ASCII.jp "iOS Backdoor Problem" Ended-Apple Releases Details of "Secret Service"

ASCII.jp "iOS Backdoor Problem" Ended-Apple Releases Details of "Secret Service"

  • By huaweicomputers
  • 20/04/2022

It seems that the "iOS device" backdoor "problem", which became a hot topic last weekend and was reported by major media on the 18th of the week, has finally come to an end.

Originally announced at a hacker conference in New York by Jonathan Zdziarski, a criminal science expert and familiar with iOS security, all iOS devices have a secret mechanism that allows users to extract user data with or without a PIN code. It was pointed out that it may have been intentionally prepared as a backdoor.

Even after Edward Snowden, a former U.S. intelligence agent, revealed the existence of the NSA's wiretapping program, "Apple may have colluded with government agencies to set up a backdoor." Because it has spread.

Meanwhile, Apple quickly argued and began a battle with Zdziarski. This time, in the exchange between the two over several days, the cause of this problem, the process of its introduction, and the conclusion became clear, so I will briefly summarize the contents here.

First of all, review the circumstances

The first report in the major media was probably from ZDNet, and the slide (PDF format) of the announcement in question was posted on Zdziarski's blog on the 18th when the announcement was made.

ASCII.jp 「iOSバックドア問題」に終止符か - Appleが

Slide of the announcement in question

In the slide used to announce at the hacker conference "HOPE / X", there is a service that Apple has "not officially documented" in all iOS versions of the iPhone, and this service captures user data stored on the device. The content is that it can be referenced with encryption disabled.

Normally, the data in the device is encrypted so that it cannot be directly referenced, but in the case of iOS, it is prepared on the system because it uses a different encryption key that is not related to the PIN code entered by the user. It may use a "hidden service" to bypass cryptographic processing and directly touch the data.

Zdziarski points out that the problem is that the mechanism that enables such "peeping" is effective with or without a kind of debug mode called "Developer Mode", which can be done from another computer without the user's consent. It is said that it is possible to extract data by the instruction of.

Specifically, " com.apple.mobile.file_relay " that sniffs communication packets, " com.apple.mobile.pcapd " that transfers data in the device, and data in the sandbox of each app. Three services such as " com.apple.mobile.house_arrest " are applicable, and especially "file_relay" can access most data including CoreLocation and cache by bypassing the backup encryption mechanism mentioned above. , Pointing out the possibility of misuse.

And while pointing out the possibility of "backdoor", we interweave the story that these mechanisms are used not only for Apple but also for collecting information of third parties such as NSA, and on the Apple side. The presentation concludes with a question of attitude. In his blog post, he reminds us that "I'm not going to instigate or blame Apple," and the goal is to qualify Apple's view of this "hidden service."

Previous 123 Next

Display format: PC ⁄ smartphone