iPhone a Growing Target of Crypto-Mining Attacks

By: Kacy Zurkus

Apple has increasingly been the target of crypto-mining attacks, and according to Check Point, iPhone attacks increased by nearly 400% over the last two weeks in September.

In its most recently published Global Threat Index, Check Point researchers said they are continuing to investigate the reasons behind this sharp increase but reported that crypto-miners continued to be the most common malware in September 2018. Coinhive continued to hold the number-one position, which it has occupied since December 2017.

While Coinhive currently impacts 19% of global organizations, researchers also reported that the information-stealing Trojan Dorkbot held onto second place with a 7% global impact. The report also noted significant increase in Coinhive attacks against PCs. Attackers used the Coinhive mining malware to target iPhones, which aligned with a rise in attacks against users of the Safari browser, the primary browser used by Apple devices.

The mining malware that rivals Coinhive, known as Cryptoloot, ranked third place overall on the Threat Index, making it the second-most prevalent crypto-miner in the index. Differentiating itself from Coinhive, Cryptoloot requests a smaller revenue percentage from websites than its top competitor.

“Crypto-mining continues to be the dominant threat facing organizations globally,” Maya Horowitz, threat intelligence group manager at Check Point, said in a press release. “What is most interesting is the fourfold increase in attacks against iPhones and against devices using the Safari browser during the last two weeks of September. These attacks against Apple devices are not using new functionality, so we are continuing to investigate the possible reasons behind this development.”

More: https://www.infosecurity-magazine.com/news/iphone-a-growing-target-of/

Expert demonstrated how to access contacts and photos from a locked iPhone XS

By: Pierluigi Paganini

Expert discovered a passcode bypass vulnerability in Apple’s new iOS version 12 that could be exploited to access photos, contacts on a locked iPhone XS .

The Apple enthusiast and “office clerk” Jose Rodriguez has discovered a passcode bypass vulnerability in Apple’s new iOS version 12 that could be exploited by an attacker (with physical access to the iPhone) to access photos, contacts on a locked iPhone XS and other devices.

The hack works on the latest iOS 12 beta and iOS 12 operating systems, as demonstrated by Rodriguez in a couple of videos he published on YouTube (Videosdebarraquito).

The passcode bypass vulnerability affects a number of other iPhone models including the latest model iPhone XS.

An attacker can access the images on the devices by editing a contact and changing the image associated with a specific caller.

Apple has addressed the issue allowing images to be viewed via contacts, but Rodriguez devised a new method to circumvent the mitigations implemented by Apple.

The attack exploits the VoiceOver feature that enables accessibility features on iPhone, for this reason, the vulnerable device needs to have Siri enabled and Face ID either turned off or physically covered.

A step by step guide for the Rodriguez’s attack was published by the website Gadget Hacks.

More:  https://securityaffairs.co/wordpress/76700/hacking/iphone-xs-passcode-hack.html

 

Critical MacOS Mojave vulnerability bypasses system security

By: Michael Archambault

With the launch of a new version of macOS from Apple typically comes a culmination of new features, better performance, and enhanced security. Unfortunately, the previous statement might not necessarily be true as security researcher Patrick Wardle, co-founder of Digita Security, has discovered that MacOS Mojave includes a severe security flaw; the bug is currently present on all machines running the latest version of macOS and allows unauthorized access to a users’ private data.

Wardle announced his discovery on Twitter, showcasing that he could easily bypass macOS Mojave’s built-in privacy protections. Due to the flaw, an unauthorized application could circumvent the system’s security and gain access to potentially sensitive information. With the Twitter post, Wardle also included a one-minute Vimeo video showing the hack in progress.

The short video begins with Wardle attempting to access a user’s protected address book and receiving a message that states the operation is not permitted. After accessing and running his bypass program, breakMojave, Wardle is then able to locate the user’s address book, circumvent the machine’s privacy access controls, and copy the address book’s contents to his desktop — no permissions needed.

Wardle is an experienced security researcher who has worked at NASA and the National Security Agency in his past; he notes that one of his current passions is finding MacOS security flaws before others have the chance. While it is unlikely Wardle will release the app as a malicious tool, he does want to spread knowledge of its existence so that Apple addresses the issue in a timely fashion.

More: https://www.digitaltrends.com/computing/macos-mojave-vulnerability

 

Security Flaws Inadvertently Left T-Mobile And AT&T Customers’ Account PINs Exposed

By: L33TDAWG

T-Mobile and AT&T customers’ account PINs — passcodes meant to protect mobile accounts from being hacked — have been exposed by two different security flaws, which were discovered by security researchers Phobia and Nicholas “Convict” Ceraolo.

Apple’s online store contained the security flaw that inadvertently exposed over 72 million T-Mobile customers’ account PINs. The website for Asurion, a phone insurance company, had a separate vulnerability that exposed the passcodes of Asurion’s AT&T customers.

