Category Archives: iPhone

What You Need to Know About WireLurker

Mobile Security company Palo Alto Networks has released a new white paper titled WireLurker: A New Era in iOS and OS X Malware. I’ve gone through their findings, and also managed to get a hold of the WireLurker malware to … Continue reading

Posted in iPhone, Security | Comments Off

Preliminary Findings on Whisper

At the suggestion of @kashhill, I did a brief analysis of the Whisper iOS application, which appears to be at the height of controversy with respect to user privacy. My preliminary observations follow. Note, I am only looking at the technical … Continue reading

Posted in iPhone, Security | Comments Off

Disk Analyzer: Zero Free Space on Your iOS Device

Interested in the low level statistics of your iOS device’s disk, such as inode consumption and other file system metrics? Disk Analyzer allows you to view and work with your device’s used and free space and partition statistics. This simple little … Continue reading

Posted in Forensics, iPhone | Comments Off

Private Photo Vault: Not So Private

One of the most popular App Store applications, Private Photo Vault (Ultimate Photo+Video Manager) claims over 3 million users, and that your photos are “100% private”. The application, however, stores its data files without using any additional protection or encryption … Continue reading

Posted in Forensics, iPhone | Comments Off

Counter-Forensics: Pair-Lock Your Device with Apple’s Configurator

Last updated for iOS 8 on September 28, 2014 As it turns out, the same mechanism that provided iOS 7 with a potential back door can also be used to help secure your iOS 7 or 8 devices should it ever fall … Continue reading

Posted in Forensics, iPhone, Security | Comments Off

How to Help Secure Your iPhone From Government Intrusions

There’s been a lot of confusion about Apple’s recent statements in protecting iOS 8 data, supposedly stifling law enforcement’s ability to do their job. FBI boss James Comey has publicly criticized Apple, and essentially blamed them for the next hundred … Continue reading

Posted in Forensics, iPhone, Security | Comments Off

The Politics Behind iPhone Encryption and the FBI

Apple’s new policy about law enforcement is ruffling some feathers with FBI, and has been a point of debate among the rest of us. It has become such because it’s been viewed as just that – a policy – rather than … Continue reading

Posted in Forensics, iPhone, Politics, Security | Comments Off

iOS 8 Protection Mode Bug: Some User Files At Risk of Exposure

Apple’s recent security announcement suggested that they no longer have the ability to dump your content from iOS 8 devices: “On devices running iOS 8, your personal data such as photos, messages (including attachments), email, contacts, call history, iTunes content, … Continue reading

Posted in Forensics, iPhone, Security | Comments Off

Your iOS 8 Data is Not Beyond Law Enforcement’s Reach… Yet.

In a recent announcement, Apple stated that they no longer unlock iOS (8) devices for law enforcement. “On devices running iOS 8, your personal data such as photos, messages (including attachments), email, contacts, call history, iTunes content, notes, and reminders is placed under … Continue reading

Posted in Forensics, iPhone, Security | Comments Off

An Open Letter to Tim Cook and Apple’s Security Team

Greetings! You may not know me, but you probably know my research over the years. I’ve been researching security on Apple devices since 2007, when iPhone first came out, and even helped put together the very first jailbreaks. I’ve assisted law … Continue reading

Posted in iPhone, Security | Comments Off

Is Apple’s new 2FA Really Secure? (Answer: It’s Pretty Solid)

I’ve recently updated my TL;DR regarding the recent celebrity iCloud hacks. I now summarize Apple’s latest changes to improve their 2-factor authentication (2FA) . Apple has implemented not just a band-aid, but a very good security solution to protect iCloud accounts, by … Continue reading

Posted in Forensics, iPhone, Security | Comments Off

Apple Should Have Abandoned NFC and Acquired LoopPay Instead

Is it OK to admit that NFC exists now? Apple’s latest iPhone models now incorporate the near-field communications technology that’s been around in Android phones for a few years… and a little too late, according to many experts. Over a year … Continue reading

Posted in iPhone | Comments Off

Apple Addresses iOS Surveillance and Forensics Vulnerabilities

After some preliminary testing, it appears that a number of vulnerabilities reported in my recent research paper and subsequent talk at HOPE/X have been addressed by Apple in iOS 8. The research outlined a number of risks for wireless remote … Continue reading

Posted in Forensics, iPhone, Security | Comments Off

TL;DR: Hacked Celebrity iCloud Accounts

(This document will continue to evolve as more information becomes available) Earlier this week, a number of compromised celebrity iCloud accounts were leaked onto the Internet. Initially, @SwiftOnSecurity was kind enough to post some metadata at my request for exif information … Continue reading

Posted in Forensics, iPhone, Security | Comments Off

White Paper: Identifying back doors, attack points, and surveillance mechanisms in iOS devices

I received word from the editor-in-chief that the author of an accepted paper has permission to publish it on his website, and so I am now making my research available to anyone who wishes to read it. The following paper, “Identifying back doors, attack … Continue reading

Posted in Forensics, iPhone, Security | Comments Off

Security Firm Stroz Friedberg Has Validated My Latest Research

Security firm Stroz Friedberg has published findings validating the technical claims of my latest research, by independently reproducing them against iOS 7 and iOS 8 Beta 4 (NOTE: as I mentioned, Apple has already begun addressing these issues in Beta … Continue reading

Posted in Forensics, iPhone, Security | Comments Off

A Post-Mortem on ZDNet’s Smear Campaign

A few days after I gave a talk at the HOPE/X conference titled, “Identifying Backdoors, Attack Points, and Surveillance Mechanisms in iOS Devices”, ZDNet published what their senior editor has described privately to me as an opinion piece, however passed … Continue reading

Posted in Forensics, iPhone, Security | Comments Off

Apple is Making Progress

Apple’s new, relaxed NDA rules appear to allow me to talk about the iOS 8 betas. I will hold off on the deep technical details until the final release, as I see that Apple is striving to make a number … Continue reading

Posted in Forensics, iPhone, Security | Comments Off

Apple’s Authentication Scheme and “Backdoors” Discussion

I’ve heard a number of people make an argument about Apple’s authentication front-ending the services I’ve described in my paper, including the “file relay” service, which has opened up a discussion about the technical definition of a backdoor. The primary … Continue reading

Posted in Forensics, iPhone, Security | Comments Off

Oxygen Forensics: Latest Forensics Tool to Exploit Apple’s “Diagnostic Service” to Bypass Encryption

While Apple’s claims may be that a key subject of my talk, “Identifying Backdoors, Attack Points, and Surveillance Mechanisms in iOS Devices” (com.apple.mobile.file_relay) is for diagnostics, a recent announcement from the makers of the fantastic Oxygen Forensics suite shows strong … Continue reading

Posted in Forensics, iPhone, Security | Comments Off