“Forensic scientist and author Jonathan Zdziarski has posted the slides (PDF) from his talk at the Hackers On Planet Earth (HOPE/X) conference in New York called Identifying Backdoors, Attack Points, and Surveillance Mechanisms in iOS Devices,” Jason D. O’Grady reports for ZDNet.
“Zdziarski, better known as the hacker ‘NerveGas’ in the iPhone development community, worked as dev-team member on many of the early iOS jailbreaks and is the author of five iOS-related O’Reilly books including ‘Hacking and Securing iOS Applications,'” O’Grady reports. “In December 2013, an NSA program dubbed DROPOUTJEEP was reveled by security researcher Jacob Appelbaum that reportedly gave the agency almost complete access to the iPhone. The leaked document, dated 2008, noted that the malware required ‘implant via close access methods’ (presumably physical access to the iPhone) but ominously noted that ‘a remote installation capability will be pursued for a future release.'”
“In his talk, Zdziarski demonstrates ‘a number of undocumented high-value forensic services running on every iOS device’ and ‘suspicious design omissions in iOS that make collection easier,'” O’Grady reports. “According to one slide the iPhone is ‘reasonably secure’ to a typical attacker and the iPhone 5 and iOS 7 are more secure from everybody except Apple and the government. But he notes that Apple has ‘worked hard to ensure that it can access data on end-user devices on behalf of law enforcement’ and links to Apple’s Law Enforcement Process Guidelines, which clearly spell this out.”
O’Grady reports, “Two solutions for the security conscious are to: a) set a complex passcode, and b) install the Apple Configurator application (free, Mac App Store), set enterprise Mobile Device Management (MDM) restrictions on your device then delete all pairing records (a.k.a. pair locking).”
Read more in the full article here.
[Thanks to MacDailyNews Reader “DavidinMpls” for the heads up.]