Getbig.com: American Bodybuilding, Fitness and Figure
Getbig Main Boards => Gossip & Opinions => Topic started by: Mclovin on September 24, 2013, 06:30:31 PM
-
Ever since I upgraded to ios7 on my ipad, youtube videos embedded in threads no longer show up. It is just a blank space, and I can actually click on it and get sound, but no visual. Anyone else having this issue on getbig?
-
Ever since I upgraded to ios7 on my ipad, youtube videos embedded in threads no longer show up. It is just a blank space, and I can actually click on it and get sound, but no visual. Anyone else having this issue on getbig?
Same problem here. Weird.
-
No because I have a real phone and not a gay fashion accessory. .. ;D
-
No because I have a real phone and not a gay fashion accessory. .. ;D
iPads aren't phones, genius.
-
::)
-
iPads aren't phones, genius.
Life goes on... I'm Huge.
-
Life goes on... I'm Huge.
BOOM OUTTA HERE
-
iPads aren't phones, genius.
It's a bigger iPhone
-
Mac people feel the need to correct makes em feel good
-
Sign out of your GB account then sign back in..then it should be fixed
-
No because I have a real phone and not a gay fashion accessory. .. ;D
X2 damn all these faggetry devices all I need is a damn phone that rings. People everywhere on a damn Iphone or whatever all day having car wrecks and shit because of them, you can't go anywhere without someone one on a damn phone typing it gets on my nerves. Do we have to be connected to a phone 24x7? Something has gone wrong.
-
Yes, it's annoying. Try this: go to a page with a missing vid. Then hit the home button to get back to the main screen. Now tap the home button twice to get to the running apps and swipe up (to remove) Safari.
Go back to home and hit Safari. It should open right back to the same page and the vid works, voila.
-
yes. but that's because ios7 sucks balls.
sure there are improvements,, but in a shitty package. my phone is slow and laggy now and there are many hickups in the apps etc.
-
Same problem.
-
yes. but that's because ios7 sucks balls.
sure there are improvements,, but in a shitty package. my phone is slow and laggy now and there are many hickups in the apps etc.
Throw it in the trash.
-
X2 damn all these faggetry devices all I need is a damn phone that rings. People everywhere on a damn Iphone or whatever all day having car wrecks and shit because of them, you can't go anywhere without someone one on a damn phone typing it gets on my nerves. Do we have to be connected to a phone 24x7? Something has gone wrong.
The smartphones got me bored after awhile. You can do a done of cool stuff, but I rarely mess with apps anymore. But there are a lot of cool phones out there for sure
-
Ever since I upgraded to ios7 on my ipad, youtube videos embedded in threads no longer show up. It is just a blank space, and I can actually click on it and get sound, but no visual. Anyone else having this issue on getbig?
this is caused by you putting the phone in the asscrack of your daisy dukes to get pleasasure from the phone vibrating on a call, this is causing the phone to overheat hence the blank space, trying putting the phone in your fanny pack instead
-
I just recently downloaded the IOS7 to my Iphone4 and I haven't had any problems.
-
Im using iOS 7 for months now, working great
-
Pair-lock your idevice.
As it turns out, the same mechanism that provides your iOS 7 device with a potential back door can also be used to help secure your device should it ever fall into the wrong hands. This article is a brief how-to on using Apple’s Configurator utility to lock your device down so that no other devices can pair with it, even if you leave your device unlocked, or are coerced into unlocking it yourself with a passcode or a fingerprint. By pair-locking your device, you’re effectively disabling every logical forensics tool on the market by preventing it from talking to your iOS device, at least without first being able to undo this lock with pairing records from your desktop machine. This is a great technique for protecting your device from nosy coworkers, or cops in some states that have started grabbing your call history at traffic stops. Whatever the reason, pair locking will likely leave the person dumbfounded as to why their program doesn’t work, and you can easily just play dumb while trying not to snicker. The best thing about this technique is, unlike my previous technique using pairlock, this one doesn’t require jailbreaking your phone. You can do it right now with that shiny new iOS 7 device.
