If you have "no place to go," come here!

Use "Apple Configurator" from the Apple store to protect yourself from back doors Apple built into iOS?

Here's an interesting, by which I mean chilking, article from ZD Net:

Forensic scientist and author Jonathan Zdziarski has posted the slides (PDF) from his talk at the Hackers On Planet Earth (HOPE/X) conference in New York called Identifying Backdoors, Attack Points, and Surveillance Mechanisms in iOS Devices. 

The HOPE conference started in 1994 and bills itself as "one of the most creative and diverse hacker events in the world."

Zdziarski, better known as the hacker "NerveGas" in the iPhone development community, worked as dev-team member on many of the early iOS jailbreaks and is the author of five iOS-related O’Reilly books including "Hacking and Securing iOS Applications." ...

In his talk, Zdziarski demonstrates "a number of undocumented high-value forensic services running on every iOS device" and "suspicious design omissions in iOS that make collection easier." He also provides examples of forensic artifacts acquired that "should never come off the device" without user consent.

Zdziarski also notes that simply screen-locking an iPhone doesn't encrypt the data; the only true way to encrypt data is to shut down/power off the iPhone. "Your device is almost always at risk of spilling all data, since it’s almost always authenticated, even while locked." This is made possible by undocumented services running on every iOS device, according to Zdziarski's presentation:

Read the whole thing just so you can cross any rationalizations for what Apple is doing off your list.

And here's how you protect yourself by finding those services and nuking them:

Two solutions for the security conscious are to: a) set a complex passcode, and b) install the Apple Configurator application (free, Mac App Store), set enterprise Mobile Device Management (MDM) restrictions on your device then delete all pairing records (a.k.a. pair locking). Zdziarski notes that while pair locking might stop commercial forensics tools, it won't help if your device is sent to Apple for acquisition.

OK, I've gone to:

The link does seem to work, although Apple's interface is horrible. I'll investigate and report back. Hope I don't brick my iPad! That would be bad.

No votes yet