- Apple -
Last update 09.10.2017 13:46:27
Introduction List Kategorie Subcategory 0 1 2 3 4 5 6 7 8
iPhone 7 Jailbreak Has Already Been Achieved In Just 24 Hours!
22.9.2016 thehackernews Apple
It has only been a few days since the launch of Apple's brand new iPhone 7 and iPhone 7 Plus, but it appears that the new iPhone has already been jailbroken.
That didn't take long. Right?
Security researcher and well-known hacker Luca Tedesco shared an image of his jailbroken smartphone on his Twitter account to show off the world that the new iPhone 7 has been jailbroken.
The image posted by Tedesco on Wednesday clearly shows an iPhone 7 running both iOS 10.0.1 as well as the Cydia app store, which allows jailbreakers to install apps and other software that Apple does not officially support.
Unfortunately, Tedesco has not publically released the exploit, nor he has provided much information about it. So, right now, it is hard to say if and when he will release the iPhone 7 jailbreak to the public.
It is also not clear whether the exploit is an untethered jailbreak.
The untethered jailbreak is a jailbreak where your device doesn't require any reboot every time it connects to an external device capable of executing commands on the device.
Eventually, there is no tool available yet that you can use to jailbreak your device, but the good news is that a jailbreak has already been developed, which suggests that it's indeed possible to jailbreak iPhone 7.
So, early buyers looking to jailbreak their iPhone 7 or iPhone 7 Plus and install unauthorized Cydia tweaks have to wait until firms like Pangu or someone else come up with the same exploit.
Pangu is the same Chinese jailbreak team that released the first untethered jailbreak for iOS 9.
Since it is not good news for Apple, the company would likely block the vulnerability used to develop iPhone 7 jailbreak in its next iOS update, of course.
Instead of spending $1.3 million, FBI could have Hacked iPhone in just $100
17.9.2016 thehackernews Apple
Do you remember the infamous encryption fight between the FBI and Apple for unlocking an iPhone 5C belongs to a terrorist?
Yes, you got it right, the same Apple vs. FBI case where the FBI paid almost $1.3 Million to a group of hackers to unlock that iPhone.
However, if the agency had shown some patience to explore more ways to get into that iPhone, then it might have cost them nothing less than US$100.
Yes, you heard that right. Now anyone can unlock an iPhone for less than $100, for which the FBI paid more than $1 million.
Cheap Method to Unlock iPhone 5C
Cambridge University security researcher Sergei Skorobogatov has published a new research paper detailing a technique that would have helped the FBI bypass the iOS passcode limit on the shooter's iPhone 5C.
Dubbed NAND Mirroring, the technique was proposed to the FBI earlier this year, but the agency claimed that the method would not work. "It does not work," FBI Director James Comey said back in March, and instead paid a hefty amount to a contractor.
In his research paper published on Thursday, Skorobogatov says that the FBI was just wrong in its assessment of NAND Mirroring, but also spent $1 million of taxpayers' funds on a case that could have been solved for a few hundred dollars.
Here's How the Researcher Unlocked iPhone 5C:
NAND Mirroring technique "does not require any expensive and sophisticated equipment. All needed parts are low cost and were obtained from local electronics distributors," writes Skorobogatov.
During his test, Skorobogatov used store-bought equipment, stripped down an iPhone 5C running iOS 9.3, carefully removed the NAND memory chip from the phone’s circuit board, and copied its data to a special test board many times over.
The researcher then used an automated software to brute force the passcode until he found the correct code and said it takes around 20 hours to brute-force a four-digit passcode, while few weeks with a six-digit one.
"This is the first public demonstration of…the real hardware mirroring process for iPhone 5C," Skorobogatov writes. "Any attacker with sufficient technical skills could repeat the experiments."
So far, the FBI and Apple have not commented on Skorobogatov's research.
The Method Works on iPhone 5S and iPhone 6 Devices
Besides iPhone 5C, his attack also works on iPhone 5S as well as iPhone 6 devices using the same type of NAND Flash memory. The attack can also be adapted on other iPhones using different NANDs.
For more technical details about this technique to bypass iPhone's passcode security limit, you can head onto his research paper.
You can also watch the video demonstration, where Skorobogatov explained the NAND Mirroring technique.
Warning! Just an Image Can Hack Your Android Phone — Patch Now
7.9.2016 thehackernews Apple
Own an Android smartphone? Beware, as just an innocuous-looking image on social media or messaging app could compromise your smartphone.
Along with the dangerous Quadrooter vulnerabilities that affected 900 Million devices and other previously disclosed issues, Google has patched a previously-unknown critical bug that could let attackers deliver their hack hidden inside an innocent looking image via social media or chat apps.
In fact, there is no need for a victim to click on the malicious photo because as soon as the image’s data was parsed by the phone, it would quietly allow a remote attacker to take control over the device or simply crash it.
The vulnerability is similar to last year's Stagefright bug (exploit code) that allowed hackers to hijack Android devices with just a simple text message without the owners being aware of it.
The Stagefright flaw affected more than 950 Million Android devices and resided in the core Android component Stagefright — a multimedia playback library used by Android to process, record and play multimedia files.
However, the recent vulnerability (CVE-2016-3862) resided in the way images used by certain Android applications parsed the Exif data in an image, SentinelOne's Tim Strazzere, the researcher who uncovered the vulnerability, told Forbes.
Any app using Android's Java object ExifInterface code is likely vulnerable to the issue.
An Image Received...? Your Game is Over
Making a victim open the image file within an affected app like Gchat or Gmail, a hacker could either cause a victim's phone to crash or remotely execute malicious code to inject malware on the phone and take control of it without victim’s knowledge.
"Since the bug is triggered without much user interaction – an application only needs to load an image a specific way – triggering the bug is as simple as receiving a message or email from someone," Strazzere said. "Once that application attempts to parse the image (which was done automatically), the crash is triggered."
According to Strazzere, attackers could develop a simple exploit inside an image to target a large number of vulnerable Android devices.
Strazzere crafted exploits for the affected devices and found that it worked on Gchat, Gmail and most other messenger and social media apps, though he did not disclose the names of the other non-Google apps affected by the flaw.
When will I expect a Fix?
All versions of Google's operating system from Android 4.4.4 to 6.0.1 are vulnerable to the image-based hack, except today's update that fixed the vulnerability.
The researcher even successfully tested his exploits on a handful of phones running Android 4.2 and Amazon devices and found that the devices remain unpatched, leaving a large number of users of older Android devices exposed.
So, if you are not running an updated version of operating system and/or device, you probably are vulnerable to the image-based attack.
Google has delivered a patch to fix the issue, but given the shaky history of handset manufacturers and carriers rolling out security patches, it is not known how long the companies will take to update vulnerable Android devices.
Google rewarded Strazzere with $8,000 as part of the company's Android bug bounty program.
Update your Mac OS X — Apple has released Important Security Updates
2.9.2016 THEHACKERNEWS Apple
If you own a Mac laptop or desktop, you need to update your system right now.
It turns out that the critical zero-day security vulnerabilities disclosed last week, which targeted iPhone and iPad users, affect Mac users as well.
Late last week, Apple rolled out iOS 9.3.5 update to patch a total of three zero-day vulnerabilities that hackers could have used to remotely gain control of an iPhone by simply making the victim click a link.
Dubbed "Trident," the security holes were used to create spyware (surveillance malware) called 'Pegasus' that was apparently used to target human rights activist Ahmed Mansoor in the United Arab Emirates.
Pegasus could allow an attacker to access an incredible amount of data on a target victim, including text messages, calendar entries, emails, WhatsApp messages, user's location, microphone.
Pegasus Spyware could even allow an attacker to fully download victim's passwords and steal the stored list of WiFi networks, as well as passwords the device connected to.
Apple is now patching the same "Trident" bugs in Safari web browser on its desktop operating system, with urgent security updates for Safari 9 as well as OS X Yosemite and OS X El Capitan.
However, this is not a surprise because iOS and OS X, and mobile and desktop version of Safari browser share much of the same codebase. Therefore, zero-days in Apple’s iOS showed up in OS X as well.
Pegasus exploit takes advantage of Trident bugs to remotely jailbreak and install a collection of spying software onto a victim's device, without the user’s knowledge.
One of the key tools of the exploit takes advantage of a memory corruption bug in Safari WebKit, allowing hackers to deliver the malicious payload when a target victim clicks on a malicious link and initiate the process of overtaking the operating system.
In an advisory, Apple warned that visiting a "maliciously crafted website" via Safari browser could allow attackers to execute arbitrary code on a victim's computer.
The patch updates that Apple released on Thursday fix the nasty Trident bugs, including CVE-2016-4654, CVE-2016-4655, and CVE-2016-4656, which were initially discovered and reported by mobile security startup Lookout and the University of Toronto’s Citizen Lab.
Based on a link sent to UAE human rights activist Ahmed Mansoor, Lookout Security, and Citizen Lab traced the three programming blunders and its Pegasus spyware kit to Israeli "cyber war" organization NSO Group, which sells hacking exploits to governments like the UAE.
Users can install security patches for Safari, El Capitan, and Yosemite via the usual software update mechanisms.
Hack Apple & Get Paid up to $200,000 Bug Bounty Reward
5.8.2016 thehackernews Apple
So finally, Apple will pay you for your efforts of finding bugs in its products.
While major technology companies, including Microsoft, Facebook and Google, have launched bug bounty programs over last few years to reward researchers and hackers who report vulnerabilities in their products, Apple remained a holdout.
But, not now.
On Thursday, Apple announced at the Black Hat security conference that the company would be launching a bug bounty program starting this fall to pay outside security researchers and white hat hackers privately disclose security flaws in the company's products.
How much is a vulnerability in Apple software worth? Any Guesses?
It's up to $200,000.
Head of Apple security team, Ivan Krstic, said the company plans to offer rewards of up to $200,000 (£152,433) to researchers who report critical security vulnerabilities in certain Apple software.
While that's certainly a sizable bounty reward — one of the highest rewards offered in corporate bug bounty programs.
Apple Bug Bounty Program — Invite Only, For Now
Well, for now, Apple is intentionally keeping the scope of its bug bounty program small by launching the program as invitation-only that will be open only to limited security researchers who have previously made valuable bug disclosures to Apple.
The company will slowly expand the bug bounty program.
Launching in September, the program will offer bounties for a small range of iOS and iCloud flaws.
Here's the full list of risk and reward:
Flaws in secure boot firmware components: Up to $200,000.
Flaws that could allow extraction of confidential data protected by the Secure Enclave: Up to $100,000.
Vulnerabilities that allow executions of malicious or arbitrary code with kernel privileges: Up to $50,000.
Flaws that grant unauthorized access to iCloud account data on Apple servers (remember celebrity photo leak?): Up to $50,000.
Access from a sandboxed process to user data outside of that sandbox: Up to $25,000.
For the eligibility of a reward, researchers will need to provide a proof-of-concept (POC) on the latest iOS and hardware with the clarity of the bug report, the novelty of the bounty problem and the possibility of user exposure, and the degree of user interaction necessary to exploit the flaw.
Decision Comes in the Wake of the FBI Scandal
Earlier this year, Apple fought a much-publicized battle with the FBI over a court order to access the locked San Bernardino shooter's iPhone.
When the FBI forced Apple to unlock the shooter's iPhone, it refused, eventually making the bureau hire professional hackers to break into the iPhone -- supposedly paying out over $1 Million.
Perhaps the company is trying to eliminate these lucrative backdoors into its software to make its iOS devices so secure that even the company can not crack them.
Apple Patches DROWN, Lockscreen Bypass Vulnerability, With Latest Round of Updates
17.5.2016 Apple
Apple on Monday rolled out a series of patches for nearly all of its operating systems, OS X, iOS, its smart watch operating system, watchOS, and Apple TV’s tvOS, along with fixes for both iTunes and Safari. OS X received the lion’s share of the updates, 67 in total, bringing Apple’s operating system El Capitan to version 10.11.5. Among the fixes, the OS X update finally resolves the DROWN vulnerability, first detailed back in March by a cooperative of 15 researchers. The vulnerability stems from a flaw in SSLv2 that relates to export-grade cryptography and could have let an attacker leak user information. Apple claims it fixed the issue by disabling SSLv2 in Tcl, an embeddable dynamic language interpreter. Roughly 25 of the 67 OS X patches address vulnerabilities that could ultimately lead to code execution, including 19 issues that could trigger an application to execute code with kernel privileges. Six more could result in either application termination or arbitrary code execution and primarily stem from flaws in graphics standards and frameworks like SceneKit, Quicktime, and OpenGL, and libraries like libxml2 and libxslt. While most of the issues exist in Apple’s most recent operating system, El Capitan, 12 bugs were fixed in Mavericks 10.9.5 and 14 in Yosemite 10.10.5. The libxslt issue in particular, dug up by Sebastian Apelt, a researcher at the German pentesting firm Siberas, exists in all three operating systems. The vulnerability also affects iOS, tvOS, and watchOS by extension, since the XSLT C library exists in each operating system. If an attacker tricked a user into visiting a malicious site, the vulnerability could lead to code execution. The same 19 issues that could let an application execute code with kernel privileges in OS X also affect iOS but were fixed Monday. In addition, two issues in Messages – also present in OS X – were fixed, including one that could have let an attacker modify a users’ contact list, and another that could have let attackers leak sensitive user information. The iOS update also remedies a lockscreen bypass vulnerability that could have allowed access to contacts and photos. Spanish iPhone researcher, Jose Rodriguez a.k.a videodebarraquito, has dug up a handful of lockscreen bypass bugs in the past and is credited by Apple for finding this particular vulnerability. Apple also took the opportunity on Monday to patch a handful of issues in platforms like watchOS and tvOS, many of the same bugs it patched in iOS and OS X. Just a single issue needed to be fixed in iTunes: A dynamic library loading issue that could have led to code execution. Only seven vulnerabilities were addressed with this week’s Safari update, five that could lead to code execution and two that could lead to the leaking of data. The vulnerabilities could still easily make their way into attackers’ toolkits however, experts claim. “Such vulnerabilities are hooks for phishers to use to bait users to visit malicious websites and compromise their systems,” warned Chris Goettl, director of product management at LANDESK. “If you have any doubt, make sure Safari is up to date quickly as the five arbitrary code vulnerabilities will undoubtedly be useful for targeting users,” Goettl said. The updates come roughly two weeks after Apple’s last set of patches, when it fixed two issues in its development environment Xcode, as they relate to its implementation of git.
For the First time, FBI discloses a Flaw to Apple, but it's already Patched!
27.4.2016 Apple
The Federal Bureau of Investigation (FBI) made its first disclosure about a software security flaw to Apple under the Vulnerability Equities Process (VEP), a White House initiative created in April 2014 for reviewing flaws and deciding which ones should be made public.
Unfortunately, the vulnerability reported by the federal agency only affected older versions of Apple’s iOS and OS X operating system and was patched nine months ago, with the release of iOS 9 for iPhones and Mac OS X El Capitan, according to Apple.
The FBI informed Apple of a vulnerability in its iPhone and Mac software on April 14, but it’s not the one used to unlock an iPhone of one of the San Bernardino shooters, Reuters reported.
But, Why didn’t the FBI disclose the hack used to get data off the San Bernardino iPhone?
Well, the answer came from the FBI is not much complicated.
According to the FBI Director James Comey, the FBI is still assessing whether the hack used to unlock Farook’s iPhone would go through a White House panel review to decide if it should be disclosed to Apple.
The bureau is reportedly arguing that since the tool remains the third-party's intellectual property and the FBI never learned details about the workings of the tool, it does not make sense to disclose the vulnerability.
"The people we bought this from, I know a fair amount about them, and I have a high degree of confidence that they are very good at protecting it, and their motivations align with ours," Comey said earlier this month.
Also Read: Apple/FBI Can Unlock iPhones, Here's How to Hack-Proof your Device.
Comey has previously implied that the tool cost the FBI more than $1 Million as a one-time fee to hack into Farook’s iPhone and that the tool only works a "narrow slice" of iPhone 5C devices running iOS 9.
So, by disclosing an already patched vulnerability in Apple’s product, the FBI might be pretending to care about the user's security in front of Apple after declining to reveal details about the hack used to break the San Bernardino iPhone.
But, it won’t change anything, as an unnamed Apple executive told Reuters that the move "did nothing to change the company's perception that the White House process is less effective than has been claimed.
OS date bug could be triggered over Wi-Fi spoofing an NTP server
14.4.2016 Apple
A couple of security experts demonstrated that iOS date bug was still present in iOS devices and it was exploitable by spoofing an Apple NTP server.
Do you remember the Apple iOS date bug?
In February, the security community highlighted the existence of the embarrassing problem for Apple iOS mobile devices running 64-bit iOS 8 or higher, the issue affects the Apple iOS date and time system and could be triggered by setting the date to January 1, 1970. The news appeared in Reddit discussions warning users about a flaw that could brick iPhone forever.
“Setting the date of your iPhone to January 1st, 1970 will brick your device, according to users across the web and confirmed by iClarified. The bug will affect any 64-bit iOS device that is powered by the A7, A8, A8X, A9, and A9X. 32-bit iOS devices are reportedly not affected by this issue.” reported iClarified.
Meanwhile on Reddit the users warned other Apple users sharing the following message:“When the date of a 64-bit iOS device is set to January 1, 1970, the device will fail to boot. Connecting the device to iTunes and restoring the device to factory defaults will not put the device back in working order. Instead, a physical repair is required. When connected to public Wi-Fi, iPhone calibrates its time settings with an NTP server. Theoretically, attackers can send malicious NTP requests to adjust every iPhone’s time settings to January 1, 1970, hence brick every iPhone connected to the same network.According to /u/sarrius, worldwide Apple Store are being made aware that disconnecting the battery and reconnecting fixes the issue. It should be common knowledge to all stores worldwide by tomorrow.”
Apple issued a patch to fix the problems, but according to experts Matt Harrigan from PacketSled and Patrick Kelley from Critical Assets the issue could be still exploited remotely.
The problem, this time, affects the way the device manage the network time protocol (NTP), an attacker can spoof time server domains in order to trigger the issue.
The attacker can spoof the time server time.apple.com to send a “malicious” day’s timestamp that trigger the issue.
“Research from PacketSled and Patrick Kelley, CISSP, CEH, MCP at Critical Assets proves it possible to remotely brick iDevices over-the-air. The team built the exploit based on Zach Straley’s research which exposed a flaw in iOS when a user to manually set the date of an iPhone or iPad to January. 1, 1970.” states a blog post published on PacketSled.
In the video PoC published by the experts they demonstrate how set up a bogus Wi-Fi hotspot with a Raspberry Pi that spoof an Apple’s NTP servers to pass the 1/1/1970 date that triggers the iOS date bug.
iOS date bug Raspberry
When the device receives the data it reach an unstable state associated with a high temperature of the mobile (up to 54°C) that brick it.
“This starts a chain reaction of software instability resulting in an observed temperature up to 54°C… which is hot enough to brick a device.” continues the post.
The duo will publish soon a detailed paper on their test.
Apple solved the issue in the last iOS 9.3.1 update.
Apple iMessage flaw exposed chat history and more with a single click
13.4.2016 Apple
A group of security researchers has found a security flaw in the Apple iMessage that exposed chat history and sensitive data with a single click.
Recently WhatsApp has introduced the end-to-end encryption to protect its users from eavesdropping, many other companies are adopting the technical improvement, but there are some circumstances that still open their customers to cyber attacks.
This is the case of the Apple Messages app, aka iMessage, the company, in fact, has now solved a security vulnerability (CVE-2016-1764) in its Messages app that exposed chat history, including photos and videos, if the user could be tricked into clicking a malicious link with a social engineering attack.
The bug in the Apple Messages app was discovered six months ago and affected both laptop and desktop computers, the company fixed the vulnerability with a software update issued on March 21.
“Messages – Available for: OS X El Capitan v10.11 to v10.11.3
Impact: Clicking a JavaScript link can reveal sensitive user information
Description: An issue existed in the processing of JavaScript links. This issue was addressed through improved content security policy checks.
CVE-ID – CVE-2016-1764 : Matthew Bryan of the Uber Security Team (formerly of Bishop Fox), Joe DeMesy and Shubham Shah of Bishop Fox” states the security advisory issued by Apple.
Last Friday, the security experts that have found the issue disclosed more details about the vulnerability and published a proof-of-concept code.
“CVE-2016-1764, fixed by Apple in March of 2016, is an application-layer bug that leads to the remote disclosure of all message content and attachments in plaintext by exploiting the OS X Messages client. In contrast to attacking the iMessage protocol, it is a relatively simple bug. You don’t need a graduate degree in mathematics to exploit it, nor does it require advanced knowledge of memory management, shellcode, or ROP chains. All an attacker requires is a basic understanding of JavaScript.” explained the team in a blog post.
Below a video PoC published by the team.
The experts highlighted that the flaw did not affect the iMessage protocol, but it resides in the “client” software, the Apple’s iMessage. The unique versions affected by the issue are the ones that came with the El Capitan OS X, other Apple devices are not affected.
The attack is very dangerous because it could result in the theft of sensitive data and could be exploited remotely tricking users into clicking a specially crafted hyperlink arriving via instant message.
When the victim clicks on the link, a malicious JavaScript code is executed, this happens because the iMessage doesn’t implement properly the “sandboxing” mechanism. The attack not only allows the access of local data, if the target had synced their device to the iCloud, the attacker could gain access to all of their SMS text messages.
