I know… you’re surprised, yes? :D
It seems that security researcher and hacker Jonathan Zdziarski has discovered a number of “backdoors” in iOS that can possibly be exploited remotely to gain access to the device user’s personal information. He presented these findings at the annual HOPE/X conference which was held July 18-20 in New York City.
Apparently these undocumented services can, among other things:
- Bypass “Backup Encryption” mechanism provided to users
- Be accessed both via USB and wirelessly
- If device has not be rebooted since user last entered the device PIN, can access all
data encrypted with “data-protection”. (e.g. third-party app data, etc)
To get a bit more specific, the “Apple Mobile File Relay Service” apparently “…completely bypasses iOS backup encryption… exposing a “forensic trove of intelligence” including the user’s address book, CoreLocation logs, the clipboard, calendars, notes, and voicemails”, and “…an attacker could make use of this service to grab recent photos from a user’s Twitter stream, their most recent timeline, their DM database, and authentication tokens that could be used ‘to spy on all future [Twitter] correspondence remotely.'”
Now since Mr. Zdziarski also happens to be a forensic scientist, he points-out that various smartphone forensic tools have already exploited these undocumented
services to break into iOS devices and access data that Apple had represented to users as encrypted and protected.
Note that one of those well-known forensic product vendors, Cellebrite, is apparently unable to break through BlackBerry 10 security, according to reports I’ve seen, reportedly resulting in much hand-wringing and aggravation over at Cellebrite-Central.
Matter of fact – according to this forensic discussion forum thread, NONE of the common smartphone forensic tools, as of at least the end of 2013, are able to break BlackBerry 10 security.
Poor poopsies! Do you feel bad for them yet? :D