Two weird ways your iPhone or Mac can be hacked

By: Adrian Kingsley-Hughes

For most people, the security that Apple has baked into an iPhone or Mac is more than enough. But determined criminals can find creative ways to bypass the locks to get at your data. Should you be worried?

For the majority of users, the security offered by iOS and macOS is more than enough, and they can go about their day-to-day business secure in the knowledge that their data is safe.

But determined criminals can find a way around these safeguards, and while these two hacks are impractical for widespread use, they go to show just how creative ne’er-do-wells can be when it comes to cracking security measures.

First, let’s look at how a cable can be used to hack a Mac. Enter the O.MG Cable. This is an Apple Lightning charging cable with a twist. That twist is that it has been custom-modified with electronics that allow it to be used to access any Mac it has been connected to over a Wi-Fi network.

“In the end, I was able to create 100 percent of the implant in my kitchen and then integrate it into a cable. And these prototypes at DEF CON were mostly done the same way,” MG, the creator of the cable, told Vice.

The cables retail for $200 each.

The O.MG Cable also features a remote kill switch as a way to hide its existence.

How do you prevent these sorts of hacks? Use your own cable (customize it in a way unique to you so it can’t be surreptitiously replaced) and don’t plug charging cables into computers.

As for hacking into an iPhone, security researchers at the Black Hat hacker convention in Las Vegas managed to bypass the iPhone’s Face ID authentication system in 120 seconds.

More: https://www.zdnet.com/article/two-weird-ways-your-iphone-or-mac-can-be-hacked/

Nova ferramenta hacker desbloqueia qualquer iPhone no mercado

By: Felipe Payão

 

Ferramenta da Cellebrite invade qualquer iPhone e Android top de linha no mercado.

A empresa israelense Cellebrite lançou hoje (14) a UFED Premium, uma ferramenta hacker com a capacidade de desbloquear qualquer Apple iPhone vendido no mercado atualmente. A UFED Premium é uma ferramenta voltada para autoridades governamentais e policiais no mundo — a Cellebrite, por exemplo, colabora com autoridades brasileiras.

Por meio da UFED Premium, agências policiais poderão realizar a extração completa do sistema de arquivos em celulares iOS, além de smartphones Android top de linha, afirma a Cellebrite. “Obtenha acesso a dados de aplicativos de terceiros, conversas por bate-papo, e-mails baixados e anexos de email, conteúdo excluído e muito mais, aumente suas chances de encontrar provas incriminatórias e leve sua questão a uma resolução”, escreve a empresa ao vender a solução.

Vale notar que, apesar da Cellebrite afirmar que consegue desbloquear todos os iPhones no mercado, o site oficial indica que o UFED Premium ainda não consegue fazer o hack em iPhones com iOS 13, versão do sistema operacional que chegará em breve em todos os aparelhos Apple.

A Cellebrite ganhou mídia no caso Apple x FBI, quando o órgão norte-americano buscava hackear o aparelho de um suspeito do terrorismo. O FBI teve sucesso em extrair os dados de um iPhone 5c por conta da ferramenta.

Mais:  https://m.tecmundo.com.br/seguranca/142593-nova-ferramenta-hacker-desbloqueia-qualquer-iphone-mercado.htm

Who are the hackers who cracked the iPhone?

By: Dave Lee

Israel-based organization called NSO Group. / AFP PHOTO / JACK GUEZ

What do we know about the curious, secretive NSO Group? Very little – but after this week, an awful lot more than we did before.

The group, an Israeli-based but American-owned company, specialises in creating what it calls tools against crime and terrorism. But the security researchers call them something else: a cyber arms dealer.

On Thursday, the NSO Group was thrust into international headlines after being credited with creating malicious software capable of “jailbreaking” any iPhone with just one tap of the screen, and then installing vicious spyware.


Factfile: NSO

  • Founded in 2010 and has had several different names
  • Based in Herzliya, Israel, and owned by US investment firm Francisco Partners
  • Could be worth $1bn

Security-savvy human rights lawyer Ahmed Mansoor found himself targeted by the attack when his iPhone received a message promising “secrets” about torture happening in prisons in the United Arab Emirates.

Had he tapped on the link, the phone would have been plundered. Huge amounts of private data: text messages, photos, emails, location data, even what’s being picked up by the device’s microphone and camera.

Thankfully, he didn’t do that. Instead, he passed on the message to experts at Citizen Lab and Lookout, who peeled back the covers on what they described as one of the most sophisticated cyber weapons ever discovered. With it came evidence that it was the NSO Group’s expertise at the heart of it all.

Big money deals

Earlier this year, UK-based watchdog Privacy International launched a database tracking the global trade of cyber arms. Its intention was to track deals between cyber arms companies and governments.

According to the Surveillance Industry Index (SII), the NSO Group was founded in 2010 and is based in Herzliya, an attractive city north of Tel Aviv that is known as being a cluster of tech start-ups. The group was likely funded by the elite 8200 Intelligence Unit, an Israeli military-funded scheme for start-ups.

