Slashdot Mirror
Private Data On iOS Devices Not So Private After All
theshowmecanuck (703852) writes with this excerpt from Reuters summarizing the upshot of a talk that Jonathan Zdziarski gave at last weekend's HOPE conference:
Personal data including text messages, contact lists and photos can be extracted from iPhones through previously unpublicized techniques by Apple Inc employees, the company acknowledged this week. The same techniques to circumvent backup encryption could be used by law enforcement or others with access to the 'trusted' computers to which the devices have been connected, according to the security expert who prompted Apple's admission. Users are not notified that the services are running and cannot disable them, Zdziarski said. There is no way for iPhone users to know what computers have previously been granted trusted status via the backup process or block future connections.
If you'd rather watch and listen, Zdziarski has posted a video showing how it's done.
These so-called "smart telephones" aren't telephones at all; they are computers. Computers that you cannot control. And if you aren't, who is?
Some folks thought Richard Stallman was crazy for saying no-one should run software or use hardware that is based on clandestine (proprietary, hidden) knowledge. This latest revelation is just one reason he was right all along.
There's only one operating system in existence today that is worthy of even a small degree of trust: OpenBSD.
OpenBSD is the only operating system I know of that is open source, continually undergoes rigorous review, and has developers who put security above all else.
Since OpenBSD is the only operating system that is anywhere close to being secure, the only type of secure mobile device would be one running OpenBSD. I'm not aware of any of those, so it's obvious that any device not running OpenBSD should be considered insecure to begin with.
The more we buy devices whose master is someone else, the more things of this very nature will become a problem.
Do not buy devices that you do not control after you buy them. You must be able to run any kernel and any userspace you want, you must be able to control the machine top to bottom. If you give this up in exchange for convenience, then you will be taken advantage of by companies that don't have your interests at heart.
It's good that you have that much faith in an OS. Just don't install anything on it.
If you store sensitive stuff on your iPhone, don't make backups from it onto an insecure/unencrypted computer.
And if you were making backups from anything secure onto anything insecure, it is time to revise your security policy.
Large corporations cannot be trusted to protect our secrets -- particularly when under the thumb of big-brother government!
Almost all the reports are getting the gist of the paper wrong -- any press summation that doesn't go into the paper to understand it will get it wrong. The paper goes into deep detail that Apple has several services that, while protected by several layers of security that could be bypassed, can transfer data in the clear. There are also several services that don't have any obvious connecting software.
It's a rather deep hacker-style dive into iOS.
A good video about this is by TWiT Network. At http://twit.tv/sn465 Security Now ep 465 has expert Steve Gibson explain the actual paper.
--
# Canmephians for a better Linux Kernel
$Stalag99{"URL"}="http://stalag99.net";
Apparently not so safe.
The "researcher" and Reuters forgot to clearly call out that for the information to be extracted with the developer tools an iOS device must be trusted. Trust is established by plugging the device into a computer and the device MUST be unlocked.
This is akin to giving someone you don't trust a key to your house.
These *attacks* require the attacker to have the keys from a trusted computer. Is your linux secure if you give somebody the root pass? Is your house safe if you give a friend the keys? These "security" headlines are just clickbait.
The it only works with a trusted device AND the device being unlocked.
If you gave your device PIN to someone, they already have your data and don't need to do this.
Due to the great advances in technology and the continuing reduction in cost of these technologies, what were previously "dumb" devices are now extremely sophisticated computers doing specialized tasks but they are not limited to these specialized task or to being used in the manner they were conceived for. As such almost all modern device from cameras to mp3 players can be re-purposed as digital "snitches". This is often true even if the device was not design or envisioned to so from the beginning or had countermeasures to inhibit the use of the device in that way. Such sophisticated devices can be reprogrammed or "hacked". Just accept this as true and if you can't due the research and enlighten yourself. So the only practical recourse is accept it and be careful if you have a good reason to believe your data is incriminating to you. Assume all devices have vulnerabilities or use paper instead and hope everyone has forgotten how to read that way.
Already debunked.
Irresponsible post.
Think before you post. That's not even close to bein the same thing.
When did Apple admit to anything? They said the researcher was wrong and described the settings that he found and what they are used for! I would trust Apple over Google any day! Eric Schmidt has lied so many times along with his colleagues that the whole company isn't trustful!
http://support.apple.com/kb/HT6331
http://www.macrumors.com/2014/07/22/apple-ios-backdoors-support-document/
The "trusted" computer creds are sitting in one's home directory. It would be trivial for malware to slurp those, then any other computer can be flagged as "trusted".
At least Android is forthright about what keys it has used for ADB access, and offers you the ability to delete the keys, singly, or dump them all. In iOS, once trusted... it stays trusted until you erase and set up as new. Same with trusting SSL/TLS keys. You can add trusted root keys, but there is no way to remove them from the device or backups.
Is your house safe if you let your old friend in once somewhere in the past?
This alegory would be better.
No, you can't retrieve anything from my computers in that way even with my root password.
The encryption keys are my own and I have full control over them.
In the TFA case, apple has control over your keys.
Does it change the fact that your old friend only needs to make a copy of the keys once? Granted iOS doesn't allow you to change the keys short of buying new hardware, but adding this "feature" to some settings screen like wiping all data is very simple, and continuing the alegory, you can't morph your locks either, you need to buy new ones and replace them in your house.
Seriously? Can't I log in as root and install RAT to monitor and send all the data over? Because that's what TFA tools do. You don't have "full control" over anything if somebody else has the root pass to your machines and can log in them.
You are wrong. Apple doesn't have so much control over the keys (they are not being sent anywere) as much as Apple controls your OS in first place. Plus TFA says that you can wipe your device to reset the keys. So what control does Apple have over that?
Sure man, trivial. It happens to everybody every day of the week. Seriously, do you guys have a bit of common sense? If you have malware slurping the keys, the malware can already be slurping the synced data of the phone, which is the point of this attack. Why go roundaway to something you already have access to on the machine? For the lulz? And don't tell me there might be data on the phone that is not on the machine, because then I claim you wouldn't be syncing in the first place the phone, neither to Apple iCloud, neither to your own machine.
All the case scenarios you guys are painting are the equivalent of xkcd 538.
It's hardly "copying the keys". It's simply connecting the device to some PC and then finding yourself vurnerable for remote attacks. After you are aware that something like that is possible, it of course makes sense to be careful, but otherwise - how would you even expect it to be possible? Especially if you're not tech-savvy? No sane security design should allow something like that, especially on things like mobile phones or tablets that are often connected to various other devices at various places.
In the TFA case, apple has control over your keys.
False. The private keys are unique to the phone and the paired device. The public keys are shared between the two when they are paired. Apple doesn't have have the private keys (or the public keys for that matter), and thus cannot read either side of the communication.
iPhones have always been able to sync data out of their secure storage to the user's computer since launch. How did people think USB sync worked? Magical leprechauns that flew out of your phone carrying the data?
Heck, one of these is the developer daemon that runs on the phone to install apps from Xcode. Again, how exactly did people think Xcode did that?
These tools all require the phone be logged in, and that the right key exchange take place.
I can't tell if the "security researcher" here is just trolling, has never actually used an iPhone, it is just stupid.
apple response here: http://support.apple.com/kb/HT...
JZ's response response here: http://www.zdziarski.com/blog/...
dropping some fact bombs on this conversation.
NOT!
and yet /. folk cheer on the demise of BlackBerry.. the one phone that has a near flawless security record.
and yes, full disclosure, I own a z10. I also find it to be the best smart phone I've ever owned with battery life that my android friends can only dream about.
One might do this if they want to gain access to your phone next year instead of just today. If I compromise your computer today, you may find out about it and wipe your drive. As I understand it, this attack would allow me to continue accessing your phone's data even after the computer you sync to has been secured.
Correct me if I am wrong, but this attack sounds like it would let your friend make a copy of the key, and even if you changed the locks on your house, his copy would still work.
What's with all the repeat articles recently?
Both this story and the verizon/netflix story have already been posted to /. in the last week.
WRONG! I have the keys and yes the iPhone/iDevice can be accessed via remote tools. HOWEVER the device does not need to be unlocked!!! You need to use the force (google) my friend.
I agree. There is nothing new here. The only way this can be exploited in my experience is with iTunes Sync and using local (sharing)...not through a LAN. The guy is full of it....just another publicity hound.
I was however able to duplicate his process via usb though...but not over a LAN or WAN link.
