iOS Archives – Gridinsoft Blog https://gridinsoft.com/blogs/tag/ios/ Welcome to the Gridinsoft Blog, where we share posts about security solutions to keep you, your family and business safe. Thu, 01 Jun 2023 18:50:16 +0000 en-US hourly 1 https://wordpress.org/?v=74192 200474804 New iOS Vulnerability Allows “Triangulation” Attack https://gridinsoft.com/blogs/ios-zeroclick-vulnerability-triangulation/ https://gridinsoft.com/blogs/ios-zeroclick-vulnerability-triangulation/#respond Thu, 01 Jun 2023 18:49:48 +0000 https://gridinsoft.com/blogs/?p=14958 New iOS vulnerability allows executing a zero-click malware delivery through the built-in iMessage messenger. The breach was discovered by Kaspersky analytics team, and appears to touch almost every user of Apple smartphones. Experts dubbed the malware “Triangulation”. iOS Exploit Allows Zero-Click Infection Probably, the worst case scenario for any target of cyberattack is the infection… Continue reading New iOS Vulnerability Allows “Triangulation” Attack

The post New iOS Vulnerability Allows “Triangulation” Attack appeared first on Gridinsoft Blog.

]]>
New iOS vulnerability allows executing a zero-click malware delivery through the built-in iMessage messenger. The breach was discovered by Kaspersky analytics team, and appears to touch almost every user of Apple smartphones. Experts dubbed the malware “Triangulation”.

iOS Exploit Allows Zero-Click Infection

Probably, the worst case scenario for any target of cyberattack is the infection performed without any action from the victim. And this is it – a crafted iMessage can trigger the malware injection to the device, leaving the user no chance to react. According to the report issued by Kaspersky, the breach is used to install a spyware dubbed Triangulation. Thing is, analysts discovered this trojan running in the iPhones of the company’s top executives.

Triangulation spyware is capable of things typical for malware of its class that aims at mobile devices. It allows for remote microphone enabling, gathering information about activity hours, geolocation, and grabbing photos and files from messengers. The worst thing here is that Triangulation is particularly hard to stop or remove – to some extent because of specific iOS characteristics.

Triangulation Trojan Is Very Tough to Find and Remove

As any other spyware, this one tries to stay as stealthy as possible. The only visible sign of its activity is disabled updates – at least this is what analysts discovered while examining the case. In iOS 14, Apple introduced a feature that displays when your mic or camera is in use, and also shows which app uses it. Though, it does not look like Triangulation triggers that mechanism, either because of a certain trick with OS settings or through enabling the mic during the use of other apps.

Triangulation disabled updates
One of the signs of Triangulation malware activity – disabled updates

Since iOS keeps its files closed from external view, it is hard to use specialised software to uncover the malware running in the system. Moreover, this makes its removal even more difficult. The mentioned report says that the only probable way to remove Triangulation trojan from the device is to reset the phone to factory settings. And it is suboptimal – such a harsh operation wipes all user files as well. And each minute spent with an infected device can mean more and more personal data leaked to the unwanted party.

What can I do?

Frankly, it is quite unusual to give such advice to iOS users. For a long time, this operating system was considered one, if not the most secure OS. Zero-day vulnerabilities or clickless exploits were happening earlier, but Apple issued hotfixes pretty quickly. Though this time, neither the list of vulnerable iOS versions nor hotfixes are available. I hope to see a new-style Rapid Security Response patch Apple introduced in the past month. But now, here is what you can do to protect from Triangulation trojan attack.

Perform a periodic checkup of your device. Potentially, the victims in Kaspersky team were simply ignorant to the mic/camera usage notifications that were appearing on the screen. Either way, keeping eye on what your iPhone tries to tell you is important – sometimes simply to uncover a legit app that uses your mic excessively.

Another place you can peek into is the Updates section in Settings. Since the malware reportedly disables updating functions, it may be an obvious sign for the user. Even if you disabled it willingly, it is recommended to turn them back on. Apple is doing its best to keep their devices secure, and the new updates policy is a perfect confirmation to that.

iOS updates
Be sure your iPhone is up to date

To continue the previous paragraph – keep an eye on the most recent iOS updates and install all security patches available. Sometimes, the company releases fixes even for older OS versions, especially if the vulnerability is critical and exploited in the wild. As you can see, sometimes being careful and avoiding muddy waters may be not enough, because you simply cannot avoid a thing you cannot even see.