According to Forbes, the 8200 Intelligence Unit was heavily involved in providing expertise and funding for Stuxnet, a cyber attack on Iran that was a joint operation between the US and Israel.

More: https://www.bbc.com/news/technology-37192670

Many popular iPhone apps secretly record your screen without asking

By: Zack Whittaker

Many major companies, like Air Canada, Hollister and Expedia, are recording every tap and swipe you make on their iPhone apps. In most cases you won’t even realize it. And they don’t need to ask for permission.

You can assume that most apps are collecting data on you. Some even monetize your data without your knowledge. But TechCrunch has found several popular iPhone apps, from hoteliers, travel sites, airlines, cell phone carriers, banks and financiers, that don’t ask or make it clear — if at all — that they know exactly how you’re using their apps.

Worse, even though these apps are meant to mask certain fields, some inadvertently expose sensitive data.

Apps like Abercrombie & Fitch, Hotels.com and Singapore Airlines also use Glassbox, a customer experience analytics firm, one of a handful of companies that allows developers to embed “session replay” technology into their apps. These session replays let app developers record the screen and play them back to see how its users interacted with the app to figure out if something didn’t work or if there was an error. Every tap, button push and keyboard entry is recorded — effectively screenshotted — and sent back to the app developers.

Or, as Glassbox said in a recent tweet: “Imagine if your website or mobile app could see exactly what your customers do in real time, and why they did it?”

The App Analyst, a mobile expert who writes about his analyses of popular apps on his eponymous blog, recently found Air Canada’s iPhone app wasn’t properly masking the session replays when they were sent, exposing passport numbers and credit card data in each replay session. Just weeks earlier, Air Canada said its app had a data breach, exposing 20,000 profiles.

More: https://techcrunch.com/2019/02/06/iphone-session-replay-screenshots/

New FaceTime Bug Lets Callers Hear and See You Without You Picking Up

By: Swati Khandelwal

If you own an Apple device, you should immediately turn OFF FaceTime app for a few days.

A jaw-dropping unpatched privacy bug has been uncovered in Apple’s popular video and audio call app FaceTime that could let someone hear or see you before you even pick up their call.

The bug is going viral on Twitter and other social media platforms with multiple users complaining of this privacy issue that can turn any iPhone into an eavesdropping device without the user’s knowledge.

 The Hacker News has tested the bug on iPhone X running the latest iOS 12.1.2 and can independently confirm that it works, as flagged by 9to5Mac on Monday. We were also able to replicate the bug by making a FaceTime call to a MacBook running macOS Mojave.

Here’s How Someone Can Spy On You Using FaceTime Bug

The issue is more sort of a designing or logical flaw than a technical vulnerability that resides in the newly launched Group FaceTime feature.

Here’s how one can reproduce the bug:
  1. Start a FaceTime Video call with any iPhone contact.
  2. While your call is dialing, swipe up from the bottom of your iPhone screen and tap ‘Add Person.’
  3. You can add your own phone number in the ‘Add Person’ screen.
  4. This will start a group FaceTime call including yourself and the person you first called, whose audio you will able to listen in even if he/she hasn’t accepted the call yet.

iPhone a Growing Target of Crypto-Mining Attacks

By: Kacy Zurkus

Apple has increasingly been the target of crypto-mining attacks, and according to Check Point, iPhone attacks increased by nearly 400% over the last two weeks in September.

In its most recently published Global Threat Index, Check Point researchers said they are continuing to investigate the reasons behind this sharp increase but reported that crypto-miners continued to be the most common malware in September 2018. Coinhive continued to hold the number-one position, which it has occupied since December 2017.

While Coinhive currently impacts 19% of global organizations, researchers also reported that the information-stealing Trojan Dorkbot held onto second place with a 7% global impact. The report also noted significant increase in Coinhive attacks against PCs. Attackers used the Coinhive mining malware to target iPhones, which aligned with a rise in attacks against users of the Safari browser, the primary browser used by Apple devices.

The mining malware that rivals Coinhive, known as Cryptoloot, ranked third place overall on the Threat Index, making it the second-most prevalent crypto-miner in the index. Differentiating itself from Coinhive, Cryptoloot requests a smaller revenue percentage from websites than its top competitor.

“Crypto-mining continues to be the dominant threat facing organizations globally,” Maya Horowitz, threat intelligence group manager at Check Point, said in a press release. “What is most interesting is the fourfold increase in attacks against iPhones and against devices using the Safari browser during the last two weeks of September. These attacks against Apple devices are not using new functionality, so we are continuing to investigate the possible reasons behind this development.”

More: https://www.infosecurity-magazine.com/news/iphone-a-growing-target-of/

Researcher devised a new CSS & HTML attack that causes iPhone reboot or freezes Macs

By: Pierluigi Paganini

The security researcher security researcher Sabri Haddouche from Wire devised a new CSS attack that causes iPhone reboot or freezes Macs.

The security researcher security researcher Sabri Haddouche from Wire devised a new attack method that saturates Apple device’s resources and causing it crashes or system restarts when visiting a web page. The experts discovered that iOS restart and macOS freezes when the user visits a web page that contains certain CSS & HTML.

