There are a lot of terrible news articles out there, and a lot of terrible “journalists” who have either over-hyped my research, or dismissed it entirely. After ZDNet’s utterly horrible diatribe about my research, I posted a proof-of-concept to help further clarify that was and wasn’t possible. Unfortunately, the FUD has continued, and so I thought it would make sense to help provide readers with some middle-of-the-road, and easy-to-understand technical links that would help make sense of everything.
End users rely on backup encryption to protect the data on their phone in the event that someone either obtains physical access to an unlocked phone, or access to their computer. Enterprises rely heavily on the “force encrypted backups” MDM policy Apple provides to protect corporate trade secrets and other confidential information stored on employee phones. Having a backdoor to bypass this encryption can be very dangerous for both individuals and businesses. Additionally, the wireless component of this allows for remote and persistent monitoring, making this a potentially long term and stealth threat.
Here’s a list of the technology articles I’ve found useful at explaining my talk and slides. While there may be a few slight technical inaccuracies here or there, these are all “good reads” that overall do a good job.
I’ve also recently posted a pastebin dump of all the personal data I was able to wirelessly retrieve off of my personal iPhone running 7.1.2 using this service to bypass backup encryption, and with “iTunes Sync” turned off.