Nova ferramenta hacker desbloqueia qualquer iPhone no mercado

By: Felipe Payão

 

Ferramenta da Cellebrite invade qualquer iPhone e Android top de linha no mercado.

A empresa israelense Cellebrite lançou hoje (14) a UFED Premium, uma ferramenta hacker com a capacidade de desbloquear qualquer Apple iPhone vendido no mercado atualmente. A UFED Premium é uma ferramenta voltada para autoridades governamentais e policiais no mundo — a Cellebrite, por exemplo, colabora com autoridades brasileiras.

Por meio da UFED Premium, agências policiais poderão realizar a extração completa do sistema de arquivos em celulares iOS, além de smartphones Android top de linha, afirma a Cellebrite. “Obtenha acesso a dados de aplicativos de terceiros, conversas por bate-papo, e-mails baixados e anexos de email, conteúdo excluído e muito mais, aumente suas chances de encontrar provas incriminatórias e leve sua questão a uma resolução”, escreve a empresa ao vender a solução.

Vale notar que, apesar da Cellebrite afirmar que consegue desbloquear todos os iPhones no mercado, o site oficial indica que o UFED Premium ainda não consegue fazer o hack em iPhones com iOS 13, versão do sistema operacional que chegará em breve em todos os aparelhos Apple.

A Cellebrite ganhou mídia no caso Apple x FBI, quando o órgão norte-americano buscava hackear o aparelho de um suspeito do terrorismo. O FBI teve sucesso em extrair os dados de um iPhone 5c por conta da ferramenta.

Mais:  https://m.tecmundo.com.br/seguranca/142593-nova-ferramenta-hacker-desbloqueia-qualquer-iphone-mercado.htm

Many popular iPhone apps secretly record your screen without asking

By: Zack Whittaker

Many major companies, like Air Canada, Hollister and Expedia, are recording every tap and swipe you make on their iPhone apps. In most cases you won’t even realize it. And they don’t need to ask for permission.

You can assume that most apps are collecting data on you. Some even monetize your data without your knowledge. But TechCrunch has found several popular iPhone apps, from hoteliers, travel sites, airlines, cell phone carriers, banks and financiers, that don’t ask or make it clear — if at all — that they know exactly how you’re using their apps.

Worse, even though these apps are meant to mask certain fields, some inadvertently expose sensitive data.

Apps like Abercrombie & Fitch, Hotels.com and Singapore Airlines also use Glassbox, a customer experience analytics firm, one of a handful of companies that allows developers to embed “session replay” technology into their apps. These session replays let app developers record the screen and play them back to see how its users interacted with the app to figure out if something didn’t work or if there was an error. Every tap, button push and keyboard entry is recorded — effectively screenshotted — and sent back to the app developers.

Or, as Glassbox said in a recent tweet: “Imagine if your website or mobile app could see exactly what your customers do in real time, and why they did it?”

The App Analyst, a mobile expert who writes about his analyses of popular apps on his eponymous blog, recently found Air Canada’s iPhone app wasn’t properly masking the session replays when they were sent, exposing passport numbers and credit card data in each replay session. Just weeks earlier, Air Canada said its app had a data breach, exposing 20,000 profiles.

More: https://techcrunch.com/2019/02/06/iphone-session-replay-screenshots/

New FaceTime Bug Lets Callers Hear and See You Without You Picking Up

By: Swati Khandelwal

If you own an Apple device, you should immediately turn OFF FaceTime app for a few days.

A jaw-dropping unpatched privacy bug has been uncovered in Apple’s popular video and audio call app FaceTime that could let someone hear or see you before you even pick up their call.

The bug is going viral on Twitter and other social media platforms with multiple users complaining of this privacy issue that can turn any iPhone into an eavesdropping device without the user’s knowledge.

 The Hacker News has tested the bug on iPhone X running the latest iOS 12.1.2 and can independently confirm that it works, as flagged by 9to5Mac on Monday. We were also able to replicate the bug by making a FaceTime call to a MacBook running macOS Mojave.

Here’s How Someone Can Spy On You Using FaceTime Bug

The issue is more sort of a designing or logical flaw than a technical vulnerability that resides in the newly launched Group FaceTime feature.

Here’s how one can reproduce the bug:
  1. Start a FaceTime Video call with any iPhone contact.
  2. While your call is dialing, swipe up from the bottom of your iPhone screen and tap ‘Add Person.’
  3. You can add your own phone number in the ‘Add Person’ screen.
  4. This will start a group FaceTime call including yourself and the person you first called, whose audio you will able to listen in even if he/she hasn’t accepted the call yet.

iPhone a Growing Target of Crypto-Mining Attacks

By: Kacy Zurkus

Apple has increasingly been the target of crypto-mining attacks, and according to Check Point, iPhone attacks increased by nearly 400% over the last two weeks in September.

