Apple smartphones contain undocumented functions that allow unauthorised people in privileged positions to wirelessly connect and harvest pictures, text messages, and other sensitive data without entering a password or PIN.
According to Arstechnica, Jonathan Zdziarski, an iOS jailbreaker and forensic expert, told attendees that some of the services serve little or no purpose other than to make huge amounts of data available to anyone who has access to a computer, alarm clock, or other device that has ever been paired with a targeted device.
Zdziarski said the service that raises the most concern is known as com.apple.mobile.file_relay. It dishes out a staggering amount of data—including account data for email, Twitter, iCloud, and other services, a full copy of the address book including deleted entries, the user cache folder, logs of geographic positions, and a complete dump of the user photo album—all without requiring a backup password to be entered.