Apple, Mac, iOS4, iPad, iPhone and (in)security...
10.0K views | +0 today
Follow
Apple, Mac, iOS4, iPad, iPhone and (in)security...
Everything related to the (in)security of Apple products
Curated by Gust MEES
Your new post is loading...
Your new post is loading...
Rescooped by Gust MEES from 21st Century Learning and Teaching
Scoop.it!

Forensic scientist identifies suspicious 'back doors' running on every iOS device | Privacy | Cyberespionage

Forensic scientist identifies suspicious 'back doors' running on every iOS device | Privacy | Cyberespionage | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
During his talk at HOPE/X Jonathan Zdziarski detailed several undocumented services (with names like 'lockdownd,' 'pcapd,' 'mobile.file_relay,' and 'house_arrest') that run in the background on over 600 million iOS devices.


Zdziarski's questions for Apple include:

  • Why is there a packet sniffer running on 600 million personal iOS devices instead of moved to the developer mount?
  • Why are there undocumented services that bypass user backup encryption that dump mass amounts of personal data from the phone?
  • Why is most of my user data still not encrypted with the PIN or passphrase, enabling the invasion of my personal privacy by YOU?
  • Why is there still no mechanism to review the devices my iPhone is paired with, so I can delete ones that don’t belong?

... and his last slide (page 57 of the PDF) sums it up nicely: 


  • Apple is dishing out a lot of data behind our backs
  • It’s a violation of the customer’s trust and privacy to bypass backup encryption
  • There is no valid excuse to leak personal data or allow packet sniffing without the user’s knowledge and permission.
  • Much of this data simply should never come off the phone, even during a backup.
  • Apple has added many conveniences for enterprises that make tasty attack points for .gov and criminals
  • Overall, the otherwise great security of iOS has been compromised… by Apple… by design.

Learn more:



Gust MEES's insight:
During his talk at HOPE/X Jonathan Zdziarski detailed several undocumented services (with names like 'lockdownd,' 'pcapd,' 'mobile.file_relay,' and 'house_arrest') that run in the background on over 600 million iOS devices.


Zdziarski's questions for Apple include:

  • Why is there a packet sniffer running on 600 million personal iOS devices instead of moved to the developer mount?
  • Why are there undocumented services that bypass user backup encryption that dump mass amounts of personal data from the phone?
  • Why is most of my user data still not encrypted with the PIN or passphrase, enabling the invasion of my personal privacy by YOU?
  • Why is there still no mechanism to review the devices my iPhone is paired with, so I can delete ones that don’t belong?

... and his last slide (page 57 of the PDF) sums it up nicely: 


  • Apple is dishing out a lot of data behind our backs
  • It’s a violation of the customer’s trust and privacy to bypass backup encryption
  • There is no valid excuse to leak personal data or allow packet sniffing without the user’s knowledge and permission.
  • Much of this data simply should never come off the phone, even during a backup.
  • Apple has added many conveniences for enterprises that make tasty attack points for .gov and criminals
  • Overall, the otherwise great security of iOS has been compromised… by Apple… by design.

Learn more:


more...
Gust MEES's curator insight, July 21, 2014 9:26 AM
  • Apple is dishing out a lot of data behind our backs
  • It’s a violation of the customer’s trust and privacy to bypass backup encryption
  • There is no valid excuse to leak personal data or allow packet sniffing without the user’s knowledge and permission.
  • Much of this data simply should never come off the phone, even during a backup.
  • Apple has added many conveniences for enterprises that make tasty attack points for .gov and criminals
  • Overall, the otherwise great security of iOS has been compromised… by Apple… by design.

Rescooped by Gust MEES from Apps and Widgets for any use, mostly for education and FREE
Scoop.it!

83% Of Mobile Apps Are Risky

83% Of Mobile Apps Are Risky | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
Summer 2013 App Reputation Report to examine the hidden behaviors behind free and paid mobile apps

 

The cloud-based, fully automated Appthority App Risk Management Service performed static, dynamic and behavioral app analysis on the 400 most popular free and paid apps on the iOS and Android platforms.

 

  

Appthority analyzed each app for particular behaviors within a test environment

.

Highlights from the App Reputation Report are:

 

- Overall, 83% of the most popular apps are associated with security risks and privacy issues.

 

- iOS apps exhibited more risky behaviors than Android apps. 91% of iOS apps exhibit at least one risky behavior, as compared to 80% of Android apps.

 

- 95% of the top free apps and 77.5% of the top paid apps exhibited at least one risky behavior.

 

- 78% of the most popular free Android apps identify the user's ID (UDID).

 

- Even though Apple prohibits its developers from accessing the UDID, 5.5% of the tested iOS apps still do.

 

- 72% of the top free apps track for the user's location, compared to 41% of paid apps.

 

- Although paid apps already generate revenue when downloaded, 59% of paid iOS and 24% of paid Android apps still support in-app purchasing.

 

- Furthermore, 39% of paid iOS and 16% of paid Android apps still share data with ad networks.

 


Via Gust MEES
Gust MEES's insight:

 

Learn more:

 

http://www.scoop.it/t/apps-for-any-use-mostly-for-education-and-free

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

 

more...