Apple and Asurion fixed the vulnerabilities after BuzzFeed News shared the security researchers’ findings. Apple declined to provide further comment on the record, stating only that the company is very grateful to the researchers who found the flaw. Asurion spokesperson Nicole Miller said, “Asurion takes customer security and privacy very seriously, and as such we have an ongoing, layered security program in place to prevent security issues. We are investigating the researcher’s concerns, but have immediately implemented measures to address these concerns to ensure customers’ accounts are safe.”

16-Year-Old Teen Hacked Apple Servers, Stole 90GB of Secure Files

By: Mohit Kumar

Well, there’s something quite embarrassing for Apple fans.

Though Apple servers are widely believed to be unhackable, a 16-year-old high school student proved that nothing is impossible.

The teenager from Melbourne, Australia, managed to break into Apple servers and downloaded some 90GB of secure files, including extremely secure authorized keys used to grant login access to users, as well as access multiple user accounts.

The teen told the authorities that he hacked Apple because he was a huge fan of the company and “dreamed of” working for the technology giant.

What’s more embarrassing? The teen, whose name is being withheld as he’s still a minor, hacked the company’s servers not once, but numerous times over the course of more than a year, and Apple’s system administrators failed to stop their users’ data from being stolen.

When Apple finally noticed the intrusion, the company contacted the FBI, which took the help of the Australian Federal Police (AFP) after detecting his presence on their servers and blocking him.

Apple Hack: The “Hacky Hack Hack” Folder

The AFP caught the teenager last year after a raid on his residence and seized two Apple laptops, a mobile phone, and a hard drive.

“Two Apple laptops were seized, and the serial numbers matched the serial numbers of the devices which accessed the internal systems,” a prosecutor was quoted as saying by Australian media The Age. “A mobile phone and hard drive were also seized, and the IP address matched the intrusions into the organization.”

After analyzing the seized equipment, authorities found the stolen data in a folder called “hacky hack hack.”

Besides this, authorities also discovered a series of hacking tools and files that allowed the 16-year-old boy to break into Apple’s mainframe repeatedly.

More: https://thehackernews.com/2018/08/apple-hack-servers.html?m=1

ex-NSA Hacker Discloses macOS High Sierra Zero-Day Vulnerability

By: Mohit Kumar

Your Mac computer running the Apple’s latest High Sierra operating system can be hacked by tweaking just two lines of code, a researcher demonstrated at the Def Con security conference on Sunday.

Patrick Wardle, an ex-NSA hacker and now Chief Research Officer of Digita Security, uncovered a critical zero-day vulnerability in the macOS operating system that could allow a malicious application installed in the targeted system to virtually “click” objects without any user interaction or consent.

To know, how dangerous it can go, Wardle explains: “Via a single click, countless security mechanisms may be completely bypassed. Run untrusted app? Click…allowed. Authorize keychain access? Click…allowed. Load 3rd-party kernel extension? Click…allowed. Authorize outgoing network connection? click …allowed.”

Wardle described his research into “synthetic” interactions with a user interface (UI) as “The Mouse is Mightier than the Sword,” showcasing an attack that’s capable of ‘synthetic clicks’—programmatic and invisible mouse clicks that are generated by a software program rather than a human.

macOS code itself offers synthetic clicks as an accessibility feature for disabled people to interact with the system interface in non-traditional ways, but Apple has put some limitations to block malware from abusing these programmed clicks.

More: https://thehackernews.com/2018/08/macos-mouse-click-hack.html

Hackers Used Malicious MDM Solution to Spy On ‘Highly Targeted’ iPhone Users

By: Swati Khandelwal

 

Security researchers have uncovered a “highly targeted” mobile malware campaign that has been operating since August 2015 and found spying on 13 selected iPhones in India.

The attackers, who are also believed to be operating from India, were found abusing mobile device management (MDM) protocol—a type of security software used by large enterprises to control and enforce policies on devices being used their employees—to contol and deploy malicious applications remotely.

To enroll an iOS device into the MDM requires a user to manually install enterprise development certificate, which enterprises obtained through the Apple Developer Enterprise Program.

Companies can deliver MDM configuration file through email or a webpage for over-the-air enrollment service using Apple Configurator.

Once a user installs it, the service allows the company administrators to remotely control the device, install/remove apps, install/revoke certificates, lock the device, change password requirements, etc.

“MDM uses the Apple Push Notification Service (APNS) to deliver a wake-up message to a managed device. The device then connects to a predetermined web service to retrieve commands and return results,” Apple explains about MDM.

Since each step of the enrollment process requires user interaction, such as installing a certificate authority on the iPhone, it is not yet clear how attackers managed to enroll 13 targeted iPhones into their MDM service.

However, researchers at Cisco’s Talos threat intelligence unit, who discovered the campaign, believe that the attackers likely used either a social engineering mechanism, like a fake tech support-style call, or physical access to the targeted devices.

