騰訊科技訊,7月26日,據外媒報道,蘋果公司日前首次承認,通過此前未公開的技術,蘋果員工可以從iPhones手機提取用戶個人深層數據,包括簡訊信息、聯繫人列表以及照片等。
迫使蘋果承認存在「預留後門」的安全專家喬納森·扎德爾斯基(Jonathan Zdziarski)稱,這種技術還可規避備份加密限制,幫助執法機構或其他進入與「可信任」電腦聯機的設備。蘋果將其稱為幫助工程師的「診斷服務」,扎德爾斯基在「黑客大會」(Hackers on Planet Earth Conference)上演示了通過可信任電腦從解鎖的iPhones手機中提取用戶大量數據的過程,並稱其為蘋果與美國國家安全局合作的證據。
扎德爾斯基說,在這種服務運行時,手機用戶不會得到通知,且無法阻止。對於iPhones手機用戶來說,他們也無法知道電腦此前已在備份過程或阻止未來連接過程中被設為可信任狀態。
蘋果否認為情報機構創作任何「後門」。該公司發表聲明稱:「我們設計出iOS系統,它的診斷功能不會侵犯用戶隱私和安全。但這種服務可向蘋果IT部、軟體設計部以及處理技術故障的部門提供所需信息。用戶必須解鎖手機,並同意信任另一台電腦,這台電腦才能訪問其有限的診斷數據。」
蘋果還在其網站上公布了這款服務的初步介紹,扎德爾斯基和其他安全專家稱,他們希望蘋果公司未來能對其做出一些改變。扎德爾斯基稱,他不認為蘋果提供這種服務的初衷是用於間諜。但蘋果提取的用戶信息顯然遠超過他們所需部分。
安全研究公司Securosis的CEO和分析師里奇·莫古爾(Rich Mogull)說,扎德爾斯基的說法有些誇張,但從技術上說很精確。他說:「蘋果公司收集的信息遠比他們需要的更多,而唯一能達到此目的的方式就是在手機安全方面做手腳。」
莫古爾與扎德爾斯基都認為,「診斷服務」出現后,執法機構將會利用它們。比如,可以通過蘋果公司從目標人物被沒收的台式電腦中提取信息。莫古爾說:「政府機構利用每個擁有的合法工具,甚至用這些工具做更多事。」
當被問及是否曾利用這些服務幫助執法機構時,蘋果沒有立即給出答覆。在這種未知服務和其他偶然出現的BUG引發關注前,蘋果iPhones手機一直被認為比谷歌的Android手機更安全,因為谷歌沒有直接向用戶設備上發送軟體修復的能力。(風帆)
By Joseph Menn
SAN FRANCISCO | Fri Jul 25, 2014
SAN FRANCISCO (Reuters) - Personal data including text messages, contact lists and photos can be extracted from iPhones through previously unpublicized techniques by Apple Inc employees, the company acknowledged this week.
The same techniques to circumvent backup encryption could be used by law enforcement or others with access to the "trusted" computers to which the devices have been connected, according to the security expert who prompted Apple's admission.
In a conference presentation this week, researcher Jonathan Zdziarski showed how the services take a surprising amount of data for what Apple now says are diagnostic services meant to help engineers.
Users are not notified that the services are running and cannot disable them, Zdziarski said. There is no way for iPhone users to know what computers have previously been granted trusted status via the backup process or block future connections.
「There』s no way to `unpair' except to wipe your phone,」 he said in a video demonstration he posted Friday showing what he could extract from an unlocked phone through a trusted computer.
As word spread about Zdziarski』s initial presentation at the Hackers on Planet Earth conference, some cited it as evidence of Apple collaboration with the National Security Agency.
Apple denied creating any 「back doors」 for intelligence agencies.
「We have designed iOS so that its diagnostic functions do not compromise user privacy and security, but still provides needed information to enterprise IT departments, developers and Apple for troubleshooting technical issues,」 Apple said. 「A user must have unlocked their device and agreed to trust another computer before that computer is able to access this limited diagnostic data.」
But Apple also posted its first descriptions of the tools on its own website, and Zdziarski and others who spoke with the company said they expected it to make at least some changes to the programs in the future.
Zdziarski said he did not believe that the services were aimed at spies. But he said that they extracted much more information than was needed, with too little disclosure.
Security industry analyst Rich Mogull said Zdziarski』s work was overhyped but technically accurate.
「They are collecting more than they should be, and the only way to get it is to compromise security,」 said Mogull, chief executive officer of Securosis.
Mogull also agreed with Zdziarski that since the tools exist, law enforcement will use them in cases where the desktop computers of targeted individuals can be confiscated, hacked or reached via their employers.
「They』ll take advantage of every legal tool that they have and maybe more,」 Mogull said of government investigators.
Asked if Apple had used the tools to fulfill law enforcement requests, Apple did not immediately respond.
For all the attention to the previously unknown tools and other occasional bugs, Apple』s phones are widely considered more secure than those using Google Inc's rival Android operating system, in part because Google does not have the power to send software fixes directly to those devices.
(Reporting by Joseph Menn; Editing by Lisa Shumaker)
» Next Article: Hamas accepts 24-hour Gaza humanitarian truce, Israel considers move
COMMENTS (10)
七月 26, 2014 4:30pm EDT
Law enforcement has a right to use these techniques providing there is a court order. What』s the problem?
WestFlorida Report As Abusive
七月 26, 2014 12:10pm EDT
USA Whitehouse flak Ari Fleischer warned you back in 2001 that you should 『watch what you say,』 and he knew what the government was up to…
wilhelm Report As Abusive ALL COMMENTS (10)
CHANGE REGION
All prices delayed by at least 20 minutes.
Help | Feedback | Terms & Conditions | Privacy
© 2011 Thomson Reuters
內文搜尋
從 APP 打開
X