Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Apple Addresses iOS 'Backdoor' Concerns by Outlining Legitimate Uses for Targeted Services [Updated]

69Mustang said:
That makes no sense. Very few things in life are all or nothing. How silly does it sound to say you trust Apple 100% or you don't trust them at all. The explanation from Apple simply explained what they do with the diagnostics, not what can be done with the diagnostics.
Click to expand...

Well, trusting Apple or not has nothing to do with what can be done anyway. They may have no malicious intent, it doesn't mean others do (obviously, others do). All I am saying is that people who question things with statements like "hey Apple is lying about the fingerprint scanner! Apple is really storing your fingerprints for XYZ" (actually never heard any kind of useful use for a bunch of fingerprint images from phones but hey). So my thought is OK, if you think Apple might be lying about the fingerprint scanner, then you probably shouldn't even use an iPhone *without* a fingerprint scanner because there are a million other ways they could be gathering even more sensitive information. That's all I meant.
 
scottwaugh said:
This might be true for you, but for most users a phone has more information on it (that the NSA would like to record and store...for future needs of course) than their PC.

Most folks smartphones have who they talk to (& when), who they text to (& what and when), where they've been, their contact list with associated information and of course web sites that they go to with logins, and of course pictures (which we've learned the NSA is scraping) etc..

With regards to the govt recording things (which we've found out they're doing), a smartphone is a jackpot. According to what we've found out in the documents (which were several years old at the time), iOS and Android were easy access devices:

http://www.iclarified.com/37195/the...or-nearly-complete-access-to-the-apple-iphone
Click to expand...

So they take my contacts, appointments, emails, etc. What does that do for them? I don't do anything illegal like most people. Tapping into my phone would be a waste of time and resources.

If they want to compile a list of people, addresses, and numbers, they can query the yellow pages and other data pools much easier than individual devices. Plus who's to say the data we enter on our phones is accurate?

My work phone for example has fake numbers, names, and addresses mixed in with legit ones. If the phone was ever lost or stolen, it would be wiped almost immediately once I contact security through my other phone. I also have emails with false data. While a lot of this is to find out who is "leaking" information as it can be traced back easily, it also confused would be hackers with contradicting information.

----------
CylonGlitch said:
Agreed, and with reading the bold part of this statement :


Indicates that there is no real back door, it would require the user to trust another piece of hardware to create keys with it. That would be a user problem, don't just go around trusting every computer nearby.

Assuming Apple told the truth in the above statement, I see no issues here at all. These services HAVE to be running (in general) if you want to be able to sync content from your computer.
Click to expand...

I only "trust" my Mac which has disk encryption. I used disk utility instead of FileVault. Not sure if its more secure as there's no "recovery key" or anything else associated with it. You forget the password, you are screwed.

I also have a "Documents" folder that has encryption as well with a different password. These are over 24 characters long, easy for me to remember, but no one would guess.

If anyone wants my data that bad, go ahead. The IRS knows most of it anyway when I file my taxes.
 
OldSchoolMacGuy said:
Over wifi or cellular, you can grab most of what isn't encrypted. There are some tools that allow you to grab cellular but only the largest of government agencies have access to them and have the legal authority to use them. Even with very large cases I've worked with those agencies those things are almost never deployed. Generally we aren't grabbing over the airwaves.

From the iTunes desktop backup file, you can grab everything. All the data from your phone is stored there for the most part. Pictures, email, texts, contacts, browsing history, and everything else.
Click to expand...

Thanks for the thoughtful reply. If I can ask one more - what isn't encrypted on our iPhones when they're on? (i.e. what kind of data can you grab when they aren't shut down)
 
scottwaugh said:
Thanks for the thoughtful reply. If I can ask one more - what isn't encrypted on our iPhones when they're on? (i.e. what kind of data can you grab when they aren't shut down)
Click to expand...

Data isn't encrypted on the device in most cases because it slows things down when you have to constantly encrypt or decrypt everything. Really, it's up to the maker of the app to decide what they do and don't want to encrypt. Apple doesn't encrypt stuff like photos and messages because there isn't really any reason to. iOS is secure enough for most users and there isn't much of a threat of people getting into it for most.
 
OldSchoolMacGuy said:
Data isn't encrypted on the device in most cases because it slows things down when you have to constantly encrypt or decrypt everything. Really, it's up to the maker of the app to decide what they do and don't want to encrypt. Apple doesn't encrypt stuff like photos and messages because there isn't really any reason to. iOS is secure enough for most users and there isn't much of a threat of people getting into it for most.
Click to expand...

Given their focus on how much the A7 has sped up encryption/decryption times, I think the system is only going to get more secure as time goes on.
 
gnasher729 said:
Everyone with a Mac knows exactly how this works. When you plug an iOS device into a Mac with a USB cable, iOS will ask you whether you trust this computer. You click yes or no. If you click yes, then the Mac can for example do backups, and other things (you said you trust this computer, right? ). If you click no, then the Mac cannot access _anything_ on the iOS device.
Click to expand...

And if the pair credential were transitory, it would be less of a problem. However, once a pairing has establish, the paired system is able to wirelessly, and without consent or notification, to take advantages of these undocumented processes to essentially pull the personal contents of your phone unencrypted. Further this credential is persistent through every system action excepting a manual full-wipe, even through firmware updates. Does this matter as regards the average "stranger" threat that might nick your phone? No. Does it matter when interacting with privileged systems, even something as innocuous as charging your phone at the airport before going through customs? Absolutely it does.

Zdziarski has also published a POC on this matter: iOS File Relay POC
 
OldSchoolMacGuy said:
From the iTunes desktop backup file, you can grab everything. All the data from your phone is stored there for the most part. Pictures, email, texts, contacts, browsing history, and everything else.
Click to expand...

Not if it's encrypted you can't. And iTunes allows you to encrypt backups quite easily.
 
adnbek said:
Not if it's encrypted you can't. And iTunes allows you to encrypt backups quite easily.
Click to expand...

And Apple's encryption is easy to get around. Simple to pull the password from the Keychain. We've been doing it for years. Even have a nifty product we sell to law enforcement to pull the Keychain contents along with all kinds of other fun stuff like email history, chat/text history, browsing history, network info, address book contents, and a ton more.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back