So not sure how NSA/Hackers/Malware/Panic fits into this....it is all FUD!
Yeah, you know me! Why trust Other People's Encryption? If you encrypt data yourself, you control who can decrypt it - unless all crypto algorithms are compromised. When Google or Apple encrypt on your behalf, you don't really know what they're doing.
Answering your linux question, yes my linux computer is safe if i give someone my root password because many linux distro's dont allow direct root login.
"By default, the Root account password is locked in Ubuntu. This means that you cannot login as Root directly or use the su command to become the Root user. "
Perhaps you can define exactly what it means to "jailbreak" an iDevice? Seems you do something to gain "root" access? Remember when simply going to a website would root your phone?
It's enough to have a friend PC compromised, where you connected your iPhone once, a year ago, to recharge your battery and you don't even remember that now. When his computer is compromised, your phone becomes compromised as well and vulnerable to remote attacks.
That's a bit different story than what you described above.
Sure man, trivial. It happens to everybody every day of the week. Seriously, do you guys have a bit of common sense? If you have malware slurping the keys, the malware can already be slurping the synced data of the phone, which is the point of this attack. Why go roundaway to something you already have access to on the machine? For the lulz? And don't tell me there might be data on the phone that is not on the machine, because then I claim you wouldn't be syncing in the first place the phone, neither to Apple iCloud, neither to your own machine.
All the case scenarios you guys are painting are the equivalent of xkcd 538.
Um... hello there? XKCD 538 is important here. Just look at the Slashdot stories, and you will see abuses left and right, and this is by every single government out there.
Take the UK, a judge can ask a person 30-50 times for their password, each no is 3-4 years in Her Majesty's prison system, due to RIPA. Other places like Syria and most of the Middle East will answer a "no" with 240VAC to the regions of the body normally used for reproduction... and likely to family members too.
So, it is a big concern, and in iOS (which some people on Slashdot call "100% secure"), once a machine is "introduced"... it is mated for life. Want a divorce? Pair as new and don't restore from a backup as those keys will be back if you get your old data on the device.
As for Android... if really concerned about it, delete the keys and call it done. Some Android devices/ROMs by default tend to ask for permission each and every time when connected anyway.
In this case, Android wins this security issue. ADB, MTP, and PTP are known protocols. It isn't like iTunes where iOS's transfer protocol is a closed source mystery.
Nice to see the fanboy glossing over the issue...
sudo xterm or sudo mc is how I get a root prompt under Ubuntu
https://en.wikipedia.org/wiki/Inverted_totalitarianism
The conditions of use of Apple produced hardware don't amount to ownership. You don't control the device - Apple does. Apple being a US company, has the same contempt for the rights of individuals as the US government. Steer clear.
Except any sane person doesn't allow remote root logins.
Who would have thought that a trusted device would have access to your data? Why that would allow you to share your data with devices! Not to mention the technical aspects that allow them to diagnose and correct problems! HOW DARE THEY.
J.Z. has been trying to 'bust through' with some 'epic' backdoor revolation for along time. This is not it. Sadly the media have eaten it up. Seriously this is like saying that IF you unlock your truecrypt container ..... truecrypt can read ALL your data!
In a conference presentation this week, researcher Jonathan Zdziarski showed how the services take a surprising amount of data for what Apple now says are diagnostic services meant to help engineers.
...
Apple denied creating any “back doors” for intelligence agencies. “We have designed iOS so that its diagnostic functions do not compromise user privacy and security, but still provides needed information to enterprise IT departments, developers and Apple for troubleshooting technical issues,” Apple said. “A user must have unlocked their device and agreed to trust another computer before that computer is able to access this limited diagnostic data.”
These two paragraphs (three paragraphs apart) completely contradict each other. Off hand I will believe the security researcher over Apple. Everyone with any brains understands that ALL "smart" phones (both Android AND iOS) are designed from the ground up to spy on you.
Asked if Apple had used the tools to fulfill law enforcement requests, Apple did not immediately respond.
That is pretty much an admission that they are gagged by a national security letter and their lawyers are working on a response that won't really say anything.
Nice to see the fanboy glossing over the issue...
Yes, you did gloss over the issue of Google being a Hipster marketing company.
Of course news about a fake are Fake News.