A pairing is a trusted relationship with another device, where a computer is granted privileged, trusted access on the iPhone. In order to have the level of control to download personal data, install applications, or perform other such tasks on an iOS device, the machine it’s connected to must be paired with the device. This is what iTunes and Xcode do to talk to the phone, but also what forensic recovery tools and a number of free hacking tools do as well. Once paired, these keys remain stored on the device indefinitely, until you perform a restore or wipe the phone some other way, and can access the phone even when it’s locked, both over USB and WiFi. A pairing record is like a skeleton key to your iPhone or iPad. With it, someone can download all of your personal data from any application (including third party applications), install invisible applications (even onto your non-jailbroken phone) that run in the background, activate the device’s built-in packet sniffer to monitor your network traffic, and much more nefarious things… and do all of this either from USB or over WiFi, and without any visual indications to you. Much of this can also be done while the device is locked, regardless of whether you’re using a fingerprint reader or not, as long as you have a pairing record. Personal data can also be acquired from the phone regardless of whether backup encryption is turned on or not, and a number of forensics tools and open source tools (like iMobileDevice) know how to get to this decrypted data.
So what’s the best way to protect yourself from all of these? Pair-lock your device. By pair-locking your device, you’re preventing anyone from dumping data from your phone, installing malicious applications, or doing anything else to it – even if the phone leaves your physical possession, and even if you are forced to give up the PIN code, or unlock it with your fingerprint. When a device is unwilling to create a new pairing session with a desktop machine, nothing can talk to it through its proper interfaces – not forensics tools, not iMobileDevice tools, nothing. And that means unless you have a really old phone with a hardware exploit, there’s no way they’ll be able to dump data from it. In order for them to get at your data, they’d have to steal the pairing record that your own personal desktop has created for the device; if your’e smart enough to be reading this, you’re likely smart enough to also encrypt your hard drive. On a Mac, you’ll find a copy of your pairing record in /var/db/lockdown. Guard it well.
To get started, download the latest Apple Configurator from the Mac App Store. This is a free download. The Configurator is designed to enroll devices in enterprise (corporate) profiles, to place restrictions on them and allow them to be supervised by a security team. You’ll be using it to enroll your own device in your own private security policy. Before you do anything, visit the preferences, and make sure the Configurator won’t trash all of your applications every time you manage a device.
When you run the Configurator, you’ll have three tabs: Prepare, Supervise, and Assign. You’ll first use the Prepare tab to prepare an iOS 7 device to be supervised.
Enter a name for your supervision profile. I simply call mine “Supervised Device”, although you could name yours “Bob’s iPhone”, or whatever. Next, decide if this machine is the only machine you’ll ever, and I mean ever, want to pair this phone with. If it is, then un-check the checkbox named, Allow devices to connect to other Macs. If, on the other hand, you might want to allow this phone to some day pair with other computers, then leave this box checked. It’s ok, in both cases, you’ll still be able to lock and unlock the pairing capabilities of the device.
If you’ve opted to allow the device to (sometimes) connect to other computers, you’ll next want to create a profile, which you’ll use to lock and unlock the pairing.
Assign a name to the profile. I simply call mine Pairing Profile. If you want to be able to remove the profile from the device, you can set a password required to remove it on the device, or for best security, select Never. Next, click on the Restrictions tab and scroll down to the restriction titled Allow pairing with non-Configurator hosts (supervised only). This is your lock switch. To disable any new pairing with the device, uncheck this restriction. Later on, you’ll be able to edit this profile whenever you want to pair the device with a new host.
Once you’ve finished making these changes, save the profile and then click the Prepare button at the very bottom of the Configurator. The Configurator will then download and re-install the iOS 7 firmware (be sure to backup your device first), and will install this supervision profile on the device.
Congratulations! At this point, your device should refuse to pair with any computer, even if it’s unlocked. You won’t be prompted to Trust anything, because it will simply fail. Even if you lose your device or are coerced into unlocking it, they won’t be able to get a logical dump of the device because they won’t be able to pair with it. The system log on the device shows what’s happening internally:
If you open up Settings on your device when view the Profiles under General, you should see your pairing profile, and a restriction preventing the device from pairing with any new devices.