The post New iOS Vulnerability Allows “Triangulation” Attack appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/ios-zeroclick-vulnerability-triangulation/feed/ 0 14958
Five Easy Smartphone Security Tips to Keep It Safe From Hackers https://gridinsoft.com/blogs/smartphone-security-tips/ https://gridinsoft.com/blogs/smartphone-security-tips/#respond Wed, 22 Feb 2023 11:26:46 +0000 https://gridinsoft.com/blogs/?p=13427 These days, the smartphone is more than just a means of communication. Every day we use it to communicate with friends and family, message social networks, browse the web. There are also more specific tasks – accessing our bank account, online shopping, taking photos and videos, streaming, and much more. Your smartphone is the key… Continue reading Five Easy Smartphone Security Tips to Keep It Safe From Hackers

The post Five Easy Smartphone Security Tips to Keep It Safe From Hackers appeared first on Gridinsoft Blog.

]]>
These days, the smartphone is more than just a means of communication. Every day we use it to communicate with friends and family, message social networks, browse the web. There are also more specific tasks – accessing our bank account, online shopping, taking photos and videos, streaming, and much more. Your smartphone is the key to most of the aspects of your daily life. Next we will tell you about smartphone security.

Our smartphones store vast information about us – our passwords, banking details, history of calls, messages, and pages visited. Consequently, the security risks that potentially threaten your accounts from criminals are not limited to hackers. Anyone who finds your phone if it’s lost or stolen can easily use your information in their not-so-noble interests. So here are five simple tips for keeping your smartphone secure. These tips are always relevant, whether it’s a phone you just bought or one you’ve used for years.

1. Always apply the last software updates and security patches

This is the easiest thing to do when buying a new smartphone. Most Android or iOS smartphones prompt you to download the latest operating system update when you first set it up. We recommend not delaying or canceling this action, as it eliminates cybersecurity vulnerabilities detected in the operating system. Saying short, applying updates prevents cybercriminals from exploiting known security problems. In addition, updates often optimize the operating system and add new useful features. Since most smartphones prompt you to install updates and only have to click “ok” or “cancel”, even a novice user can handle the process.

Software update IOS
To install the update on your iPhone, press “Download and Install”, then enter your passcode.

Most manufacturers keep their devices updated for as long as possible. However, some vendors could cease releasing security updates if your smartphone model is over a few years old. Since there is no standard for device shelf life, each manufacturer decides how long a device will receive updates. This time can vary from two to five or six years. To see if your smartphone still receives updates, you can visit the website of its manufacturer or send a query to their technical support.

2. Use a password, PIN, or biometric security features to protect your smartphone

We are usually serious about choosing a password to protect our email account or a PIN to protect our online banking information. However, when using a password to smartphone security, many prefer easy-to-guess passwords of four identical digits or don’t use screen locking. Of course, it’s much more convenient to pick up your phone and start using it right away than typing a password or PIN each time. However, it also means that if someone gets their hands on your smartphone, they can help themselves with its contents without obstacles. That way, anyone who finds it can easily access your data.

Although there is a slight chance that the person who found your device will use this information for good and return your phone to you, it is unlikely. Since criminals are looking to profit in any way they can, sharing your phone with them is not a brilliant idea. You will most likely lose access to your accounts, and your personal data will be compromised. For that reason, any applications you use to access sensitive information (such as online banking) should be protected by unique, secure passwords. It is essential to understand that these passwords should not contain your date of birth or be the same as the passwords you use to lock your phone.

IOS passcode options
The optimal option would be to use a six-numeric code.

3. Use multi-factor authentication if possible

Passwords are essential to protect your accounts, and they are one of the most sought-after pieces of information for cybercriminals. Knowing someone’s account password allows attackers to use it as if they were real users. They can send messages to the victim’s friends, view the victim’s social media profiles, and access documents and photos searching for sensitive personal information, such as banking information. On the other hand, if you use a relatively weak password, hackers can easily guess it using a brute force attack.

