A security researcher is claiming to have found a set of services in iOS that appear to be a firmware-level backdoor in iOS devices. What’s more interesting is that Apple has, in a very non-Apple manner, responded to his claims by posting a support page about it. He claims that these are confirmations of the backdoors that he found in iOS and that Apple claims to use them for diagnostic and enterprise purposes. These backdoors can only be accessed by Apple (or anyone that has access to Apple’s services) so they’re mostly secure backdoors, but they are backdoors nonetheless. Most consumers are completely and wholly unaware that alternative pathways into their devices exist and can be exploited by ANYONE (in this case Apple) other than themselves. This is also why remote bricking and other ‘security’ features being pushed through legislatures are also a problem, but at least we’re aware of their existence unlike these services on iOS.

The services in question, om.apple.mobile.pcapd, com.apple.mobile.file_relay, com.apple.mobile.house_arrest among others have been addressed in Apple’s knowledge base article. Apple does not directly address Jonathan Zdziarski’s claims but instead tries to illuminate their use of these services and what they’re supposed to be used for. Apple claims that some of these services are used for diagnostic purposes internally as well as for iTunes and Apple Care support. However, the fact that these supposed backdoor services exist without users’ or developers’ knowledge is a bit worrisome.

The real truth here is that no matter what happens, or is really happening, customers should be aware of how intrusive some of these services are or can be. Sure, some of them are limited in scope in terms of what they can access, but even so, Apple should notify customers when they use such services or sign up for the operating system that there are services running on their devices that give Apple access to their device. Backdoor systems are not a joke and some of them are open invitations to hackers to try to hack into a backdoor and use it for their own purposes. Backdoors are inherently insecure and consumers should be made aware of them, malicious or not.

The post Security Researcher Claims iOS Devices Have a Backdoor appeared first on VR World.

The much awaited OnePlus One smartphone has hit yet another snag on its way to being delivered to those that could actually get ahold of one. The $299 smartphone has it all, and for a reasonable price, but the catch is that they’re limiting production so that they don’t bankrupt themselves, or their parent company OPPO in the process. And since the device is running CyanogenMod as the OS, there are some things that need to be ironed out before the device ships to consumers as a ‘shipping’ final device.

One of those things is that CyanogenMod recently had a major security update as a result of the new OpenSSL vulnerabilities discovered on June 5th. Thankfully this new vulnerability was caught quickly and is nowhere near as damaging as the Heartbleed vulnerability which make essentially the entire internet with the exception of financial institutions insecure. Anyways, this new vulnerability got patched and since it is critical to CyanogenMod’s security suite, CyanogenMod needed updating, which meant the OnePlus One needed updating as well. So, they needed to do a new firmware update on the OnePlus One as well as confirm and test that it works, causing a delay.

Some sites are spinning this as a OnePlus problem, but the reality is that they have little to no control over it and its better that they delay it a bit and confirm its a working firmware update than ship the vulnerable devices out and then hope the patched version works on their phones. Its certainly commendable of OnePlus and CyanogenMod to make sure that this problem is resolved and done in a professional and methodical manner. But… that still doesn’t change the fact that its virtually impossible to get your hands on a OnePlus One to begin with.

And if you’re in line for one, don’t be disappointed that its been delayed. Just be glad that they’re doing the right thing.

The post OnePlus One Gets Delayed Due to an OpenSSL Security Update appeared first on VR World.