If you set the profile up to be removable with a password (or Always, even), then you can remove the pairing lock at any time by just tapping remove. For ultimate security, set the removal to Never.
Now lets say a few months go by and you decide you want to pair your device with a computer at work, or some other machine. To unlock the pairing again, you’ll need the computer you originally set this up with (unless you’ve backed up your pairing record and set up Configurator somewhere else). Launch the Configurator and click on the Supervise tab and click on your device.
In the profiles window, you should see the Pairing Profile you created. Double-click on it, and bring up the same restrictions window you used to restrict pairing. Now, simply put a checkmark to allow pairing with non-Configurator hosts, and click Save. Click Refresh and revisit the setting to ensure that the change took. You can then disconnect your device and connect it up to any other machine to pair with it. (NOTE: If you run into issues, try power cycling the device for the setting to take). You should be prompted with a Trust dialog prior to pairing, just like old times. Just be sure to disable pairing again when you’re finished, using the same steps.
The advantage to this technique is very good pairing security. In fact, in order to remove the supervision profile, the intruder would need to erase the contents of your device. Someone would need to have physical possession to and full access to both your iOS device and your desktop computer in order to undo this pairing lock to perform a forensic extraction or any other kind of analysis.
The disadvantage is that you can’t simply decide you’re going to pair while you’re out somewhere. You can, if you made the profile removable, but then you’ll need to reinstall the profile to lock pairing again. Which will require a desktop. Pairing has to be a conscious decision, and takes time to verify that you have rights to the device’s content. Then again, shouldn’t it have always been this way? It’s a bit of a chore, but is well worth the added security.
NOTE: This doesn’t guarantee some law enforcement agency won’t send your phone to Apple to be imaged. Apple has the technical capability to override this type of security, if they figure out what’s going on. Of course that doesn’t necessarily mean their tools are set up to deal with this. Because this doesn’t fix the inherent problem of encryption not being fully incorporated into iOS, someone like Apple (who has code execution abilities on all devices) could still run a ram disk to image the device.
-
only real prob ive had so far is my battery drains a lot faster now :-\
-
Pair-lock your idevice.
As it turns out, the same mechanism that provides your iOS 7 device with a potential back door can also be used to help secure your device should it ever fall into the wrong hands. This article is a brief how-to on using Apple’s Configurator utility to lock your device down so that no other devices can pair with it, even if you leave your device unlocked, or are coerced into unlocking it yourself with a passcode or a fingerprint. By pair-locking your device, you’re effectively disabling every logical forensics tool on the market by preventing it from talking to your iOS device, at least without first being able to undo this lock with pairing records from your desktop machine. This is a great technique for protecting your device from nosy coworkers, or cops in some states that have started grabbing your call history at traffic stops. Whatever the reason, pair locking will likely leave the person dumbfounded as to why their program doesn’t work, and you can easily just play dumb while trying not to snicker. The best thing about this technique is, unlike my previous technique using pairlock, this one doesn’t require jailbreaking your phone. You can do it right now with that shiny new iOS 7 device.
A pairing is a trusted relationship with another device, where a computer is granted privileged, trusted access on the iPhone. In order to have the level of control to download personal data, install applications, or perform other such tasks on an iOS device, the machine it’s connected to must be paired with the device. This is what iTunes and Xcode do to talk to the phone, but also what forensic recovery tools and a number of free hacking tools do as well. Once paired, these keys remain stored on the device indefinitely, until you perform a restore or wipe the phone some other way, and can access the phone even when it’s locked, both over USB and WiFi. A pairing record is like a skeleton key to your iPhone or iPad. With it, someone can download all of your personal data from any application (including third party applications), install invisible applications (even onto your non-jailbroken phone) that run in the background, activate the device’s built-in packet sniffer to monitor your network traffic, and much more nefarious things… and do all of this either from USB or over WiFi, and without any visual indications to you. Much of this can also be done while the device is locked, regardless of whether you’re using a fingerprint reader or not, as long as you have a pairing record. Personal data can also be acquired from the phone regardless of whether backup encryption is turned on or not, and a number of forensics tools and open source tools (like iMobileDevice) know how to get to this decrypted data.