However, even if your password is strong enough, another danger exists. For example, the password may be stolen due to a phishing attack aimed either at you or the company managing the account. In the first case, the blame lies entirely with you. Another case, however, renders the company whose services you use guilty of the leak. In 1995, AT&T invented multifactor authentication (MFA) to prevent this from happening. The technology’s essence is the user’s additional confirmation of the attempt to log in to his account. For example, suppose your password was somehow compromised. If you’re not using MFA, an intruder would enter your login and password and log in to your account. However, if you are using MFA, the attacker cannot directly access your account. Instead, you’ll get a warning that someone is trying to log in.

Google MFA example

What should I do if I received a message?

You should log in immediately and change your password if you did not do this. Next, you should also forcibly end other active sessions. You can do it from the browser. Suppose you want enhanced security. In that case, you may consider using a physical security key, perhaps the best way to protect your data. This form of multifactor authentication assumes that you need a key that you own to access your accounts. Unlike confirmation codes or SMS, which, although difficult but possible to intercept, you need the attacker to hold the physical security key to pass this protection. It’s only possible if they manage to steal it directly from you.

iPhones running iOS 16.3 or later allow you to use security keys for your Apple ID. So you can use a hardware key as an additional level of authentication. Such security keys are tied to your Apple ID and require your username, password, and a hardware key to access your account or device. While MFA provides an excellent extra layer of smartphone security and accounts protection, it’s worth remembering that it’s not wholly infallible.

4. Download applications and updates from trusted sources only

As a regular user, you are probably satisfied with downloading apps from the official app store. Those are Google Play Store for Android and App Store for iPhone. By default, they are considered the only proper place to download apps. However, there are reasons why users are not happy with such download methods. Most commonly, people are looking for an alternative way to install the required application on their smartphones for free, i.e., use cracked apps. Unfortunately, this is a bad idea because any “free” versions come from a third-party site, which can expose you to a security breach.

Scammers and cybercriminals never disdain such a niche. They are well aware that people tend to prefer free versions of many popular apps, unlike smartphone security. That’s why scammers often promote websites they own in search and buy ads to promote their malicious sites. The main danger of fake sites is that a program you get from them may be in fact a trojan virus. Aside from that, the app you download from such websites may not work properly or fail to start. In addition, it is a way to trick you into downloading malware or snatching your username and password.

Download apps with caution

Unfortunately, although official app stores are considered safer than third-party sites, and rightly so, sometimes malicious apps do bypass official store protection and become available for download. Therefore, you should be sure about what you are downloading. In addition, we recommend you check what permissions the application you are installing asks for; this directly affects smartphone security. Seeing that calculator asks to access your contact book and gallery is a bad omen. You can also check reviews. If something is wrong with the program, you will find it out there.

Another method of spreading malicious downloads is phishing emails that warn the user about a problem with a frequently used app or that the subscription is about to expire and a request to update the app. Legitimate apps will never ask you to download an update via email. Instead, when the developer releases an update to an installed app, the app store will update the app itself. If you have the auto-update feature turned off, you’ll either get a notification from the app store or the app will ask you to update itself when you launch it.

IOS app update process
IOS app update process via the app store

5. Use VPN when using public networks

Today, most mobile operators provide tariff plans with large amounts of 4G or 5G traffic. This allows you to do whatever you used to, without worrying about running out of traffic. However, some thrifty users, seeing a public Wi-Fi network, will prefer it. While many free wireless hotspots are safe and legit, they carry privacy risks. Using a public Wi-Fi network means data transfer is less secure than a cellular connection or on your home or corporate network.

There’s nothing wrong with connecting to public Wi-Fi, but it is essential to understand the risks when you do. You should also be careful about what information you enter and transmit on public Wi-Fi networks. If possible, avoid entering passwords or any sensitive information. Any trickster can intercept your data during the course of a man-in-the-middle attack. If you urgently need to log into your bank account, it will be a good idea to find another way to accomplish that.

The danger is that savvy scammers often set up their open Wi-Fi networks in busy places, allowing people to connect to them. This way, scammers can monitor the transmitted data and intercept your logins, passwords, bank details, and other personal information. However, consider a mobile VPN if you need to transfer sensitive data. Because it encrypts your data, it can better protect it while keeping your Internet use private.

