"Between this tool and other services, you can get almost the same information you could get from a complete backup," Zdziarski said in an interview. "What concerns me the most is that this all bypasses the consumer backup encryption. When you click that button to encrypt the backup, Apple has made a promise that the data that comes off the device will be encrypted."
- Zdziarski also includes some questions in its presentation for Apple:
- Why is there a packet sniffer running on 600 million personal iOS devices instead of moved to the developer mount?
- Why are there undocumented services that bypass user backup encryption that dump mass amounts of personal data from the phone?
- Why is most of my user data still not encrypted with the PIN or passphrase, enabling the invasion of my personal privacy by YOU?
- Why is there still no mechanism to review the devices my iPhone is paired with, so I can delete ones that don't belong?
- Apple is dishing out a lot of data behind our backs.
- It's a violation of the customer's trust and privacy to bypass backup encryption.
- There is no valid excuse to leak personal data or allow packet sniffing without the user's knowledge and permission.
- Much of this data simply should never come off the phone, even during a backup.
- Apple has added many conveniences for enterprises that make tasty attack points for .gov and criminals.
- Overall, the otherwise great security of iOS has been compromised… by Apple… by design.
- The Attacker first need to grab the pairing keys
- The targeted iOS device should be physically near to the attacker
- Targeted iPhone needs to have its Wi-Fi switched ON
- The Attacker and targeted iOS device should be in the same Wi-Fi network
- Targeted device should not been rebooted since the last time the user entered the PIN
"If you're the NSA, with a Tailored Access Operations division that specializes in this sort of thing, getting into Apple's backdoor is easy as pie," the Register notes.