According to foreign media reports, not long ago well-known iOS hackers Jonathan Zdziarski disclosure iOS there are a number of backdoors, in specific circumstances can get the user's personal information, Apple recently The introduction acknowledges this, saying there are a number of "diagnostic features" that were not previously leaked in the iOS operating system pre-installed on products such as the iPhone and iPad, along with information about the three backdoors.
Jonathan Zadrski used to be a member of the iOS jailbreak team and has also published numerous books on iOS development. Zaddelsky officially announced his findings last weekend.
The three backdoors disclosed by Zadelski exist in the operating system of 600 million iPhones and iPads. These backdoors give access to a large amount of user personal information, which can then be transferred to devices on the phone's trust list, For example, many users will iPhone data cable connected to the computer, and these computers are "trusted device." Although these backdoors only come through these trusted devices, to a certain extent reduce the possibility of information leakage, but the means of attack can still be an attacker to obtain access to this information.
Apple has never mentioned these iOS services to the public before. Zaddelski said that these services will not notify users when obtaining user's personal information, nor will they need to obtain the user's permission, but will not be able to be closed by the user.
In a statement released Tuesday night local time, Apple described these three backdoors as "iOS diagnostic capabilities, users help enterprise IT departments, developers and AppleCare detect failures," and Apple also announced the three backdoors Some details.
1. com.apple.mobile.pcapd
pcapd supports the transfer of diagnostic packets obtained on iOS devices to a trusted device. This service allows users to detect and diagnose applications and corporate VPN connections on iOS devices. You can find more information from the following link:
developer.apple.com/library/ios/qa/qa1176
2. com.apple.mobile.file_relay
file_relay supports limited replication of diagnostic information from within the device. This service is independent of user-generated backups and does not have access to all data on user devices, as is limited by iOS data protection. Apple Engineering uses file_relay on internal devices to verify user settings, and AppleCare uses this service to diagnose cell phone-related diagnostics from users' devices with the user's permission.
3. com.apple.mobile.house_arrest
iTunes calls house_arrest for sending and receiving documents between iOS devices and applications, and Xcode calls this service to help transfer test data during the development of an application.
Apple's statement also said that as Zadelski discovered, third parties can indeed access these services by accessing a trusted device via Wifi. However, Apple has neither confirmed nor denied the most crucial question: whether these services will be done without the user's knowledge, or without user consent.
Apple also stressed that file_relay can call only a limited number of data, but Zadziski responded that the service can access the iPhone's 44 data sources, including telephone records, SMS records, voice mail, GPS data, etc. Some extremely intimate information. In most cases, these personal information and diagnostic data may not have any intersection.
Zadzki also said that many of the information provided by Apple is "misleading", but he also believes that Apple will immediately address these issues.
(Westerly)