Security firm Stroz Friedberg has published findings validating the technical claims of my latest research, by independently reproducing them against iOS 7 and iOS 8 Beta 4 (NOTE: as I mentioned, Apple has already begun addressing these issues in Beta 5). Interestingly, the firm has also published an open-source proof of concept tool named unTRUST to allow users to remove pairing records from their iOS devices without wiping the device. I haven’t yet had a chance to test it, but this is most certainly good news. It also demonstrates that there is enough of a security threat that such proof-of-concept tools have come into existence.
I’m just learning of this paper myself and had not been previously contacted by the firm; and I think that is a good practice in validating someone else’s research – to evaluate and reproduce it independently. Whereas journalism, on the other hand, should always involve reaching out to the researcher to make sure people get their facts straight.
Direct link to the published paper can be found at the link below:
http://www.strozfriedberg.com/wp-content/uploads/2014/08/SFWP_MitigatingPairingRecordRisks_08112014.pdf