In its most recently published Global Threat Index, Check Point researchers said they are continuing to investigate the reasons behind this sharp increase but reported that crypto-miners continued to be the most common malware in September 2018. Coinhive continued to hold the number-one position, which it has occupied since December 2017.

While Coinhive currently impacts 19% of global organizations, researchers also reported that the information-stealing Trojan Dorkbot held onto second place with a 7% global impact. The report also noted significant increase in Coinhive attacks against PCs. Attackers used the Coinhive mining malware to target iPhones, which aligned with a rise in attacks against users of the Safari browser, the primary browser used by Apple devices.

The mining malware that rivals Coinhive, known as Cryptoloot, ranked third place overall on the Threat Index, making it the second-most prevalent crypto-miner in the index. Differentiating itself from Coinhive, Cryptoloot requests a smaller revenue percentage from websites than its top competitor.

“Crypto-mining continues to be the dominant threat facing organizations globally,” Maya Horowitz, threat intelligence group manager at Check Point, said in a press release. “What is most interesting is the fourfold increase in attacks against iPhones and against devices using the Safari browser during the last two weeks of September. These attacks against Apple devices are not using new functionality, so we are continuing to investigate the possible reasons behind this development.”

More: https://www.infosecurity-magazine.com/news/iphone-a-growing-target-of/

Expert demonstrated how to access contacts and photos from a locked iPhone XS

By: Pierluigi Paganini

Expert discovered a passcode bypass vulnerability in Apple’s new iOS version 12 that could be exploited to access photos, contacts on a locked iPhone XS .

The Apple enthusiast and “office clerk” Jose Rodriguez has discovered a passcode bypass vulnerability in Apple’s new iOS version 12 that could be exploited by an attacker (with physical access to the iPhone) to access photos, contacts on a locked iPhone XS and other devices.

The hack works on the latest iOS 12 beta and iOS 12 operating systems, as demonstrated by Rodriguez in a couple of videos he published on YouTube (Videosdebarraquito).

The passcode bypass vulnerability affects a number of other iPhone models including the latest model iPhone XS.

An attacker can access the images on the devices by editing a contact and changing the image associated with a specific caller.

Apple has addressed the issue allowing images to be viewed via contacts, but Rodriguez devised a new method to circumvent the mitigations implemented by Apple.

The attack exploits the VoiceOver feature that enables accessibility features on iPhone, for this reason, the vulnerable device needs to have Siri enabled and Face ID either turned off or physically covered.

A step by step guide for the Rodriguez’s attack was published by the website Gadget Hacks.

More:  https://securityaffairs.co/wordpress/76700/hacking/iphone-xs-passcode-hack.html

 

Critical MacOS Mojave vulnerability bypasses system security

By: Michael Archambault

With the launch of a new version of macOS from Apple typically comes a culmination of new features, better performance, and enhanced security. Unfortunately, the previous statement might not necessarily be true as security researcher Patrick Wardle, co-founder of Digita Security, has discovered that MacOS Mojave includes a severe security flaw; the bug is currently present on all machines running the latest version of macOS and allows unauthorized access to a users’ private data.

Wardle announced his discovery on Twitter, showcasing that he could easily bypass macOS Mojave’s built-in privacy protections. Due to the flaw, an unauthorized application could circumvent the system’s security and gain access to potentially sensitive information. With the Twitter post, Wardle also included a one-minute Vimeo video showing the hack in progress.

The short video begins with Wardle attempting to access a user’s protected address book and receiving a message that states the operation is not permitted. After accessing and running his bypass program, breakMojave, Wardle is then able to locate the user’s address book, circumvent the machine’s privacy access controls, and copy the address book’s contents to his desktop — no permissions needed.

Wardle is an experienced security researcher who has worked at NASA and the National Security Agency in his past; he notes that one of his current passions is finding MacOS security flaws before others have the chance. While it is unlikely Wardle will release the app as a malicious tool, he does want to spread knowledge of its existence so that Apple addresses the issue in a timely fashion.

More: https://www.digitaltrends.com/computing/macos-mojave-vulnerability

 

Security Flaws Inadvertently Left T-Mobile And AT&T Customers’ Account PINs Exposed

By: L33TDAWG

T-Mobile and AT&T customers’ account PINs — passcodes meant to protect mobile accounts from being hacked — have been exposed by two different security flaws, which were discovered by security researchers Phobia and Nicholas “Convict” Ceraolo.

Apple’s online store contained the security flaw that inadvertently exposed over 72 million T-Mobile customers’ account PINs. The website for Asurion, a phone insurance company, had a separate vulnerability that exposed the passcodes of Asurion’s AT&T customers.

Apple and Asurion fixed the vulnerabilities after BuzzFeed News shared the security researchers’ findings. Apple declined to provide further comment on the record, stating only that the company is very grateful to the researchers who found the flaw. Asurion spokesperson Nicole Miller said, “Asurion takes customer security and privacy very seriously, and as such we have an ongoing, layered security program in place to prevent security issues. We are investigating the researcher’s concerns, but have immediately implemented measures to address these concerns to ensure customers’ accounts are safe.”

16-Year-Old Teen Hacked Apple Servers, Stole 90GB of Secure Files

By: Mohit Kumar

Well, there’s something quite embarrassing for Apple fans.

Though Apple servers are widely believed to be unhackable, a 16-year-old high school student proved that nothing is impossible.

The teenager from Melbourne, Australia, managed to break into Apple servers and downloaded some 90GB of secure files, including extremely secure authorized keys used to grant login access to users, as well as access multiple user accounts.

The teen told the authorities that he hacked Apple because he was a huge fan of the company and “dreamed of” working for the technology giant.

What’s more embarrassing? The teen, whose name is being withheld as he’s still a minor, hacked the company’s servers not once, but numerous times over the course of more than a year, and Apple’s system administrators failed to stop their users’ data from being stolen.

When Apple finally noticed the intrusion, the company contacted the FBI, which took the help of the Australian Federal Police (AFP) after detecting his presence on their servers and blocking him.

Apple Hack: The “Hacky Hack Hack” Folder

The AFP caught the teenager last year after a raid on his residence and seized two Apple laptops, a mobile phone, and a hard drive.

“Two Apple laptops were seized, and the serial numbers matched the serial numbers of the devices which accessed the internal systems,” a prosecutor was quoted as saying by Australian media The Age. “A mobile phone and hard drive were also seized, and the IP address matched the intrusions into the organization.”

After analyzing the seized equipment, authorities found the stolen data in a folder called “hacky hack hack.”

Besides this, authorities also discovered a series of hacking tools and files that allowed the 16-year-old boy to break into Apple’s mainframe repeatedly.

More: https://thehackernews.com/2018/08/apple-hack-servers.html?m=1

ex-NSA Hacker Discloses macOS High Sierra Zero-Day Vulnerability

By: Mohit Kumar

Your Mac computer running the Apple’s latest High Sierra operating system can be hacked by tweaking just two lines of code, a researcher demonstrated at the Def Con security conference on Sunday.

Patrick Wardle, an ex-NSA hacker and now Chief Research Officer of Digita Security, uncovered a critical zero-day vulnerability in the macOS operating system that could allow a malicious application installed in the targeted system to virtually “click” objects without any user interaction or consent.

To know, how dangerous it can go, Wardle explains: “Via a single click, countless security mechanisms may be completely bypassed. Run untrusted app? Click…allowed. Authorize keychain access? Click…allowed. Load 3rd-party kernel extension? Click…allowed. Authorize outgoing network connection? click …allowed.”

Wardle described his research into “synthetic” interactions with a user interface (UI) as “The Mouse is Mightier than the Sword,” showcasing an attack that’s capable of ‘synthetic clicks’—programmatic and invisible mouse clicks that are generated by a software program rather than a human.

macOS code itself offers synthetic clicks as an accessibility feature for disabled people to interact with the system interface in non-traditional ways, but Apple has put some limitations to block malware from abusing these programmed clicks.

More: https://thehackernews.com/2018/08/macos-mouse-click-hack.html

Hackers Used Malicious MDM Solution to Spy On ‘Highly Targeted’ iPhone Users

By: Swati Khandelwal

 

Security researchers have uncovered a “highly targeted” mobile malware campaign that has been operating since August 2015 and found spying on 13 selected iPhones in India.

The attackers, who are also believed to be operating from India, were found abusing mobile device management (MDM) protocol—a type of security software used by large enterprises to control and enforce policies on devices being used their employees—to contol and deploy malicious applications remotely.

To enroll an iOS device into the MDM requires a user to manually install enterprise development certificate, which enterprises obtained through the Apple Developer Enterprise Program.

Companies can deliver MDM configuration file through email or a webpage for over-the-air enrollment service using Apple Configurator.

Once a user installs it, the service allows the company administrators to remotely control the device, install/remove apps, install/revoke certificates, lock the device, change password requirements, etc.

“MDM uses the Apple Push Notification Service (APNS) to deliver a wake-up message to a managed device. The device then connects to a predetermined web service to retrieve commands and return results,” Apple explains about MDM.

Since each step of the enrollment process requires user interaction, such as installing a certificate authority on the iPhone, it is not yet clear how attackers managed to enroll 13 targeted iPhones into their MDM service.

However, researchers at Cisco’s Talos threat intelligence unit, who discovered the campaign, believe that the attackers likely used either a social engineering mechanism, like a fake tech support-style call, or physical access to the targeted devices.

More: https://thehackernews.com/2018/07/mobile-device-management-hacking.html?m=1