The post Five Easy Smartphone Security Tips to Keep It Safe From Hackers appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/smartphone-security-tips/feed/ 0 13427
Privacy Access Tokens to Replace CAPTCHA Real Soon https://gridinsoft.com/blogs/privacy-access-tokens-to-replace-captcha-real-soon/ https://gridinsoft.com/blogs/privacy-access-tokens-to-replace-captcha-real-soon/#respond Mon, 27 Jun 2022 09:27:34 +0000 https://gridinsoft.com/blogs/?p=8851 CAPTCHA, a well-known test for website visitors to prove they are humans, not robots, rapidly grows obsolete. There are ways to break or bypass CAPTCHA, and there are obvious inconveniences these tests bring to clients when deployed on websites. Luckily, the progress won’t cease, and the replacement is coming. We’re talking about Privacy Pass –… Continue reading Privacy Access Tokens to Replace CAPTCHA Real Soon

The post Privacy Access Tokens to Replace CAPTCHA Real Soon appeared first on Gridinsoft Blog.

]]>
CAPTCHA, a well-known test for website visitors to prove they are humans, not robots, rapidly grows obsolete. There are ways to break or bypass CAPTCHA, and there are obvious inconveniences these tests bring to clients when deployed on websites. Luckily, the progress won’t cease, and the replacement is coming. We’re talking about Privacy Pass – a browser extension that does the job of filtering bots on the client’s side and automatically.

Prove to Machines That You Are Not a Machine Via Cryptographic Token

Privacy Pass is a browser extension initially designed for Chrome and Firefox, with its first version released back in 2018. This plugin verifies that you are not a bot automatically and awards you with a cryptographic token (Privacy Access Token – PAT) that serves as a pass on CAPTCHA-protected websites. The extension analyzes your behavior while you browse, so there is no need to stop to solve CAPTCHA puzzles. It turns out that there are plenty of ways to figure out that there is a human being behind the browser by analyzing what and how the client does.

Cloudflare CAPTCHA pages accept PATs, and it seems reasonable to believe that manual CAPTCHA will be driven out from use very soon. What is even more promising is that Apple gives Privacy Pass a huge recognition boost by including it in the upcoming operating systems, iOS 16 and macOS Ventura.

Standard CAPTCHAs for manual solving will probably linger for some time, though, to welcome users who either haven’t yet earned an access token during their browsing session or clients whose behavior seems suspicious.

What’s wrong with CAPTCHA?

CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is fine; it’s just old. Its purpose is to make automatized attacks such as DDoS (and other bot-activity on websites) impossible. But it turns out that there are ways to provide smooth and seamless verification of users being humans without forcing them to solve puzzles. Checkpoints, where you have to stop and perform actions, are real trouble for marketing – users just hate them.

A click farm interior
Click farm. Image: Diggit Magazine.

Moreover, back in 2013, a CAPTCHA-beating neural network showed up. It solved test jigsaws with 99.8% accuracy, which is a better-than-human result. After nine years, machine learning algorithms only improved.

Another phenomenon is connected to CAPTCHA bypassing. There are entire click farms – offices where specially trained people do nothing else but solve CAPTCHA puzzles to let bots enter protected websites. The bots deliver the tasks they face on websites to human clickers and then receive them back solved via a special API.

So, CAPTCHA is getting closer and closer to obsolete. It is beatable and annoying. Why not replace it with something high-end like Privacy Pass?

The post Privacy Access Tokens to Replace CAPTCHA Real Soon appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/privacy-access-tokens-to-replace-captcha-real-soon/feed/ 0 8851
Google Report Companies Creating Mobile Spyware for Governments https://gridinsoft.com/blogs/google-reports-italian-spyware/ https://gridinsoft.com/blogs/google-reports-italian-spyware/#respond Fri, 24 Jun 2022 11:36:39 +0000 https://gridinsoft.com/blogs/?p=8834 Google Reveals An Italian Company to Sell Android and iOS Spyware to Governments In its blog, Google has published a report revealing that multiple companies have been crafting and selling spyware exploiting mobile devices’ zero-day vulnerabilities discovered by Google specialists last year. The post includes code fragments from the disputed malware. Over 30 companies turned… Continue reading Google Report Companies Creating Mobile Spyware for Governments

The post Google Report Companies Creating Mobile Spyware for Governments appeared first on Gridinsoft Blog.