Depending on the version of iOS being used, the bug could trigger the UI restart, cause a kernel panic and consequent device reboot.

This attack leverages a weakness in the -webkit-backdrop-filter CSS, for this reason, it affects all browsers on iOS that leverage on WebKit as rendering engine is WebKit. The weakness also affects Safari and Mail in macOS, but it doesn’t affect Linux and Windows systems.

“The attack exploits a weakness in the –webkit-backdrop-filter CSS property,” Haddouche explained to BleepingComputer. “By using nested divs with that property, we can quickly consume all graphicresources and crash or freeze the OS. The attack does not require Javascript to be enabled therefore it also works in Mail. On macOS, the UI freeze. On iOS, the device restart.”

More: https://securityaffairs.co/wordpress/76228/hacking/css-attack-iphone-reboot.html

Dozens of popular iPhone apps caught sending user location data to monetization firms

By: Zack Whittaker

A group of security researchers say dozens of popular iPhone apps are quietly sharing the location data of “tens of millions of mobile devices” with third-party data monetization firms.

Almost all require access to a user’s location data to work properly, like weather and fitness apps, but share that data often as a way to generate revenue for free-to-download apps.

In many cases, the apps send precise locations and other sensitive, identifiable data “at all times, constantly,” and often with “little to no mention” that location data will be shared with third-parties, say security researchers at the GuardianApp project.

“I believe people should be able to use any app they wish on their phone without fear that granting access to sensitive data may mean that this data will be quietly sent off to some entity who they do not know and do not have any desire to do business with,” said Will Strafach, one of the researchers.

Using tools to monitor network traffic, the researchers found 24 popular iPhone apps that were collecting location data — like Bluetooth beacons to Wi-Fi network names — to know where a person is and where they visit. These data monetization firms also collect other device data from the accelerometer, battery charge status and cell network names.

In exchange for data, often these data firms pay app developers to collect data and grow their databases and often to deliver ads based on a person’s location history.

But although many claim they don’t collect personally identifiable information, Strafach said that latitude and longitude coordinates can pin a person to a house or their work.

More: https://techcrunch-com.cdn.ampproject.org/c/s/techcrunch.com/2018/09/07

Google Tracks Android, iPhone Users Even With ‘Location History’ Turned Off

By: Mohit Kumar

Google tracks you everywhere, even if you explicitly tell it not to.

Every time a service like Google Maps wants to use your location, Google asks your permission to allow access to your location if you want to use it for navigating, but a new investigation shows that the company does track you anyway.

An investigation by Associated Press revealed that many Google services on Android and iPhone devices store records of your location data even when you have paused “Location History” on your mobile devices.

Disabling “Location History” in the privacy settings of Google applications should prevent Google from keeping track of your every movement, as its own support page states: “You can turn off Location History at any time. With Location History off, the places you go are no longer stored.”

However, AP found that even with Location History turned off, some Google apps automatically store “time-stamped location data” on users without asking them, eventually misleading its claim.

“For example, Google stores a snapshot of where you are when you merely open its Maps app. Automatic daily weather updates on Android phones pinpoint roughly where you are,” the AP explains.

 

“And some searches that have nothing to do with location, like “chocolate chip cookies,” or “kids science kits,” pinpoint your precise latitude and longitude—accurate to the square foot—and save it to your Google account.”

To demonstrate the threat of this Google’s practice, the AP created a visual map of the movements of Princeton postdoctoral researcher Gunes Acar, who carried an Android smartphone with ‘Location History’ switched off to prevent location data collection.

More: https://thehackernews.com/2018/08/google-mobile-location-tracking.html

iPhone Hacking Campaign Using MDM Software Is Broader Than Previously Known

By: Swati Khandelwal

India-linked highly targeted mobile malware campaign, first unveiled two weeks ago, has been found to be part of a broader campaign targeting multiple platforms, including windows devices and possibly Android as well.

As reported in our previous article, earlier this month researchers at Talos threat intelligence unit discovered a group of Indian hackers abusing mobile device management (MDM) service to hijack and spy on a few targeted iPhone users in India.

Operating since August 2015, the attackers have been found abusing MDM service to remotely install malicious versions of legitimate apps, including Telegram, WhatsApp, and PrayTime, onto targeted iPhones.

These modified apps have been designed to secretly spy on iOS users, and steal their real-time location, SMS, contacts, photos and private messages from third-party chatting applications.

During their ongoing investigation, Talos researchers identified a new MDM infrastructure and several malicious binaries – designed to target victims running Microsoft Windows operating systems – hosted on the same infrastructure used in previous campaigns.

  • Ios-update-whatsapp[.]com (new)
  • Wpitcher[.]com
  • Ios-certificate-update.com

“We know that the MDM and the Windows services were up and running on the same C2 server in May 2018,” researchers said in a blog post published today.

“Some of the C2 servers are still up and running at this time. The Apache setup is very specific, and perfectly matched the Apache setup of the malicious IPA apps.”

 

Possible Connections with “Bahamut Hacking Group”

mobile device management software