Tag: iphone | Page 2

iPhone Security In The Face Of Zero-Click Exploits

January 4, 2024/in Internet Security

Apu Pavithran is the founder and CEO of Hexnode, an award-winning unified endpoint management platform.

getty

For Apple enthusiasts and business owners alike, the iPhone has been more than a device—it’s a symbol of security and reliability. That doesn’t imply, however, that the iPhone is a veritable Fort Knox. Vulnerabilities popping up occasionally are nothing new. However, a recent pair of zero-day vulnerabilities raise considerable concern. In early September 2023, CitizenLab, a vigilant internet watchdog group, unearthed a zero-click iOS vulnerability that enabled the notorious Pegasus spyware to infiltrate iPhones. This revelation serves as a wake-up call, reminding us that even the seemingly impenetrable can be compromised.

Unraveling The Vulnerability

What’s truly unsettling is that even the most up-to-date iPhone with the latest iOS can fall victim to this attack without any user interaction. Unlike traditional attacks that require some form of user interaction, this exploit can compromise an iPhone without any action from the victim.

The first exploit, CVE-2023-41064, affects Image I/O, a foundation for programs that enable them to read and write different image formats. A buffer overflow issue in Image I/O may be used to build a maliciously created image that causes iOS to execute malicious software. For those unfamiliar, a buffer overflow takes place when a program tries to input more information into a buffer than it can accommodate. This can lead to various issues such as data distortion, program malfunctions or even the activation of harmful code. The second vulnerability, CVE-2023-41061, affects Apple Wallet and can be exploited to trick it into executing malicious code.

At the end of both vulnerabilities lies Pegasus, a potent and sophisticated spyware developed by Israel’s NSO group. Pegasus utilizes the zero-click zero-day vulnerability to inject itself onto iPhones and iPads. Once infiltrated, its capabilities are staggering: It can siphon off texts, emails, media files, contacts and GPS coordinates. Additionally, it can eavesdrop on calls and surreptitiously activate both the microphone and camera.

Marketed under the guise of crime and terrorism…

Source…

New exploit fools users into thinking their hacked iPhone is safe

December 11, 2023/in Internet Security

Lockdown Mode

If an iPhone has already been infected with malware, Jamf has shown how an attacker can trick the user into believing Lockdown Mode is active when it isn’t.

Despite popular belief, iPhones can get infected with malware — but it is rare. Attackers taking advantage of zero-day vulnerabilities and zero-click exploits can infect a user’s device — though these sophisticated attacks are often expensive and difficult to execute.

Jamf Threat Labs has worked out a proof-of-concept post-exploitation tampering technique that makes an iPhone behave like it is in Lockdown Mode when it isn’t. The user can toggle Lockdown Mode and will see visual cues, like an apparent device restart and warnings in Safari that trick the user into a false sense of security.

This isn’t a flaw with Lockdown Mode, iPhone security, or the operating system. The tampering technique only works on devices that have already been infected with malware.

Jamf researched this proof-of-concept to emphasize that Lockdown Mode has limitations. It is a shield that reduces the attack surface on an iOS device, not anti-malware that detects infections and ejects them.

Lockdown Mode is most effective when used on a device before an attack occurs. It reduces the number of entry points available for an attacker.

Warnings tell the user Lockdown Mode is being activated

A system reboot can help stop malware from monitoring the user, but Jamf found a way to force a userspace reboot instead of a system reboot. That way, the injected code can maintain adaptable control over Lockdown Mode.

Lockdown Mode performs several actions, most of which are invisible to the user.

Messages — Most message attachments are blocked, and some features are unavailable.

FaceTime — Incoming FaceTime calls from people you have not previously called are blocked.

Web Browsing — Some web technologies and browsing features are blocked.

Shared Albums — Shared albums will be removed from the Photos app, and new Shared Albums invitations will be blocked.

Device Connections…

Source…

Third-party keyboards could help hackers spy on your iPhone

December 6, 2023/in Computer Security

iPhones are well known for their security, and many people choose to buy iPhones because of that added safety. However, their popularity also makes iPhones appealing targets for hackers and bad actors. Now, hackers have found a way to spy on iPhones by installing third-party keyboards that bypass Apple’s rigorous security checks.

It isn’t completely impossible for malicious code to be served to iPhone customers, but hackers are taking advantage of TestFlight, Apple’s pre-release testing system, which allows app developers to ship unfinished versions of their apps to users. According to a report from Certo Software, hackers are installing third-party keyboards by uploading them to TestFlight.

Once users install the app to test it, the hackers are able to install a custom keyboard that looks just like the iPhone’s default keyboard. From there, the keyboard acts as a keylogger, and logs a ton of the user’s data, including passwords, messages, and more, all without the user ever suspecting it.

Dvorak keyboard enabled on iPhone. — Check your iPhone’s keyboard settings to see which keyboards are installed and active. Image source: Chris Smith, BGR

It’s this use of third-party keyboards to spy on iPhones that could very well lead to some drastic changes in how Apple allows developers to use TestFlight. But, in the meantime, there is something you can do to ensure you aren’t having your information and data logged by a malicious keyboard.

Head over to Settings > General > Keyboard and then navigate down to Keyboards. Here, you’ll be able to see any keyboards you have installed. If you see anything that doesn’t make sense, we recommend deleting it by tapping on the Edit button and then selecting the red minus button to delete the keyboard from your device.

Of course, hackers are bound to find other ways to spy on your iPhone, so make sure you’re always watching what you download and what sites you visit, as just because iPhones are more secure does not make them impossible to hack and…

Source…

This crafty iPhone attack makes you think your phone is safe…until it’s hacked

December 6, 2023/in Computer Security

Lockdown Mode, an iPhone feature introduced with iOS 16, is not an antivirus, does not detect malware, and cannot prevent malware from operating.

Therefore, hackers can create a fake Lockdown Mode and run malware operating in the background unabated, a report from Jamf Threat Labs has noted.

“Apple‘s Lockdown mode in iOS 16 is a useful feature for certain situations, but if your phone has already been compromised, Lockdown Mode won’t protect you,” the researchers claim. Threat actors can run a Fake Lockdown Mode “which shows that if a hacker has already infiltrated your device, they can cause Lockdown Mode to be “bypassed” when you trigger its activation.”

Making PDFs work

Lockdown Mode was introduced last year with the goal of bringing an extra layer of protection for high-level targets. Think journalists, dissidents, government employees, intellectuals, but also celebrities and similar. It is easy to turn on and makes some features on the endpoint unavailable, and some files blocked.

“By tricking the user into believing that their device is operating normally and that additional security features can be activated, the user is far less likely to suspect any malicious activity is taking place behind the scenes,” Michael Covington, vice president of portfolio strategy at Jamf, told The Hacker News.

“We did not expect that such a widely publicized security feature would have the user interface separated from the implementation reality.”

One of the ways hackers could abuse this flaw is by changing how Lockdown Mode works in Safari and allowing it to view PDF files (which are unavailable when the feature is active).

But Lockdown Mode is not completely useless, the researchers stress. In September this year, CitizenLab discovered that BLASTPASS – a chain of exploits used to deliver the Pegasus malware – was effectively stopped on iOS devices thanks to Lockdown Mode.

More from TechRadar Pro

Source…

Tag Archive for: iphone

Unraveling The Vulnerability

Tech. Entertainment. Science. Your inbox.