcher-exposes-backdoor-in-iphones-and-ipads","status":"publish","type":"post","link":"https:\/\/www.ccrepairservices.com\/blog\/computer-news\/ispy-researcher-exposes-backdoor-in-iphones-and-ipads\/","title":{"rendered":"iSpy? Researcher exposes backdoor in iPhones and iPads"},"content":{"rendered":"

\"\"<\/p>\n

How much of your personal data on your iPhone or iPad would you be willing to bet law enforcement or a hacker can grab\u00a0from your device, even if you’ve encrypted it?<\/p>\n

How about all of it?<\/p>\n

A “backdoor” that Apple built into iOS for developers can be used to spy on iPhones and iPads by governments, law enforcement, or cyber criminals,\u00a0according to forensics researcher Jonathan Zdziarski<\/span>.<\/p>\n

For the backdoor to be exploited by a spy, your iDevice needs to be synced to another computer via a feature called iOS pairing<\/em>.<\/p>\n

Once your iDevice is paired\u00a0to your PC or Mac, they exchange encryption keys and certificates to establish an encrypted SSL tunnel, and the keys are never deleted unless the iPhone or iPad is wiped with a factory reset.<\/p>\n

That means a hacker could insert spyware on your computer to steal the pairing keys, which allows them to locate and\u00a0connect to your device via Wi-Fi<\/a>.<\/p>\n

Because iPhones and iPads automatically connect to Wi-Fi networks<\/a> with names they recognize, an attacker could then\u00a0set up a hotspot\u00a0using a spoofed network\u00a0name to get your device to connect, and grab all your data.<\/p>\n

Zdziarski used his talk at the HOPE X hacker conference on 18 July to state that Apple’s backdoors give access to personal data that’s beyond what developers or Apple itself need.<\/p>\n

In mentioning that the Snowden leaks revealed the National Security Agency (NSA) had used backdoors in iPhone, Android and BlackBerry, Zdziarski also implied that the NSA may have used Apple’s backdoors for easy access to iPhones and iPads.<\/p>\n

Apple issued a statement <\/span>to reporters, acknowledging the access through pairing.<\/p>\n

But what Zdziarski described as a backdoor, Apple calls “diagnostic functions” – Apple said developers and IT departments need them for “troubleshooting.”<\/p>\n

Apple’s statement also flatly denies any cooperation with the NSA, or government agencies “from any country.”<\/p>\n

We have designed iOS so that its diagnostic functions do not compromise user privacy and security, but still provides needed information to enterprise IT departments, developers and Apple for troubleshooting technical issues. <\/tt><\/p>\n

A user must have unlocked their device and agreed to trust another computer before that computer is able to access this limited diagnostic data. The user must agree to share this information, and data is never transferred without their consent.<\/tt><\/p>\n

As we have said before, Apple has never worked with any government agency from any country to create a backdoor in any of our products or services.<\/tt><\/blockquote>\n

Zdziarski said:<\/p>\n

Apple\u2019s seeming admission to having these back doors, however legitimate a use they serve Apple, unfortunately have opened up some serious privacy weaknesses as well.<\/tt><\/p>\n

I think at the very least, this warrants an explanation and disclosure to the some 600 million customers out there running iOS devices.<\/tt><\/blockquote>\n

The\u00a0lack of disclosure of these security loopholes is a bit puzzling, but Apple seems to have, at least, done the disclosing part now.<\/p>\n

Will Apple back down?<\/p>\n

Will the programmers in Cupertino be instructed to remove the libraries, or perhaps limit their use to developers debugging their apps?<\/p>\n

Chances are that’s not going to happen, not least because Apple obviously went to some trouble to get all this stuff working in the first place.<\/p>\n

\n

Please Visit our Computer News Website and Blog<\/a><\/span><\/h2>\n

for latest computer repair and online news.<\/span><\/h1>\n

Local and Online Virus removal and computer repairs anytime, anywhere<\/span><\/h2>\n

Fort Lauderdale, Miami, Boca Raton, Boynton Beach and all South Florida<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

How much of your personal data on your iPhone or iPad would you be willing to bet law enforcement or a hacker can grab\u00a0from your device, even if you’ve encrypted it? How about all of it? A “backdoor” that Apple built into iOS for developers can be used to spy on iPhones and iPads by governments, law enforcement, or cyber criminals,\u00a0according to forensics researcher Jonathan Zdziarski. For the backdoor to be exploited by a spy, your iDevice needs to be synced to another computer via a feature called iOS pairing. Once your iDevice is paired\u00a0to your PC or Mac, they exchange encryption keys and certificates to establish an encrypted SSL tunnel, and the keys are never deleted unless the iPhone or iPad is wiped with a factory reset. That means a hacker could insert spyware on your computer to steal the pairing keys, which allows them to locate and\u00a0connect to your device via Wi-Fi. Because iPhones and iPads automatically connect to Wi-Fi networks with names they recognize, an attacker could then\u00a0set up a hotspot\u00a0using a spoofed network\u00a0name to get your device to connect, and grab all your data. Zdziarski used his talk at the HOPE X hacker conference on 18 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[168,1033,1036,32,1031,1032,1034,1035,486,628,33,451],"class_list":["post-714","post","type-post","status-publish","format-standard","hentry","category-computer-news","tag-apple","tag-apple-backdoor","tag-coputer-news","tag-fort-lauderdale","tag-iphone","tag-iphone-backdoor","tag-iphone-hacker-access","tag-iphone-security-hole","tag-latest-news","tag-local-news","tag-miami","tag-online-news"],"_links":{"self":[{"href":"https:\/\/www.ccrepairservices.com\/blog\/wp-json\/wp\/v2\/posts\/714","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ccrepairservices.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ccrepairservices.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ccrepairservices.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ccrepairservices.com\/blog\/wp-json\/wp\/v2\/comments?post=714"}],"version-history":[{"count":2,"href":"https:\/\/www.ccrepairservices.com\/blog\/wp-json\/wp\/v2\/posts\/714\/revisions"}],"predecessor-version":[{"id":716,"href":"https:\/\/www.ccrepairservices.com\/blog\/wp-json\/wp\/v2\/posts\/714\/revisions\/716"}],"wp:attachment":[{"href":"https:\/\/www.ccrepairservices.com\/blog\/wp-json\/wp\/v2\/media?parent=714"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ccrepairservices.com\/blog\/wp-json\/wp\/v2\/categories?post=714"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ccrepairservices.com\/blog\/wp-json\/wp\/v2\/tags?post=714"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}