Tag Archive for: iPhone’s

Google Explains Pegasus Hack of iPhones

/in


One of the most technically sophisticated exploits.

Pegasus spyware from NSO Group, an Israel-based cyber security company, has been used to hack iPhones of a dozen U.S. diplomats. The revelation comes a month after U.S. officials blacklisted the NSO Group after a report that its foreign government clients used the software to spy over rivals, political activists, human rights workers and others.

Google has published a blog post explaining how the spyware was used for hacking into iPhones without users’ knowledge.

Google’s Project Zero team has posted the blog, and it calls it “one of the most technically sophisticated exploits”. The blog post says that the spyware is very sophisticated and indicates that what was available to a handful of nations and their governments is now openly accessible to many.

The blog also has explained how the spyware gets into your phone. Earlier, the one-click phishing route was used to hack into your phone. But now, NSO offers its clients zero-click exploitation technology, which requires no clicking of a phishing message. Instead, the hack works silently in the background. “Short of not using a device, there is no way to prevent exploitation by a zero-click exploit; it’s a weapon against which there is no defense,” Google wrote in the post.

Google Pegasus NSO

The hackers need either the phone number or Apple ID of the user to hack into the system silently.

The hack rides on the back of GIF files in iMessage to target users. The GIF is used to sneak in a PDF file into an iPhone. Then the PDF file targets images and texts and virtually builds a parallel command center to carry out spying over all your computer or device activities.

“Using over 70,000 segment commands defining logical bit operations, they define a small computer architecture…which they use to search memory and perform arithmetic operations. It’s not as fast as Javascript, but it’s fundamentally computationally equivalent,” the blog reads.

The hackers need either the phone number or Apple ID of the user to hack into the…

Source…

Apple sues NSO Group, company known for hacking iPhones on behalf of governments

/in


Apple CEO Tim Cook delivers the keynote address during the 2020 Apple Worldwide Developers Conference (WWDC) at Steve Jobs Theater in Cupertino, California.

Brooks Kraft/Apple Inc/Handout via Reuters

Apple on Tuesday sued NSO Group, an Israeli firm that sells software to government agencies and law enforcement that enables them to hack iPhones and read the data on them, including messages and other communications.

Earlier this year, Amnesty International said it discovered recent-model iPhones belonging to journalists and human rights lawyers that had been infected with NSO Group malware called Pegasus.

Apple is seeking a permanent injunction to ban NSO Group from using Apple software, services, or devices. It’s also seeking damages over $75,000.

Apple considers the lawsuit to be a warning to other spyware vendors. “The steps Apple is taking today will send a clear message: in a free society, it is unacceptable to weaponize powerful state-sponsored spyware against innocent users and those who seek to make the world a better place,” said Ivan Krstic, Apple’s head of security engineering and architecture, in a tweet.

NSO Group software permits “attacks, including from sovereign governments that pay hundreds of millions of dollars to target and attack a tiny fraction of users with information of particular interest to NSO’s customers,” Apple said in the lawsuit filed in federal court in the Northern District of California, saying that it is not “ordinary consumer malware.”

Apple also said on Tuesday it has patched the flaws that enabled the NSO Group software to access private data on iPhones using “zero-click” attacks where the malware is delivered through a text message and leaves little trace of infection.

Pegasus’ users can remotely surveil the iPhone owner’s activities, collect emails, text messages and browsing history, and access the device’s microphone and camera, Apple alleged in its lawsuit.

Apple said the attacks were only targeted at a small number of customers, and said on Tuesday it will inform iPhone users that may have been targeted by Pegasus malware.

“To deliver FORCEDENTRY to Apple devices, attackers created Apple IDs to send malicious data to a victim’s device — allowing…

Source…

Chinese hacking contest reveals weakness in iPhones, Windows and more

/in


Operating systems and software are put through thorough testing before public release. That doesn’t mean flaws don’t fall through the cracks. Hackers can exploit some of those flaws, forcing the developer to issue a quick update to patch them. Tap or click here for signs your device has been hacked.

It is also not common for people who don’t work in the cybersecurity industry to discover these flaws. After all, they are professionals who have made it their job to root out vulnerabilities.

So, when a hacking contest in China revealed significant problems in popular tech, it was a stark reminder that our devices are always at risk.

Here’s the backstory

The Tianfu Cup competition is held annually in China, and this year it tasked participants to hack into some of the most commonly used tech. It’s a cybersecurity summit aiming to highlight vulnerabilities in systems while also serving as an educational and awareness platform.

The event includes lectures and cybersecurity demonstrations, but the main attraction gives ethical hackers a chance to show off their skills. Participants of the hacking competition were given 15 targets to complete, with the winner walking away with some cash prizes.

Some of the target systems or apps were:

  • Google Chrome
  • Apple’s Safari
  • Adobe PDF Reader
  • Ubuntu 20/CentOS 8
  • Microsoft Exchange Server 2019
  • Windows 10
  • iPhone 13 Pro

Each assigned target system had a specific vulnerability that the hackers had to breach. If someone managed to perform a Remote Code Execution on an iPhone 13 Pro, they would be $120,000 richer. Perform a remote jailbreak, and the winner gets $300,000.

Hacking for the big prize

The most shocking thing the hackers found was all but three of the 15 systems or devices suffered from a successful hack.

This includes:

  • Using Safari to browse remote URL, control the browser or System.
  • Run a specific program as an unprivileged user to escalate privileges and run the command as root in Ubuntu.
  • In Windows 10, run a certain program as an unprivileged user to escalate privileges and run…

Source…

Apple fixes security flaw, bugs, in iPhones, iPods & iPads; releases new iOS 15 update

/in


After the company stopped signing iOS 15.0 and iOS 14.8, Apple released iOS 15.0.2 on Monday, 11 October 2021. It comes with bug fixes, some of which were reported as iPhone users upgraded to iOS 15.0. As published on its official website, Apple also said that the update fixed a security flaw that might have been under attack. Users are advised to update to the latest iOS version. 

The patch notes for the new Apple update mentions quite a few new modifications and features. For instance, photos saved to users’ libraries from Messages could be deleted after removing the associated thread or message. The update fixes issue of the iPhone Leather Wallet with MagSafe not being connected and AirTag not appearing in the Find My feature. Some issues regarding Apple CarPlay not opening or disconnecting while playback has also been fixed. 

iOS 15.0.2 fixes security flaw that might have been actively exploited

A major security issue has been fixed in iOS 15.0.2 and the iPadOS 15.0.2, called CVE-2021-30883, that could earlier be used to exploit the IOMobileFrameBuffer, a memory resource, Apple informed. As mentioned on the official support page, an application may be able to execute arbitrary code with kernel privileges due to the flaw.

The page also says that Apple is aware of a report that this issue may have been actively exploited. To resolve the issue, Apple has improved memory handling with the new update which is available for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad Mini 4 and later and iPod Touch (7th generation).

The first public build of the iOS 15 released by Apple was buggy and a lot of users around the world complained about issues they faced as they updated their iPhones. The issues included an unresponsive screen, non-functional dialer, wrong storage warnings, an unaligned interface for Instagram, iPhone 13 not being unlocked with Apple Watch and more. While Apple acknowledged only a few of them, it released an update that fixed quite a lot of bugs in the latest iOS 15.0.1.

Source…