So what’s the best way to protect yourself from all of these? Pair-lock your device. By pair-locking your device, you’re preventing anyone from dumping data from your phone, installing malicious applications, or doing anything else to it – even if the phone leaves your physical possession, and even if you are forced to give up the PIN code, or unlock it with your fingerprint. When a device is unwilling to create a new pairing session with a desktop machine, nothing can talk to it through its proper interfaces – not forensics tools, not iMobileDevice tools, nothing. And that means unless you have a really old phone with a hardware exploit, there’s no way they’ll be able to dump data from it. In order for them to get at your data, they’d have to steal the pairing record that your own personal desktop has created for the device; if your’e smart enough to be reading this, you’re likely smart enough to also encrypt your hard drive. On a Mac, you’ll find a copy of your pairing record in /var/db/lockdown. Guard it well.
To get started, download the latest Apple Configurator from the Mac App Store. This is a free download. The Configurator is designed to enroll devices in enterprise (corporate) profiles, to place restrictions on them and allow them to be supervised by a security team. You’ll be using it to enroll your own device in your own private security policy. Before you do anything, visit the preferences, and make sure the Configurator won’t trash all of your applications every time you manage a device.
When you run the Configurator, you’ll have three tabs: Prepare, Supervise, and Assign. You’ll first use the Prepare tab to prepare an iOS 7 device to be supervised.
Enter a name for your supervision profile. I simply call mine “Supervised Device”, although you could name yours “Bob’s iPhone”, or whatever. Next, decide if this machine is the only machine you’ll ever, and I mean ever, want to pair this phone with. If it is, then un-check the checkbox named, Allow devices to connect to other Macs. If, on the other hand, you might want to allow this phone to some day pair with other computers, then leave this box checked. It’s ok, in both cases, you’ll still be able to lock and unlock the pairing capabilities of the device.
If you’ve opted to allow the device to (sometimes) connect to other computers, you’ll next want to create a profile, which you’ll use to lock and unlock the pairing.
Assign a name to the profile. I simply call mine Pairing Profile. If you want to be able to remove the profile from the device, you can set a password required to remove it on the device, or for best security, select Never. Next, click on the Restrictions tab and scroll down to the restriction titled Allow pairing with non-Configurator hosts (supervised only). This is your lock switch. To disable any new pairing with the device, uncheck this restriction. Later on, you’ll be able to edit this profile whenever you want to pair the device with a new host.
Once you’ve finished making these changes, save the profile and then click the Prepare button at the very bottom of the Configurator. The Configurator will then download and re-install the iOS 7 firmware (be sure to backup your device first), and will install this supervision profile on the device.
Congratulations! At this point, your device should refuse to pair with any computer, even if it’s unlocked. You won’t be prompted to Trust anything, because it will simply fail. Even if you lose your device or are coerced into unlocking it, they won’t be able to get a logical dump of the device because they won’t be able to pair with it. The system log on the device shows what’s happening internally:
If you open up Settings on your device when view the Profiles under General, you should see your pairing profile, and a restriction preventing the device from pairing with any new devices.
If you set the profile up to be removable with a password (or Always, even), then you can remove the pairing lock at any time by just tapping remove. For ultimate security, set the removal to Never.
Now lets say a few months go by and you decide you want to pair your device with a computer at work, or some other machine. To unlock the pairing again, you’ll need the computer you originally set this up with (unless you’ve backed up your pairing record and set up Configurator somewhere else). Launch the Configurator and click on the Supervise tab and click on your device.
In the profiles window, you should see the Pairing Profile you created. Double-click on it, and bring up the same restrictions window you used to restrict pairing. Now, simply put a checkmark to allow pairing with non-Configurator hosts, and click Save. Click Refresh and revisit the setting to ensure that the change took. You can then disconnect your device and connect it up to any other machine to pair with it. (NOTE: If you run into issues, try power cycling the device for the setting to take). You should be prompted with a Trust dialog prior to pairing, just like old times. Just be sure to disable pairing again when you’re finished, using the same steps.