“The only user interaction required for a successful attack is a single click on a URL. Furthermore, if the victim has the ability to forward text messages from their computer (SMS forwarding) enabled, the attacker can also recover any messages sent to or from the victim’s iPhone.” states the team.
The researchers explained that the flaw resides in the iMessage implementation of the open source web-browser engine WebKit, and app’s ability of execute web scripts. Unfortunately, the Webkit feature is implemented by many other Web apps.
Apple applied a simple fix by blocking all hyperlinks containing JavaScript.
Forensic Firm that Unlocked Terrorist's iPhone 5C is Close to Crack iPhone 6
12.4.2016 Apple
The FBI didn't disclose the identity of the third-party company that helped them access the San Bernardino iPhone, but it has been widely believed that the Israeli mobile forensic firm Cellebrite was hired by the FBI to put an end to the Apple vs. FBI case.
For those unfamiliar in the Apple vs. FBI case: Apple was engaged in a legal battle with the Department of Justice over a court order that was forcing the company to write software, which could disable passcode protection on terrorist's iPhone, helping them access data on it.
However, Apple refused to comply with the court order, so the FBI hired an unknown third-party firm, most likely Cellebrite, who managed to successfully hack the locked iPhone 5C used by the terrorist in the San Bernardino shooting incident last year.
The new method helped the Federal Bureau of Investigation (FBI) to hack iPhone 5C, but that wasn't the FBI's victory as the method didn't work on iPhone 5S and later iPhone models.
Cellebrite is on its Way to Hack the Locked iPhone 6
Now, Cellebrite is reportedly "optimistic" about Hacking the more Secure iPhone 6.
CNN reports that an Italian architect, named Leonardo Fabbretti, met with Cellebrite last week whether the company could help him gain access to a locked iPhone 6 that belonged to his dead son.
Fabbretti's son, Dama Fabbretti, was passed away from bone cancer last September at the age of 13. However, before his death, the son added his father's thumbprint to allow him to access the phone.
Fabbretti was trying to access the messages, notes, and photos of his dead son on the iPhone 6, but unfortunately, the phone had a restart. It now required the passcode for unlocking, and his father doesn't know the code.
Fabbretti initially contacted Apple on March 21, and the company reportedly tried to help the grieving father, but they found that the iPhone was not backed up to the cloud. Expressing sympathy, the company told him that there was nothing they could do.
Hacking iPhone 6 for Free
Cellebrite-hack-iphone6
After watching Fabbretti's story in the news, Cellebrite offered to help the man by hacking the iPhone 6 for free. Fabbretti met with the company employees last week at its office in northern Italy and said:
"The meeting went well. They were able to download the directories with the iPhone's content, but there is still work to be done in order to access the files."
According to the company, there are chances of accessing the files on locked iPhone 6 that contain photos and conversations of the son with the dad, along with a handful of videos taken just 3 days before his son died.
Both Cellebrite, as well as Apple, have yet to comment on the case.
If the Cellebrite gets the success in creating a new method to unlock iPhone 6, undoubtedly the company will sell its tool to the FBI agents to solve their several pending cases, in the same way, it helped the agency accessing the terrorist's locked iPhone 5C.
The FBI director confirmed the purchase of a tool to hack the shooter’s iPhone, but …
8.4.2016 Apple
The FBI Director James Comey confirmed the Agency had purchased a hacking tool to crack the San Bernardino shooter’s iPhone, but …
The FBI has found a way to unlock any Apple iPhone, this is the opinion of the majority of security experts. Apple has expressed its concerns about the technique adopted by the Feds to access data on the San Bernardino shooter’s iPhone.
On Wednesday, the FBI Director James Comey made a strange affirmation, the official said the technique used in the San Bernardino case does not work on an iPhone 5S or later.
Speaking to the audience at the biennial political science conference at Kenyon College in Ohio, Comey explained the limits of the method used for unlocking iPhones.
“It’s a bit of a technological corner case, because the world has moved on to [iPhone] 6’s,” Comey said. “This doesn’t work on sixes, doesn’t work on a 5S. So we have a tool that works on a narrow slice of phones. I can never be completely confident, but I’m pretty confident about that.” reported the CNN.
FBI director James-Comey on iPhone cracking tool
Comey confirmed the agency used a tool bought from a private source, most likely the Israeli mobile forensic firm Cellebrite, because Apple refused to help the DoJ in cracking into the San Bernardino terrorist iPhone.
“The people we bought this from, I know a fair amount about them, and I have a high degree of confidence that they are very good at protecting it, and their motivations align with ours,” Comey said.
Comey hasn’t provided further details on the hacking tool it has bought and its limitation, but security experts believe the problems for the Feds started after the introduction of security measures implemented with the A7 chip, used in the iPhone 5S and later versions.
The FBI will support authorities involved in similar cases, for example in the investigation conducted by the Police in Arkansas in a homicide case that involved two teens accused of killing a couple. In this case, the FBI will unlock the iPhone and iPod belonging to the suspects.
The Feds will also offer their support in a drug investigation case in Brooklyn, this time the seized mobile is an iPhone 5S that runs iOS 7.
FBI vs Apple
Comey added that the US Government is evaluating the opportunity to reveal Apple the method it has used in order to crack the San Bernardino shooter’s iPhone.
“We tell Apple, then they’re going to fix it, then we’re back where we started from,” he said. “We may end up there, we just haven’t decided yet.”
FBI claims its iPhone Hacking Tool can't Unlock iPhone 5S, 6S and 6S Plus
7.4.2016 Apple
Although everyone, including Apple, was worried about the iPhone hacking tool used by the Federal Bureau of Investigation (FBI) to access data on iPhone belonged to the San Bernardino shooter, the FBI director said the hack does not work on an iPhone 5S or later.
FBI Director James Comey said Wednesday that the agency was able to avoid a prolonged legal battle with Apple by buying a tool from a private source to hack into terrorist Syed Farook’s iPhone 5C.
Apple was engaged in a legal battle with the Department of Justice (DOJ) for a month over a court order that forces the company to write new software, which could disable passcode protection on Farook's iPhone to help them access data on it.
Apple refused to comply with the order, so the FBI worked with a third-party firm, most likely the Israeli mobile forensic firm Cellebrite, and was successfully able to access data on the locked iPhone used in the San Bernardino shooting incident last year.
But speaking to the audience during a keynote address at the biennial political science conference at Kenyon College in Ohio, Comey said the FBI's new method for unlocking iPhones does not work on most iPhone models, according to CNN.
"It's a bit of a technological corner case, because the world has moved on to [iPhone] 6’s," Comey said, describing the flaw in response to a question. "This doesn't work on sixes, doesn't work on a 5S. So we have a tool that works on a narrow slice of phones. I can never be completely confident, but I'm pretty confident about that."
FBI agrees to help unlock other iPhones (Pending Cases)
Reportedly, the FBI agreed to help the Police in Arkansas in the homicide case by unlocking an iPhone and iPod belonging to two teens accused of killing a couple.
Besides this, the agency was trying to solve another Brooklyn case, in which an iPhone 5S that runs iOS 7 was seized in the course of a drug investigation.
But now it seems that the FBI may have to find out other options to solve its pending cases that involve newer iPhones.
Although Comey didn't elaborate on why its new hack didn't work on more advanced iPhones, it is very likely due to the Secure Enclave protections that Apple implemented with the 5S' A7 chip, which is present in all later iPhones.
Law Enforcement Agencies Worried About WhatsApp end-to-end Encryption
This isn’t the only issue bothering the FBI. Now WhatsApp supports end-to-end encryption by default for its over 1 Billion global users, which is why the FBI is worried that criminals and terrorists will take advantage of this move to hide their crime- or terrorism-related communications.
According to FBI General Counsel James Baker, the decision by the Facebook-owned messaging app to end-to-end encrypt its global offerings presents them with "a significant problem" because terrorists and criminals could "get ideas."
"If the public does nothing, encryption like that will continue to roll out," Baker told Washington on Tuesday. "It has public safety costs. Folks have to understand that, and figure out how they are going to deal with that. Do they want the public to bear those costs? Do they want the victims of terrorism to bear those costs?"
Hacker reveals How to Bypass iPhone 6s Lock Screen Passcode [Video]
6.4.2016 Apple
Apple gave you a reason to turn your Siri OFF.
A critical security flaw in Apple's newest iPhones running the latest version of the iOS operating system allows anyone to bypass the phone's lockscreen and gain access to personal information.
The iPhone lockscreen bypass bug only works on the iPhone 6S and iPhone 6S Plus, as these devices take advantage of the 3D Touch functionality that is used to bypass the lockscreen passcode and access photos and contacts.
The lockscreen bypass bug is present in iOS 9.2 and later, including the latest iOS 9.3.1 update, released last week.
Anyone with physical access to an affected iPhone can gain access to the victim's photos, emails, text and picture messages, contacts, and phone settings, according to the Full Disclosure mailing list.
Here's How to bypass iPhone's Lockscreen
Step 1: If you own iPhone 6S or 6S Plus, first lock your device.
Step 2: Invoke Siri and speak 'Search Twitter.'
Step 3: When Siri asks what you want to search for, reply her: 'at-sign Gmail dot com' or any other popular email domain, as the aim is to find a tweet containing a valid email address.
Step 4: Once you get the results, tap on a tweet with a valid email address.
Step 5: Now 3D Touch that email address in order to bring up the contextual menu.
Step 6: Tap 'Create New Contact.'
Step 7: Now add an image in order to view all the images on the device.
You may have to give Siri access to the Photo Library. You can even see contacts on the iPhone by using the 'Add to Existing Contact' option instead.
Video Demonstration:
You can also watch the video demonstrating the security issue.
However, it's as simple to access user's personal data on a locked iPhone as to fix the bug yourself while waiting for Apple to roll out a permanent fix.
Here's how to Fix the iPhone Lockscreen Bug
The vulnerability can be temporarily fixed by just disabling Siri from the lockscreen though it will cripple your iOS 9.3 or iOS 9.3.1 experience.
Go to the Settings → Touch ID & Passcode and Disable Siri on the Lockscreen.
Alternatively, you can just remove Photos access from Siri, so that anyone with the advantage of the flaw can not view any of your personal pictures.
Go to Settings → Privacy → Photos and then prevent Siri from accessing pictures.
Of course, Siri could still ask your permission to view photos on the iPhone when somebody would try to abuse the security issue.
Just One? No, FBI to Unlock More iPhones with its Secret Technique
1.4.2016 Apple
The Federal Bureau of Investigation (FBI) worked with Israeli mobile forensic firm Cellebrite to unlock iPhone used in the San Bernardino shooting last year, confirmed by multiple sources familiar with the matter.
The United States Department of Justice (DoJ) said on Tuesday that the FBI successfully unlocked iPhone and accessed data with the help of an undisclosed alternative method offered by a third party and that it no longer needs Apple's assistance.
Apple was engaged in a legal encryption battle with the DoJ for a month over a court order that forces the company to write new software, which could disable passcode protection on Farook's iPhone 5C to help them access data on it.
Apple refused to comply with the order, saying the FBI wants the company to create the "software equivalent of cancer" that would likely threaten the privacy and data security of millions of its iPhone users.
FBI to Unlock iPhone in Several Pending Cases
Although the legal battle between the FBI and Apple is over, the 'encryption vs. national security' drama is still ongoing.
Apple to FBI: Reveal Your Secret Technique
Apple asked the FBI to share its exploit that bypassed the iPhone security protections, but the agency, which has already been frustrated in convincing Apple to help it access data on just one iPhone, might prefer to keep its technique secret.
Now, when the FBI itself owns a cancerous software, the agency would most likely use it to resolve several pending court cases in which the Feds were seeking Apple's assistance to access information from a locked iPhone.
Yes, the FBI is keeping its technique secret… but only from Apple and not from other law enforcement agencies seeking details on the method to access locked iPhones involved in criminal cases.
Currently, there are two separate court cases, one in Arkansas and the other in Brooklyn, seeking help from the FBI.
Case 1: Reportedly, the FBI agreed to help the Police in Arkansas in the homicide case by unlocking an iPhone and iPod belonging to two teens accused of killing a couple.
Case 2: In the Brooklyn case, an iPhone 5S was seized in the course of a drug investigation, which runs iOS 7. The DoJ will disclose by April 11 as to whether it would "modify" its own request for Apple's assistance in this case or will unlock itself.
Apple's Biggest Problem: How FBI hacked its iPhone
It's still a question, but since the agency so desperately wanted an iPhone backdoor, it seems that it will not share with Apple after having one.
Apple is now in the uncomfortable position as the company knows that a critical vulnerability exists in its operating system, but don't know what it is.
The situation becomes serious for Apple where the company knows the FBI has no legal obligation to disclose how it broke the iPhone's security.
However, the government could argue the technique is bound by a non-disclosure agreement with the third party that unlocked the iPhone.
Though it's not just Apple who had been approached several times to help Feds unlock iPhone, Google had also been asked, at least, nine times to help federal agencies hack into locked Android smartphone citing the All Writs Act.
SideStepper method allows to infect iOS devices via MDM Solutions
1.4.2016 Apple
SideStepper is a method to install malicious apps on iOS devices by abusing the mobile device management (MDM) solutions.
Security researchers from the Check Point firm have devised a method to install a malicious code on iOS devices by abusing the mobile device management (MDM) solutions used by many enterprises.
The technique relies on a vulnerability dubbed by the experts SideStepper, but that Apple considers it as a normal behavior.
“SideStepper is a vulnerability that allows an attacker to circumvent security enhancements in iOS 9 meant to protect users from installing malicious enterprise apps. These enhancements require the user to take several steps in device settings to trust an enterprise developer certificate, making it harder to install a malicious app accidentally.” state the blog post published by Check Point.
Apple allows enterprises to distribute internally-used apps through a Developer Enterprise Program instead passing through the App Store. In order to install the apps, enterprises need to use certificates signed by Apple.
The program allows organizations to install internal apps on employee devices using enterprise certificates signed by Apple.
However, hackers have abused in several circumstances of digital certificates so Apple introduced new security enhancements in iOS 9.
“These enhancements require the user to take several steps in device settings to trust an enterprise developer certificate, making it harder to install a malicious app accidentally.” States the CheckPoint firm.
SideStepper technique
MDM solutions are used by enterprises to easily manage mobile devices used by employees. MDM allows the easy management of any aspect of the mobile devices, including installing apps, deployment of security policies, and remotely wipe phones.
Experts at CheckPoint firm highlighted that threat actors can launch a man-in-the-middle (MitM) attack against the MDM solution to allow the installation of malicious enterprise apps over-the-air, this is possible because Apple gives apps installed using MDMs the possibility to bypass security measures.
Malicious MDM-distributed apps can be abused by using the following process:
Install a malicious iOS configuration profile. This is a native way to distribute a set of configuration settings like networking, security settings, root CAs, and more. A threat actor can craft a configuration profile that will install a root CA and route traffic through a VPN or a proxy to a malicious server, and then initiate a MitM attack. This configuration could be deployed using phishing attack.
Set up a remote enterprise app server to serve the malicious app.
Wait for a command to be sent to an iOS device by an MDM: then, using a MitM attack, intercept and replace the command with a request to install a malicious app. The iOS device will fetch from the remote enterprise app server and install it.
Execute commands using the malicious enterprise app which, because of the method used to install it, does not require explicit user trust. This means that users will not be able to distinguish between a legitimate enterprise app, an App Store app, or a bogus app installed by a threat actor.
Basically, the attackers could intercept the command sent by the MDM to the devices and replace it with a request to install a malicious app. The operation doesn’t need user’s interaction making hard to discover the attack.
The SideStepper technique could be used to infect Apple devices and control them with a malicious code.
CheckPoint suggests enterprises to carefully assess the risk of malicious applications on mobile devices.
Experts from CheckPoint will present the SideStepper method at the Black Hat Asia conference Today.
The code to bypass Apple System Integrity Protection security mechanism fits in a Tweet
31.3.2016 Apple
Apple failed in fixing the System Integrity Protection security mechanism and the exploits code released by a researcher fits in a Tweet .
Last week security media reported a critical privilege escalation flaw (CVE-2016-1757) in the Apple System Integrity Protection (SIP) security mechanism, a vulnerability that was present at the time of the discovery in all the version of the OS X operating system.
This week, Apple issued a security update of OS X El Capitan 10.11.4 and iOS 9.3 to solve the problem, but according to the experts is was ineffective in fixing the privilege escalation vulnerability.
The flaw was discovered by the security researcher Pedro Vilaça from SentinelOne and exposes more than 130 Million Apple customers at risk of hack. The attackers can exploit the flaw for various purposes, for example, the vulnerability could be exploited in a multi-stage attack in which crooks have already compromised the target system and use the flaw to gain persistence on compromised devices.
The SIP is a security mechanism implemented by Apple in the OS X El Capitan operating system for the protection of certain system processes, files and folders from being modified or tampered with by other processes, even when they are executed by a user with root privileges.
System Integrity Protection SIP bypass OS X El Capitan
According to the experts at SentinelOne the flaw allows circumventing the SIP technology bypassing the key security feature without kernel exploits. Now Apple issued a security patch for both OS X El Capitan 10.11.4 and iOS 9.3, but it seems that the update is ineffective, causing the users’ disappointment.
The critical privilege escalation vulnerability in the System Integrity Protection still affects the most recent version of OS for both Macs and iThings.
The popular researcher Stefan Esser, has published a new exploit code to bypass latest patched version of the System Integrity Protection application, and the interesting part is the dimension of the code that fits in a Tweet.
You’ve heard it right, according to the Esser this isn’t the unique flaw affecting the SIP, and most of them are still unfixed.
“Stefan Esser of German security biz SektionEins also gave a talk at this year’s SyScan360 during which he highlighted a bunch of SIP-related vulnerabilities. Esser told The Register “everything in my slides is unfixed” by Apple in the latest version of OS X 10.11 except for two flaws: the kas_info syscall and a malicious mount.” reported El Reg.
“The evil mount worked by mounting a file system over /System and replacing supposedly SIP-protected core OS utilities with attacker-controlled ones (yes, that really worked). It was fixed in OS X 10.11.2. “
ln -s /S*/*/E*/A*Li*/*/I* /dev/diskX;fsck_cs /dev/diskX 1>&-;touch /Li*/Ex*/;reboot
The above code expands to:
ln -s /System/Library/Extensions/AppleKextExcludeList.kext/Contents/Info.plist /dev/diskX
fsck_cs /dev/diskX 1>&-
touch /Library/Extensions/
Reboot
Let’s hope Apple would fix all the open SIP issues as soon as possible.
Here's the Exploit to Bypass Apple Security Feature that Fits in a Tweet
31.3.2016 Apple
Did you install the latest update OS X 10.11.4?
If yes, then you might be wondering with a fact that the Apple had delivered an ineffective patch update this time.
Yes! This news would definitely disappoint many Apple users, as the latest update of OS X El Capitan 10.11.4 and iOS 9.3 still contain a privilege escalation vulnerability that could affect 130 Million Apple customers.
Just last week, we reported about a critical privilege escalation vulnerability in Apple's popular System Integrity Protection (SIP) security mechanism, affecting all versions of OS X operating system.
Even after Apple had fixed the critical flaw in the latest round of patches for Macs and iThings, the SIP can still be bypassed in the most recent version of operating system, leaving Apple users vulnerable to flaws that could remotely hijack their machines.
SIP Bypass Exploit Code Fits in a Tweet
Interestingly, Stefan Esser, a security researcher from Germany, has released a new exploit code to bypass latest patched version of SIP application, which just fits in a Tweet.
Here's the exploit code -- It can be used to modify a crucial OS X configuration file that not even root user is allowed to touch, reported The Register.
ln -s /S*/*/E*/A*Li*/*/I* /dev/diskX;fsck_cs /dev/diskX 1>&-;touch /Li*/Ex*/;reboot
The above code actually expands to:
ln -s /System/Library/Extensions/AppleKextExcludeList.kext/Contents/Info.plist /dev/diskX
fsck_cs /dev/diskX 1>&-
touch /Library/Extensions/
Reboot
The above exploit code successfully bypasses Apple's SIP technology, allowing one to run processes as it is pleased.
What is System Integrity Protection (SIP)?
Apple introduced SIP, a security protection feature to the OS X kernel, with the release of OS X El Capitan, which is designed to restrict the root account of OS X machines and limit the actions a root user can perform on protected parts of the system.
Besides this, System Integrity Protection (SIP) also helps prevent software from changing your startup volume, blocks certain kernel extensions from being loaded and limits the debugging of certain apps.
System Integrity Protection or SIP, by default, protects these folders: /System, /usr, /bin, /sbin, along with applications that come pre-installed with OS X.
This is really a bad time for Apple and its users. Now, let's hope that the company would be more vigilant with its upcoming patch update.
Google has also been Ordered to Unlock 9 Android Phones
30.3.2016 Apple
The legal battle between Apple and the FBI (Federal Bureau of Investigation) over a locked iPhone that belonged to one of the San Bernardino shooters may be over, but the Department of Justice (DoJ) are back in front of a judge with a similar request.
The American Civil Liberties Union (ACLU) has discovered publicly available court documents that revealed the government has asked Google’s assistance to help the Feds hack into at least nine locked Android smartphones citing the All Writs Act.
Yes, Apple is not the only company facing government requests over privacy and security — Google is also in the list.
The Google court documents released by the ACLU show that many federal agencies have been using the All Writs Act – the same ancient law the DoJ was invoking in the San Bernardino case to compel Apple to help the FBI in the terrorist investigation.
