Researcher Reveals: All iOS Devices Allow Access to All Data Through Hidden Services

Apple Think Different

JONATHAN ZDZIARSKI presented how all iOS devices are running Apple created, undocumented, hidden services, that allow access to all data on your device, even encrypted data.  His slides are available here.  Below I have summarized some of the more interesting parts and tried to put them in less technical terms.

Highlights 

  • Apple has worked hard to make iOS devices reasonably secure against typical attackers
  • Apple has worked hard to ensure that Apple can access data on end-user devices on behalf of law enforcement
  • Almost all native application / OS data is encrypted with a key
  • As of iOS 7, third party documents are encrypted, but Library and Caches folders are usually not
  • Once the device is first unlocked after reboot, most of the encrypted data can be accessed until the device is shut down
  • The undocumented services running on every iOS device help make this possible
  • Your device is almost always at risk of spilling all data, since it’s almost always authenticated, even while locked

Undocumented Services Overview

  • Accessed through lockdownd, requiring pairing authentication
  • iOS 7 trust dialog helps, but third party accessories are making people stupid again
  • Bypasses “Backup Encryption” mechanism provided to users
  • —Can be accessed both via USB and wirelessly (WiFi, maybe cellular); networks can be scanned for a specific target
  • —If device has not been rebooted since user last entered PIN, can access all data encrypted with data-protection (third party app data, etc)
  • —Other (more legitimate) services enable software installation, APN installation (adding proxy servers) for continued monitoring
  • A number of commercial law enforcement forensic manufacturers have started tapping these services:
    ï‚Ą Cellebrite
    ï‚Ą AccessData (Mobile Phone Examiner)
    ï‚Ą Elcomsoft
  • A number of private tools and source are out there as well to take advantage of these services

Ransomware on your iPhone?  Oh my!  Using your own iOS pictures for blackmail? OH MY!!

The undocumented and hidden services your i-device is running that Apple never told you about

First service: com.apple.mobile.file_relay

  • Completely bypasses Apple’s backup encryption for end-user security
  • Very intentionally placed by Apple and intended to send data from the device by request
  • Can collect data from the phone that user has deleted but still remains on the device because the memory has not been reused yet
  • This undocumented, hidden service can collect and send any and all data on your device, including data you probably didn’t know your device even kept but the list is too long to include

Second Service: com.apple.mobile.house_arrest

  • Allows access to the Library, Caches, Cookies, Preferences folders as well
  • These folders provide highly sensitive account storage, social/Facebook caches, photos and other data stored in “vaults”, and much more

Additional services:

com.apple.iosdiagnostics.relay Provides detailed network usage per-application on a per-day basis

com.apple.mobile.installation_proxy Given an enterprise certificate, can use this to load custom software onto the device (which can run invisibly and in the background)

com.apple.syslog_relay Syslog, provides a lot of details about what the device is doing, and often leaks user credentials from 3rd party apps via NSLog()

Already documented and fairly public method of using these undocumented services 

DROPOUTJEEP – a software implant for iPhones that allows for the ability to remotely copy or place files on a device, retrieve text messages, contacts, voicemail, location information, turn on mic, camera, cell tower location.  Requires “close access” for implant, which means they don’t need to physically touch the device bluetooth or WiFi might be ‘close enough’.  Data extraction is done over GPRS (cellular essentially) or through text messaging.  Ironically all communication with the implant is “covert and encrypted”.

If you want to prevent some of these attack surfaces there is a simple and free solution from Apple called Apple Configurator that will allow you to prevent it from pairing with other devices.

200 IBM Bluemix Days Training

 

200 Bluemix Days

Come learn about IBM’s new cloud development platform: IBM Bluemix

IBM Bluemix is an open-standards, cloud-based platform for building, managing and running apps and services of all types (web, mobile, big data, new smart devices). Capabilities include Java, mobile backend development, application monitoring, as well as capabilities from ecosystem partners and open source — all through an as-a-service model in the cloud.

The 200 IBM Bluemix Days include Meetups, Bluemix Advantage sessions, and Hands-On Bluemix Workshops.

Events highlights

Bluemix Advantage: Developers and business leaders alike will benefit from hearing how Bluemix and SoftLayer offer a low-risk, secure, cost sensitive environment – using new capabilities and technologies geared towards the cloud. Take advantage of the opportunity to learn how to differentiate and leap-frog your competition with IBM Bluemix and SoftLayer.

Bluemix Hands-On Workshops:  Take the opportunity to build and deploy applications and services like DevOps and Data in a matter of hours on Bluemix (built on SoftLayer)! 

As part of this workshop you will be able to:

Bring your own simple application or use our sample labs and learn how to build and deploy on Bluemix.

Bluemix Meetups:  Participants can relax, network and listen to IBM experts provide an overview and live demo of Bluemix.

IBM Bluemix Academic Hackathon: Ready to put your IBM Bluemix skills to the test? Take part in an IBM Bluemix hackathon!  The Bluemix hackathon introduces participants to IBM Bluemix  and IBM DevOps Services. Participants use this unique opportunity to showcase their innovative skills and build their dream app.

This hackathon is designed to teach you fundamentals of building and deploying your application in the Cloud and critical cloud services like Security, Mobile, Big Data, Analytics.

Hackathons are available for our academic faculty and students as well as partners eager to build their cloud skills.

Free at 200 Bluemix Days!   *** Power 8 SDK**** 

Space is limited! Sign up today for a 200 Bluemix Days session near you!!

View interactive map of all locations