The advantage to this technique is very good pairing security. In fact, in order to remove the supervision profile, the intruder would need to erase the contents of your device. Someone would need to have physical possession to and full access to both your iOS device and your desktop computer in order to undo this pairing lock to perform a forensic extraction or any other kind of analysis.
The disadvantage is that you can’t simply decide you’re going to pair while you’re out somewhere. You can, if you made the profile removable, but then you’ll need to reinstall the profile to lock pairing again. Which will require a desktop. Pairing has to be a conscious decision, and takes time to verify that you have rights to the device’s content. Then again, shouldn’t it have always been this way? It’s a bit of a chore, but is well worth the added security.
NOTE: This doesn’t guarantee some law enforcement agency won’t send your phone to Apple to be imaged. Apple has the technical capability to override this type of security, if they figure out what’s going on. Of course that doesn’t necessarily mean their tools are set up to deal with this. Because this doesn’t fix the inherent problem of encryption not being fully incorporated into iOS, someone like Apple (who has code execution abilities on all devices) could still run a ram disk to image the device.
Extremely informative. Thanks.
-
Throw it in the trash.
It's a workphone. I would have bought a Samsung Galaxy today...
-
only real prob ive had so far is my battery drains a lot faster now :-\
Yeah, I noticed that as well. Not sure if all of those transitions are eating up the battery, but at first the new interface was a little shocking but now it is pretty normal. Apple knows how to make easy to learn interfaces. I read somewhere they put in a feature to sort email by ones that are unread but I haven't figured out that one yet.
-
My job provides me with an iPhone. Thank God I'm a lazy bastard and didn't even bother with this latest update. Everyone here has been bitching about it for the last week.
-
Fingerprint Reader / PIN Bypass Backdoor for Enterprises Built Into iOS 7
With iOS 7 and the new 5s come a few new security mechanisms, including a snazzy fingerprint reader and a built-in “trust” mechanism to help prevent juice jacking. Most people aren’t aware, however, that with so much new consumer security also come new back doors in order to give enterprises access to corporate devices. These back doors are in your phone’s firmware, whether it’s company owned or not, and their security mechanisms are likely also within the reach of others, such as government agencies or malicious hackers. One particular back door appears to bypass both the passcode lock screen as well as the fingerprint locking mechanism, to grant enterprises access to their devices while locked. But at what cost to the overall security of consumer devices?
While Apple showed off their new fingerprint reader publicly, the significance of the counter-juice jacking mechanism has gone unnoticed. This new security mechanism has been long overdue, and simply pops up a window requiring the user to trust the host it’s connect to before it’s allowed to pair with it. This is a good step forward in terms of pairing security, and ensures that any computer attempting to establish a trusted relationship with the device has to be explicitly authorized by the user. The long term effectiveness of this, however, is questionable, as there have been recent reports of people’s car chargers requiring that you push “Trust” before it will charge… training millions of iPhone users to mindlessly push “Trust” for anything.
Why is this important? In order to understand, you first have to understand pairing2. A pairing is a trusted relationship with another device, where a computer is granted privileged, trusted access on the iPhone. In order to have the level of control to download personal data, install applications, or perform other such tasks on an iOS device, the machine it’s connected to must be paired with the device. This is done through a very simple procedure, where the desktop and the phone create and exchange a set of keys and certificates. Once paired, these keys remain stored on the device indefinitely, until you perform a restore or wipe the phone some other way. A pairing record is like a skeleton key to an iOS device. With it, someone with the right know-how (or even some good open source tools) can download all of your personal data2, 6, 7, install invisible applications (onto your non-jailbroken phone) that run in the background3, 6, 8, activate the device’s built-in packet sniffer to monitor your network traffic4, hijack the APN to route all cellular traffic through a proxy5, access and download any personal data from any application’s sandbox6, 2, and do all of this either across USB or over WiFi, and without any visual indications to the user. Much of this can also be done while the device is locked, regardless of whether you’re using a fingerprint reader or not, as long as you have a pairing record. Data can also be acquired from the phone regardless of whether backup encryption is turned on or not.