Additionally, the ACLU also released 54 court cases in which the federal authorities asked Apple for assistance to help them access information from a locked iPhone. However, this is the first time it has confirmed that Google has also received such requests.
All the cases appear to be closed, and the company is believed to have complied with all of the court orders. As in the majority of cases, Google was required to reset the passwords or bypass the lock screens of Samsung, HTC phones, Kyocera and Alcatel, among a number of other unidentified Android devices.
Unlike Apple, Google Can Reset Android Devices Remotely
In 2015, the New York District Attorney revealed that Google can remotely reset Android device password, in case a court demands access to it.
In other words, unlike Apple, Google has technical abilities to reset device passcode for about 74% of Android users (~Billions) running all versions older than Android 5.0 Lollipop that does not have full disk encryption.
Google had been ordered for technical assistance by many federal agencies over several cases including:
The Department of Homeland Security (DHS) in an investigation of an alleged child pornographer in California.
The FBI in the investigation of an alleged cocaine dealer, who go by the name “Grumpy,” in New Mexico.
The Bureau of Land Management in the investigation of an alleged marijuana grow operation in Oregon
The Secret Service in an unknown court case in North Carolina.
However, Google said none of the cases required the company to write new backdoored software for the federal government.
"We carefully scrutinize subpoenas and court orders to make sure they meet both the letter and spirit of the law," a Google spokesman said in a statement. "However, we have never received an All Writs Act order like the one Apple recently fought that demands we build new tools that actively compromise our products’ security….We would strongly object to such an order."
No doubt, 1789 All Writs Act is being misused as a tool against encryption, which was never intended to allow the government to dictate software design.
FBI Has Successfully Unlocked Terrorist's iPhone Without Apple's Help
29.3.2016 Apple
End of Apple vs. FBI. At least for now, when the FBI has unlocked iPhone successfully.
Yes, you heard it right. The Federal Bureau of Investigation (FBI) has unlocked dead terrorist's iPhone 5C involved in the San Bernardino shooting without the help of Apple.
After weeks of arguments, the United States government is withdrawing its motion compelling Apple to build a backdoored version of its iOS that can help the agency unlock iPhone of San Bernardino gunman Syed Farook.
The Department of Justice (DOJ) says that FBI has successfully accessed iPhone's data with the help of an undisclosed alternative method and that it no longer needs Apple's assistance.
"The government has now successfully accessed the data stored on Farook's iPhone and therefore no longer requires the assistance of Apple," the attorneys wrote in a court filing Monday. "Accordingly, the government hereby requests that the Order Compelling Apple Inc to Assist Agents in Search dated February 16, 2016, be vacated."
Meanwhile, a DoJ spokeswoman said in a statement: "The FBI is currently reviewing the information on the phone, consistent with standard investigatory procedures."
Last week, the DoJ delayed its court hearing against Apple so it could try a possible method of unlocking iPhone for which they have hired an "outside party".
At the time, Apple said it did not know any way to gain iPhone's access but hoped that the Feds would share with them any information of loopholes that might come to light in the iPhone.
Although the technique the FBI used to crack the iPhone is not disclosed and likely will not be any time soon, several experts suspect it involved NAND Mirroring.
Nand Mirroring is a technique used to copy the contents of the phone's NAND memory chip and flash a fresh copy back onto the chip when the max number of attempts is exceeded.
With the discovery of the alternative method, the legal battle between the FBI and Apple seems to be over in this particular case, but it does not end the overall battle about privacy and security.
As Apple has issued a statement, saying the company is committed to continuing its fight for civil liberties and collective security and privacy.
The full statement (via Verge) from Apple reads:
From the beginning, we objected to the FBI's demand that Apple builds a backdoor into the iPhone because we believed it was wrong and would set a dangerous precedent. As a result of the government's dismissal, neither of these occurred. This case should never have been brought.
We will continue to help law enforcement with their investigations, as we have done all along, and we will continue to increase the security of our products as the threats and attacks on our data become more frequent and more sophisticated.
Apple believes deeply that people in the United States and around the world deserve data protection, security and privacy. Sacrificing one for the other only puts people and countries at greater risk.
This case raised issues which deserve a national conversation about our civil liberties, and our collective security and privacy. Apple remains committed to participating in that discussion.
FBI breaks into San Bernardino shooter’s iPhone
29.3.2016 Apple
The Department of Justice says the FBI has broken into the iPhone used by the San Bernardino shooter, it no longer needs the help of Apple.
The US Department of Justice (DoJ) announced it has broken into San Bernardino shooter‘s iPhone and it had accessed encrypted stored on the device.
After a long battle between Apple and the FBI, the DoJ now no longer needs the company to help unlock the iPhone 5C used by one of the San Bernardino terrorists.
The DoJ had originally sought to force Apple in providing a method to access data on the terrorist’ iPhone device, a couple of weeks ago DOJ released a brief filing that threatens to force Apple to hand over the iOS source code if it will not help the FBI in unlocking the San Bernardino shooter ’s iPhone.
Now the El Reg published a filing made Monday to the Central California District Court that confirms prosecutors have successfully extracted data from the iPhone.
“The government has now successfully accessed the data stored on Farook’s iPhone and therefore no longer requires the assistance from Apple Inc. mandated by the court’s order compelling Apple Inc. to assist agents in search, dated February 16, 2016,” reads the DoJ request.
The DoJ hasn’t provided details on the procedure used to break into the San Bernardino shooter ‘s iPhone, nor revealed the name of the firm that supported the FBI in the operation.
Last week security experts speculated the involvement of the Israeli mobile security firm Cellebrite.
Despite the intense legal battle between Apple and FBI, security experts have always confirmed the existence of methods to unlock the iPhone devices.
Data could have been accessed with either hardware or software techniques, this means that in the future the FBI could use the same methods in other cases, as explained by the security expert Jonathan Ździarski.
If the method used in this case turns out to be a software method, from what I see of the OS, the method could work on newer devices too.
A law enforcement official, speaking to the CNN on condition of anonymity, explained it was “premature” to say whether this method works on other Apple devices. He added that the method used by law enforcement worked on this particular phone, an iPhone 5C running a version of iOS 9 software.
Snowden always declared that the US Government has the technology to crack the security measures implemented by Apple.
Snowden in a video call at Blueprint for a Great Democracy conference accused the FBI of lying defining its declaration as absurd, in reality, he used a more colorful expression.
“The FBI says Apple has the ‘exclusive technical means’ to unlock the phone,” said Snowden in video conference “Respectfully, that’s horse sh*t.”
Snowden opinion on Apple vs FBI case San Bernardino shooter
On the same day, Snowden shared via Twitter a link to an American Civil Liberties Union blog post titled “One of the FBI’s Major Claims in the iPhone Case Is Fraudulent,” which explains that the FBI has the ability to bypass iPhone protection mechanism.
The fact that the FBI was able to successfully crack the phone without Apple’s help demonstrates that tech giants need to improve their efforts to protect users’ privacy.
Mac OS X Zero-Day Exploit Can Bypass Apple's Latest Protection Feature
25.3.2016 Apple
A critical zero-day vulnerability has been discovered in all versions of Apple's OS X operating system that allows hackers to exploit the company’s newest protection feature and steal sensitive data from affected devices.
With the release of OS X El Capitan, Apple introduced a security protection feature to the OS X kernel called System Integrity Protection (SIP). The feature is designed to prevent potentially malicious or bad software from modifying protected files and folders on your Mac.
The purpose of SIP is to restrict the root account of OS X devices and limit the actions a root user can perform on protected parts of the system in an effort to reduce the chance of malicious code hijacking a device or performing privilege escalation.
However, SentinelOne security researcher Pedro Vilaça has uncovered a critical vulnerability in both OS X and iOS that allows for local privilege escalation as well as bypasses SIP without kernel exploit, impacting all versions to date.
Bypass SIP to Protect Malware
The zero-day vulnerability (CVE-2016-1757) is a Non-Memory Corruption bug that allows hackers to execute arbitrary code on any targeted machine, perform remote code execution (RCE) or sandbox escapes, according to the researcher.
The attacker then escalates the malware's privileges to bypass SIP, alter system files, and then stay on the infected system.
"The same exploit allows someone to escalate privileges and also to bypass system integrity," the researcher explains in a blog post. "In this way, the same OS X security feature designed to protect users from malware can be used to achieve malware persistency."
By default, System Integrity Protection or SIP protects these folders: /System, /usr, /bin, /sbin, along with applications that come pre-installed with OS X.
Easy-to-Exploit and Tough to Detect-&-Remove
According to Vilaça, the zero-day vulnerability is easy to exploit, and a simple spear-phishing or browser-based attack would be more than enough to compromise the target machine.
"It is a logic-based vulnerability, extremely reliable and stable, and does not crash machines or processes," Vilaça says. "This kind of exploit could typically be used in highly targeted or state-sponsored attacks."
The most worrisome part is that the infection is difficult to detect, and even if users ever discover it, it would be impossible for them to remove the infection, since SIP would work against them, preventing users from reaching or altering the malware-laced system file.
Although the zero-day vulnerability was discovered in early 2015 and was reported to Apple in January this year, the good news is that the bug doesn't seem to have been used in the wild.
Apple has patched the vulnerability, but only in updates for El Capitan 10.11.4, and iOS 9.3 that were released on 21st March.
Other versions do not appear to have a patch update for this specific vulnerability from Apple, meaning they are left vulnerable to this specific zero-day bug.
What is SMTP STS? How It improves Email Security for StartTLS?
24.3.2016 Security
Despite so many messaging apps, Email is still one of the widely used and popular ways to communicate in this digital age.
But are your Emails secure?
We are using email services for decades, but the underlying 1980s transport protocol used to send emails, Simple Mail Transfer Protocol (SMTP), is ancient and lacks the ability to secure your email communication entirely.
However, to overcome this problem, SMTP STARTTLS was invented in 2002 as a way to upgrade an insecure connection to a secure connection using TLS. But, STARTTLS was susceptible to man-in-the-middle attacks and encryption downgrades.
But worry not. A new security feature is on its way!!!
SMTP STS: An Effort to Make Email More Secure
Top email providers, namely Google, Microsoft, Yahoo!, Comcast, LinkedIn, and 1&1 Mail & Media Development, have joined forces to develop a new email standard that makes sure the emails you send are going through an encrypted channel and cannot be sniffed.
Dubbed SMTP Strict Transport Security (SMTP STS), the new security standard will change the way your emails make their way to your inbox.
SMTP STS has been designed to enhance the email communication security. This new proposal has been submitted to the Internet Engineering Task Force (IETF) on Friday.
The primary goal of SMTP STS is to prevent Man-in-the-Middle (MitM) attacks that have compromised past efforts like STARTTLS at making SMTP a more secure protocol.
Why StartTLS Can't ensure Email Security?
The biggest problem with STARTTLS is:
STARTTLS is vulnerable to man-in-the-middle (MITM) and encryption downgrade attacks, which is why it does not guarantee either message confidentiality or proof of server authenticity.
SMTP STS
In STARTTLS email mechanism, when a client pings a server, the client initially asks the server that it supports SSL or not.
Forget what the server replies, as the point here to be noted is that the above handshaking process occurs in the unencrypted state.
So what if, an attacker intercept this unencrypted communication and alter the handshaking process to trick the client into believing that the server doesn't support encrypted communication?
Answer — A Successful Man-in-the-Middle attack to perform Encryption Downgrade attack.
The user would ultimately end up in a non-SSL communication, even if it is available from the legit server due to this downgrade attack.
How SMTP STS improves Email Security over StartTLS?
SMTP Strict Transport Security (SMTP STS) will work alongside STARTTLS to strengthen SMTP standard and to avoid encryption downgrade and Man-in-the-Middle attacks.
SMTP STS protects against an active hacker who wishes to intercept or modify emails between hosts that support STARTTLS.
SMTP STS relies on certificate validation via either TLS identity checking or DANE TLSA
The new email security standard will check if recipient supports SMTP STS and has valid and up-to-date encryption certificate.
If everything goes well, it allows your message to go through. Otherwise, it will stop the email from sending and will notify you of the reason.
So in short, SMTP STS is an attempt to improve where STARTTLS failed. And since the standard is only a draft proposal right now, you need to wait for it before it becomes a reality.
The Internet Engineering Task Force has six months to consider the possibilities of this new proposal, because the motion will expire on September 19, 2016.
Meanwhile, you should also try a Swiss-based, ProtonMail, a free, open source and end-to-end encrypted email service that offers the simplest and best way to maintain secure communications to keep user's personal data safe.
The Apple System Integrity Protection feature bypassed
24.3.2016 Vulnerebility Apple
Security researchers from SentinelOne have discovered a security vulnerability affecting the Apple System Integrity Protection (SIP).
Security researcher Pedro Vilaça from SentinelOne has discovered a security vulnerability ( CVE-2016-1757) affecting the Apple System Integrity Protection (SIP).
The SIP is a security mechanism implemented by Apple in the OS X El Capitan operating system for the protection of certain system processes, files and folders from being modified or tampered with by other processes, even when they are executed by a user with root privileges.
“System Integrity Protection is a security technology in OS X El Capitan that’s designed to help prevent potentially malicious software from modifying protected files and folders on your Mac.” states a blog post published by Apple.
“System Integrity Protection restricts the root account and limits the actions that the root user can perform on protected parts of OS X.”
According to the experts at SentinelOne the flaw allows circumventing the SIP technology. This vulnerability is a non-memory corruption bug that exists in every version of OS X and allows users to execute arbitrary code on any binary. It can bypass a key security feature of the latest version of OS X, El Capitan, the System Integrity Protection (SIP) without kernel exploits.
The exploit is very stable because the SIP feature can be bypassed triggering the flaw without compromising the kernel.
“This vulnerability is a non-memory corruption bug that exists in every version of OS X and allows users to execute arbitrary code on any binary. It can bypass a key security feature of the latest version of OS X, El Capitan, the System Integrity Protection (SIP) without kernel exploits.”
The attackers can exploit the flaw for various purposes, for example, the vulnerability could be exploited in a multi-stage attack in which crooks have already compromised the target system and use the flaw to gain persistence on compromised devices.
In order to exploit the vulnerability, an attacker must first figure out a way to compromise the targeted system – a task that can be accomplished via a spear-phishing attack or by exploiting a flaw in the victim’s browser, the expert said.
“The vulnerability is very easy to exploit if an attacker is able to run code on the system. The exploit is extremely reliable (100%). It could be part of a bug chain that exploits a browser like Safari or Chrome,” Vilaça explained to SecurityWeek.
SentinelOne confirmed that it isn’t aware of any attack in the wild that exploited the flaw to date.
Such kind of attacks are very insidious and difficult to detect, there is the concrete risk that nation-state hackers can leverage on this exploit in their attacks. Vilaça said he wasn’t aware of any malicious exploitation of the vulnerability to date while adding the caveat that attacks would be difficult to detect.
The flaw affects every version of Apple’s OS X desktop operating system, Apple has begun to issue security patches.
“The bug was patched with El Capitan 10.11.4 and iOS 9.3,” according to Vilaça. “Other versions do not appear to have a patch for this specific bug from Apple’s Security Bulletin, meaning they are left vulnerable to this specific bug.”
Vilaça will provide details about the SIP bypass technique today at the SysCan360 2016 security conference.
Israeli Cellebrite firm is helping FBI in cracking San Bernardino shooter’s iPhone
24.3.2016 Apple
The Israeli Cellebrite firm is helping the Federal Bureau of Investigation (FBI) in unlocking San Bernardino shooters’ iPhone.
In the last weeks, we have followed the case of the San Bernardino shooter’s iPhone that a few days ago reached an unexpected conclusion, the FBI announced on Monday to have found a way to unlock the mobile device without the Apple’s help.
The court filing doesn’t provide technical details on the technique, but confirmed that an independent party demonstrated to the US authorities a technique for unlocking the controversial iPhone.
“On Sunday, March 20, 2016, an outside party demonstrated to the FBI a possible method for unlocking Farook’s iPhone,” revealed the lawyers for the US Government in a court filing Monday afternoon. “Testing is required to determine whether it is a viable method that will not compromise data on Farook’s iPhone. If the method is viable, it should eliminate the need for the assistance from Apple set forth in the All Writs Act Order in this case,”
Now the name of the company is circulating on the Internet, it is the Israeli mobile forensics firm Cellebrite that is one of the leading companies in the world in the field of digital forensics. The company already works with the principal law enforcement and intelligence agencies worldwide.
Cellebrite provides the FBI with decryption technology as part of a contract signed in 2013, its technology allows investigators to extract information from mobile devices.
“Cellebrite’s technology is able to extract valuable information from cellular devices that could be used in criminal and intelligence investigations, even if the phone and the information it contains are locked and secure.” states a blog post published on the Israeli YNetNews.
The website of the Cellebrite company confirms that its technology allows investigators to unlock Apple devices running iOS 8.x.
“Cellebrite’s Advanced Investigative Services (CAIS) offers global law enforcement agencies a breakthrough service to unlock Apple devices running iOS 8.x. This unique capability is the first of its kind – unlock of Apple devices running iOS 8.x in a forensically sound manner and without any hardware intervention or risk of device wipe.” reports the company website.“Cellebrite’s unlocking capability supports the following devices: iPhone 4S / 5 / 5C, iPad 2 / 3G / 4G,iPad mini 1G, and iPod touch 5G running iOS 8 – 8.0 / 8.0.1/ 8.0.2 / 8.1 / 8.1.1 / 8.1.2 / 8.1.3 / 8.2/ 8.3 / 8.4 / 8.4.1.”
One of its main solutions designed by the company is the Universal Forensic Extraction Device (UFED) that could be used to extract all data and passwords from mobile phones.
If Cellebrite will be able to crack the San Bernardino shooter’s iPhone, the FBI will no longer need the Apple’s help.
cellebrite ufed-touch
According to public documents, the FBI Feds committed to a $15,278 “action obligation” with Cellebrite.
At the time I was writing there were no details of the contract between the FBI and the Cellebrite firm.
Israeli Forensic Firm 'Cellebrite' is Helping FBI to Unlock Terrorist's iPhone
23.3.2016 Apple
Meet the security company that is helping Federal Bureau of Investigation (FBI) in unlocking San Bernardino shooters’ iPhone:
The Israeli mobile forensics firm Cellebrite.
Yes, Cellebrite – the provider of mobile forensic software from Israel – is helping the FBI in its attempt to unlock iPhone 5C that belonged to San Bernardino shooter, Syed Rizwan Farook, the Israeli YNetNews reported on Wednesday.
The company's website claims that its service allows investigators to unlock Apple devices running iOS 8.x "in a forensically sound manner and without any hardware intervention or risk of device wipe."
If Cellebrite succeeds in unlocking Farook’s iPhone, the FBI will no longer need Apple to create a backdoored version of its iOS operating system that could let it access data on Farook's locked iPhone 5C.
Apple is engaged in a legal encryption battle with the US Department of Justice (DoJ) over a court order that forces the company to write new software, which could disable passcode protection on Farook's iPhone 5C.
However, Apple is evident on its part, saying that the FBI wants the company to create effectively the "software equivalent of cancer" that would likely open up all iPhones to malicious hackers.
FBI Committed $15,278 "action obligation" with Cellebrite
The revelation comes just two days after the DoJ suspended the proceedings at least until next month. The FBI told a federal judge Monday that it need some time to test a possible method for unlocking the shooter's iPhone for which they have hired an "outside party".
According to public records, the same day the Feds committed to a $15,278 "action obligation" – the lowest amount the government has agreed to pay – with Cellebrite.
Many details of the contract are not yet available, and neither the FBI nor Cellebrite has officially commented on their contract publicly.
Watch Video: Here’s What Cellebrite Can Do
Founded in 1999, Cellebrite provides digital forensics tools and software for mobile phones. One of its main products is the Universal Forensic Extraction Device (UFED) that claims to help investigators extract all data and passwords from mobile phones.
For the company's hand on iOS devices, you can watch the 2015 YouTube video (above), demonstrating one of Cellebrite's products that unlocked the device in several hours.
Now the question is:
If the FBI found its iPhone backdoor that has the potential to affect hundreds of millions of Apple users…
Will the FBI report the flaw to Apple or keep it to itself? Let us know in the comments below.
FBI may have found a New Way to Unlock Shooter's iPhone without Apple
23.3.2016 Apple
There's more coming to the high-profile Apple vs. FBI case.
The Federal Bureau of Investigation (FBI) might not need Apple's assistance to unlock iPhone 5C that belonged to San Bernardino shooter, Syed Rizwan Farook.
If you have followed the San Bernardino case closely, you probably know everything about the ongoing encryption battle between the FBI and Apple.
In short, the US Department of Justice (DOJ) wants Apple to help the FBI create a backdoored version of its iOS operating system that could let it access data on Farook's locked iPhone 5C.
Apple, meanwhile, is evident on its part, saying that the FBI wants the company to effectively create the "software equivalent of cancer" that would likely open up all iPhones to malicious hackers.
FBI to Apple: We'll Unlock iPhone by Our Own
Now the Feds say they may be able to crack the iPhone without the Apple's assistance after all.
In a court filing [PDF] submitted on Monday in a central California federal court, the DOJ requested a motion to cancel a Tuesday hearing and to suspend the proceedings at least until next month.
United States Magistrate Sheri Pym, the judge who previously ordered Apple to help the FBI unlock the encrypted iPhone, granted the request.
The cancelled hearing is because the FBI wants some time to test an alternate method for unlocking the shooter's iPhone that will not involve Apple building a backdoored iOS version.
