{"id":5575,"date":"2014-07-31T10:00:33","date_gmt":"2014-07-31T14:00:33","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=5575"},"modified":"2020-02-26T10:54:14","modified_gmt":"2020-02-26T15:54:14","slug":"ios-hidden-service","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/ios-hidden-service\/5575\/","title":{"rendered":"Does every iPhone spy on its owner, after all?"},"content":{"rendered":"

A recent\u00a0publication<\/a>\u00a0by famous\u00a0iOS\u00a0security researcher Jonathan\u00a0Zdziarski, dedicated to background monitoring services in\u00a0iOS, caused the wave of variously toned articles, some of them accusing Apple in working for\u00a0NSA, while others completely dismiss the issue. The truth is, however,\u00a0somewhere in between<\/a>.\u00a0 Some functions, which exist and are active in every\u00a0iOS\u00a0device, may be used for connecting to the device and siphoning its content despite activated security measures like a PIN code, backup encryption, and so on.\u00a0 However, there are serious limitations, thus why the problem is not a global emergency requiring immediate action from each user.<\/p>\n

The existence of aforementioned services does not necessarily imply Apple\u2019s bad intentions. Actually, the company responded to some journalists\u2019\u00a0enquiries\u00a0 and published\u00a0the\u00a0tech\u00a0support\u00a0article<\/a>,\u00a0describing\u00a0each\u00a0\u201cdiagnostic\u201d\u00a0service, and insisting that those services are used for tech support and enterprise\u00a0iOS\u00a0deployment.\u00a0 However, the possibility of the services misuse must not be overlooked.<\/p>\n

Attack\u00a0scenario<\/strong><\/p>\n

First,\u00a0an\u00a0attacker\u00a0must\u00a0be\u00a0able\u00a0to\u00a0physically\u00a0connect\u00a0the\u00a0device\u00a0to\u00a0his\u00a0computer\u00a0via\u00a0USB.\u00a0\u00a0An\u00a0iPhone\/iPad must be unlocked at this point. In this case,\u00a0iOS\u00a0tries to establish a\u00a0\u201cpairing\u201d\u00a0with the computer, which is actually a trusted connection to sync data. The set of required keys and certificates is stored on the computer and might then be used for communicating with iPhone via wired or wireless connection. An attacker can also steal the pairing keys from a Computer by using a\u00a0malware. In this case, physical access to the\u00a0iOS\u00a0device is not required.<\/p>\n

An attacker can steal pairing keys from a computer using malware.<\/div>\n

At this stage, a\u00a0special\u00a0 set\u00a0of services running on each iPhone comes into play.<\/p>\n

These services are able to capture all network traffic on the device, leak photos, messages, contacts, and other types of content.\u00a0 Services are active regardless of security and sync settings and perform no user interaction or notification. Thus, a hypothetical\u00a0 attacker in possession of pairing keys\u00a0 can connect to an\u00a0iOS\u00a0device and remotely monitor it\u00a0 (presumably, by using the same\u00a0Wi-Fi\u00a0network, as\u00a0Zdziarski\u00a0was unable to perform this trick via cellular network operators).<\/p>\n

Is it widespread?<\/strong><\/p>\n

No. An attacker must be able either to obtain victim\u2019s unlocked device or to hack his\/her computer. After this,\u00a0 a stable connection to the\u00a0 victim\u2019s iPhone is required. Such combination of factors is possible when a government agency or\u00a0other\u00a0 powerful entity targets a specific person, but for \u201cmass-market\u201d hacks it is little bit complicated and not economically efficient. The important exceptions are\u00a0people close to a victim: co-workers, family members, etc. They can utilize these hidden services with ease, but, luckily, required forensic software is not that easy to obtain.\u00a0\u00a0However, to make sure that you are on the safe side,\u00a0 you\u00a0can follow\u2026<\/p>\n

Our advice<\/strong><\/p>\n

To avoid illegal pairings, never use other\u2019s chargers, which may happen to be sync devices. Use only your own wall charger. A good traveller\u2019s\u00a0option are\u00a0various\u00a0USB protectors<\/a>.<\/p>\n

to prevent #iphone\u00a0#spying, charge it using only your own wall charger and never give unlocked phone to strangers<\/p>Tweet<\/a><\/blockquote>\n

Never give your unlocked phone to strangers, or at least make sure you closely monitor their actions. To avoid stealing of the pairing keys from your own computer, use\u00a0the strongest\u00a0malware\u00a0protection you can find<\/a>. Once paired, your iPhone\/iPad keeps the list of paired devices and associated keys indefinitely. The only way to get rid of unwanted pairings is factory reset. Luckily, recent improvements in\u00a0iCloud\u00a0services allows you to perform this cleaning task without major effort. Just make sure that photos and documents are backed up properly.<\/p>\n","protected":false},"excerpt":{"rendered":"

Your iPhone runs hidden monitoring services. Who uses them, and for what purpose?<\/p>\n","protected":false},"author":32,"featured_media":5576,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5],"tags":[1250,26,43,715],"class_list":{"0":"post-5575","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"tag-ios","9":"tag-iphone","10":"tag-privacy","11":"tag-spying"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/ios-hidden-service\/5575\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/ios-hidden-service\/3829\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/ios-hidden-service\/3728\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/ios-hidden-service\/4218\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/ios-hidden-service\/4473\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/ios-hidden-service\/4817\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/ios-hidden-service\/4400\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/ios-hidden-service\/4817\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/ios-hidden-service\/5575\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/ios-hidden-service\/5575\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/ios\/","name":"iOS"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/5575","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/32"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=5575"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/5575\/revisions"}],"predecessor-version":[{"id":33269,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/5575\/revisions\/33269"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/5576"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=5575"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=5575"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=5575"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}