This kind of access to an iPhone is no doubt within the crosshairs of nosy government agencies, as well. German news outlet Der Spiegel ran an article1 this month, citing leaked NSA documents that boasted of the agency’s capabilities in hacking iPhones as early on as 2009. As the article describes it, the NSA allegedly hacks into the desktop machine of their subjects and then runs additional “scripts” that allow them to access a number of additional “features” running on the subjects’ iPhones; these are likely a number of these hidden services running on the device that most consumers aren’t aware of, such as AFC, House Arrest, File Relay, and PCAP, among others2, 6, 7. From the article:
“The documents state that it is possible for the NSA to tap most sensitive data held on these smart phones, including contact lists, SMS traffic, notes and location information about where a user has been. … In the internal documents, experts boast about successful access to iPhone data in instances where the NSA is able to infiltrate the computer a person uses to sync their iPhone. Mini-programs, so-called “scripts,” then enable additional access to at least 38 iPhone features.”
In iOS 6 and lower, anyone who’s computer you’ve ever connected to your phone likely saved such a pairing record, and gained indefinite access to do these things with your phone. Your own desktop computer also saves a copy of this pairing record so that iTunes can talk to your phone to sync with the device, install applications, and so on. With Apple’s new trust mechanism, plugging an iOS device into someone’s computer (a malicious charger, alarm clock, or other device), will now display a confirmation screen requiring the user to first trust the machine before granting this privileged access. If you tell it no, then no soup for you!
But the catch is that too much security is bad – for enterprises, at least. With new features such fingerprint-based locking mechanisms for the 5s, it’s becoming exceedingly difficult to simply “turn over a password” to your employer, and so Apple clearly had to find a way to bypass these locking mechanisms so that uncooperative employees couldn’t prevent a business from accessing data on corporately owned devices. With iOS 7 also came what appears to be a bypass to the device locking and pairing security mechanism, which overrides the device’s passcode / fingerprint lock and user trust checks completely, allowing the device to be paired, synced, and possibly screen-unlocked. This allows the device to be paired both without a user trust prompt, and also while locked with a passcode or a fingerprint. While this feature remains undocumented, it is necessary in order for Apple’s MDM to acquire data from employee-owned iOS devices. It is likely that the purpose of this is to handle special circumstances, so that an employee’s data can be dumped after they leave the company, or if they’re incapacitated, or unwilling to provide their fingerprint or password to unlock the device. It’s also possible that this feature won’t be available to all enterprises, or may not be so “in your face” obvious, but rather integrated at a lower level. Nevertheless, the ability to establish a pairing while locked opens wide the privileges available to an MDM administrator, regardless of what controls may be in the GUI. Such pairing record data could also be used to perform forensic recovery of the device with commercial software, or perform other more nefarious tasks using open source tools.
Enrolling a device into an MDM profile can apparently happen straight out of the box now. Apple’s new over-the-air (OTA) supervision and automatic enrollment for iOS 7’s MDM9 would appear to allow enterprise or government-owned devices to be configured out-of-the-box with a set of restrictions upon activation. If Apple maintains a database of unique hardware identifiers for its larger enterprises, a device could automatically enroll with Apple’s servers every time it’s activated. Additionally, employees bringing their own devices into their enterprise may enroll in their MDM profile, exposing this security bypass mechanism to their own devices.
So to summarize, there appear to be two ways to apply this kind of configuration to an iOS 7 device: through enrolling the device with an enterprise MDM (using an existing paired connection), or over-the-air through Apple’s servers, when the phone is activated. Additional mechanisms may exist, but have not been discovered.