]]>
Google Reveals An Italian Company to Sell Android and iOS Spyware to Governments

In its blog, Google has published a report revealing that multiple companies have been crafting and selling spyware exploiting mobile devices’ zero-day vulnerabilities discovered by Google specialists last year. The post includes code fragments from the disputed malware.

Over 30 companies turned out to create and sell surveillance-aimed pieces of software, with overall 7 out of 9 Google-revealed vulnerabilities being exploited mostly for the needs of government-related actors in different states.

Thus, being consistent with a previously made report by the Lookout Inc. security software company, the Google research shows that RCS Lab S.p.A. (headquarters in Milan, Italy) has designed infecting spyware for Android and iOS devices to be used in Italy and Kazakhstan by governments of these countries. Lookout Inc. has traced the connection between the Italian company and the modular spyware Hermit, deployed in Kazakhstan. Lookout Inc. stressed that despite reasoning about the benignancy of the pro-governmental spyware development (done by companies like RCS Lab,) in reality, such software often ends up in the wrong hands and is used to spy on businesses and individuals.

Google experts express concerns about surveillance capacities moving from being exclusively accessible to governments to being created, sold, and potentially used by private organizations. Such a state of affairs brings new threats and wreaks chaos into the digital world.

As for RCS Lab, the company states on its official LinkedIn page that it “has been operating since 1993 in the world market of services in support of the investigative activity of Government Bodies“. To decide whether this self-presentation justifies creating surveillance malware for Kazakhstan and, earlier, Chile, Pakistan, Mongolia, Bangladesh, Myanmar, Vietnam, Turkmenistan, and Syria is up to our readers.

Zero-day vulnerabilities are the software or hardware defects that exist after the product’s release and before the issue of relevant patches. Vulnerabilities do not necessarily get exploited. That is why some of them remain either unnoticed or unused for years. Techniques, programs, pieces of code, and data items used to benefit from a vulnerability are called exploits.

The post Google Report Companies Creating Mobile Spyware for Governments appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/google-reports-italian-spyware/feed/ 0 8834
Cybersecurity expert created an exploit to hack iPhone via Wi-Fi https://gridinsoft.com/blogs/cybersecurity-expert-created-an-exploit-to-hack-iphone-via-wi-fi/ https://gridinsoft.com/blogs/cybersecurity-expert-created-an-exploit-to-hack-iphone-via-wi-fi/#respond Thu, 03 Dec 2020 21:43:34 +0000 https://blog.gridinsoft.com/?p=4795 Google Project Zero expert Ian Beer has demonstrated an exploit to hack iPhone and other iOS devices remotely and without user interaction. The underlying critical vulnerability CVE-2020-3843, discovered by the researcher, made it possible to remotely steal sensitive data from any device in the Wi-Fi hotspot without any user’s interaction. The exploit, which Bier worked… Continue reading Cybersecurity expert created an exploit to hack iPhone via Wi-Fi

The post Cybersecurity expert created an exploit to hack iPhone via Wi-Fi appeared first on Gridinsoft Blog.

]]>
Google Project Zero expert Ian Beer has demonstrated an exploit to hack iPhone and other iOS devices remotely and without user interaction.

The underlying critical vulnerability CVE-2020-3843, discovered by the researcher, made it possible to remotely steal sensitive data from any device in the Wi-Fi hotspot without any user’s interaction.

The exploit, which Bier worked on alone for six months, allows “to view all photos, read all e-mail, copy all private messages and track everything that happens [on the device] in real time.”

Since Apple engineers fixed the problem back in the spring of this year (within the framework of iOS 13.3.1, macOS Catalina 10.15.3 and watchOS 5.3.7), and the researcher has now disclosed details of the problem and even demonstrated an attack in action.

The root of the problem was a ‘rather trivial buffer overflow error’ in the Wi-Fi driver related to Apple’s Wireless Direct Link (AWDL), a proprietary network protocol developed by Apple for use with AirDrop, AirPlay, and so on. which was intended to simplify the exchange of data between Apple devices.says Ian Beer.

The video below shows how, using an iPhone 11 Pro, Raspberry Pi, and two Wi-Fi adapters, the researcher were capable of remotely reading and writing of random kernel memory. Beer used all of this to inject shellcode into kernel memory through exploiting the victim process, escaping the sandbox, and retrieving user data.

