Jul 21 2016

Snowden designs device to warn when an iPhone is ratting out users

A conceptual rendering of a “battery case” style introspection engine for an iPhone6. (credit: https://www.pubpub.org/pub/direct-radio-introspection)

Mobile devices have without a doubt brought convenience to the masses, but that benefit comes at a high price for journalists, activists, and human rights workers who work in war-torn regions or other high-risk environments. Now, NSA whistleblower Edward Snowden has designed an iPhone accessory that could one day be used to prevent the devices from leaking their whereabouts.

Working with renowned hardware hacker Andrew “Bunnie” Huang, Snowden has devised the design for what the team is calling the "Introspection Engine." For now, it's aimed only at iPhone 6 models, but eventually the pair hopes to create specifications for a large line of devices. Once built, the "field-ready" accessory would monitor various radio components inside the phone to confirm they're not transmitting data when a user has put the device into airplane mode. The hardware is designed to be independent from the mobile device, under the assumption that malware-infected smartphones are a fact of life in high-risk environments.

Detecting intoxicated smartphones

"Malware packages, peddled by hackers at a price accessible by private individuals, can activate radios without any indication from the user interface," Huang and Snowden wrote in a blog post published Thursday. "Trusting a phone that has been hacked to go into airplane mode is like trusting a drunk person to judge if they are sober enough to drive."

Read 3 remaining paragraphs | Comments

Jan 20 2016

iOS cookie theft bug allowed hackers to impersonate users

Apple has squashed a bug in its iOS operating system that made it possible for hackers to impersonate end users who connect to websites that use unencrypted authentication cookies.

The vulnerability was the result of a cookie store iOS shared between the Safari browser and a separate embedded browser used to negotiate "captive portals" that are displayed by many Wi-Fi networks when a user is first joining. Captive portals generally require people to authenticate themselves or agree to terms of service before they can gain access to the network.

According to a blog post published by Israeli security firm Skycure, the shared resource made it possible for hackers to create a booby-trapped captive portal and associate it with a Wi-Fi network. When someone with a vulnerable iPhone or iPad connected, it could steal virtually any HTTP cookie stored on the device. Skycure researchers wrote:

Read 1 remaining paragraphs | Comments

Sep 16 2015

Apple mitigates but doesn’t fully fix critical iOS Airdrop vulnerability

Apple his mitigated a critical iOS vulnerability that allows attackers within Bluetooth range of an iPhone to install malicious apps using the Airdrop filesharing feature.

Mark Dowd, the security researcher who discovered the bug and privately reported it to Apple, told Ars that the vulnerability has been mitigated in iOS 9, which Apple released Wednesday. But he went on to say that the underlying bug still hasn't been fixed. As he demonstrated in the following video, the bug allows attackers who briefly have physical access to a vulnerable iPhone or who are within Bluetooth range of it, to install an app that the device will trust without prompting the user with a warning dialog.

iOS 8.4.1 AirDrop Exploit Demo.

Dowd used an enterprise certificate Apple makes available to developers so large organizations can install custom apps on large fleets of iPhones. As a result, the apps his technique installs don't generate a dialog that warns the end user that the app is signed by a third party and asking for approval to proceed. He said another method for bypassing iOS code-signing restrictions would be to combine his Airdrop hack with jailbreak exploit, such as the TaiG jailbreak that Apple recently patched with version 8.4 of iOS.

Read 1 remaining paragraphs | Comments

Aug 31 2015

Malware infecting jailbroken iPhones stole 225,000 Apple account logins

A newly discovered malware family that preys on jailbroken iPhones has collected login credentials for more than 225,000 Apple accounts, making it one of the largest Apple account compromises to be caused by malware.

KeyRaider, as the malware family has been dubbed, is distributed through a third-party repository of Cydia, which markets itself as an alternative to Apple's official App Store. Malicious code surreptitiously included with Cydia apps is creating problems for people in China and at least 17 other countries, including France, Russia, Japan, and the UK. Not only has it pilfered account data for 225,941 Apple accounts, it has also disabled some infected phones until users pay a ransom, and it has made unauthorized charges against some victims' accounts.

Researchers with Palo Alto Networks worked with members of the Chinese iPhone community Weiphone after members found the unauthorized charges. In a blog post published Sunday, the Palo Alto Networks researchers wrote:

Read 2 remaining paragraphs | Comments