More: https://thehackernews.com/2018/07/mobile-device-management-hacking.html?m=1

Former Apple employee charged with stealing company trade secrets

By: Rick Hurd

SAN JOSE —A former Apple employee has been charged in federal court with stealing trade secrets from the company, authorities said.

The charges against Xiaolang Zhang were filed Monday in the U.S. District Court of Northern California and allege that Zhang, a hardware engineer for Apple, planned to take some of the company’s secrets with him when he took a job with another company.

Federal agents arrested Zhang on Saturday, as he tried to go through security at Mineta San Jose International Airport, authorities said. He had purchased a last-second round-trip ticket to Beijing, China, with a final destination of Hangzhou, China aboard Hainan Airlines, authorities said.

“Apple takes confidentiality and the protection of our intellectual property very seriously,” Apple spokesman Tom Neumayr said in an email. “We’re working with authorities on this matter and will do everything possible to make sure this individual and other individuals involved are held accountable for their actions.”

Zhang, who now claims to be working for XMotors in Mountain View, came to Apple in December 2015 to work as a hardware engineer on a team trying to develop autonomous cars, authorities said. Apple has kept that research and development a closely guarded secret, and authorities said Zhang was granted broad access to confidential internal databases.

According to the criminal complaint, Zhang went on paternity leave in April this year after the birth of his child and informed Apple upon his return that he’d be leaving the company to return to China because his mother was ill. He also told his supervisor that he’d be going to work for XMotors, a Chinese startup company focused on electric automobiles and driverless vehicle technology.

When Zhang turned in his two company-issued iPhones and his laptop, Apple’s tech security team reviewed the history on his devices and found that his download activity increased dramatically and included information from confidential files, authorities said. Zhang generated 581 rows of user activity on April 28 alone; in the previous month, authorities said, he generated 610 rows.

Authorities said Zhang also admitted that he “air-dropped” information from his devices onto his wife’s personal laptop.

More: https://www-mercurynews-com.

Apple pushes back on hacker’s iPhone passcode bypass report

By: Zack Whittaker

Bangkok, Thailand – December 12, 2015 : Apple iPhone5s held in one hand showing its screen with numpad for entering the passcode.

The researcher later found that passcodes he tested weren’t always counted.

A security researcher’s demonstration that purportedly bypassed a passcode on up-to-date iPhones and iPads has been pushed back by Apple.

Matthew Hickey, a security researcher and co-founder of cybersecurity firm Hacker House, tweeted Friday about a potential way to bypass security limits, allowing him to enter as many passcodes as he wants — even on the latest version of iOS 11.3.

Beyond ten wrong passcodes, the device can be set to erase its contents.

Hickey said he found a way around that. He explained that when an iPhone or iPad is plugged in and a would-be-hacker sends keyboard inputs, it triggers an interrupt request, which takes priority over anything else on the device.

“Instead of sending passcode one at a time and waiting, send them all in one go,” he said.

“If you send your brute-force attack in one long string of inputs, it’ll process all of them, and bypass the erase data feature,” he explained.

Despite several requests for comment, Apple spokesperson Michele Wyman said Saturday: “The recent report about a passcode bypass on iPhone was in error, and a result of incorrect testing.”

Apple did not say why it disputed Hickey’s findings, which he reported to the company Friday, before tweeting.

We reported Friday on Hickey’s findings, which claimed to be able to send all combinations of a user’s possible passcode in one go, by enumerating each code from 0000 to 9999, and concatenating the results in one string with no spaces. He explained that because this doesn’t give the software any breaks, the keyboard input routine takes priority over the device’s data-erasing feature.

But Hickey tweeted later, saying that not all tested passcodes are sent to a the device’s secure enclave, which protects the device from brute-force attacks.

Empresa lança smartphone próprio para armazenar criptomoeda

By: Reuters

 

SÃO PAULO (Reuters) – A empresa de segurança Sikur revelou nesta segunda-feira um telefone celular dedicado para armazenar criptomoedas, em meio à crescente demanda de investidores por proteção contra crimes cibernéticos no volátil mercado de moedas virtuais de cerca de 450 bilhões de dólares.

O produto, lançado durante uma feira de telecomunicações de Barcelona, o Sikurphone foi lançado com preço de 799 dólares durante a fase de pré-vendas, afirmou a companhia em nota.

A Sikur desenvolve sistemas de criptografia que podem ser instalados em aparelhos iOS, da Apple, ou Android, do Google, assim como em tablets e PCs.

Há três anos, a empresa já havia lançado um celular com criptografia, o Granitephone, que faz comunicações por vídeo, voz, mensagens, chats e compartilhamento de documentos, usando o sistema operacional Android.

Mais: https://br.reuters.com/article/internetNews/idBRKCN1GA2YZ-OBRIN