In cursul zilei de ieri v-am spus un hacker dezvoltator de solutii de jailbreak acuza compania Apple ca a lasat active in iOS multiple vulnerabilitati de tip backdoor care ii permit atat ei, cat si agentiei guvernamentale sa obtina acces la datele personale. Hackerul sustine ca accesul la aceste date este facut prin exploatarea a trei servicii disponibile in iOS, compania Apple fiind constienta de existenta problemelor lor, insa refuzand sa le rezolve.
1. com.apple.mobile.pcapd – pcapd supports diagnostic packet capture from an iOS device to a trusted computer. This is useful for troubleshooting and diagnosing issues with apps on the device as well as enterprise VPN connections. You can find more information at developer.apple.com/library/ios/qa/qa1176.
2. com.apple.mobile.file_relay – file_relay supports limited copying of diagnostic data from a device. This service is separate from user-generated backups, does not have access to all data on the device, and respects iOS Data Protection. Apple engineering uses file_relay on internal devices to qualify customer configurations. AppleCare, with user consent, can also use this tool to gather relevant diagnostic data from users’ devices.
3. com.apple.mobile.house_arrest – house_arrest is used by iTunes to transfer documents to and from an iOS device for apps that support this functionality. This is also used by Xcode to assist in the transfer of test data to a device while an app is in development.
Intr-o tentativa de a oferi explicatii suplimentare pentru acuzatiile hackerului, compania americana a publicat o sectiune speciala in website-ul sau in care explica functionalitatea celor trei servicii si nu numai. In quote-ul de mai sus aveti explicata functionalitatea lor, toate cele trei servicii fiind folosite fie pentru diagnosticarea iDevice-urilor, fie pentru a permite transferul de date intre un iDevice si iTunes pentru PC.
Desigur ca explicarea rolului acestor servicii nu rezolva problema vulnerabilitatilor existente in ele, iar explicatiile nu au vreo valoare pentru a linisti persoanele speriate de hackeri. In ciuda acuzatiilor facute impotriva Apple, datele personale pot fi securizate folosind Apple Configurator, insa nu si impotriva companiei americane, ci doar impotriva agentiilor guvernamentale sau a altor hackeri.
This post was last modified on iul. 23, 2014, 8:44 AM 08:44