Essentially, a potential attacker needed to attack the AirDrop BTLE infrastructure in order to enable the AWDL interface. This was done through brute-force hash values of the contact (after all, usually users provide AirDrop with access only to their contacts), and then an AWDL buffer overflow.

As a result, it was possible to gain access to the device and run malware with root privileges, which gave the attacker complete control over the user’s personal data, including email, photos, messages, iCloud data, as well as passwords and cryptographic keys from the Keychain, and much more.

Even worse, such an exploit could have the potential of a worm, that is, it could spread from one device to another “by air” and again without user intervention.

Beer notes that this vulnerability was not exploited by cybercriminals, but the hacking community and “exploit vendors seem to be interested in the released fixes.”

I also wrote that Researcher remotely hacked iPhone using only one vulnerability.

And always remember that US authorities can hack the iPhone, but may have difficulties with Android.

The post Cybersecurity expert created an exploit to hack iPhone via Wi-Fi appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/cybersecurity-expert-created-an-exploit-to-hack-iphone-via-wi-fi/feed/ 0 4795
Google experts talked about vulnerabilities in Apple operating systems https://gridinsoft.com/blogs/google-experts-talked-about-vulnerabilities-in-apple-operating-systems/ https://gridinsoft.com/blogs/google-experts-talked-about-vulnerabilities-in-apple-operating-systems/#respond Fri, 01 May 2020 10:53:54 +0000 https://blog.gridinsoft.com/?p=3736 Google Project Zero specialists discovered and described many vulnerabilities in Apple’s operating systems. For example, they are part of the Image I/O framework, which is used for parsing images and is part of iOS, macOS, tvOS and watchOS. Overall were identified 14 vulnerabilities, six of which directly affect Apple Image I/O, and eight more problems… Continue reading Google experts talked about vulnerabilities in Apple operating systems

The post Google experts talked about vulnerabilities in Apple operating systems appeared first on Gridinsoft Blog.

]]>
Google Project Zero specialists discovered and described many vulnerabilities in Apple’s operating systems. For example, they are part of the Image I/O framework, which is used for parsing images and is part of iOS, macOS, tvOS and watchOS.

Overall were identified 14 vulnerabilities, six of which directly affect Apple Image I/O, and eight more problems are associated with the OpenEXR open source library, which is used to parse EXR images and comes with Image I/O.

“None of the detected bugs, as well as the proof-of-concept exploits presented for them, can be used to take control of a vulnerable device, but it is emphasized that the experts did not study this issue carefully, as their goal was not this”, – write the researchers.

It is studied that hackers can exploit discovered problems through popular messaging applications. To do this, just send a specially crafted file to the potential victim. At the same time, researchers acknowledge that some vulnerabilities can most likely be used for remote code execution, and without any user interaction. Or may be just the Google Project Zero team didn’t go deep into studying this aspect of the problem.

The first vulnerability that Apple reported was a buffer overflow, affecting the use of libTiff in Apple Image I / O. This bug has not yet received its own CVE identifier.

“The following were also discovered: out-of-bounds heap reading when processing DDS images (CVE-2020-3826) or JPEG images (CVE-2020-3827) with invalid size parameters; off-by-one error in the PVR decoding logic (CVE-2020-3878) and a related bug in the PVR decoder (CVE-2020-3878); as well as out-of-bounds reading when processing OpenEXR images (CVE-2020-3880)”, – said in Google Project Zero.

The latter problem, in fact, arose in the third-party OpenEXR library that came with Image I/O.

Interestingly, this vulnerability could not be reproduced in the latest version of OpenEXR, that is, Apple seems to have used an outdated version of the library. As a result, the researchers decided first report the problem directly to Apple, and not to the OpenEXR authors.

Having discovered this bug, experts decided to pay more attention to OpenEXR itself and quickly revealed another portion of vulnerabilities: out-of-bounds record (CVE-2020-11764); out-of-bounds read std::vector (CVE-2020-11763); out-of-bounds memcpy (CVE-2020-11762); out-of-bounds reading image element data and other data structures (CVE-2020-11760, CVE-2020-11761, CVE-2020-11758); out-of-bounds read on the stack (CVE -2020-11765); and integer overflow (CVE-2020-11759).

“To date, all vulnerabilities have already been fixed. Six issues in Image I / O code were fixed in January and April, while bugs in OpenEXR were fixed in February, with the release of version 2.4.1.”, – reports the research team.

Experts hope that their analysis will serve as a starting point for further study of Image I/O, as well as other components used for image processing and multimedia on Apple devices. The fact is that the Image I/O framework plays an important role in the ecosystem of Apple applications, comes as part of iOS, macOS, tvOS and watchOS, which means it provides an extensive landscape for various attacks, and should be protected as best as possible.

At the same time, the researchers emphasize that obviously not all the weaknesses of Image I/O were clearly detected, since they used fuzzing without access to the source codes. At Google Project Zero, they hinted that such an analysis is best done by the developers themselves, who have access to the sources.

Analysts also believe that in the future, Apple should give application developers the opportunity independently limit the types of image formats that can be processed using Image I / O. This should prevent exotic file formats from delivering malware through Image I/O.

Well, I recently told, for example, that vulnerabilities allowed access to cameras on Mac, iPhone and iPad. Once upon a time legends were said about the safety of Apple products, and now, as we see, Google is gloating over them.

The post Google experts talked about vulnerabilities in Apple operating systems appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/google-experts-talked-about-vulnerabilities-in-apple-operating-systems/feed/ 0 3736
For iOS was discovered a new exploit, with the help of which China traced the Uyghurs https://gridinsoft.com/blogs/for-ios-was-discovered-a-new-exploit-with-the-help-of-which-china-traced-the-uyghurs/ https://gridinsoft.com/blogs/for-ios-was-discovered-a-new-exploit-with-the-help-of-which-china-traced-the-uyghurs/#respond Wed, 22 Apr 2020 16:30:29 +0000 https://blog.gridinsoft.com/?p=3702 Specialists of the information security company Volexity discovered a new exploit for iOS called Insomnia. According to the researchers, the malware associated with the efforts of the Chinese authorities to trace the Muslim national minority, the Uyghurs, who live mainly in Xinjiang province. Researchers say that Insomnia works against iOS versions 12.3, 12.3.1 and 12.3.2.… Continue reading For iOS was discovered a new exploit, with the help of which China traced the Uyghurs

The post For iOS was discovered a new exploit, with the help of which China traced the Uyghurs appeared first on Gridinsoft Blog.

]]>
Specialists of the information security company Volexity discovered a new exploit for iOS called Insomnia. According to the researchers, the malware associated with the efforts of the Chinese authorities to trace the Muslim national minority, the Uyghurs, who live mainly in Xinjiang province.

Researchers say that Insomnia works against iOS versions 12.3, 12.3.1 and 12.3.2. Moreover, Apple fixed the vulnerability in the heart of the exploit back in July 2019 by releasing iOS 12.4.

The exploit was actively used against users in the period from January to March 2020. According to the company, it was downloaded to the devices of users who visited a number of Uyghur sites (in particular akademiye[.]Org).

After infection, Insomnia provided root access to infected devices, and attackers used this to steal unencrypted messages from various instant messengers, email, photos, contact lists and location data.

Discovered new exploit for iOS
Scheme of the attack

Thus, all iOS users who visited infected with the Insomnia sites were vulnerable to hacking. The exploit could be launched through any browser on the phone, since they all use WebKit. Volexity analysts have confirmed the success of attacks on devices running iOS 12.3.1 through the mobile browsers Apple Safari, Google Chrome and Microsoft Edge.

“This campaign was launched by Evil Eye. It is believed that this is a hacked group sponsored by the Chinese authorities and spying on the Uyghur Muslim minority”, – reports Volexity.

Let me remind you that in the summer of 2019, Volexity and Google discovered another Evil Eye campaign. Then, hackers used 14 vulnerabilities in iOS, which were grouped into five exploit chains and were used against users since 2016. Then it was also a classic attack of the “watering hole” type. Such attacks received their named by analogy with the tactics of predators, who hunt near a watering hole, waiting for prey – for animals that came to drink.

Now, Volexity notes that when Google drew attention to the problem, Evil Eye closed its infrastructure and stopped using old exploits. Instead, in January 2020, hackers switched to Insomnia.

Compared to the 14 exploits that were used before, Insomnia has a number of improvements. So, earlier, attackers could steal victims’ GPS coordinates, photos from the iOS Photos application, contacts, emails from Gmail, as well as messages from Whatsapp, Telegram, WeChat, IMessage and Hangouts. Now, this functionality has been expanded and is working for ProtonMail emails and images sent through the Signal application.

“The inclusion of Signal and ProtonMail [in the list] may indicate that Uyghurs are aware of potential communications surveillance and are trying to use more secure applications to avoid this”, – write the experts.

As in previous cases, Insomnia cannot reliably gain a foothold in the system, so a simple reboot of the device will save it from malicious code. At the same time, the researchers warn that this does not mean that the attackers could not achieve a stable presence on the device at all. Perhaps this just required more subtle manual tuning, after checking the victim.

In general, we live in a time when government surveillance of citizens is not unusual, let’s recall the UAE with the ToTok Arab messenger. Perhaps after quarantine restrictions citizens and more democratic countries will not be against such measures.

The post For iOS was discovered a new exploit, with the help of which China traced the Uyghurs appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/for-ios-was-discovered-a-new-exploit-with-the-help-of-which-china-traced-the-uyghurs/feed/ 0 3702
US authorities can hack iPhone, but may have difficulties with Android https://gridinsoft.com/blogs/us-authorities-can-hack-iphone-but-may-have-difficulties-with-android/ https://gridinsoft.com/blogs/us-authorities-can-hack-iphone-but-may-have-difficulties-with-android/#respond Fri, 31 Jan 2020 16:47:04 +0000 https://blog.gridinsoft.com/?p=3410 Although the US authorities are persistent in waging a “cryptographic war” with technology companies, demanding weakening of encryption, they already have technical tools for cracking any phone. For example, US authorities can certainly hack any iPhone. Firstly, law enforcement agencies are successfully using forensic tools for mobile devices (for example, the FBI managed to crack… Continue reading US authorities can hack iPhone, but may have difficulties with Android

The post US authorities can hack iPhone, but may have difficulties with Android appeared first on Gridinsoft Blog.

]]>
Although the US authorities are persistent in waging a “cryptographic war” with technology companies, demanding weakening of encryption, they already have technical tools for cracking any phone. For example, US authorities can certainly hack any iPhone.

Firstly, law enforcement agencies are successfully using forensic tools for mobile devices (for example, the FBI managed to crack the iPhone 11 Pro Max using the GrayKey tool).

Secondly, as demonstrated results of a series of tests conducted by the US National Institute of Standards and Technology (NIST) over the past year, the manufacturers of these tools have been very successful in reverse engineering of smartphones.

“During the study, NIST experts tested the tools manufactured by Cellebrite, Grayshift and MSAB. Recall that in 2019 Cellebrite updated its premium tool for breaking encryption of iOS and Android UFED devices”, – reports NIST.

As NIST studies show, the current version of UFED 4PC allows receiving GPS coordinates, messages, call logs and contacts from iPhone X and from almost all earlier models. Researchers have also been able partially retrieve data from Twitter, LinkedIn, Instagram, Pinterest, and Snapchat. Against newer iPhone models, the tool was mostly useless.

It is noteworthy that UFED 4PC copes with Android devices much worse than with the iPhone. For example, the tool was not able to extract social network data, GPS and browser history from Google Pixel 2 and Samsung Galaxy S9. In addition, UFED was unable to access messages on the Ellipsis 8 and Galaxy Tab S2 tablets. With the Huawei P20 Pro, the tool does not work at all.

“Now we can hack the iPhone. A year ago, we could not hack the iPhone, but we were able to deal with all Android devices. Now we cannot hack many Android devices”, – told Motherboard reporters detective Rex Kieser.

According to Kieser, Cellebrite is currently the market leader in mobile hacking tools (with the exception of the iPhone). The main provider of iPhone hacking tools is Grayshift. Its tool GrayKey costs as much as $15-30 thousand and can crack encryption on any iPhone.

Well, some states release special applications to monitor their citizens, while other governments hire hackers to maintain cyber war with both external and internal enemies. It is your decision which side you take and what should be a priority: control and a promise of security from the state or confidentiality. As you see, there is practically no protection against targeted hacking, but just in case, check your devices with Gridinsoft products, maybe you are already being watched, probably not by the state, but by some amateur hacker.

The post US authorities can hack iPhone, but may have difficulties with Android appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/us-authorities-can-hack-iphone-but-may-have-difficulties-with-android/feed/ 0 3410