Apple pushes back on hacker’s iPhone passcode bypass report

By: Zack Whittaker

Bangkok, Thailand – December 12, 2015 : Apple iPhone5s held in one hand showing its screen with numpad for entering the passcode.

The researcher later found that passcodes he tested weren’t always counted.

A security researcher’s demonstration that purportedly bypassed a passcode on up-to-date iPhones and iPads has been pushed back by Apple.

Matthew Hickey, a security researcher and co-founder of cybersecurity firm Hacker House, tweeted Friday about a potential way to bypass security limits, allowing him to enter as many passcodes as he wants — even on the latest version of iOS 11.3.

Beyond ten wrong passcodes, the device can be set to erase its contents.

Hickey said he found a way around that. He explained that when an iPhone or iPad is plugged in and a would-be-hacker sends keyboard inputs, it triggers an interrupt request, which takes priority over anything else on the device.

“Instead of sending passcode one at a time and waiting, send them all in one go,” he said.

“If you send your brute-force attack in one long string of inputs, it’ll process all of them, and bypass the erase data feature,” he explained.

Despite several requests for comment, Apple spokesperson Michele Wyman said Saturday: “The recent report about a passcode bypass on iPhone was in error, and a result of incorrect testing.”

Apple did not say why it disputed Hickey’s findings, which he reported to the company Friday, before tweeting.

We reported Friday on Hickey’s findings, which claimed to be able to send all combinations of a user’s possible passcode in one go, by enumerating each code from 0000 to 9999, and concatenating the results in one string with no spaces. He explained that because this doesn’t give the software any breaks, the keyboard input routine takes priority over the device’s data-erasing feature.

But Hickey tweeted later, saying that not all tested passcodes are sent to a the device’s secure enclave, which protects the device from brute-force attacks.

Empresa lança smartphone próprio para armazenar criptomoeda

By: Reuters

 

SÃO PAULO (Reuters) – A empresa de segurança Sikur revelou nesta segunda-feira um telefone celular dedicado para armazenar criptomoedas, em meio à crescente demanda de investidores por proteção contra crimes cibernéticos no volátil mercado de moedas virtuais de cerca de 450 bilhões de dólares.

O produto, lançado durante uma feira de telecomunicações de Barcelona, o Sikurphone foi lançado com preço de 799 dólares durante a fase de pré-vendas, afirmou a companhia em nota.

A Sikur desenvolve sistemas de criptografia que podem ser instalados em aparelhos iOS, da Apple, ou Android, do Google, assim como em tablets e PCs.

Há três anos, a empresa já havia lançado um celular com criptografia, o Granitephone, que faz comunicações por vídeo, voz, mensagens, chats e compartilhamento de documentos, usando o sistema operacional Android.

Mais: https://br.reuters.com/article/internetNews/idBRKCN1GA2YZ-OBRIN

¡Bienvenidos, ‘hackers’! Filtran en internet una parte crítica del código fuente de iOS

By: sikur

Capturar

By G.C.

February 8, 2018

Llevaba moviéndose por la red desde hace tiempo (la primera noticia al respecto la dio un usuario de Reddit hace 4 meses), pero no ha sido hasta este jueves cuando hemos conocido todos detalles técnicos del problema. Desde hoy sabemos que una parte fundamental del código fuente de iOS se ha filtrado en internet y ya hay cientos de expertos que avisan del enorme riesgo que eso supone para los clientes de Apple.

 Según publica el medio estadounidense especializado en ciberseguridad MotherBoard, uno de los primeros en descubrir el pastel, estamos ante “la mayor filtración de la historia” del sistema de Apple y una gran puerta abierta para los hackers que quieran encontrar vulnerabilidades en el sistema y lanzar ataques. El código es uno de los elementos más protegidos por la compañía de Cupertino y ahora está abierto para que cualquiera pueda estudiarlo sin problemas.
¿Cómo ha llegado todo esto a la red? Según Motherboard, el código habría sido publicado por un usuario anónimo a través de la plataforma para programadores GitHub y correspondería concretamente a una parte conocida como ‘iBoot’ que se encarga, nada más y nada menos, de la seguridad en el arranque del sistema operativo. En otras palabras, es el programa que carga iOS, el primer proceso que se ejecuta cuando enciendes tu iPhone. Enciende y verifica que el kernel está debidamente firmado por Apple y luego lo ejecuta; es como el BIOS del iPhone.
Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

Apple says all iOS devices, Macs affected by processor flaws

By: sikur

Capturar

BY SHARA TIBKEN

Those major chip security flawsdetailed Wednesday, impact all Macs and iOSdevices. But Apple said downloading its latest software updates fixes one of the vulnerabilities.

Apple on Thursday said all of its computers, iPhones and iPads are affected by the two newly discovered flaws, dubbed Meltdown and Spectre. It said at that time that the Apple Watch isn’t impacted by Meltdown, and on Friday added that the smartwatch isn’t affected by Spectre, either. Apple TVs, meanwhile, are affected.

The company didn’t immediately give additional information about which Apple TVmodels are impacted.

Apple said, though, that “there are no known exploits impacting customers at this time” and that for a hacker to exploit the flaws, there would also have to be a malicious app loaded on a Mac or iOS device. Apple recommended only downloading software from trusted locations like its App Store to avoid software with malware.

Apple said iOS 11.2, MacOS 10.13.2 and TVOS 11.2 already defend against the Meltdown flaw. It plans to release fixes for its Safari browser over the coming days to help defend against the Spectre flaw.

“We continue to develop and test further mitigations for these issues and will release them in upcoming updates of iOS, MacOS, tvOS and watchOS,” Apple said on a support page.

MORE:https://www.cnet.com/news/apple-iphone-ipad-mac-ios-safari-processor-flaw-meltdown-spectre-intel-arm/

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

MANY MACS VULNERABLE TO FIRMWARE ATTACKS, DESPITE OS AND SECURITY UPDATES

By: sikur

apple-red

Author Jonathan Cannon
29 September, 2017

An alarming number of Macs remain vulnerable to stealthy firmware hacks

But part of the firmware security gap could be the fault of BOFHs rather than Apple. That is a scary thought, considering that attacks at the firmware level are especially nasty-not only are they hard to detect, they run a deep level and can persist even when nuking the storage device and clean installing the OS.

Mac systems have used EFI since 2006 but an analysis by Duo Labs, the research arm of Duo Security, of more than 73,000 Mac systems finds that in many cases the EFI is not receiving security updates, leaving users vulnerable to attacks. Malicious code that is able to hide in firmware is hard to detect, compared to malware that might exist in the OS.

The researchers said the security support provided for EFI firmware depends on the hardware model of Mac. “Some Macs have received regular EFI updates, some have only been updated after particular vulnerabilities have been discovered, others have never seen an update to their EFI”.

The EFI firmware of a computer is responsible for booting and controlling the functions of hardware devices and systems, helping the machine get from powering up to booting the operating system. Since then, Apple has been pretty good about including EFI (extensible firmware interface) updates with its macOS security and software updates, though new evidence suggests it is not almost enough. This can leave these systems software secure but firmware vulnerable.

MORE: http://appsforpcdaily.com/2017/09/many-macs-vulnerable-to-firmware-attacks-despite-os-and/

 

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist