zdziarski
Latest
Apple denies it included 'backdoor' services in iOS
Apple denied the accusation that it included backdoor services in iOS that could be exploited by law enforcement and other government agencies in order to obtain personal data from iOS devices. The denial statement was provided to Financial Times journalist Tim Bradshaw who shared the communication on Twitter. Apple does not deny the existence of the services discovered by forensic scientist Jonathan Zdziarski, but instead claims the functions are diagnostic and primarily used for troubleshooting and enterprise control of devices. "We have designed iOS so that its diagnostic functions do not compromise user privacy and security, but still provides needed information to enterprise IT departments, developers and Apple for troubleshooting technical issues. A user must have unlocked their device and agreed to trust another computer before that computer is able to access this limited diagnostic data. The user must agree to share this information, and data is never transferred without their consent. As we have said before, Apple has never worked with any government agency from any country to create a backdoor in any of our products of services." Details on these backdoor services were published recently by Zdziarski as part of a presentation during the Hackers On Planet Earth (HOPE/X) conference. You can view all of Zdziarski's presentation slides here: (PDF) [Image from EFF Photos]
Forensic scientist discovers backdoors running on 600 million iOS devices
Your iPhone may well be at risk of spilling a good deal of your personal data, but not in the way you imagine. According to security researcher Jonathan Zdziarski, today's iPhone is actually quite good at fending off a typical hacker, but it also comes with a few convenient -- and secret -- tools that could make it easy for Apple to snoop on you, on behalf of a government agency with authorization to do so. In a talk at New York's Hackers On Planet Earth conference, Zdziarski detailed his findings as they relate to iOS security. The services he discovered running in the background of over 600 million iOS devices today don't appear to have any known purpose for either end users or developers, and are capable of dumping huge amounts of user data upon request. Zdziarski seems to have considered all the potential benign uses for these peculiar software additions -- some of which have been a part of iOS for many years, and have evolved over time. He says the information dumped by the device would be unusable to Genius Bar associates or other Apple repair specialists, and the data is too personal in nature to be shared for debugging purposes. Putting the device in locked mode, with or without Touch ID, doesn't change things. There's really nothing a user can do to protect themselves from these built-in backdoors given that they are part of the design. The key here is that these backdoors were put in place by Apple, and Apple almost certainly has a purpose for them. Zdziarski notes that commercial forensic companies are already using some of these services in order to mine user data for legal purposes, but is that as far as it goes? We won't know unless Apple offers a detailed explanation, and the chances of that are probably rather slim. View all of Zdziarski's presentation slides here: (PDF) [Photo credit: MsSaraKelly]
TUAW Live Chat with App Store developers
How hard is it to make a living at App Store? Are the naysayers right? Do you need a full-fledged business plan and established company even to step through the door? Or can you make it as an independent, finding your own fortune and success. Today, TUAW talks to a handful of App Store developers to hear their stories and discuss their experience. Today's scheduled panelists include Bryan Mitchell, author of the extremely successful Geared game for iPhone, Scott Lawrence, developer of LlamaSlate, LlamaClock, among others, Darrel Plant, creator of Bedeviled, a puzzle game, Youssef Francis of Brancipater, developers of FlowChat (an iPhone IRC client), and Jonathan Zdziarski, author of the best Nintendo emulator that never made it to App Store, plus an Amber Alert app that did. Jonathan is also the author of several iPhone books.We'll be chatting about the challenges and rewards of App Store: how the little guy can make it big, and how the little guy can get beat down. Join us for this live chat and bring your questions.Read on for the chat
Wired: 'iPhone takes screenshots of everything you do'
On your iPhone or your iPod touch, when you press the Home button, there's a nice little animation that takes you back to the home screen. To create that animation, your iPhone takes a screenshot of whatever it is you're doing, and uses it for the transition. Sounds innocent, right? Not so much, says data forensics expert Jonathan Zdziarski (thank you, clipboard). The screenshot is presumably erased from the iPhone after the application closes, but is any digital file really gone after you delete it? Survey says no. Forensics experts have mined for these screenshots, successfully recovering evidence against criminals accused of rape, murder, and drug deals. They can also recover data from the iPhone's keyboard and web caches, too. In his presentation, Zdziarski also demonstrated how to bypass an iPhone's passcode in order to own the device and access personal data. Time-consuming? Sure (it took JZ about an hour and involved a custom firmware build). Impossible? No. As with all things digital (and networked), your privacy is largely illusory. Time to go Don Draper on this one and just use Field Notes books, my stack of business cards, and the rotary dial. [Via Wired.] Thanks, Kenny!
