Tag: iphone | Page 3

Hackers have found a sneaky new way to spy on iPhone users — here’s how

December 4, 2023/in Internet Security

One of the many reasons people decide to go with one of the best iPhones over their Android counterparts is due to security. However, as iPhones are known for being less prone to hacking, this also makes them the perfect target for hackers and other cybercriminals.

Now though, it appears that hackers have figured out a clever way to bypass Apple’s security checks through the use of third-party custom keyboards that let them spy on iPhone users.

According to a new report from security researcher Russell Kent-Payne at Certo Software, this new attack method uses malicious keyboards to record private messages, browsing history and even passwords from unsuspecting iPhone users.

Certo decided to look into the matter after the cybersecurity firm received multiple reports of cyberstalking incidents in which the stalkers appeared to know everything that their target had typed into their iPhone. Following its investigation, malicious third-party keyboards were found on all of the affected devices.

Whether you use an iPhone with a third-party keyboard yourself or are worried about being spied on, here’s everything you need to know about this new threat including steps you can take to protect yourself.

Abusing TestFlight to install custom keyboards

A image depicting the stock iPhone keyboard next to a malicious one

The default iOS keyboard can be seen on the left while a custom keyboard that works as a keylogger is pictured on the right. (Image credit: Certo Software/Tom’s Guide)

Normally when it comes to spying on iPhone users, an attacker would need to jailbreak a target’s device or gain access to their iCloud account. What sets this new attack apart though, is that it doesn’t rely on either of these methods to spy on iPhone users.

Although they’re not normally dangerous, this attack weaponized third-party keyboards by using malicious ones to serve as keyloggers on vulnerable devices. From here, a hacker can discreetly capture and transmit all of the keystrokes an iPhone user makes on their device.

While Certo didn’t go into all of the nitty gritty details about this attack to avoid providing other hackers with a blueprint, it did explain how it works. To reach potential victims, the hackers behind this campaign are abusing Apple’s own TestFlight…

Source…

Apple to make a big change to iPhone messages next year

November 20, 2023/in Mobile Security

(CNN) – The long-standing battle over the iOS’ blue and Android’s green text bubbles will soon take a more friendly turn.

Apple has announced plans to adopt a messaging standard that will finally bring iMessage features to Android users, eroding what some considered an element of Apple’s walled garden.

The change – first reported by tech site 9to5Mac – will add features, such as read receipt, typing indicators, better support for group chats, and higher quality media sharing of images and videos, across platforms.

Apple said in a statement it will add support for the standard, called RCS (Rich Communication Services), later next year. RCS is considered the replacement to alternatives such as SMS, or short messaging service, and can work over both Wi-Fi and mobile data.

“We believe RCS Universal Profile will offer a better interoperability experience when compared to SMS or MMS,” the company said in the statement. “This will work alongside iMessage, which will continue to be the best and most secure messaging experience for Apple users.”

A push from Europe
The change follows pressure from both regulators and competitors to more seamlessly work across operating systems. The European Union’s Digital Markets Act, for example, requires companies to make their key services interoperable between platforms. Earlier this year, it launched an investigation into whether it considers iMessage a core product.

Meanwhile, Google, which already has support for RCS within its messaging app, has been vocal about wanting Apple to adopt the standard. In early November, the company wrote a letter to the European Commission arguing iMessage was indeed a core Apple product and should be required to comply.

“Everyone deserves to communicate with each other in ways that are modern and secure, no matter what phone they have,” Google said in a statement. “That’s why we have…

Source…

This Cheap Hacking Device Can Crash Your iPhone With Pop-Ups

November 8, 2023/in Computer Security

As the Israel-Hamas war continues, with Israeli troops moving into the Gaza Strip and encircling Gaza City, one piece of technology is having an outsized impact on how we see and understand the war. Messaging app Telegram, which has a history of lax moderation, has been used by Hamas to share gruesome images and videos. The information has then spread to other social networks and millions more eyeballs. Sources tell WIRED that Telegram has been weaponized to spread horrific propaganda.

Microsoft has had a hard few months when it comes to the company’s own security, with Chinese-backed hackers stealing its cryptographic signing key, continued issues with Microsoft Exchange Servers, and its customers being impacted by failings. The company has now unveiled a plan to deal with the ever-growing range of threats. It’s the Secure Future Initiative, which plans, among multiple elements, to use AI-driven tools, improve its software development, and shorten its response time to vulnerabilities.

Also this week, we’ve looked at the privacy practices of Bluesky, Mastodon, and Meta’s Threads as all of the social media platforms jostle for space in a world where X, formerly known as Twitter, continues to implode. And things aren’t exactly great with this next generation of social media. With November arriving, we now have a detailed breakdown of the security vulnerabilities and patches issued last month. Microsoft, Google, Apple, and enterprise firms Cisco, VMWare, and Citrix all fixed major security flaws in October.

And there’s more. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories, and stay safe out there.

The Flipper Zero is a versatile hacking tool designed for security researchers. The pocket-size pen-testing device can intercept and replay all kinds of wireless signals—including NFC, infrared, RFID, Bluetooth, and Wi-Fi. That means it’s possible to read microchips and inspect signals being admitted from devices. Slightly more nefariously, we’ve found it can easily clone building-entry cards and read credit card details through people’s clothes.

Over the last few weeks, the Flipper Zero, which…

Source…

iPhone Hacking: Notice sent to Apple, CERT-In has started probe: IT Secretary on hacking attempt threat notification row

November 3, 2023/in Computer Security

iPhone Hacking: The government’s cybersecurity agency CERT-In has started its investigation into the issue of the Apple threat notification received by several opposition MPs, and a notice has been sent to the company, IT Secretary S Krishnan said on Thursday.

The move assumes significance as the Minister of State for Electronics and IT Rajeev Chandrasekhar had earlier this week said that the government wants Apple to clarify if its devices are secure and why ‘threat notifications’ were sent to people in over 150 countries, given the company’s repeated claims about its products being designed for privacy.

The government will investigate the threat notifications and also Apple’s claims of being secure and privacy-compliant devices, Chandrasekhar had penned in a post on X (formerly Twitter) on Tuesday, after several opposition leaders claimed ‘state-sponsored’ attack notification were sent to them from Apple and the government ordered a probe.

IT Minister Ashwini Vaishnaw has categorically rejected the opposition’s attack on the government, saying “compulsive critics” were indulging in the politics of “distraction”, as they could not tolerate the country’s progress under the PM’s Narendra Modi leadership.
On Thursday, S Krishnan, Secretary, IT Ministry confirmed that notice has been sent to Apple.

“CERT-In has started its probe… They (Apple) will cooperate in this probe,” Krishnan told reporters on the sidelines of an event related to the Meity-NSF research collaboration.

Indian Computer Emergency Response Team or CERT-In is the national nodal agency for responding to computer security incidents as and when they occur.

Asked if a notice has been sent to Apple, the IT Secretary answered in the affirmative. Apple did not reply to an email by PTI seeking comments on the notice.

Several opposition leaders on Tuesday claimed they have received an alert from Apple warning them of “state-sponsored attackers trying to remotely compromise” their iPhones and alleged hacking by the government.

Those who received such notifications included Congress chief Mallikarjun Kharge, party leaders Shashi Tharoor, Pawan Khera, K C Venugopal, Supriya Shrinate, T S Singhdeo and Bhupinder S Hooda; Trinamool…

Source…

Tag Archive for: iphone