Although the DOJ declined to comment on who is providing help to the FBI, this doesn't mean the case has been closed because the Feds still have to make sure their new technique will work.
"On Sunday, March 20, 2016, an outside party demonstrated to the FBI a possible method for unlocking Farook's iPhone," the motion reads.
"Testing is required to determine whether it is a [feasible] method that'll not compromise data on Farook's iPhone. If the method is viable, it should eliminate the need for the assistance from Apple set forth in the All Writs Act Order in this case."
FBI Wants Encryption Backdoor to Unlock More iPhones
The Feds likely already discovered this alternative method, but sought Apple's help to create a backdoor so that they could exploit the precedent for solving other pending cases, as the agency is seeking Apple's help to unlock iPhones in at least nine other cases.
But, there are some points the FBI must keep in mind before trying their alternate way to get into Farook's iPhone 5C.
If you copy the hard drive, all the data from the iPhone will remain scrambled, which will be of no use.
If you enter 10 wrong passwords, the whole iPhone will be wiped off, which means if your method fails, you'll never recover the data from the shooter's iPhone.
However, if the FBI method isn't able to unlock Farook's iPhone, the agency will again have to go back to the court to enforce the order on Apple.
Who, according to you, is this outside party?
Hacker? Security researcher? Or some Cyber-forensic expert? Let us know in the comments below.
FBI may have found a New Way to Unlock Shooter's iPhone without Apple
22.3.2016 Apple
There's more coming to the high-profile Apple vs. FBI case.
The Federal Bureau of Investigation (FBI) might not need Apple's assistance to unlock iPhone 5C that was belonged to San Bernardino shooter Syed Rizwan Farook.
If you have followed the San Bernardino case closely, you probably know everything about the ongoing encryption battle between the FBI and Apple.
In short, the US Department of Justice (DOJ) wants Apple to help the FBI create a backdoored version of its iOS operating system that could let it access data on a locked iPhone 5C belonged to Farook.
Apple, meanwhile, is evident on its part, saying that the FBI wants the company to effectively create the "software equivalent of cancer" that would likely open up all iPhones to malicious hackers.
FBI to Apple: We'll Unlock iPhone by Our Own
Now the Feds say they may be able to crack the iPhone without the Apple's assistance after all.
In a court filing [PDF] submitted on Monday in a central California federal court, the DOJ requested a motion to cancel a Tuesday hearing and to suspend the and proceedings at least until next month.
United States Magistrate Sheri Pym, the judge who previously ordered Apple to help the FBI unlock the encrypted iPhone, granted the request.
The cancelled hearing is because the FBI wants some time to test an alternate method for unlocking the shooter's iPhone that will not involve Apple building a backdoored iOS version.
Although the DOJ declined to comment on who is providing help to the FBI, this doesn't mean the case has been closed because the Feds still have to make sure their new technique will work.
"On Sunday, March 20, 2016, an outside party demonstrated to the FBI a possible method for unlocking Farook's iPhone," the motion reads.
"Testing is required to determine whether it is a [feasible] method that'll not compromise data on Farook's iPhone. If the method is viable, it should eliminate the need for the assistance from Apple set forth in the All Writs Act Order in this case."
FBI Wants Encryption Backdoor to Unlock More iPhones
Probably the Feds already had this alternative method with themselves, but they were seeking Apple's help to create a backdoor for them so that they could exploit it to solve other pending cases, as the agency is seeking Apple's help to unlock iPhones in at least nine other cases.
But, there are some points the FBI must keep in its mind before trying their alternate way to get into Farook's iPhone 5C.
If you'll copy the hard drive, all the data from the iPhone will remain scrambled, which will be of no use.
If you'll enter 10 wrong passwords, whole iPhone will be wiped off, which means if your method gets failed, you'll never recover the data from the shooter's iPhone.
However, if the FBI method isn't able to unlock Farook's iPhone, the agency will again have to go back to the court to enforce the order on Apple.
Who, according to you, is this outside party?
Hacker?, Security researcher? Or some Cyber-forensic expert? Let us know in the comments below.
The FBI might be able to crack the San Bernardino terrorist’s iPhone without Apple’s help
22.3.2016 Apple
The US authorities announced on Monday they may have found a way to unlock the San Bernardino shooters iPhone without the Apple’s help.
The FBI says it may have discovered a method to bypass Apple security measures and unlock access the iPhone used by one of the San Bernardino attackers, and a today scheduled court hearing in the case has been postponed.
We have discussed a lot on the case FBI vs Apple, last week DOJ released a brief filing that threatens to force Apple to hand over the iOS source code if it will not help FBI in unlocking the San Bernardino shooter’s iPhone, meanwhile Edward Snowden accused the FBI of lying about his ability to unlock the mobile device.
The legal battle between Apple and the FBI raised the debate about the implementation of strong encryption in commercial products, a design choice that doesn’t allow authorities to conduct crime investigations. On December 2015, Hillary Clinton called tech companies to create a Manhattan Project for Encryption.
Now it seems that we are at the terminus, on Sunday, March 20, 2016, an independent party demonstrated to the US authorities a technique for unlocking the controversial iPhone.
“On Sunday, March 20, 2016, an outside party demonstrated to the FBI a possible method for unlocking Farook’s iPhone,” revealed the lawyers for the US Government in a court filing Monday afternoon. “Testing is required to determine whether it is a viable method that will not compromise data on Farook’s iPhone. If the method is viable, it should eliminate the need for the assistance from Apple set forth in the All Writs Act Order in this case,”
The court filing doesn’t provide technical details on the technique, but this could represent the end of the fights, at least one important truce. Several third parties provided the FBI a number of suggestions for how it could crack the iPhone.
San Bernardino case Apple vs FBI
Apple is also worried that the San Bernardino case could set a legal precedent that would force IT giants to provide government access to users’ data even when these are protected by encryption.
In a court filing Monday, the FBI confirms that its experts have continued to look for a method to crack iPhone devices, even without the Apple’s help.
“Our top priority has always been gaining access into the phone used by the terrorist in San Bernardino,” explained the Justice Department spokeswoman Melanie Newman. “With this goal in mind, the FBI has continued in its efforts to gain access to the phone without Apple’s assistance, even during a month-long period of litigation with the company.”
Many experts speculate the FBI plans to access data by cloning the device until it is not able to guess the secret passcode. Basically, the experts will make an attempt to find the password for each against each copy.
Anyway, whatever method FBI will use, the government will file a status report by April 5, reveal the results of the procedure.
The unique certainly at the moment is the suspension of the order requiring Apple to help the FBI.
On the other side, Apple’s lawyers confirmed that the company will never provide help to the FBI.
Apple Engineers say they may Quit if ordered to Unlock iPhone by FBI
19.3.2016 Apple
Apple Vs. FBI battle over mobile encryption case is taking more twists and turns with every day pass by.
On one hand, the US Department of Justice (DOJ) is boldly warning Apple that it might compel the company to hand over the source code of its full iOS operating system along with the private electronic signature needed to run a modified iOS version on an iPhone, if…
…Apple does not help the Federal Bureau of Investigation (FBI) unlock iPhone 5C belonging to one of the San Bernardino terrorists.
And on the other hand, Apple CEO Tim Cook is evident on his part, saying that the FBI wants the company to effectively create the "software equivalent of cancer" that would likely open up all iPhones to malicious hackers.
Now, some Apple engineers who actually develop the iPhone encryption technology could refuse to help the law enforcement break security measures on iPhone, even if Apple as a company decides to cooperate with the FBI.
Must Read: FBI Director – What If Apple Engineers are Kidnapped and Forced to Write (Exploit) Code?
Apple Emplyees to Quit their Jobs
Citing more than a half-dozen current and former Apple engineers, The New York Times report claims that the engineers may refuse the work or even "quit their jobs" if a court order compels them to create a backdoor for the very software they once worked to secure.
"Apple employees are already discussing what they will do if ordered to help law enforcement authorities," reads the report. "Some say they may balk at the work, while others may even quit their high-paying jobs rather than undermine the security of the software they have already created."
Apple previously said that building a new backdoored version of iOS to satisfy the FBI's demand would require up to a month of work and a team of 6-10 engineers, naturally Apple's top software engineers.
Also Read: Apple is working on New iPhone Even It Can't Hack.
However, Apple employees said they already have "a good idea who those employees would be." They include:
A former aerospace engineer who developed software for the iPhone, iPad and Apple TV.
A senior quality-assurance engineer who is an expert "bug catcher" with experience in testing Apple products.
An employee specializes in security architecture for the operating systems powering Apple products including iPhone, Mac and Apple TV.
The FBI wants Apple assistant to help the authorities bypass security mechanisms on the San Bernardino shooter Syed Farook's iPhone 5C so that they can extract data from the phone.
Given that the San Bernardino case is currently working its way through the courts and that no one is prepared to stand down, the possibility that Apple might have to comply with the orders is probably years away.
After Apple, WhatsApp Under Fire from US Govt Over Encryption
15.3.2016 Apple
Before winding up the dispute of Apple and FBI over encryption, another buzz on the Whatsapp Snooping is now the hot debate on the court bench.
In the wake of WhatsApp's move to offer end-to-end encryption to text messages as well as VoIP calls made through its app, federal authorities have not been able to execute wiretapping warrants on WhatsApp users.
Though the US Department of Justice was discussing how to proceed with a continuing criminal investigation, the government is considering legal proceedings similar to those involved with Apple.
According to the New York Times, as recently as this past week, a federal judge had approved a wiretap in a criminal investigation, but WhatsApp's encryption hindered investigators.
Since any court officials have not made a final decision, the Department of Justice is very keen to drag Whatsapp into the Encryption fight war zone similar to the ongoing San Bernardino case.
In San Bernardino case, the DoJ was granted a court order to force Apple to create a special version of iOS that could defeat the encryption on a seized iPhone 5C belongs to one of the dead terrorists named Syed Rizwan Farook.
Apple has vowed both publicly as well as in court papers to fight the court order as intensely as possible, citing security concerns, but the battle between Apple and the FBI is not ending anytime soon.
Why was WhatsApp not Targeted Before?
When Whatsapp was launched in January 2010 by Brian Acton and Jan Koum, it did not initially concern about any privacy features. So there were no opinions to implement cryptographic services at that time.
This relieved the Department of Justice and federal agencies as they could see a clear pathway for snooping WhatsApp users without any legalities.
WhatsApp, now owned by Facebook, had also been criticized before for not adopting a reliable end-to-end communication that secures its user's privacy.
Whatsapp Filled the Security Holes in its Communication
Soon after the tremendous growth of Whatsapp, Facebook acquired the popular messaging service for $19 Billion in February 2014 and WhatsApp partnered with Open Whisper system and developed an end-to-end communication two years back.
This development thwarted DoJ officials and others federal authorities from eavesdropping WhatsApp users' communications for snooping purposes.
Currently, Whatsapp is not involved in any of the criminal cases prevailing in the court, except a Brazilian drug trafficking case, but still court officials debate to foresee the chance of this widely used app adoption by criminals shortly for coordinated attacks.
Obsolete Order Remains Ineffective
As noted by the Times, Wiretap order from the federal judges could not penetrate the end-to-end encrypted communication, as these were used as a valuable investigative tool in the olden time, when people used landline phones that were easy to tap.
Over the past year, WhatsApp has been upgrading encryption for its messages and VOIP calls. All WhatsApp messages sent between Android devices are end to end encrypted since past two years, and between iOS devices since last year.
This simply means that neither WhatsApp nor even its parent company Facebook can access their users' contents in plaintext, making it impossible for DoJ as well to read or eavesdrop, even with a court's wiretap order.
So, this is the time to scrap such orders from the United States Federal Laws.
However, the government has always seemed to enforce such laws on companies that provide privacy protections to its customers.
Recently, a Brazilian Facebook executive was arrested for the company's failure to comply with a federal court order to turn over WhatsApp data.
Apple is also fighting one such court order with the Federal Bureau of Investigation (FBI).
What if the FBI wins the Case?
If Apple is going to head node a "Yes" to the FBI officials, there will be no way out for the users to secure their privacy and the feds will force Apple to unlock more iPhones.
Moreover, if Apple turns to agree, the Federal officials would next dismantle the Whatsapp privacy by enforcing such laws.
As a result, again new apps would mushroom in the digital world which quotes "Security and Privacy" in their products and would again end up in the melodrama of Federal Officials.
Slowly, this would vanish the privacy of netizens and adversely affect the businesses, customers as well as the US government who rely on strong encryption to help protect their information from hackers, identity thieves and foreign cyber attacks.
Moreover federal officials do not realize the fact that their data would also be open for snooping, even if they issue any private "No-Trace" agreements with any agency.
So let's see if any privacy concern movement is being made against Whatsapp or any other tech giant that ensures its users security and privacy in near future.
Florida Sheriff threatens to Arrest 'Rascal' Tim Cook if He Doesn't Unlock the iPhone
14.3.2016 Apple
The legal battle between Apple and the Federal Bureau of Investigation (FBI) is turning ugly with each passing day.
Apple is fighting with the federal authorities over iPhone encryption case. The Federal Bureau of Investigation (FBI) requires Apple’s assistance to unlock an iPhone 5C belonging to San Bernardino shooter Syed Rizwan Farook.
Apple CEO Tim Cook has said explicitly that providing a backdoor would likely open up the company’s iPhones to not just the federal agents, but also to malicious hackers who could use it for evil purposes.
Now the Apple's decision not to comply with the court order has provoked a Florida sheriff, who has threatened to arrest Tim Cook if he gets the chance.
Sheriff Vows: I'll Lock the Rascal up.
During a Wednesday press conference, when Polk County Sheriff Grady Judd was asked about Cook's refusal to help create a custom operating system that would assist the FBI to circumvent security measures on terrorist iPhone 5C, he told reporters that Cook required knowing he's not above the law.
Here's what Judd said about Apple Vs. FBI case:
"You can't create a business model to go, 'We are not paying attention to the federal judge or the state judge. You see, we are above the law,'" said Judd quoted by FOX 13. "The CEO of Apple needs to know he's not above the law, and neither is anybody else in the United States."
Judd comments came while discussing a recent murder case where the suspects took photos of the victim on their phones. He said that the case was made easier by the brothers' decision to show those photographs.
Though the murder case Judd was discussing involved neither an iPhone nor a phone hacking, he noted that if he were to deal with locked iPhones in the future, he would put Cook behind bars under a contempt of court order.
"I can tell you, the first time we do have trouble getting into a cell phone, we're going to seek a court order from Apple," he said. "And when they deny us, I am going to go lock the CEO of Apple up. I'll lock the rascal up."
However, we could not say the sheriff was labeling Tim Cook as Rascal, but he apparently said that if he could get a chance, he might have arrested Cook for not helping authorities with backdoors.
Snowden FBI is lying, it can already unlock iPhone without Apple support
10.3.2016 Apple
Snowden accuses the FBI of lying about his ability to unlock the iphone of the San Bernardino terrorist. “that’s horse sh*t.” he said.
While the dispute between Apple and the FBI on the San Bernardino shooter’s iPhone case continues, the popular NSA whistleblower Edward Snowden takes a position giving us his opinion, and it is not so surprising.
The FBI wants to obtain a court order to force Apple to unlock the terrorist’s iPhone, the authorities have tried to do it, but an error made during the government custody apparently made impossible for the police to access the device. The FBI is demanding that Apple disables the iPhone’s “auto-erase” security feature that wipes the Apple mobile device after 10 failed passcode attempts.
On the other hand, the company of Cupertino is refusing to unlock the device, announcing a legal battle that could reach the Supreme Court.
Snowden in a video call at Blueprint for a Great Democracy conference on Tuesday accuses the FBI of lying defining its declaration defining its claims as absurd, in reality, he used a more colorful expression.
“The FBI says Apple has the ‘exclusive technical means’ to unlock the phone,” said Snowden in video conference “Respectfully, that’s horse sh*t.”
Snowden opinion on Apple vs FBI case
On the same day, Snowden shared via Twitter a link to an American Civil Liberties Union blog post titled “One of the FBI’s Major Claims in the iPhone Case Is Fraudulent,” which explains that the FBI has the ability to bypass iPhone protection mechanism.
“But the truth is that even if this feature is enabled on the device in question, the FBI doesn’t need to worry about it, because they can already bypass it by backing up part of the phone (called the “Effaceable Storage”) before attempting to guess the passcode. I’ll go into the technical details (which the FBI surely already knows) below.” states the post.
The post explains that FBI can simply make a copy of the content of the Effaceable Storage while trying to guess the passcode.
“So the file system key (which the FBI claims it is scared will be destroyed by the phone’s auto-erase security protection) is stored in the Effaceable Storage on the iPhone in the “NAND” flash memory. All the FBI needs to do to avoid any irreversible auto erase is simple to copy that flash memory (which includes the Effaceable Storage) before it tries 10 passcode attempts. It can then re-try indefinitely, because it can restore the NAND flash memory from its backup copy.” continues the post.
“The FBI can simply remove this chip from the circuit board (“desolder” it), connect it to a device capable of reading and writing NAND flash, and copy all of its data. It can then replace the chip, and start testing passcodes. If it turns out that the auto-erase feature is on, and the Effaceable Storage gets erased, they can remove the chip, copy the original information back in, and replace it. If they plan to do this many times, they can attach a “test socket” to the circuit board that makes it easy and fast to do this kind of chip swapping.”
Image credit: http://www.mobpart.com/iphone-5c-c-61_63
Snowden expressed his solidarity to IT giants that are working to provide new solutions, and improve the existing ones, to protect the users’ privacy through the implementation of strong encryption.
“We should support vendors who are willing to [say], ‘You know, just because it’s popular to collect everybody’s information and resell it to advertisers and whatever, it’s going to serve our reputation, it’s going to serve our relationship with our customers, and it’s going to serve society better. If instead we just align ourselves with our customers and what they really want, if we can outcompete people on the value of our products without needing to subsidize that by information that we’ve basically stolen from our customers’,” he told TechCrunch in June, months before the December massacre in San Bernardino. “That’s absolutely something that should be supported.”
How to bypass Apple Passcode in 9.1 and later
8.3.2016 Apple
A number of bypass vulnerabilities still affect iOS devices and could be exploited by an attacker to bypass the passcode authorization screen.
A number of bypass vulnerabilities still affect iOS devices and could be exploited by an attacker to bypass the passcode authorization screen on Apple mobile devices (iPhones and iPads) running iOS 9.0, 9.1, and the recent 9.2.1.
According to Benjamin Kunz Mejri, a researcher at Vulnerability Lab, this category of security holes can be exploited to access apps native to iOS, such as Clock, Event Calendar, and Siri’s User Interface.
In February, Benjamin Kunz Mejri discovered an authentication bypass-sized hole in both iPhones and iPads running iOS 8 and iOS 9 that can be exploited by attackers to thwart lock screen passcode.
“An application update loop that results in a pass code bypass vulnerability has been discovered in the official Apple iOS (iPhone5&6|iPad2) v8.x, v9.0, v9.1 & v9.2. The security vulnerability allows local attackers to bypass pass code lock protection of the apple iphone via an application update loop issue. The issue affects the device security when processing to request a local update by an installed mobile ios web-application.” states the technical description published by the vulnerability-lab.com.
The attacker can bring the iOS devices into an unlimited loop resulting in a temporarily deactivate of the pass code lock screen.
The real problem is that they are underestimated by manufacturers because the attack request the physical presence of the attackers which have to be in possession of the device, in the specific case the flaw is still present after it was reported three months ago (2016-01-03: Researcher Notification & Coordination (Benjamin Kunz Mejri – Evolution Security GmbH))
“The issue is not fixed after a three-month duration. We have the newest versions of iPad and iPhone and are still able to reproduce it after the updates with default configuration,” Mejri told Threatpost Monday.
This time Mejri described a number of attack vectors relying on an internal browser link request to skip the passcode screen.
In a first scenario, an attacker could request Siri to open an app that doesn’t exist, at this point Siri will open a restricted browser window to the App Store, but from there the attacker could switch back to the home screen, either via the home button, or via Siri.
apple passcode bypass
In the second scenario the attacker is using the control panel to gain access to the non restricted clock app. The attacker opens the app via siri or via panel and opens then the timer to the end timer or Radar module. The app allows users to buy more sounds for alerts and implemented a link, but if the attacker pushes the link a restricted app store browser window opens. At that point we are in the same situation of the first attack vector.
In the third scenario, the attacker opens via panel or by a Siri request the clock app. The internal world clock module includes in the bottom right is a link to the weather channel that redirects users to the store as far as its deactivated. By pushing the link also in this case a restricted appstore browser window opens.
“At that point it is possible to unauthorized switch back to the internal home screen by interaction with the home button or with siri again. The link to bypass the controls becomes visible in the World Clock (Weather Channel) and is an image as link. Thus special case is limited to the iPad because only in that models use to display the web world map. In the iPhone version the bug does not exist because the map is not displayed because of using a limited template. The vulnerability is exploitable in the Apple iPad2 with iOS v9.0, v9.1 & v9.2.1.” wrote Mejri.
In the fourth scenario the attacker opens via Siri the ‘App & Event Calender’ panel, then he opens under the Tomorrow task the ‘Information of Weather’ (Informationen zum Wetter – Weather Channel LLC) link on the left bottom. The weather app is deactivated on the Apple iOS device, a new browser window opens to the AppStore, at that point we are in the same scenario seen in the other point.
It’s unclear when Apple will fix the issues. it is possible that the flaws will be solved with the iOS 9.3.