Centrally Managed Security Configurations
This security bypass is tied to the Managed Configuration (MC) portions of the operating system, which touch mobile device management (MDM) for an enterprise, but with Apple’s new OTA enrollment, this appears to also be under the control of Apple. The actual settings for this are stored in a class on the phone named MCCloudConfiguration. The managed configuration framework includes a daemon named teslad, which has direct hooks into Apple’s servers to load managed configuration data (the configuration containing – among other restrictions – the pairing security bypass). When the phone is first set up, the setup program calls the daemon, which in turn downloads a cloud configuration certificate from https://iprofiles.apple.com/resource/certificate.cer, and performs a number of different tasks to authenticate and load a configuration from a service named Absinthe, hosted on Apple servers. If you didn’t catch the irony, Absinthe is also the name of a jailbreak for iOS.
It’s worth noting that leaked documents have already shown the NSA’s capabilities to forge certificates and effectively break this kind of encryption10. A successful MiTM combined with a certificate forgery are both well within the reach of agencies like NSA, potentially compromising this entire system. Code already exists publicly to emulate an Apple policy server, which could be used to change the device’s policy11. This may not even be necessary, though, as Apple may have added a back door around SSL, through a suspicious switch. The subroutine that validates the SSL session with Apple’s servers first checks for a configuration directive named MCCloudConfigAcceptAnyHT TPSCertificate, and if set, will automatically bypass the SSL validation check, allowing any fake server to masquerade as Apple’s Absinthe server. This could be left over code from debugging, but it could still potentially be taken advantage of.
The teslad daemon has the ability to centrally load a managed configuration onto a device from Apple’s servers. Apple’s Setup program attempts to set up a cloud configuration when the device is first activated. This can also be loaded in manually by enrolling in an enterprise’s MDM policy. Once a configuration is installed, a check-in mechanism is invoked via APNS (Apple Push Notification Service) to apply new management changes11. The profile can later be updated remotely through a mechanism that pulls a new cloud configuration from a URL. HTTP based managed configuration makes for a delicious attack surface for NSA, or for your local neighborhood hacker.
Based on this, if I were to make some educated guesses about how this could be exploited, I would posit that an agency like NSA (or anyone capable of performing certificate forgery) could attack a device upon activation, or any time after it’s been enrolled in an MDM policy whenever it checks in, to change the policy so that it can be paired while locked. With access to a compromised desktop (either through malware, or as Der Spiegel described, NSA targeting you), a malicious attacker could load their own MDM configuration to enroll the device, or they could just steal the pairing record from your desktop, to access your device wirelessly while locked.
Interestingly enough, iOS 7 also includes an internal mechanism to reset the pairing data for the entire phone, so that all trusted relationships are erased, allowing the device’s owner to re-establish the security of the device. Unfortunately, this mechanism can only be triggered on the device itself, and it doesn’t look like anything is yet wired up to it.
Possible Uses
While it is likely that Apple has added this feature exclusively for legitimate use by enterprises, even this has some serious implications: with today’s BYOD culture, employees may be unknowingly allowing their personally-owned devices to be forensically accessible to a company’s internal investigations team (as well as law enforcement, with the enterprise’s consent) by simply enrolling it into the corporate MDM policy. Additionally, new employees that are issued devices may be permitted to retain personal information on their corporate device without first being informed that their devices could, at any time, be subject to a thorough search that bypasses security.
It seems as though iOS 7′s new MDM was designed to make all of the mom-and-pop shop “corporate mobile protection” solutions obsolete.
In addition to potential abuse by the enterprise, an agency seeking to commit espionage could set up their own MDM profile and enroll the device from a compromised desktop machine, using the device pairing from that machine. Such feats appear to be what the NSA has been up to already. The advantage of this would be to take advantage of an otherwise short-term connection with the desktop to enroll the device itself into an MDM.
It is speculative, however worth mentioning, that law enforcement agencies could potentially be given access to this mechanism either by Apple or the enterprise, if they had knowledge of the subject device. This would require participation, of course, from one of those parties, but the technical capabilities appear to make this possible. While I am merely speculating at this point, given Apple’s recent patent filing to allow restrictions to be wirelessly pushed to devices in secure government facilities12, it’s conceivable that such restrictions overlap with the same managed configuration interfaces. If Apple has developed the capability to push a camera restriction to devices, then it is also possible that they may have developed the capability to push security bypasses as well, for purposes such as InfoSec enforcement at military installations, or under subpoena. Of course, civilians will never likely have access to such features, if they exist, which is why we must continue to look for them in the code running on our personal devices.
Given recent articles of Apple deluged by requests to image mobile devices for law enforcement12, providing limited law enforcement access to such a bypass could be beneficial for Apple, by providing a mechanism to remotely unlock a device for a specific purpose, where it can be forensically acquired by existing commercial (or internal) tools. The benefit for Apple to do this would be to lighten the load and cost involved with manually processing subpoenas for data acquisition, to which Apple has reportedly been months behind12. Again, this is entirely speculative, it would not surprise me in the least, especially given how “persuasive” our federal government can be over private industry.
The Secret is in Lockdown
The lockdownd process is responsible for performing all pairing and authentication of new connections to an iOS device, before allowing new services to be spawned2. Think of it as an authenticated inetd. Previous versions of iOS would deny pairing of locked devices with the error PasswordProtected. Two new branches have been added to iOS 7′s code, however, to bypass this lock check, and also bypass asking the user to trust the machine.
When a new device attempts to pair, just before the device is tested to see if it’s locked, a check is made to Apple’s MDM through a call to the MCProfileConnection class’s hostMayPairWithOptions method. This check results in one of four possible actions taken, depending on the MDM policy:
Deny all pairing
Allow pairing, but prompt the user to trust
Allow pairing with no user prompt, bypass lock check
Allow pairing with a challenge/response
This one check provides results for three different tests. These three variables indicate whether pairing is allowed at all, whether pairing security should be completely bypassed, and whether pairing should require a challenge/response. If the MDM is set up to allow a lock and trust bypass, the block of code that performs these checks is completely skipped over. Both the user trust prompt and the device lock test are bypassed, allowing the device to continue pairing, even if a passcode is set. It’s actually the same bypass that the device makes if screen-lock security isn’t supported (by devices with no SpringBoard user interface). The logic, in pseudocode, works this way:
if (allow_pairing == false) /* MDM prevents all pairing */
{
error(PasswordProtected);
}
if (allow_pairing_while_lock ed || device_has_no_springboar d_gui)
{
goto skip_device_lock_and_tru st_checks; /* Skip security */
}
/* Pairing Security */
if (device_is_locked == true) {
if (setup_has_completed) {
if (user_never_pushed_trust) {
error(PasswordProtected);
}
}
}
/* Bypass ... */
skip_device_lock_and_tru st_checks:
... pairing process continues (validate host challenge, etc)
Conclusion
At it’s very best, the device security bypass is an undocumented MDM feature allowing enterprises to access any enrolled (or over-the-air enrolled) iOS MDM device. Even this, however, creates a significant threat to the security of the many iOS users working for companies with a BYOD policy. Because there is not yet a jailbreak available for iOS 7, actually engaging this back door to play with it isn’t likely going to happen for a while. Figuring out how to load this setting into MDM is also something that will take some time.
Apple would do well to begin separating consumer firmware from enterprise firmware, to offer a hardened version of its operating system to consumers. This (and other enterprise back doors) introduced into iOS over the years threaten to weaken the overall security of the device for the majority of consumers (who never enroll in an enterprise environment). While Apple’s management software could very well have sufficient access controls, the underlying mechanisms in these back doors allow for a much broader range of capabilities to those with the right tools or knowledge. That crowd is much larger than you’d expect, given the amount of commercial forensics software and open source tools available.
It is possible to patch this back door out of iOS, but again this requires jailbreaking. When jailbreaks become available for iOS 7, there may be hope in providing better consumer security against such back doors from being taken advantage of. In the meantime, employees should be aware that enrolling your personal device into your corporate MDM policy could potentially grant your employer the ability to bypass the security of the device, and view your personal data. If you’re concerned about privacy from a your government (or a foreign government), you may also open your device up to a potential security threat if you are ever targeted.