Your iPhone will Alert You if You are Being Monitored At Work
8.3.2016 Apple
Are You an Employee?
It's quite possible that someone has been reading your messages, emails, listening to your phone calls, and monitoring your activities at work.
No, it's not a spy agency or any hacker…
...Oops! It's your Boss.
Recently, European Court had ruled that the Employers can legally monitor as well as read workers' private messages sent via chat software like WhatsApp or Facebook Messenger and webmail accounts like Gmail or Yahoo during working hours.
So, if you own a company or are an Employer, then you no need to worry about tracking your employees because you have right to take care of things that could highly affect your company and its reputation, and that is Your Employees!
Since there are several reasons such as Financial Need, Revenge, Divided Loyalty or Ego, why a loyal employee might turn into an INSIDER THREAT.
Insider Threat is a nightmare for Millions of Employers. Your employees could collect and leak all your professional, confidential data, upcoming project details to your Rivals and much more that could result in significant loss to the company.
According to the latest threat report conducted by the Vormetric, it is analyzed that 40% of organizations experienced a data breach last year, out of which 89% felt that their organizations were vulnerable to insider attacks.
In March 2010, an IT Developer in the British Airways had been accused of leaking the Airport Security procedures for terrorist-related activities. From this example, you could figure out that the Insider Threat may take up its devilish dimension to lead to a dangerous situation.
How Can Companies Monitor their Employees iPhone?
Some strategies could be benefited for the employers by tailing up employee’s daily activities during the work hours.
Major tech companies like Symantec and IBM have a history of maintaining a threat report to their employees by a dedicated device (BYOD) that regularly updates the Employee’s Professional Network usage, such as downloads or other social networking sessions, in a statistical method.
Apple also provides a similar feature to companies for monitoring their employee's activities via work-issued iPhones that are set up with an organization's Mobile Device Management (MDM) server.
This allows employers to remotely upgrade, control, track and supervise various aspects of the iPhone’s software.
iOS 9.3 Offers Companies to Monitor Employees Like Never Before
With the release of its upcoming iOS 9.3 version, Apple will provide a bunch of new features to employers, allowing companies to monitor their employees activities more deeply.
The new mobile operating system would let the company’s IT administrators enforce home screen layouts on your work-issued iPhones as well as lock apps to your home screen so that you can not be moved to a different folder or a page.
The upcoming iOS 9.3 will also allow companies to hide or blacklist specific applications that it does not want their employees to download.
So in short, your favorite games like Candy Crush or Angry Birds that your organization does not wish you to play during work hours could be blocked.
If this is not enough, your company will now also be able to enforce notification settings so that you will not be able to ignore your employers notifications.
So next time if your company calls you to report in a short notice period, you just can not say you have not read the message, neither you can give excuses that you missed it somehow.
These are some pretty significant changes the upcoming iOS 9.3 will bring in employers perspective.
Interestingly, the upcoming iOS 9.3 operating system empowers the employees as well. Let’s talk about what features the OS will offer employees.
iPhone will Notify if Your Company is Tracking You
The iOS 9.3 version will tell employees whether their employers are monitoring their company-issued iPhones.
This warning will now be displayed in two places on the work-issued iPhones:
Your iPhone’s lock-screen will display "This iPhone is managed by your organization" near the bottom of the screen, hindering you to use your phone for personal choice apart from professional usage.
Additionally, If you’ll check the "About" menu in the Setting, it will reveal what all data had been supervised by your Employer.
Such notification was not available in the previous version of iOS. This is the first time Apple is allowing its users to check whether their organization is keeping tabs on them.
Surely employees will love this new feature in upcoming iOS 9.3, but the companies may hate this features as their stand will be exposed for tracking their employees.
These new features would mark its presence in the upcoming iOS 9.3 release on March 21, 2016.
First Mac OS X Ransomware Targets Apple Users
7.3.2016 Apple
Mac users, even you are not left untouched!
The World's first fully functional Ransomware targeting OS X operating system has been landed on Macs.
Ransomware – one of the fastest-growing cyber threats – encrypts the important documents and files on infected machines and then asks victims to pay ransoms in digital currencies so they can regain access to their data.
Though Ransomware has been targeting smartphones and Windows computers for a while, Mac OS X users haven't really had to worry about this threat… until now!
As security researchers from Palo Alto Networks claims to have discovered the very first known instance of OS X Ransomware in the wild, called "KeRanger" attacking Apple's Macintosh computers, firm's Threat Intelligence Director Ryan Olson told Reuters.
The KeRanger ransomware, which appeared on Friday, comes bundled into the popular Mac app Transmission, a free and open-source BitTorrent client for Mac with Millions of active users.
Must Read: How Just Opening an MS Word Doc Can Hijack Every File On Your System.
Here's How KeRanger Works
Once a victim installs the infected versions of the app, KeRanger malware embeds itself in the victim's machine and encrypts the hard drive – containing important documents, images and videos files, as well as email archives and databases – after three days.
The KeRanger malware then asks the victim to pay 1 Bitcoin (~ $410) as the ransom amount to allow him/her to decrypt the hard disk and regain access to their important files.
The malware imposes a 72-hour lockout window unless the payment is made.
Though it is still unclear how the hackers managed to compromise the app and upload the infected files, it is believed that the hackers managed to hack the Transmission website as the site was served via HTTP rather than HTTPS.
Also Read: CTB-Locker Ransomware Spreading Rapidly, Infects Thousands of Web Servers.
How to Protect yourself against KeRanger
The security researchers suggested users to check for the existence of the following files in their machines:
/Applications/Transmission.app/Contents/Resources/General.rtf
/Volumes/Transmission/Transmission.app/Contents/Resources/ General.rtf
If any of the above-mentioned file exists, your Transmission app is likely infected with the new ransomware.
The malicious code also has a process name of "kernel_service", "kernel_pid", ".kernel_time" or ".kernel_complete," which can be killed, and stores its executable in the ~/Library directory. Delete these files if exist.
Upgrade to Version 2.91 of Transmission
Soon after, the Transmission developers released an updated version 2.92 of Transmission to ensure the ‘KeRanger’ malware files is actively removed.
So, if you had downloaded a vulnerable copy of Transmission from the web before the weekend, you must uninstall it now and upgrade to a clean 2.92 version of the software.
"Everyone running 2.90 on OS X should immediately upgrade to 2.91 or delete their copy of 2.90, as they may have downloaded a malware-infected file," Transmission posted this message in Red on its website.
Specifically, downloads of Transmission version 2.90 were infected with the nasty ransomware code that will encrypt your files after 3 days and demand a payment of $410 in Bitcoin to regain control.
However, it is worth noting that KeRanger has currently been detected only in the Transmission app for Mac. But, if the malware is widespread, it could affect other common Mac apps as well.
KeRanger, the new MAC OS X ransomware that hit Apple users on the weekend
7.3.2016 Apple Virus
Over the weekend Apple customers who were looking for the latest version of Transmission were infected by KeRanger MAC OS X ransomware.
Bad news for Apple customers, their systems were targeted for the first time over the weekend by a ransomware campaign. The experts at Palo Alto Networks Unit 42 who discovered the malicious campaign reported that Apple customers who were looking for the latest version of Transmission, a popular BitTorrent client, were infected with a new family of Ransomware that was specifically designed to target OS X installations.
“On March 4, we detected that the Transmission BitTorrent ailient installer for OS X was infected with ransomware, just a few hours after installers were initially posted. We have named this Ransomware “KeRanger.” states the report published by Palo Alto Networks.
The researchers named this new Ransomware family KeRanger, they also released a technical analysis of the malware.
Ransomware attacks on MAC OS X systems is a novelty, in the past the unique malware with similar characteristics was FileCoder, a malicious code detected by Kaspersky Lab in 2014.
“The only previous ransomware for OS X we are aware of is FileCoder, discovered by Kaspersky Lab in 2014. As FileCoder was incomplete at the time of its discovery, we believe KeRanger is the first fully functional ransomware seen on the OS X platform.” continues the post.
According to the report, users who have directly downloaded Transmission installer from the official website in a specific time interval may be been infected by KeRanger MAC OS X ransomware.
“Users who have directly downloaded Transmission installer from official website after 11:00am PST, March 4, 2016 and before 7:00pm PST, March 5, 2016, may be been infected by KeRanger.”
The Transmission project promptly removed the malicious installers on Saturday (March 5) and it is urging its users to update to the latest version (2.92).
The experts discovered that the malware was embedded within the Transmission DMG file itself, but this was not enough to install the malware. The author of KeRanger also signed the installer with a valid code-signing certificate, issued to Polisan Boya Sanayi ve Ticaret A.Ş., a holding company in Istanbul, to bypass security measured implemented by the Apple’s Gatekeeper.
The experts noticed that authors have used hidden services to masquerade the command and control infrastructure, once infected a machine the KeRanger MAC OS ransomware will wait three days before contacting a Command & Control server. Below the list of services in the Tor network used in the by the ransomware.
lclebb6kvohlkcml.onion[.]link
lclebb6kvohlkcml.onion[.]nu
bmacyzmea723xyaz.onion[.]link
bmacyzmea723xyaz.onion[.]nu
nejdtkok7oz5kjoc.onion[.]link
nejdtkok7oz5kjoc.onion[.]nu
Once the ransomware has contacted the server it starts encrypting documents having more than 300 different extensions:
Documents: .doc, .docx, .docm, .dot, .dotm, .ppt, .pptx, .pptm, .pot, .potx, .potm, .pps, .ppsm, .ppsx, .xls, .xlsx, .xlsm, .xlt, .xltm, .xltx, .txt, .csv, .rtf, .tex
Images: .jpg, .jpeg,
Audio and video: .mp3, .mp4, .avi, .mpg, .wav, .flac
Archives: .zip, .rar., .tar, .gzip
Source code: .cpp, .asp, .csh, .class, .java, .lua
Database: .db, .sql
Email: .eml
Certificate: .pem
It is interesting to note that the ransomware is not able to start the encrypting process without making the initial contact to C&C servers.
When the files are encrypted, the KeRanger MAC OS ransomware demands $400.00 USD to the victims
The researchers suspect that the KeRanger MAC OS ransomware is still under development, in fact, they noticed the malware doesn’t encrypt Time Machine backup files, but the analysis of the code revealed that the is code to perform this action is already present in the malware, but it is still not active.
“Additionally, KeRanger appears to still be under active development and it seems the malware is also attempting to encrypt Time Machine backup files to prevent victims from recovering their back-up data.”
To mitigate the infections, the digital certificate used to sign the code has been already revoked. Apple added the installers to the Gatekeeper blacklist and also updated XProtect signatures to include the new KeRanger Ransomware family.
France could Fine Apple $1 Million for each iPhone it Refuses to Unlock
3.3.2016 Apple
The United States is not the only one where Apple is battling with the federal authorities over iPhone encryption. Apple could face $1 Million in Fine each time the company refused to unlock an iPhone in France.
Despite its victory in a New York court yesterday, Apple may not be so successful elsewhere in fighting against federal authorities over iPhone encryption battle.
Yann Galut, a member of France’s Socialist Party, has submitted an amendment to a bill aimed at strengthening the French government’s ability to fight against terrorism — by arguing that…
Apple should pay a Million Euro ($1.08 Million) fine for every iPhone Apple refuses to unlock when asked to by law enforcement, The Local reported.
The same €1 Million penalty could apply to Google as well under similar conditions, forcing the tech companies to help its investigators extract data from a suspect’s smartphone in terrorism cases.
The French police seized eight smartphones last year in terror investigations, but the authorities were unable to access them. With Apple and other tech companies unwilling to help the authorities, France wants to enforce new laws to force tech companies to comply with orders.
"We are faced with a legal vacuum when it comes to data encryption, and it’s blocking judicial investigations," Galut told Le Parisien.
"Only money will force these extremely powerful companies like Apple and Google to comply. They are hiding behind a supposed privacy protection, but they’re quick to make commercial use of personal data that they’re collecting."
Apple continues to battle against the Federal Bureau of Investigation (FBI) over a court order to help the agency unlock an iPhone 5C belonging to San Bernardino shooter Syed Farook.
Other Silicon Valley giants, including Google, Facebook, WhatsApp and Twitter, defended Apple CEO Tim Cook’s stance against the FBI in the controversial San Bernardino case and the need for strong protections built into smartphone devices.
Although it remains to be seen whether this proposed law will be approved, how the San Bernardino case is resolved in the United States will definitely impact how other countries might approach the tech giants.
French Gov could fine Apple and Google €1m unless they hack mobile devices
3.3.2016 Apple
French Gov is thinking a law that would impose fines of €1 million on Apple and Google if they refused providing access users’data.
Governments worldwide continue to intensify their pressure on the IT giants requesting the access to users’ data in the name of security.
The US Government wants Apple unlock its mobile devices to access data, the Brazilian Government arrested the Facebook Latin America VP because the company refused to provide access to WhatsApp data to law enforcement in drug trafficking investigation.
The United States is not the only one where Apple is battling with the federal authorities over iPhone encryption.The last Government in order of time that is threatening IT giants is the French one, according to The Local website, Apple in fact could face $1 Million in fine each time it refused to unlock an iPhone in France.
French Gov iphones Sand Bernardino shooter case
The same penalty could apply to Google if the company refuses to give access users’ data to the French authorities.
A member of French Socialist Party, Yann Galut, has submitted an amendment to a bill aimed at strengthening the French government’s ability to fight against terrorism.
“On Monday, French Socialist MP Yann Galut proposed an amendment to French law that – if passed – would see the US companies punished if they didn’t give French officials backdoor access to terrorists’ phones. ” states The Local website
“Galut said on Monday that companies like Apple and Google should be fined up to €1 million when they didn’t cooperate in such cases. “
“We are faced with a legal vacuum when it comes to data encryption, and it’s blocking judicial investigations,” Galut told Le Parisien.
“Only money will force these extremely powerful companies like Apple and Google to comply. They are hiding behind a supposed privacy protection, but they’re quick to make commercial use of personal data that they’re collecting.”
Galut sustains that the punishment aims to discourage companies that were operating under “total bad faith”.
The French law enforcement seized eight mobile last year in investigations on suspects for terrorism, in all the cases the police was not able to access their content. The response of the France Government is a new law framework to oblige IT companies to comply with court orders.
The IT giants, including Google, Facebook, Twitter and WhatsApp, sided with Apple against the request of the US Government in the San Bernardino case.
Let’s wait for the final judgement on the case.
The return of HackingTeam with new implants for OS X
2.3.2016 Zdroj: Kaspersky Apple
Last week, Patrick Wardle published a nice analysis of a new Backdoor and Dropper used by HackingTeam, which is apparently alive and well. Since HackingTeam implants are built on-demand for each target, and it appears that the samples mentioned in the blog were found in-the-wild, we wanted to take a closer look: to see how it works and what its functionality reveals about the possible interest of the attackers behind this latest Backdoor.
Encryption key
The main Backdoor component receives its payload instructions from an encrypted Json configuration file. In order to decrypt the configuration file, we began by using known keys, but none of them were able to decrypt the file. Upon checking the binary file we were able to identify that the function used to encode the file is still AES 128, so we started to look for a new encryption key. We located the initialization of the encryption routine, where the key is passed as an argument.
By following this code we were able to find the new key used to encrypt the configuration file.
As you can see, the key is 32 bytes long, so just the first 16 bytes are used as the key. By using this key on our script we successfully decrypted the configuration file, which turns out to be a Json format file carrying instructions on how that particular Backdoor needs to operate on the target’s OS X machine:
What does the implant do?
It takes screenshots
It synchronizes with or reports stolen information to a Linode server located in the UK, but only when connected to Wi-Fi and using a specific Internet channel bandwidth defined by the Json configuration file:
It steals information on locally-installed applications, address book entries, calendar events and calls. OS X allows iPhone users to make such calls straight from the desktop when both are connected to the same Wi-Fi network and trusted.
It spies on the victim by enabling frontal camera video recording, audio recording using the embedded microphone, sniffing local chats and stealing data from the clipboard.
It also steals emails, SMS and MMS messages from the victim, which are also available on the OS X desktop when an iPhone is paired.
Among other functionalities it also spies on the geolocation of the victim.
It’s interesting to note that the Json file says that the start date of the operation is October 16 (Friday), 2015. This indicates that this is a fresh HackingTeam Backdoor implant.
For some reason the attacker was not interested in any emails sent to or from the target before that date but only from then on.
Kaspersky Lab detects the above-mentioned Backdoor implants as Backdoor.OSX.Morcut.u and its dropper as Trojan-Dropper.OSX.Morcut.d
FBI Admits — It was a 'Mistake' to Reset Terrorist's iCloud Password
2.3.2016 Apple
Yes, FBI Director James Comey admitted that the investigators made a "mistake" with the San Bernardino investigation during a congressional hearing held by the House Judiciary Committee.
Apple is facing a court order to help the FBI unlock an iPhone belonged to San Bernardino Shooter by developing a backdoored version of iOS that can disable the security feature on the locked iPhone.
Apple's Chief Executive Tim Cook has maintained his stand over Privacy and Security, saying the company will fight the court order because it is dangerous for the security and privacy of all of its users.
As the company earlier said, Apple had been helping the FBI with the investigation in San Bernardino case since early January by providing an iCloud backup of Farook's iPhone under a court order and ways to access Farook's iPhone…
...but the problem, according to Apple, was that the feds approached the company after attempting a 'blunder' themselves.
Also Read: FBI Director — "What If Apple Engineers are Kidnapped and Forced to Write Code?"
Just after the San Bernardino terrorist attacks, an unnamed local police official 'Reset the Apple ID Passcode' associated with the shooter's iPhone 5C in "less than 24 hours after the government took possession of the device" in an attempt to access the data.
When the feds approached Apple to help them brute force the passcode without losing data, the company suggested the FBI an alternative way, i.e.:
Connect Farook's iPhone to the Internet by taking it to a known Wi-Fi range. This way his iPhone would have automatically backed up device data with his iCloud Account.
FBI Director: It was a 'Mistake' to Reset iCloud Password
However, when one of the committee members asked Comey about whether the iPhone had its iCloud password changed, preventing the phone from backing up to accessible Apple servers.
Comey was forced to admit that the iCloud password was changed at the FBI's request, calling it a "mistake." Though the FBI previously stated that changing the iCloud password was not a screw-up.
"As I understand from the experts, there was a mistake made in that 24 hours after the attack where the [San Bernardino] county at the FBI's request took steps that made it hard—impossible—later to cause the phone to back up again to the iCloud," Comey said in testimony.
Must Read: Apple is working on New iPhone Even It Can't Hack.
FBI Asked NSA to Unlock iPhone, But NSA couldn't Do it
This was not the only difficult question Comey fielded in the hearing. Comey was also asked how many other federal agencies the Federal Bureau of Investigation (FBI) had asked for help.
Apple itself asked the FBI similar question last week: If the FBI wants to hack an iPhone, why doesn't it just ask the NSA?
Comey replied that people who watch too much television exaggerated the technical capabilities of federal agencies. He did directly respond to a question about whether the U.S. National Security Agency (NSA) helped.
His answer was pretty clear: No, the NSA could not do it.
Also Read: Apple Can Unlock iPhones, Here's How to Hack-Proof your Device.
Here's what Rep. Judy Chu, Democrat of California asked Comey during the hearing on "The Encryption Tightrope: Balancing Americans' Security and Privacy":
I'd like to ask about law enforcement finding technical solutions....Has the FBI pursued these other methods tried to get help from within the federal government, such as from agencies like the NSA?
Here's the response from Comey:
Yes is the answer. We've talked to anybody who will talk with us about it, and I welcome additional suggestions.
During the hearing, Comey wanted to highlight Apple's capability to create a backdoor to unlock the iPhone's encryption, a fact Apple has admitted.
Also Read: Apple hires developer of World's Most Secure Messaging App.
From the beginning, the members of the House Judiciary Committee indicated a strong disapproval of the FBI's actions in the San Bernardino case. Rep. Conyers, a ranking member of the committee, noted that he has long opposed mandating backdoors in a service.
Waiting for a court ruling, a New York Judge rejected FBI request to unlock an iPhone
1.3.2016 Apple
The federal magistrate Judge James Orenstein has ruled in favor of Apple, rejecting the FBI request to unlock an iPhone.
In the last weeks, we have followed the dispute between Apple and FBI regarding the possibility to unlock the iPhone used by one of the San Bernardino shooters.
The FBI required Apple to modify the iOS operating system running on the terrorist’s iPhone by creating a specific update to push into the device and that allows to disable security measures.
News of the day is the victory obtained by the Apple company in court against the Federal Bureau of Investigation, the federal magistrate Judge James Orenstein has ruled in favor of Apple, rejecting the request to oblige the giant of Cupertino to help the feds in accessing data stored from a locked iPhone in another criminal case.
The ruling was issued on Monday by the Judge Orenstein for the Eastern District of New York as part of the criminal case against Jun Feng, a man who was pleading guilty in October last year to drug charges.
Also in this case, the authorities seized the iPhone of the accused, but they were not able to access its content. The Drug Enforcement Administration (DEA) and the FBI decided to request the judgment of the court to obtain an order requiring Apple to unlock the device.
The law enforcement agencies invoked the “the authority of the All Writs Act of 1789,” an old law that states US authorities could bypass the iPhone’s security measures.
Orenstein rejected the request and argued that the government can not misuse the All Writs Act to force private companies to help access data stored in a locked device.
“As set forth below, I conclude that in the circumstances of this case, the government’s application does not fully satisfy the statute’s threshold requirements: although the government easily satisfies the statute’s first two elements, the extraordinary relief it seeks cannot be considered “agreeable to the usages and principles of law.” In arguing to the contrary, the government posits a reading of the latter phrase so expansive – and in particular, in such tension with the doctrine of separation of powers – as to cast doubt on the AWA’s constitutionality if adopted.” wrote Orenstein.
“Moreover, I further conclude that even if the statute does apply, all three discretionary factors weigh against issuance of the requested writ, and that the Application should therefore be denied as a matter of discretion even if it is available as a matter of law”
The All Writs Act isn’t the unique law invoked in this case, another important law, the Communications Assistance for Law Enforcement Act (CALEA) forbids any interference by government.
Waiting for a final rule for the San Bernardino, Apple is going on in its personal fight in defense of the users’ privacy. It has been reported that the company is already working on a new iPhone that is impossible to hack, even by Apple experts.
New York Judge Rules FBI Can't Force Apple to Unlock iPhone
1.3.2016 Apple
Apple Won a major court victory against the Federal Bureau of Investigation (FBI) in an ongoing legal battle similar to San Bernardino.
In a New York case, a federal magistrate judge has ruled in favor of Apple, rejecting the U.S. government’s request to force Apple to help the FBI extract data from a locked iPhone.
This ruling from United States Magistrate Judge James Orenstein for the Eastern District of New York is a significant boost to Apple’s pro-privacy stance to resist the agency’s similar efforts over unlocking iPhone 5C of an alleged San Bernardino terrorist.
The ruling [PDF] was issued on Monday as part of the criminal case against Jun Feng, who was pleaded guilty in October last year to drug charges.
The Drug Enforcement Administration (DEA) seized Feng’s iPhone 5 last year, but even after consulting the FBI, it was unable to access the iPhone. According to both the DEA and FBI, it’s impossible for them to overcome the security measures embedded in Apple’s iOS.
Thus, the government filed a legal motion seeking a court order requiring Apple to help in the investigation "under the authority of the All Writs Act of 1789" – the same old law the FBI is invoking in the San Bernardino case – so that the government could bypass the iPhone’s passcode security.
However, the company objected the order, noting that there were nine more criminal cases currently pending in which the U.S. government was seeking a similar court order.
Orenstein also disagrees to the government request for this ruling because it involved the wide interpretation of the All Writs Act that has been used to force private companies, like Apple, to comply with government requests for user information.
Ultimately, Judge Orenstein argued that the government can not misuse the All Writs Act to compel private companies to help extract information from locked devices that the government wants.
Here’s what Orenstein writes:
"The government posits a reading…so expansive—and in particular, in such tension with the doctrine of separation of powers—as to cast doubt on the All Writs Act’s constitutionality if adopted."
A different law, named the Communications Assistance for Law Enforcement Act (CALEA), explicitly forbids the type of interference government requested in this and the San Bernardino case.
What’s worth notable is that in the San Bernardino case, the FBI requires Apple to create a whole new mobile operating system for the terrorist’s iPhone, which is an even greater demand the law enforcement is pushing on Apple, than in this drug case.
However, the decision for the San Bernardino case is still pending. Apple is continuously fighting its legal battle against the FBI, so let's see who’ll win this battle over privacy: Apple or The FBI? What do you think? Know us in the comments below:
New HackingTeam OS X RCS spyware in the wild, who is behind the threat?
1.3.2016 Apple
A new OS X sample of the Hacking Team RCS has been detected in the wild, who is managing it? Is the HackingTeam back?
A group of malware researchers has discovered a new strain of Mac malware undetected my most security firm, but more intriguing is the speculation that the malicious code may have been developed by the Italian security firm HackingTeam.
Pedro Vilaça, a security researcher at SentinelOne, has published an interesting post titled “The Italian morons are back! What are they up to this time?” that analyzes a sample of OS X RCS recently received by the expert. Remote Control System, aka RCS, is the surveillance software developed by the Italian firm and used by a large number of government and intelligence agencies worldwide.
The sample was uploaded on February 4 to the VirusTotal which at the time confirmed that the malware wasn’t detected, meanwhile at the time I’was writing it has a detection rate of 15/55.
)The analysis of the new sample received by Vilaça revealed that the installer was last updated in October or November, and the configuration date for this sample is October 2015, a few months after the HackingTeam hack.
“First we locate the configuration file encryption key and then decrypt it. There we can find the configuration dates for this sample, 2015-10-16, confirming that this is indeed a post hack sample. The C&C server IP for this sample is 212.71.254.212. It’s already down and I didn’t verified if it was up before starting to tweet about this sample on last Friday” states Vilaça.
Still,Vilaça used the Shodan search engine and VirusTotal to perform further researches on the C&C server, he discovered that the machine referenced by this OS X RCS sample was still active in January.
What happened to HackingTeam after the clamorous data breach? At the time they promised to release a new version that they were telling was not affected by the hack. Is this really true?
The company announced to release a new version of its surveillance software, but the analysis of the source code of this new sample suggests that is has been compiled out of the leaked source code base, and apparently it hasn’t introduced new improvements.
“I can guarantee you that this sample code is coming from that code base, up to the last commit (there are probably newer commits after the leak). HackingTeam appears to have resumed their operations but they are still using their old source code for this. Of course there is a question of are they using both old and the new promised source code or were they just lying about it and resumed operations with old code since they are probably on a shortage of engineering “talent”? This is definitely a question their customers will have to ask them ;-).” continues the expert.
The expert concluded that the new strain of Mac malware is a very fresh sample that demonstrates that the HackingTeam is still alive and that is is operating under cover.
“HackingTeam is still alive and kicking but they are still the same crap morons as the e-mail leaks have show us,” Vilaça wrote. “If you are new to OS X malware reverse engineering, it’s a nice sample to practice with. I got my main questions answered so for me there’s nothing else interesting about this. After the leak I totally forgot about these guys :-).”
Another interesting analysis of this new sample of the RCS spyware has been published by Patrick Wardle, a cyber security expert at Synack. Wardle explained that the new sample is based on the old HackingTeam RCS code, but implements sophisticated techniques to evade detection and analysis.
Last summer, at Blackhat Wardle gave a presentation entitled Writing Bad @$$ Malware for OS X that provided suggestions as to how OS X malware could be improved, including the use of Apple’s native encryption scheme to protect malicious binaries.
“Diving in, the first thing we notice is that it is encrypted with Apple’s native OS X encryption scheme.” wrote Wardle. “… it’s nice to finally see some OS X malware that uses Apple’s native OS X encryption scheme, as well as custom packers. “
The expert noticed that the installer was “packed” with this technique to make hard reverse engineering and analysis.
At this point, there are two hypotheses on the origin of the sample:
Someone is maintaining and updating the code leaked in the HackingTeam hack.
HackingTeam is back, but it is still using old RCS code with a few improvements.
Let me close with the last update provided by Vilaça in his analysis.
“I just found some unique code in this dropper. This code checks for newer OS X versions and does not exist in the leaked source code. Either someone is maintaining and updating HackingTeam code (why the hell would someone do that!?!?!) or this is indeed a legit sample compiled by HackingTeam themselves. Reusage and repurpose of malware source code happens (Zeus for example) but my gut feeling and indicators seem to not point in that direction.”
A journalist has been hacked on a plane while writing an Apple-FBI story
29.2.2016 Apple
The journalist Steven Petrow had his computer hacked while on a plane, it was a shocking experience that raises the discussion on privacy.
Experts in the aviation industry are spending a significant effort in the attempt of improving cyber security. The news that I’m going to tell you has something of incredible.
The American journalist and author Steven Petrow, who is now writing for USA Today explained that he was contacted by a fellow passenger on an American Airline flight from North Carolina to Dallas, who told him that he accessed his email account.
American-Airlines privacy hacking
“I don’t really need to worry about online privacy,” wrote Petrow. “I’ve got nothing to hide. And who would want to know what I’m up to, anyway?
Petrow is a journalist, not an investigative reporter and is not involved in any specific investigation, so the interest of the alleged hacker appeared very strange to him.
Petrow was writing an article on the “Apple vs FBI” case while he was on the plane, but another passenger was well informed about the work of the journalist.
After the plane landed, the journalist was leaving the plane when a fellow in the same row asked to speak with him.
“I need to talk to you.” the man said. “You’re a reporter, right?” “Wait for me at the gate.”
The journalist waited for the fellow passenger and when met him at the gate asked to explain.
“How did you know I was a reporter?” the journalists asked.
“Are you interested in the Apple/FBI story?” replied the man ignoring the question,
“I hacked your email on the plane and read everything you sent and received. I did it to most people on the flight.”
As a proof of the hack, the fellow passenger cited the exact content of one the mail he received while in flight.
“One of my emails was pretty explicit about the focus of my story and I had emailed Bruce Schneier, a security expert who had previously written in the Washington Post about this very issue.” wrote Petrow.
During the flight, Petrow worked on the article and sent and received several email messages through the American Airlines Gogo in-flight Internet connection.
The Gogo wireless is American Airlines free internet service provided to passengers. When passengers use it are advised to avoid transmitting sensitive data, but most of the passengers still ignore the risks.
The Gogo service operates in the same ways as most open Wi-Fi hotspots, this means that is important avoid sharing sensitive data while accessing it. on the ground.
Gogo recommends the use of a virtual private network for sending sensitive data, but of course, the journalist ignored this best practice.
The fellow passenger explained the journalist the risks for connecting to open networks.
“That’s how I know you’re interested in the Apple story,” he continued. “Imagine if you had been doing a financial transaction. What if you were making a date to see a whore?”
“That’s why this story is so important to everyone,” he told Petrow. “It’s about everyone’s privacy.”
The man then went away, but the event upset the reporter. His privacy had been violated, the same that happens every day to millions of unaware users.s
“For me, I felt as though the stranger on the plane had robbed me of my privacy—as was explicitly his intent. He took the decision of what to share out of my hands. He went in through the back door of the Gogo connection.
Apple hires developer of World's Most Secure Messaging App
26.2.2016 Apple
Apple is serious this time to enhance its iPhone security that even it can not hack. To achieve this the company has hired one of the key developers of Signal — World's most secure, open source and encrypted messaging app.
Frederic Jacobs, who worked to develop Signal, announced today that he is joining Apple this summer to work as an intern in its CoreOS security team.
"I'm delighted to announce that I accepted an offer to be working with the CoreOS security team at Apple this summer," Jacobs tweeted Thursday.
Signal app is widely popular among the high-profile privacy advocates, security researchers, journalists and whistleblowers for its clean and open source code, and even the NSA whistleblower Edward Snowden uses it every day.
Signal messages are end-to-end encrypted, which means only the sender and the intended recipient can read the messages. Although Apple's iMessage is also end-to-end encrypted, it is not open source.
Apple to build 'Unhackable' Services
The reason behind the Apple's hiring is quite clear as the company is currently fighting a US court order asking Apple to help the FBI unlock iPhone 5C of San Bernardino shooter Syed Farook.
Basically, Apple is deliberately forced to create the special, backdoored version of iOS, so that the Federal Bureau of Investigation (FBI) may be able to Brute Force the passcode on Farook's iPhone without losing the data stored in it.
However, Apple CEO Tim Cook has already refused to provide such a backdoor into the iPhone that would degrade the privacy and security of all iPhone users.
If comply with the court order, the company would be flooded by the FBI and the CIA requests to unlock more iPhones of criminals in near future and the recent request made by the United States government to unlock 12 more iPhones would be just a starter.
But, in an effort to eliminate the chance for government and intelligence agencies for demanding backdoors, the company is removing its own ability to do that, for which they are hiring new interns in its core security team.
Apple found Jacobs a good fit for this, as he had spent two and half years with Open Whisper Systems, the company behind Signal, before leaving the company earlier this year.
Apple to Fully Encrypt iCloud Backups
In San Bernardino shooter's case, Apple admitted that it helped the FBI in every possible way by providing iCloud Backup of Farook, but now…
Apple is working on encrypting iCloud backups that only the account owner would have access, eliminating either way for the government or hackers that could expose its users data.
While creating iCloud backups of users' photos, videos, app data, iMessage, voicemails, SMS, and MMS messages, Apple stores a copy of its users' decryption keys itself that could be provided to authorities when presented with a valid warrant.
But citing some anonymous sources, the Financial Times reports that now Apple will not keep a copy of user's decryption key with it, and the encrypted iCloud backups would only be unlocked by the account holder using her/his passcode.
Discover how many ways there were to hack your Apple TV
26.2.2016 Apple
Apple has patched more than 60 vulnerabilities affecting the Apple TV, including flaws that can lead to arbitrary code execution and information disclosure.
IoT devices are enlarging our attack surface, we are surrounded by devices that manage a huge quantity of information and that could be abused by hackers.
Apple has patched more than 60 vulnerabilities affecting the Apple TV, including flaws that can lead to arbitrary code execution, information disclosure, crash of the application, modifications to protect parts of the filesystem.
This new release of Apple TV version 7.2.1, comes 10 months after the lasted update issued in April 2015. The new version fixes a number of security vulnerabilities in several components of the Apple TV. The company has patched 33 issued, collectively referenced in 58 CVEs, Apple fixed 19 code execution holes that could be exploited with crafted web content.
The changes will be automatically applied to the users that have enabled the automatic updates.
The experts at Apple solved serious security issued residing in the WebKit, the kernel, the third-party app sandbox, Office Viewer, IOKit, ImageIO, FontParser, DiskImages, bootp, CloudKit, and other libraries.
A close look at the list of security holes reveals the presence of a memory corruption flaw (CVE-2015-5776) that could be exploited to by a remote attacker to gain arbitrary code execution or crash applications. Other security vulnerabilities could be triggered by attackers using malicious or malformed DMG files, plists, and apps.
The new release included a series of fixes that Apple has released over the time for other products, the company is spending a significant effort to design a new generation of devices with improved security and that meets strict requirements in term of security.
Recently the company refused to hack into the San Bernardino shooter’s iPhone, and while the dispute with the FBI is going on, it has been reported that Apple is working on a new model that will be impossible to hack.
The new iPhone designed by Apple will be unhackable
26.2.2016 Apple
Apple has begun developing security features for the new iPhone to make it impossible for the law enforcement agencies to break into a locked iPhone
The news related to the request made by the FBI to Apple of unlocking the iPhone of Syed Farook, one of the San Bernardino shooters has raised the debate on the efficiency of encryption measures implemented to protect users’ privacy.
Apple’s CEO was categorical on the subject:
“The only way to get information — at least currently, the only way we know — would be to write a piece of software that we view as sort of the equivalent of cancer. We think it’s bad news to write. We would never write it,” Tim Cook explained in the interview.
While the US Government invites the company to implement a mechanism to allow law enforcement the access to mobile devices during the investigation on suspects, Apple is working on a new iPhone that will be unhackable even by the experts of the company.
According to the New York Times, Apple is studying new security features will not allow the use of hacking techniques to bypass the passcode that protects iPhone and iPad.
“Apple engineers have begun developing new security measures that would make it impossible for the government to break into a locked iPhone using methods similar to those now at the center of a court fight in California, according to people close to the company and security experts.” states a blog post published on the NYT.
The new iPhone will not allow law enforcement and intelligence agencies to bypass security measures implemented by Apple.
The US authorities have requested Apple to unlock 12 more iPhone devices, but if the company Apple agrees to one request, there is the concrete risk that it will be a huge number of similar requests.
Clearly Apple is also trying to benefit the story, refusing the FBI’s request it will reinforce its image of privacy with its customers.
“For all of those people who want to have a voice but they’re afraid, we are standing up, and we are standing up for our customers because protecting them we view as our job,” added Tim Cook in an interview with ABC News.
Apple is working on New iPhone Even It Can't Hack
25.2.2016 Apple
Amid an ongoing dispute with the United States government over a court order to unlock iPhone 5C of one of the San Bernardino shooters Syed Farook…
...Apple started working on implementing stronger security measures "even it can't hack" to achieve un-hackability in its future iPhones.
The Federal Bureau of Investigation (FBI) is deliberately forcing Apple to create a special, backdoored version of iOS that could let them brute force the passcode on Farook's iPhone without erasing data.
However, the FBI approached the company to unlock the shooter's iPhone 5C in various ways like:
Create a backdoor to shooter's iPhone.
Disable the Auto-destruct feature after numerous tries.
Increase the brute force time to try out all combinations.
Minimize the time of waiting for a window after each try.
..and much more
Apple is still fighting the battle even after the clear refusal to the court that it will not provide any backdoor access to the agency that would affect its users’ privacy and security in near future.
New iPhones will be Unhackable
Apple has taken this sensitive issue on top priority in their stack to solve the privacy and security of public by covering any existing way out (if any).
According to the New York Times, Apple is working on new security measures that would prevent the governments or federal enforcements from using passcode bypassing techniques to access iPhones or any iOS devices in the future.
This breakthrough would ensure that the upcoming Apple products would not be subjected to any susceptibility by any means.
In short, the main highlight of this move is that even Apple could not be able to intercept into their customer data whether it is for criminal identification demand from FBI or any government spying agency like NSA.
In San Bernardino shooter's case, Apple helped the FBI in every possible way by providing iCloud Backup of Farook and suggesting other alternative ways to view his iPhone data.
But, Apple refused to the FBI Request and Californian Judge demands for the backdoor creation in order to pull out the terrorist data from iPhone 5C.
"The only way we know would be to write a piece of software that we view as sort of the software equivalent of cancer. We think it's bad news to write. We would never write it. We have never written it," stated Apple CEO Tim Cook in an interview.
Government wants Apple to Unlock 12 More iPhones
As Cook's statement has a silent underlined meaning that the company could write a code snippet exclusively for this device to make a breakthrough in Farook's case.
But if Apple agrees to one request, then the company would be flooded by the FBI and the CIA requests to unlock more iPhones of criminals in near future.
The recent request made by the United States government to unlock 12 more iPhones is just a starter of the above-explained scenario.
Tech biggies like Google, Facebook, and WhatsApp, has favored Apple's decision regarding the User Privacy, but the politicians like Presidential Candidate Donald Trump criticized the Apple's decision, making a controversial statement to "Boycott Apple" on Twitter.
The looping requests of the FBI, battles in Social Medias and much more controversies made Apple rethink about the security of their future products. And since the company doesn't want to fly in the face of danger, it decided to bolster the security in its forthcoming iPhone releases.
Just One Device? No, Government wants Apple to Unlock 12 More iPhones
24.2.2016 Apple
Until now, the FBI is asking for Apple's help in unlocking the iPhone belonging to one of the terrorists in the San Bernardino shootings that killed 14 and injured 24 in December.
However, in addition to iPhone 5C belonged to San Bernardino shooter Syed Farook, the U.S. Justice Department is looking at court orders forcing Apple to help officials unlock at least 12 iPhones.
Citing sources, the Wall Street Journal reported that the federal authorities want to extract data from iPhones seized in a variety of criminal investigations are involved in undisclosed cases where prosecutors are compelling Apple to help them bypass iPhone's lockscreen.
Although more details of these cases are not yet publicly disclosed, these dozen or so cases are all distinct from San Bernardino shooter's case and involve many iPhones using an older iOS version that has fewer security barriers to bypass.
Also Read: Police Reset Shooter's Apple ID that leaves iPhone Data Unrecoverable.
However, Apple is fighting government demands in all these cases and, in a number of cases, had objected the US Justice Department's efforts to force its company through an 18th-century law called the All Writs Act, according to which, the courts can require actions to comply with their orders.
Bill Gates wants Apple to Help the FBI
Apple's refusal to unlock iPhone linked to one of the San Bernardino shooters has escalated a battle between the technology company and the U.S. Federal Bureau of Investigation.
Although many Big Fishes in Technology industry including Facebook, WhatsApp, and Google supported Apple's stand, many politicians including Donald Trump have criticized and opposed Apple.
...and the latest in the opposition of Apple's decision is Microsoft co-founder, Bill Gates.
"Nobody's talking about a backdoor," Gates told Financial Times. "This is a specific case where the government is asking for access to information. They are not asking for some general thing, they are asking for a particular case."
However, in a separate interview later Tuesday with Bloomberg, Gates said he was "disappointed" with headlines based on the FT report claiming that he supported the FBI in its ongoing battle with Apple, saying "that does not state my view on this."
In past, Microsoft had collaborated closely with the US government agencies to allow its users' communications to be intercepted.
Microsoft helped the NSA (National Security Agency) to circumvent its own encryption and built a series of backdoors into Outlook.com, Skype, and SkyDrive to ease difficulties in accessing online communications, according to documents leaked by Edward Snowden.
Mother of San Bernardino Victim Supports Apple
Though the FBI, DoJ, and politicians like Donald Trump are unable to understand the importance of privacy, a mother who lost his son in San Bernardino, California terrorist attack last December says, Right to Privacy 'makes America great.'
Also Read: Now We Know – Apple Can Unlock iPhones, Here's How to Hack-Proof your Device.
Carole Adams, whose son Robert was killed in the terrorist attack last year, has supported Apple's stand on encryption and said the company is within their rights to protect the privacy of all United States citizens.
The battle between Apple and the FBI, in which the agency is asking the company to create a backdoored version of iOS for unlocking the shooters' iPhone 5C, is taking new twists and turns every day, so let's see who wins.
Use of acid and lasers to access data stored on iPhones
24.2.2016 Apple
While Apple is refusing to support the FBI in the case of San Bernardino shooter Snowden says the FBI can use decapping technique to crack iPhones.
Over the last days, there is a huge discussion between Apple and FBI in relation to the access to San Bernardino terrorist Syed Farook’s iPhone. FBI demand to hack the phone so the agency obtains full access to the Farook’s iPhone data with Apple’s assistance; however Apple rejects the demand backing it up by the idea of protection of the privacy of all iPhone users. Moreover, Apple publicly announced its dismiss of the court order since the provision of such access would generate a backdoor into Apple products which in turns would provide unrestricted access to experts and criminals to Apple customer data, thus open opportunity of spying on Apple users in terms of intercepting phone calls, text messages and tracking their location through GPS.
The current debate has merged into an argument regarding the Apple digital rights and protection of privacy of its clients against the FBI argument concerning Farook’s possible links to terrorist networks as well as future prevention of terrorist plots declaring that security and justice are more significant concerns in comparison to privacy (Ghosh, 2016).
In accordance with FBI statements the access to the San Bernardino terrorist Syed Farook’s iPhone 5c data is only possible through the Apple assistance in terms of creating a backdoor due to the fact that FBI had already tried other methods such as returning the iPhone to its home Wi-Fi network aiming at backing up automatically San Bernardino perpetrator’s data to the iCloud but unsuccessfully because Farook seemed to have disabled the automatic update function. Another FBI’s unsuccessful technique is associated with the attempt to access Farook’s iCloud account through resetting his Apple ID; however the resetting provoked Apple Security Measure which averted the backup of the iPhone data.
But Edward Snowden, former NSA whistleblower thinks otherwise. According to him FBI is not limited only to this way to access Farook’s iPhone 5c content, but instead, FBI can rely on the use of acid and lasers to access the iPhone data with no need of Apple to hack the iPhone.
“The problem is, the FBI has other means… They told the courts they didn’t, but they do. The FBI does not want to do this,” said Snowden“
The mechanism proposed by Snowden is well-known as „chip decapping” (Ghosh, 2016).
Process of chip decapping
Chip decapping is a method during which the main processor chip is physically processed to extract its contents. The first step is the use of acid to get rid of the chip’s encapsulation followed by a laser drill down into the chip with the purpose of displaying the share of the memory which comprises the iPhone’s distinctive ID so-called UDID data.
The next step involves the placement of tiny probes on the spot where the data is, in order to display gradually the UDID and the algorithm utilized to resolve it. After the extraction of the information, the FBI is enabled to transfer it to a super computer so the missing passcodes can be recovered through trying all probable combinations whereas one unlocks the phone data. Furthermore, due to the fact that the mechanism is implemented outside the iOS the danger that the data will be wiped out or self-destruct is limited. Of course, this method also has weaknesses, and the most significant one is the occurrence of a minor mistake during the implementation of the method can lead to chip destruction which in turns means that all access to the phone’s data will be permanently lost (Goodin, 2016).
Infrared laser glitching
During an interview with an independent researcher conducted by the media (ABC News), the decapping technique was discussed so the interviewee shared his/her opinion that this method will have doubtful success against an iPhone and it’s likely to result in permanent loss of the content.
In addition, the interviewee suggested that the use of infrared laser glitching would be a better option because the chance to lose the data is slightly reduced. The method is associated with the slight piercing of the chip followed by getting access to UID data through an infrared laser (Goodin, 2016).
Furthermore, this particular method proved to be effective in the past by the hardware hacker Chris Tarnovsky who conducted an attack which led to damage on the microcontroller disabling the lockdown of Xbox 360 game console. To perform his attack, Tarnovsky used an electron microscope, well-known as ion beam workstation which enabled him to examine the chip in terms of nanometer scale. As a result, he had the ability to manipulate and control its individual wires utilizing microscopic needles. Therefore, such methods are technically doable against an iPhone but these methods lack the practicality due to the fact that the degree of destroying forever the hardware is significantly high and the use of these mechanisms is immensely high (Goodin, 2016).
The federal magistrate judge has ordered Apple to produce software which will be able to work against all older iPhones which lack modifications. This new software will provide the possibility of updating even when an iPhone has used “secure enclave” protections, in other words the software will have functions to bypass secure enclave protections. The only thing that Apple is required to do is to change the digital signature on very little cost thus the software will be able to run on different devices (Goodin, 2016).
San Bernardino shooter’s Apple ID passcode changed in government custody
21.2.2016 Apple
While discussing the San Bernardino shooter’s iPhone, Apple executives said the password changed while it was under the government custody.
The discussion about the San Bernardino shooter’s iPhone has monopolized media in this week, a US magistrate ordered Apple to help unlock the mobile device, but the company refused to do so.
A new shocking news is circulating on the Internet, according to unnamed Apple executives, the shooter’s Apple ID password changed while it was under government custody causing the block of the access.
The password associated with the Apple ID linked to the San Bernardino shooter’s iPhone was changed less than 24 hours after the feds took possession of the mobile device.
This circumstance made impossible to access a backup of the information the government was seeking.
According to Buzzfeed, the company executives revealed that Apple had been helping federal officials with the investigation when the password change was discovered.
According to Apple, it had been helping the FBI with the investigation since early January 2016, but it seems that the law enforcement contacted the company after attempting to access the iPhone.
“The executives said the company had been in regular discussions with the government since early January, and that it proposed four different ways to recover the information the government is interested in without building a backdoor. One of those methods would have involved connecting the iPhone to a known Wi-Fi network and triggering an iCloud backup that might provide the FBI with information stored to the device between the October 19th and the date of the incident.” states Buzzfeed.
“Apple sent trusted engineers to try that method, the executives said, but they were unable to do it. It was then that they discovered that the Apple ID password associated with the iPhone had been changed. (The FBI claimed earlier Friday that this was done by someone at the San Bernardino Health Department.)”
Just after the dramatic event, an unnamed San Bernardino police official has executed a procedure to reset the Apple ID Passcode associated with Farook’s iPhone.
By default, resetting the Apple ID passcode creates a new device ID linked to the iCloud account that will not automatically sync device data online. The synchronization must be manually configured by the user after he generated the new Apple ID password.
In the case of the terrorist’s iPhone the change of the settings was not possible because already locked and feds were not able to force the sync with Cloud even if they take the device to the known Wi-Fi range.
Now the unique possibility to access the iPhone data consists in pushing an iOS software update that forces the auto-backup of the iPhone to a third party server.
The executives explained that creating a backdoor access to Apple iOS devices represents a serious risk for the privacy of millions of users. It could be used to virtually target any Apple device and open the door to massive surveillance.
FBI Screwed Up — Police Reset Shooter's Apple ID Passcode that leaves iPhone Data Unrecoverable
20.2.2016 Apple
Another Surprising Twist in the Apple-FBI Encryption Case: The Apple ID Passcode Changed while the San Bernardino Shooter's iPhone was in Government Custody.
Yes, the Federal Bureau of Investigation (FBI) has been screwed up and left with no option to retrieve data from iPhone that belonged to San Bernardino shooter Syed Farook.
Apple has finally responded to the Department of Justice (DoJ) court filing that attempts to force Apple to comply with an FBI request to help the feds unlock Farook's iPhone, but Apple refused to do so.
According to Apple, the company had been helping feds with the investigation since early January to provide a way to access Farook's iPhone, but the problem is that the feds approached the company after attempting a 'blunder' themselves.
Here's How the FBI Screwed itself
On October 19, 2015, Roughly six weeks before the San Bernardino terrorist attacks, Syed Farook made a last full iCloud backup of his iPhone 5C, which Apple had already provided to the FBI under a court order.
Now the FBI is looking for the data on Farook's phone stored between October 19, 2015, and the date of the attacks on December 12, which has not been yet synced with Farook's iCloud account.
When the FBI approached Apple to help them brute force the passcode without losing data, Apple suggested the feds an alternative way, i.e., Connect Farook's iPhone to the Internet by taking it to a known Wi-Fi range. This way his phone would have automatically backup device data with his iCloud Account.
But the Twist lies here:
Just after the terrorist attacks, an unnamed San Bernardino police official 'Reset the Apple ID Passcode' associated with Farook's iPhone 5C "less than 24 hours after the government took possession of the device" in an attempt to access the data.
Here's the blunder:
By default, resetting the Apple ID password essentially creates an entirely new device ID on an iCloud account that will not automatically sync device data online, until the user manually configures the newly generated Apple ID password within the device settings.
Unfortunately, Farook's iPhone is already LOCKED, and Apple has already refused to provide a backdoor to bypass the device passcode.
So, the authorities are now left with no chance to pull off the data from iCloud even if they take the device to the known Wi-Fi range.
Here's what a senior Apple executive who requested anonymity told BuzzFeed:
The Apple ID passcode linked to the iPhone belonging to one of the San Bernardino terrorists was changed less than 24 hours after the government took possession of the device, senior Apple executives said Friday. If that hadn't happened, Apple said, a backup of the information the government was seeking may have been accessible…
The executives said the company had been in regular discussions with the government since early January, and that it proposed four different ways to recover the information the government is interested in without building a back door. One of those methods would have involved connecting the phone to a known wifi network.
The statement came just hours after the DoJ criticized Apple's response to the court order.
Possible Alternative Ways to Recover Data
But, there could still be some way out to get the data the FBI needed. One way could be if it is possible for Apple to simply restore the changes made to Farook's iCloud account.
This way the feds could search for known WiFi and get the data automatically synced to the associated iCloud account, unless or until Farook had not turned OFF auto-backup purposely.
Another possible way to recover the data without unlocking the device could be forcefully pushing (if and only if it is possible to install an update without user interaction) an iOS software update to the target device with an additional inbuilt application that will simply auto-backup every file on the system to a third party server.
Donald Trump — Boycott Apple! But Still Tweeting from an iPhone
20.2.2016 Apple
As the groundwork for the presidential election is being cooked up in the United States to be held on 8 November 2016, candidates are very busy in sharpening their skills to gain the vote of reliance.
By struggling to gain an upper hand in the National issues at this moment could benefit the candidates bring them into the limelight and stardom.
Donald Trump (a Presidential Candidate from Republican Party) is not an exception to this.
Recently, Trump made a controversial statement to boycott Apple until the company handovers the San Bernardino terrorist's phone data to the authority; during a rally in South Carolina yesterday.
"First of all, Apple ought to give the security for that phone. What I think you ought to do is boycott Apple until they give that security number," Trump addressed in the rally.
This action was the outcome of the Apple denial to the request of Californian Judge to build a backdoor for the shooter's iPhone.
Also Read: FBI Screwed Up — Police Reset Shooter's Apple ID Passcode that leaves iPhone Data Unrecoverable.
Although many politicians have slammed Apple's decision, the company's stand is being backed up by many Big Fishes such as Google, Facebook, Twitter, Whatsapp.
Donald Trump: Boycott Apple
Though Donald Trump's reaction to the Apple's stand against the FBI sounds very aggressive via his tweet, the most interesting fact is that he tweeted the controversial tweet from his iPhone.
As Trump's tweet got an overwhelmed response in the Twitter community, the NSA Whistleblower Edward Snowden made an entry with a gripping statement that read, "can we boycott Trump instead."
Trump earlier called Snowden "Grandstander" and demanded his execution for leaking NSA's illegal activities indirectly, while appearing in a Channel Program called "Fox and Friends" in 2013.
Donald Trump Calls for Apple Boycott
Now, Snowden had his tit for tat through a tweet.
Also Read: Now We Know – Apple Can Unlock iPhones, Here's How to Hack-Proof your Device.
Trump Pledged Not to Use iPhone
Apart from his tweet that said to boycott Apple, Trump had pledged that he would not use his iPhone until Apple gives the data from the terrorist's locked phone to the FBI.
"I use both iPhone & Samsung. If Apple doesn't give info to authorities on the terrorists I'll only be using Samsung until they give info," Trump tweeted.
As Trump had made some headlines with interesting tweets to boost the election campaigns, let's wait whether other candidates are on the same roadway by ballooning the "Apple v/s FBI" issue bigger.
Now We Know — Apple Can Unlock iPhones, Here's How to Hack-Proof your Device
19.2.2016 Apple
Here's How to Hack-Proof your iOS Device fro Unlock iPhone
Apple has been asked to comply with a federal court order to help the FBI unlock an iPhone 5C by one of the terrorists in the San Bernardino mass shootings that killed 14 and injured 24 in December.
The FBI knows that it can not bypass the encryption on the iPhone, but it very well knows that Apple can make a way out that could help them try more than 10 PINs on the dead shooter's iPhone without getting the device's data self-destructed.
Although Apple refused to comply with the court order and has always claimed its inability to unlock phones anymore, the FBI so cleverly proved that Apple does have a technical way to help feds access data on a locked iOS device.
And this is the first time when Apple has not denied that it can not unlock iPhones, rather it simply refused to build the FBI a Backdoor for the iPhone, in an attempt to maintain its users trust.
So, now we know that Apple is not doing so, but it has the ability to do so.
Now, when you know there are chances that your unlocked iPhone can be accessed by the government even if you have enabled "Auto-Destruct Mode" security feature on your device, you need to protect your iPhone beyond just 4/6-digit passcode.
How to Hack-Proof your iPhone?
Yes, it is possible for you to protect yourself from government snooping just by setting a strong passcode on your iPhone — passcode that the FBI or any government agency would not be able to crack even if they get iPhone backdoor from Apple.
Without wasting much of your time, here's one simple solution:
Simply Set at least random 11-digit numeric passcode for your iPhone.
Here's why (FBI Can't Crack It):
There is only one way, i.e. Brute Force attack, to crack your iPhone passcode. This is what the FBI is demanding from Apple to create a special version of iOS that increases the brute force attempts and ignores the data erasure setting.
iPhones intentionally encrypt its device's data in such a way that one attempt takes about 80 milliseconds, according to Apple.
So, if your iPhone is using a 6-digit passcode and there are 1 Million possible combinations as a whole, it would take maximum time of 22 hours or on average 11 hours to successfully unlock iPhone.
However, if you are using a longer passcode such as a random 11-digit passcode, it will take up to 253 years, and on average 127 years to unlock iPhone.
Doing so will make the FBI or any other agency unable to unlock your iPhone; not unless they have hundreds of years to spare.
To set a strong passcode, click 'Passcode options,' select 'Custom numeric code,' and then enter your new but random passcode.
Things to Avoid While Setting a Passcode
1. Do Not Use a Predictable Passcode: Avoid choosing a predictable string such as your birth dates, phone numbers, or social security numbers, as these are first priorities of attackers to try.
2. Do Not Use iCloud Backups: Avoid using an iCloud backup because doing so will enable the attacker to get a copy of all your iPhone’s data from Apple’s server, where your passcode no longer protects it. This will eliminate the need to guess your passcode.
3. Do Not Use Your Fingerprint: We have seen data breaches that had exposed fingerprints online and also, it is easy to bypass Apple Touch ID Fingerprint scanner. Even fingerprints can be collected from a suspect's corpse. So, using fingerprint security feature could also end up unlocking your iPhone in less time.
So, by choosing a strong passcode, the FBI or any other agency will not be able to unlock your encrypted iPhone, even if they install a vulnerable version of iOS on it.
Warning: You need to remember your passcode, whatever you set, because no one except you would be able to unlock your iPhone. Once you forgot your passcode, there is nothing you can do to get your important data and even access to your iPhone back.
A sophisticated variant of OceanLotus trojan targets OS X systems
18.2.2016 Apple
In May 2015, the Chinese security firm Qihoo 360 published a report on a Trojan called OceanLotus that was being used since 2012 for APT attacks in the Chinese market.
The APT attacks based on the OceanLotus focused on government organizations, research institutes, maritime agencies, and companies specializing in other activities.
At the time were found four different versions of the Trojan, and one of them was specifically designed to target OS X systems.
AlienVault analyzed two of these samples available for OS X (one of them being probably an early version). A more recent variant was analyzed and was updated to Virustotal on February 8 and had a zero detection rate, at the time I was writing this post the OceanLotus malware was detected by 11 / 55 antivirus solutions, including ESET-NOD32, Ikarus, F-Secure and Bitdefender.
As the title of the article says, the Trojan is disguised as an Abode Flash Player update.
The developers of the Trojan used a XOR encryption because with this technique its more difficult to detected. The commands used by the API shows that developers are familiar with OS X commands, and this makes sense because OnceanLotus has a specific version of OS X.
When a system is infected, OnceanLotus prepares an agent to attempt to contact his command and control (C&C) servers. When getting a connection with the C&C servers, the Trojan will collect information from the infected system, including device name, username, and a unique ID, and determines if the victim has root privileges.
The malware has the capability to perform many tasks, like opening application bundles, returning information about a file or path, getting a list of recently opened documents, obtaining information on active windows, capturing screenshots, downloading files from a URL, executing files, killing a process, and deleting files.
“The OS X version of OceanLotus is clearly a mature piece of malware that is written specifically for OS X. The use of OS X specific commands and APIs is evidence that the authors are intimately familiar with the operating system and have spent quite a bit of time customizing it for the OS X environment. Similar to other advanced malware, the use of obfuscation and indirection within the binary are an indication that the authors want to protect their work, make it difficult for others to reverse engineer, and reduce detection rates. The fact that VirusTotal still shows a zero detection rate for this threat shows they are succeeding at the latter.” States the analysis published by Alien Vault.
I will also leave you here the Indicator of compromise ( IOC):
Hashes:
ROL3 encoded .en_icon: 9cf500e1149992baae53caee89df456de54689caf5a1bc25750eb22c5eca1cce
ROL3 decoded .en_icon: 3d974c08c6e376f40118c3c2fa0af87fdb9a6147c877ef0e16adad12ad0ee43a
ROL3 encoded .DS_Stores: 4c59c448c3991bd4c6d5a9534835a05dc00b1b6032f89ffdd4a9c294d0184e3b
ROL3 decoded .DS_Stores: 987680637f31c3fc75c5d2796af84c852f546d654def35901675784fffc07e5d
EmptyApplication: 12f941f43b5aba416cbccabf71bce2488a7e642b90a3a1cb0e4c75525abb2888
App bundle
83cd03d4190ad7dd122de96d2cc1e29642ffc34c2a836dbc0e1b03e3b3b55cff
Another older variant that only communicates with the unencrypted C2
a3b568fe2154305b3caa1d9a3c42360eacfc13335aee10ac50ef4598e33eea07
C2s:
kiifd[.]pozon7[.]net
shop[.]ownpro[.]net
pad[.]werzo[.]net
Dropped Files:
/Library/.SystemPreferences/.prev/.ver.txt or ~/Library/.SystemPreferences/.prev/.ver.txt
/Library/Logs/.Logs/corevideosd or ~/Library/Logs/.Logs/corevideosd
/Library/LaunchAgents/com.google.plugins.plist or ~/Library/LaunchAgents/com.google.plugins.plist
/Library/Parallels/.cfg or /~Library/Parallels/.cfg
/tmp/crunzip.temp.XXXXXX (passed to mktemp(), so the actual file will vary)
~/Library/Preferences/.fDTYuRs
/Library/Hash/.Hashtag/.hash (or ~/Library/Hash/.Hashtag/.hash)
Apple vs. FBI — Google Joins Tim Cook in Encryption Backdoor Battle
18.2.2016 Apple
In the escalating battle between the Federal Bureau of Investigation (FBI) and Apple over iPhone encryption, former National Security Agency (NSA) contractor Edward Snowden and Google chief executive Sundar Pichai just sided with Apple's refusal to unlock iPhone.
Yesterday, Apple CEO Tim Cook refused to comply with a federal court order to help the FBI unlock an iPhone owned by one of the terrorists in the mass shootings in San Bernardino, California, in December.
Here's What the FBI is Demanding:
The federal officials have asked Apple to make a less secure version of its iOS that can be used by the officials to brute force the 4-6 digits passcode on the dead shooter's iPhone without getting the device's data self-destructed.
Cook called the court order a "chilling" demand that "would undermine the very freedoms and liberty our government is meant to protect." He argued that to help the FBI unlock the iPhone would basically providing an Encryption Backdoor that would make the products less secure.
Backdoor for Government, Backdoor for All
However, Apple is worried that once this backdoor gets created and handed over to the FBI, there would be chances that the backdoor will likely get into the hands of malicious hackers who could use it for evil purposes.
Although many politicians, including Donald Trump, have slammed Apple's decision, Google has stepped up and taken a public stand in support of Apple's decision.
"I agree 100 percent with the courts," Trump said in a statement. "But to think that Apple won't allow us to get into her cell phone, who do they think they are? No, we have to open it up."
Google Sided with Apple
In a series of tweets late Wednesday, Pichai sided with Apple while saying "forcing companies to enable hacking could compromise users' privacy" and "requiring companies to enable hacking of customer devices & data. Could be a troubling precedent."
However, Pichai took more than 12 hours to talk about this burning issue, after Edward Snowden pointed out that Google had not yet stepped forward to speak up on his stand.
"The @FBI is creating a world where citizens rely on #Apple to defend their rights, rather than the other way around," Snowden tweeted on Wednesday. Snowden called on Google to stand with Apple, saying, "This is the most important tech case in a decade."
Pichai's stance is basically:
The technology companies will give its customers' data to law enforcement when it is required to, but the companies will not put in a "Backdoor" for the government.
While the statements made by Pichai is not quite as forceful as Cook's statement published in an open letter to its customers, we can assume both Google and Apple are together, at least in the sense that the federal agencies are asking too much.
US Judge requests Apple to unlock San Bernardino shooter’s iPhone
17.2.2016 Apple
A US magistrate ordered Apple to help unlock San Bernardino shooter’s iPhone, be aware it is demanding a tool to bypass the security mechanism.
We discussed very often of the difficulties of the law enforcement in conducting investigations when suspects used devices that make use of encryption, the case that we are going to analyze is emblematic.
Apple must assist the FBI in unlocking the passcode-protected encrypted iPhone belonging to Syed Farook, one of the San Bernardino shooters in California.
The smartphone belonged to Syed Farook, who with his wife Tashfeen Malik killed 14 coworkers on December 2, 2015. Police intervened but failed to capture them alive because they died in a shootout with agents.
The agents seized the Syed’s smartphone, an iPhone 5C, but they were not able to access it because it is protected by a password. The authorities requested support to Apple with a court order issued by the US magistrate Sheri Pym.
After 10 wrong guesses, the iOS locks up requiring a sync with iTunes to restore, or automatically wipes the handset’s data, depending on the user settings.
The magistrate Sheri Pym is requesting Apple to find a way to supply software that prevents the phone from automatically wipe data when too many attempts fail. In this way, the police is free to run a brute-force attack to guess the PIN and overwhelm the security feature.
Apple have to unlock San Bernardino shooter's iPhone
Be aware, the magistrate hasn’t requested apple to crack its encryption, instead, it demands a tool to bypass the security mechanism.
As reported by The Register:
“It’s technically possible for Apple to hack a device’s PIN, wipe, and other functions. Question is can they be legally forced to hack,” stweeted Forensic scientist Jonathan Ździarski.
“Theory: either NSA/CIA dragnet and cryptanalysis capabilities are severely limited, or this is a test case to see how the courts respond.”
Judge Pym is requesting a software update working only on the Farook’s iPhone and running only on government or Apple property.
At this point Apple has two options, demonstrate that it cannot technically comply with the order or provide the requested software.
There is no such time, Apple has five days!
Warning — Setting This Date On iPhone Or iPad Will Kill Your Device Permanently
15.2.2016 Apple
Don’t Try this at Home!
An interesting software bug has been discovered in Apple's iOS operating system that could kill your iPhone, iPad or iPod Dead Permanently.
Yes, you heard me right.
An issue with the date and time system in iOS had emerged recently when Reddit users started warning people that changing your iPhone's or any iOS device's date to January 1, 1970, will brick your iPhone forever.
Video Demonstration
You can watch the whole process in the video given below. Even regular recovery tricks do not work.
So, you are recommended to Not Try This Trick with your iOS device really – unless you book a trip to your local Apple Store.
While I don’t have any intention or desire to try it out with my iPhone 6s to confirm the authenticity of the bug, it is pretty much clear based on reports that seem legitimate.
YouTuber Zach Straley first discovered the issue, which was later confirmed by iClarified, who tested the trick on an iOS device.
Affected iOS Devices
This bug affects any iOS device that uses 64-bit A7, A8, A8X, A9 and A9X processors and runs iOS 8 or newer, including iPhones, iPads, and iPod touches. However, for those running on 32-bit iOS versions are not affected by this issue.
How the Bug Kills the iPhone?
Basically, the whole process is due to this:
Set up the date to January 1, 1970, via settings on your iOS device, Reboot your device, and you are done.
Your iPhone or iPad will no longer boot and will be stuck to the Apple logo. Even recovery mode restore or DFU mode will not let you restore your device; it will remain stuck on the bootup screen.
Your device will reportedly not come back, and the only way to get it back to work once again is to take your iOS device to an Apple Store.
The Only Way to Get Your iPhone Back
The bug is believed to be related to UNIX timestamp epoch that causes the kernel to crash. The only way to get it back is to open the device's casing and physically disconnect the battery from the logic board. This could only be done with the help of Apple's Genius Bar.
This process will reset the iPhone's date and allow it to boot.
While there isn't any other fix at the moment, Apple is expected to come up with a software update to fix and unbrick the affected iOS devices.
Though some users are saying that letting the battery drain could make the iPhone work once again, or changing the SIM card could fix the issue, or waiting for the device to back after 5 hours, you are still advised to not try this on your device as there is no guarantee these tricks are going to work.
Don’t set your iPhone’s Date to January 1, 1970 or your will brick it
15.2.2016 Apple
Another embarrassing problem for Apple iOS mobile devices (iPhone and iPad), setting the date of the devices to January 1st, 1970 will brick them. Don’t Try it!
Another embarrassing problem for Apple iOS mobile devices, a software flaw could be exploited to permanently kill your iPhone, iPad or iPod. The issue affects the Apple iOS date and time system and could be triggered by setting the date to January 1, 1970. The news appeared recently in Reddit discussions warning users about a flaw that could brick iPhone forever, and the presence of the flaw has been confirmed by iClarified.
“Setting the date of your iPhone to January 1st, 1970 will brick your device, according to users across the web and confirmed by iClarified. The bug will affect any 64-bit iOS device that is powered by the A7, A8, A8X, A9, and A9X. 32-bit iOS devices are reportedly not affected by this issue.” reported iClarified.
iPhone 6
Meanwhile on Reddit the users warned other Apple users sharing the following message:“When the date of a 64-bit iOS device is set to January 1, 1970, the device will fail to boot. Connecting the device to iTunes and restoring the device to factory defaults will not put the device back in working order. Instead, a physical repair is required. When connected to public Wi-Fi, iPhone calibrates its time settings with an NTP server. Theoretically, attackers can send malicious NTP requests to adjust every iPhone’s time settings to January 1, 1970, hence brick every iPhone connected to the same network.According to /u/sarrius, worldwide Apple Store are being made aware that disconnecting the battery and reconnecting fixes the issue. It should be common knowledge to all stores worldwide by tomorrow.”
Be careful and do not try to trigger the flaw with your iOS device, the YouTuber Zach Straley first published a Video PoC of the issue.
As explained in the video, after set up the date to January 1, 1970, trying to reboot the device users will notice that the iPhone or iPad will no longer boot and will be frozen displaying the Apple logo.
“Since a DFU or recovery mode restore will not unbrick your device, we strongly recommend that you do not try to test this bug. Users report that while a restore may succeed, the device will still fail to boot after the restore.” continues iClarified.
Let’s wait for a software fix from Apple.
Hey, Apple User! Check If You are also Affected by the Sparkle Vulnerability
12.2.2016 Apple
A pair of new security vulnerabilities has been discovered in the framework used by a wide variety of Mac apps leaves them open to Man-in-the-Middle (MitM) attacks.
The framework in question is Sparkle that a large number of third-party OS X apps, including Camtasia, uTorrent, Duet Display and Sketch, use to facilitate automatic updates in the background.
Sparkle is an open source software available on GitHub under the permissive MIT license by the Sparkle Project with the help of numerous of valuable contributors. The framework supports Mac OS X versions 10.7 through 10.11 and Xcode 5.0 through 7.0.
The Sparkle vulnerabilities, discovered by Radek, a security researcher, in late January and reported by Ars reporter, affect Apple Mac apps that use:
An outdated and vulnerable version of the Sparkle updater framework.
An unencrypted HTTP channel to receive info from update servers.
What's the Issue?
The first loophole is due to the improper implementation of Sparkle Updater framework by the app developers.
The app developers are using an unencrypted HTTP URL to check for new updates, rather than an SSL encrypted channel.
As a result, an attacker in the same network could perform MitM attacks and inject malicious code into the communication between the end user and the server, potentially allowing an attacker to gain full control of your computer.
Video Proof-of-Concept Attack
You can watch the proof-of-concept (PoC) attack video that shows a working attack conducted against a vulnerable version of the Sequel Pro app:
Another proof-of-concept attack was shared by fellow researcher Simone Margaritelli using an older version of VLC Media Player, which has now been updated to patch the vulnerability.
Margaritelli showed how he exploited the flaw on a fully patched Mac running a then-latest version of VLC media player using a technique that streamlines the attack by letting it work with the Metasploit exploit framework.
Another less severe bug in Sparkle has also been discovered by Radek that could be exploited against poorly configured update servers, potentially allowing an attacker to replace an update file with a malicious one.
sparkle-vulnerability
The Sparkle vulnerabilities affected both Mac OS X Yosemite and the most recent version of OS X El Capitan.
Who's Affected?
The Sparkle vulnerabilities affects third-party apps outside of the Mac App Store, which is downloaded from the Internet manually by the user and uses an outdated version of the Sparkle.
Although the actual number of affected apps is not known, Radek estimated the number could be "huge."
Among the affected apps are uTorrent (version 1.8.7), Camtasia 2 (version 2.10.4), Sketch (version 3.5.1), and DuetDisplay (version 1.5.2.4).
Check if You're Affected
Check this list of apps that use Sparkle Updater framework. If you have installed any of these apps on your Apple Mac, you could probably be at risk of being hacked.
Note: Not all of the listed apps communicate over unencrypted HTTP channels or use an outdated version of the framework.
How to Protect Yourself against the Issues?
Although Sparkle has provided a fix for both the vulnerabilities in the newest version of the Sparkle Updater, it is not so easy to install the patch.
Radek warns in an email that the major problem is that developers who created their apps are required to update Sparkle framework inside their apps, which is not trivial.
As the update process requires a developer to:
Download the latest version of Sparkle Updater
Check if the latest version of Sparkle is compatible with their app
Create some test cases, verify update and others
Address this security issue and publish new version of their app
Once this completes, users can check for the app update and download the newest version of the particular app on their computers.
Until this is done, users who are not sure if an app on their computers is safe should avoid unsecured Wi-Fi networks or, alternatively, use a Virtual Private Network (VPN).
In the meanwhile, if you get a prompt for an app update, rather than updating the app via the update window itself, simply visit the app's official website and download the latest version from there, just to make sure that you’re downloading what you actually intend to.
Bye bye, Flash! Google to Ban Flash-based Advertising
10.2.2016 Apple
Google to Ban Adobe Flash-based Advertising
Google had also joined the path of Apple, Facebook, and Youtube to kill the "Adobe Flash Player" by announcing that the company is banning Flash banner support from its Adwords Advertising platform.
"To enhance the browsing experience for more people on more devices, the Google Display Network and DoubleClick Digital Marketing are now going 100% HTML5" Google says.
It's been two decades since Adobe Flash has ruled the Web Space Animation Arena, which was the de facto standard for playing the online videos.
Flash Player had been famous for Zero-day exploits which are a potential threat to online users.
Even Adobe tried to maintain equilibrium by releasing a countless number of patches frequently (that got hiked), for instant reported vulnerabilities, but this had annoyed both customers and companies.
The endless troubleshooting of the Flash Player plugins never resolved the vulnerabilities.
To put a full stop on this issue... many major tech companies like Apple, Facebook, Youtube, Google Chrome, Firefox had been magnetized towards the new substitutor - HTML 5.
Facebook's Security Chief publicly called for Adobe to announce a 'kill-date for Flash.'
Google Chrome has also begun blocking auto-playing Flash ads by default.
In January this year, YouTube moved away from Flash for delivering videos.
Firefox also blocked the Flash plugin entirely.
By ending up Flash, all the above companies found a silver bullet to the security issues that have plagued Adobe Flash for years, as well as eliminated a third party dependency.
Steve Jobs was right about the end of Flash as he quoted as saying in his letter:
“New open standards created in the mobile era, such as HTML5, will win on mobile devices (and PCs too). Perhaps Adobe should focus more on creating great HTML5 tools for the future, and less on criticizing Apple for leaving the past behind.”
HTML 5 has gained a Word of Mouth Popularity by many developers and also have many advantages like to play the video smoothly, in fact, in a better way.
So, Google also officially declared that it would not support Flash ads in Doubleclick Digital Marketing from July 30, 2016.
Moreover, from January 2, 2017, the company will discontinue the support for Google Display Network as a part of complete Flash Wipe Out.
However, as a Result of this awful reputation, Flash Player would be rebranded as “Animate CC” with some additional features like the direct conversion of Flash Files to HTML5 Canvas files.
Adobe Animate CC – mostly looks like an update to the Flash Professional software – supports Adobe Flash (SWF) and AIR formats 'as first-class citizens,' along with other animation and video formats, including HTML5 canvas, 4K and WebGL output.
Crooks are offering Apple employees up to $23,000 for their login credentials
10.2.2016 Apple
According to former Apple employees interviewed by the Business Insider, cyber criminals are offering Apple staffers in Ireland up to $23,000 for their login details.
Insiders are one of the greatest security problems for any organizations, working from the inside they can operate under the radar for a log time stealing information and sabotaging processes and infrastructures.
Modern organizations are often helpless while facing with insiders that are threatening their information assets and intellectual property.
One of the most clamorous cases of insiders was related to the Yandex Search Engine, in December a former employee stole the source code of the Russian Search Engine and tried to sell it and its algorithms for just $29,000 on the black market.
Corrupting an insider is the most easy way to breach an organization, news of the day the attempt to breach with a similar technique the Apple’s European Headquarters in Cork, Ireland.
Apple employees at Operations International in Cork, Ireland
Crooks are offering to the Apple employees 20,000 Euro ($23,000 USD) in exchange of Corporate Login Details of Irish Apple Employees in exchange of 20,000 Euro ($23,000 USD).
Obtaining the Apple employee’s corporate login credentials, attackers could breach the system and move lateraly inside the company network exfiltrating precious information from the company’s archives.
“Hackers are offering Apple employees thousands of euros for their company login details, according to someone that works for the company in Ireland. The employee, who spoke to Business Insider on the condition we kept their anonymity, said there are a lot of people trying to get hold of Apple’s inside information.” reported the Business Insider.
“You’d be surprised how many people get on to us, just random Apple employees,” the Apple employee told to Business Insider. “You get emails offering you thousands [of euros] to get a password to get access to Apple.”
“I could sell my Apple ID login information online for €20,000 ($23,000) tomorrow. That’s how much people are trying” said another employee.
Apple is not underestimating the case, according to the company there are no illicit activities linked to the proposals received by its emaployess, anyway the risk of insiders is high.
As usual, the attackers have a deep knowledge of the victim, another former Apple employee confirmed to Business Insider that crooks contact specific figures inside the organization. Hackers use to apporach Apple staff and offer them money in exchange for login details or company information.
“They look for someone who has jumped diagonally into a junior managerial position, so not a lifer working their way up, and not a lifer who has been there a long time,” said the former Apple employee.
The circumstance suggests the importance of the human factor inside any organization, employees represents the weakest link in the security chain. Disgruntled employees or a staffer not trained to face attacks from outside could become a backdoor even in a armored organization.
Hackers Are Offering Apple Employees $23,000 for Corporate Login Details
10.2.2016 Apple
An unsatisfied Employee may turn into a Nightmare for you and your organization.1
Nowadays, installing an antivirus or any other anti-malware programs would be inadequate to beef up the security to maintain the Corporate Database.
What would you do if your employee itself backstabbed you by breaching the Hypersensitive Corporate Secrets?
Yes! There could be a possibility for an Internal Breach all the time.
Just last year, an ex-employee stole Yandex Search Engine Source Code and tried to sell it for just $29,000 in the underground market.
Over a few years, hackers have adopted various techniques ranging from Stress Attacks to Social Engineering tactics in order to gain the Classified Corporate information.
Hackers Offering $23,000 for Internal Access
Now hackers are rolling their dice for the next Deceptive Step to acquire Corporate Login Details of Irish Apple Employees in exchange of 20,000 Euro ($23,000 USD).
The current situation is being faced by the employees of Apple's European Headquarters in Cork, Ireland.
The offer had been made by the unknown hackers and criminals to the random Apple employees in their mailbox demanding the employee's Apple Login passwords in return of 20,000 Euros.
"You'd be surprised how many people get on to us, just random Apple employees," the anonymous employee said. "You get emails offering you thousands [of euros] to get a password to get access to Apple" stated.
"I could sell my Apple ID login information online for €20,000 ($23,000) tomorrow. That’s how much people are trying" another employee quoted.
This new proposal had been made to the non-lifers of the company who would not spend there. Thus, widening a fluky entry to the database.
By gaining the access to Apple Employee’s Login credentials, hackers could find the jewel in their pocket for their malicious activity from which they could amass the financial profit.
Apple is considering this scam very seriously and till now, no employees had compromised his/her Login Credentials for illicit gain.
Internal Breach
One of the domestic threat to your organization is the INSIDER. According to a survey conducted by SANS last year, it is found that 71% of respondents are feared about the Insider Attack.
The consequence of the threat may even result in the liquidation of your company.
The Department of Homeland Security (DHS) and FBI also had a pressed up the issue by underlining that majority of the threats are the outcomes of an Insider.
Lack of Technical Training to the employees, Lack of Budget and inappropriate policies broaden the chances of a breach.
Hiring a Security Firm, Proper Training to all the Employees about latest threats, Shutting down of an employee Account soon after his/her Termination, Frequent changes applied in the Password, Limited Allowance of employees to sensitive docs, etc. would cover such vulnerabilities.
Now, before purchasing the high-end firewalls or Virus Destructors, just turn around and look…
...Who’s at your back!
How to thwart the passcode lock screen on iOS 8 and 9?
8.2.2016 Apple
A security expert discovered an authentication bypass vulnerability in both iOS devices that allows thwarting lock screen passcode.
The security researcher Benjamin Kunz Mejri from Vulnerability Laboratory has discovered an authentication bypass-sized hole in both iPhones and iPads running iOS 8 and iOS 9 that can be exploited by attackers to thwart lock screen passcode.
This threat is real people, there is a video of it and documentation available online. It’s all pretty technical but the upshot is the vulnerability lets an attacker bypass the lockscreen on handsets running iOS 8 and iOS 9.
It is important to highlight that the attacker requires physical access to an unlocked iOS device, for this reason the threat is considered not so critical.
“An application update loop that results in a pass code bypass vulnerability has been discovered in the official Apple iOS (iPhone5&6|iPad2) v8.x, v9.0, v9.1 & v9.2. The security vulnerability allows local attackers to bypass pass code lock protection of the apple iphone via an application update loop issue. The issue affects the device security when processing to request a local update by an installed mobile ios web-application.” states the technical description published by the vulnerability-lab.com.
The attacker can bring the iOS devices into an unlimited loop resulting in a temporarily deactivate of the pass code lock screen.
“Local attacker can trick the iOS device into a mode were a runtime issue with unlimited loop occurs. This finally results in a temporarily deactivate of the pass code lock screen. By loading the loop with remote app interaction we was able to stable bypass the auth of an iphone after the reactivation via shutdown button. The settings of the device was permanently requesting the pass code lock on interaction. Normally the pass code lock is being activated during the shutdown button interaction. In case of the loop the request shuts the display down but does not activate the pass code lock like demonstrated in the attached poc security video.”
The issue could be triggered by powering off the iOS device, upon reboot the passcode authentication feature remains disabled, allowing an attacker to access the device without providing the passcode.
iPhone 6 bypass passcode
The advisory describes the following attack scenario:
First fill up about some % of the free memory in the iOS device with random data.
Now, you open the app-store choose to update all applications (update all push button).
Switch fast via home button to the slide index and perform iOS update at the same time Note: The interaction to switch needs to be performed very fast to successfully exploit. In the first load of the update you can still use the home button. Press it go back to index.
Now, press the home button again to review the open runnings slides.
Switch to the left menu after the last slide which is new and perform to open siri in the same moment. Now the slide hangs and runs all time in a loop.
Turn of via power button the ipad or iphone ….
Reactivate via power button and like you can see the session still runs in the loop and can be requested without any pass code Note: Normally the pass code becomes available after the power off button interaction to stand-by mode.
Successful reproduce of the local security vulnerability!
Kunz reported the vulnerability to the Apple Product Security Team in late 2015, but at the time I was writing the issue is still present.
Are you an iOS user? You should be careful when leaving the mobile device unattended.
Researchers spotted a new OS X scareware campaign
6.2.2016 Apple
Experts at the SANS Technology Institute spotted an OS X scareware campaign that leverages fake Adobe Flash Player installers.
Johannes Ullrich, security expert at the SANS Technology Institute, spotted an OS X scareware campaign that leverages fake Adobe Flash Player installers to trick users into downloading malicious software. The expert discovered the malicious campaign while analyzing Facebook clickbait scams.
“They do not rely on a vulnerability in the operating system. Instead, the user is asked to willingly install them, by making them look like genuine Adobe Flash warnings (and we keep telling users to make sure Flash is up to date, so they are likely going to obey the warning and install the update).” states the blog post published by the SANS Technology Institute. “The “Installer” for the fake Flash update will install various scare ware (I observed a couple different varieties when re-running the installer), and it actually installs an up to date genuine version of Flash as well.”
The attackers used a simple and effective trick to deceive victims, the attack starts with a popup window alerting users that their Flash Player software is outdated and providing them the instruction to update it.
Ullrich suspects that the code used to display the popup is injected by an advertisement on the page visited by the victim. If users accept to install the bogus update they will receive a fake Flash Player installer.
The bogus installer is able to bypass the Apple’s Gatekeeper security feature, it appears as a legitimate application and is signed with a valid Apple developer certificate issued to one Maksim Noskov.
“Antivirus coverage was pretty bad yesterday when I came across this (4 out of 51 on Virustotal). On a brand new OS X 10.11 install, the “Installer” appears to install a genuine copy of Adobe Flash in addition to Scareware that asks for money after informing you of various system problems.” continues the post.
The software installs a genuine Flash Player software and attempts to convince users to download applications apparently designed to fix problems on the victim’s machine.
These applications attempt to trick users into calling a “support” line in order to receive instructions for fixing the alleged problems. The security experts published a small video showing what happens when victims install the “update” on a clean OS X 10.11 system: