Posts Tagged ‘iphone’

Undocumented iOS Features left Hidden Backdoors Open in 600 Million Apple Devices

Tuesday, July 22nd, 2014

ios vulnerable

A well known iPhone hacker and forensic scientist has unearthed a range of undocumented and hidden functions in Apple iOS mobile operating system that make it possible for a hacker to completely bypass the backup encryption on iOS devices and can steal large amounts of users’ personal data without entering passwords or personal identification numbers.Data forensics expert named Jonathan Zdziarski has posted the slides PDF titled “Identifying Backdoors, Attack Points, and Surveillance Mechanisms in iOS Devices” showing his findings, from his talk at the Hackers On Planet Earth HOPE X conference held in New York on Friday.Jonathan Zdziarski, better identified as the hacker "NerveGas" in the iPhone development community, worked as dev-team member on many of the early iOS jailbreaks and is also the author of five iOS-related O’Reilly books including "Hacking and Securing iOS Applications."The results of his overall research on the iOS devices indicate a backdoor into iOS device’ operating system, although it is not at all that much widely open as a number of reports have suggested.You can protect your iOS device settings, Messages, Camera Roll, documents, saved games, email account passwords, Wi-Fi passwords, and passwords that you enter into websites using iTunes Backup feature. iTunes also allows users to protect their backup data with an encryption.

via Undocumented iOS Features left Hidden Backdoors Open in 600 Million Apple Devices.

Meet ‘Project Zero,’ Google’s Secret Team of Bug-Hunting Hackers | Threat Level | WIRED

Tuesday, July 15th, 2014

When 17-year-old George Hotz became the world’s first hacker to crack AT&T’s lock on the iPhone in 2007, the companies officially ignored him while scrambling to fix the bugs his work exposed. When he later reverse engineered the Playstation 3, Sony sued him and settled only after he agreed to never hack another Sony product.

When Hotz dismantled the defenses of Google’s Chrome operating system earlier this year, by contrast, the company paid him a $150,000 reward for helping fix the flaws he’d uncovered. Two months later Chris Evans, a Google security engineer, followed up by email with an offer: How would Hotz like to join an elite team of full-time hackers paid to hunt security vulnerabilities in every popular piece of software that touches the internet?

Today Google plans to publicly reveal that team, known as Project Zero, a group of top Google security researchers with the sole mission of tracking down and neutering the most insidious security flaws in the world’s software. Those secret hackable bugs, known in the security industry as “zero-day” vulnerabilities, are exploited by criminals, state-sponsored hackers and intelligence agencies in their spying operations. By tasking its researchers to drag them into the light, Google hopes to get those spy-friendly flaws fixed. And Project Zero’s hackers won’t be exposing bugs only in Google’s products. They’ll be given free rein to attack any software whose zero-days can be dug up and demonstrated with the aim of pressuring other companies to better protect Google’s users.

via Meet ‘Project Zero,’ Google’s Secret Team of Bug-Hunting Hackers | Threat Level | WIRED.

Cyberattack that locked Apple devices in Australia reaches U.S. – CBS News

Wednesday, May 28th, 2014

First came reports of a widespread hack of Apple devices in Australia — the attacker locked the devices remotely and demanded ransom from the owners. Now, CBS Los Angeles reports the scam appears to have reached the U.S.Earlier this week, many Australian owners of Apple devices began discovering that their iPhones, iPads and Macs had been hacked by someone using the name Oleg Pliss. They were directed to a PayPal account and told to send money to have them unlocked, the Sydney Morning Herald reported.A majority of victims affected by the hack so far appear to be from Australia, according to an Apple support thread, but there were also owners affected in New Zealand, the U.S. and Canada.

One Australian user commented that they had been in London when the threatening message appeared.”I’m in the U.S. Never been to Australia. Hacked last night by the Oleg Pliss nonsense. Currently restoring to try and get back online,” wrote user wheelman2188.The hacker is reportedly targeting Apple products that do not have passcodes — allowing for them to use the “Find My iPhone” function to remotely lock the devices.”I thought it was a joke, and I was like ‘Yeah yeah, whatever’, and went to open my phone, and nothing,” Southern California victim Nathan Sohm told CBS Los Angeles. “The whole reason I got into Apple was to prevent hacks and viruses. And here it is being hacked,” he added.Just like their Australian counterparts, American victims of the hack are being advised to bring in their locked device to an Apple store to be reset. However, this will cause the user to lose everything stored on the device, an employee from a California Apple store told CBS Los Angeles.On Wednesday, an Apple representative told ZDNET that iCloud was not compromised, and urged users to change their Apple passwords.”Apple takes security very seriously and iCloud was not compromised during this incident. Impacted users should change their Apple ID password as soon as possible and avoid using the same username and password for multiple services,” the company said in a statement.The cyber attack happened just as Apple is preparing for its annual Worldwide Developers Conference next week. The company reportedly has plans to unveil a new “smart home” control system at the conference.

via Cyberattack that locked Apple devices in Australia reaches U.S. – CBS News.

Who Needs Keys? Siri Hack equates to Digital Jigglerz

Friday, April 18th, 2014

GoogolPlex answers your commands in one of two ways, depending on your request. Conversational requests, like “tell me a joke,” will simply show up as HTML on your phone’s web browser. However, app-based commands such as “GoogolPlex, post a pficture to Instagram,” use a redirect scheme to open the appropriate software.

It might sound a bit technical, but using GoogolPlex is fairly straightforward — and you can try it today without jailbreaking your phone or downloading anything. After signing up on BetterThanSiri.com, you’ll simply open your iPhone’s WiFi settings and change your HTTP Proxy settings to Auto with “http://totally.betterthansiri.com” in the URL box.

The Four Loop mentions that third-party app integration won’t work until GoogolPlex hits the App Store, but you can try a few demo commands such as “GoogolPlex, tell me a programming joke.” The Four Loop has ambitious plans for its Siri hack, as the GoogolPlex concept video shows a user interacting with Nest home electronics, opening specific Spotify songs and unlocking a car door all with voice commands.

Apple will likely beef up Siri for iOS 8, but it looks like GoogolPlex beat it to the punch.

via Who Needs Keys? This Siri Hack can Unlock Your Car – NBC News.com.

Billions of Smartphone Users affected by Heartbleed Vulnerability – The Hacker News

Monday, April 14th, 2014

Billions of Smartphone Users affected by Heartbleed Vulnerability

Heartbleed has left a worst impression worldwide affecting millions of websites and is also supposed to put millions of Smartphones and tablets users at a great risk.

Android blackberry apple iphone heartbleed

Heartbleed is a critical bug (CVE-2014-0160) in the popular OpenSSL cryptographic software library, that actually resides in the OpenSSL’s implementation of the TLS/DTLS heartbeat extension, which allows attackers to read portions of the affected server’s memory, potentially revealing users data such as usernames, passwords, and credit card numbers, that the server did not intend to reveal.

via Billions of Smartphone Users affected by Heartbleed Vulnerability – The Hacker News.

Gevey Mobile GSM Sim Hacking – GSM Howto

Thursday, February 13th, 2014

Learn How Gevey SIM Interposer Can Unlock your iPhone
image

How Gevey SIM unlock your iPhone? When you search the internet, you can get a lot of information about the Gevey Sim.

However, there isn’t any information about how the Gevey Sim or how other Sim hacks work inunlocking the devices. Not to worry, as in thisarticle you will get to know how these unlockinghacks work.

Gevey Sim is a Sim interposer, and it holds criticalinformation in it like the IMSI number. Don’t know what the IMSI number is? Well, it is a unique code that corresponds to the account of a person in the carrier’s database. There are 15 numbers present in the IMSI number, and each represents something important, for example, in: 475 230 834769475, the digits ‘475’ are the Mobile Country Code or the MCC and the digits ‘230’ make up, the Mobile Network Code(MNC) or the carrier.

If the baseband of the iPhone is loaded into storage, then it verifies the MCC and the MNC with its own network lock state, which is located in the sec-zone. The cell radio is activated when the digit’scombination is authorized.

iPhone 4 with Gevey SIM
IMSI was checked two times following the device’s reboot in earlier times; however, these days the first connection to a network doesn’t only include the IMSI number; a 4-byte TMSI is also present to determine each device before the IMSI number is shipped and processed.

The base station transfers a 16-byte code to the handset, where it is signed by using a 128bit DES key and is then delivered back. The IMSI isn’t that important if your key is legitimate. Due to this technique of SIM hacks, Data Roaming has been allowed to permit a data connection. This means that even though the device is presumed to be roaming around, the network is still able to identify the device as a home owner.

Keep in mind that SIM hacks can be unreliable and that is why it is advised that you place the hacked SIM in your jailbroken iPhone in order to keep the link healthy. Talking about New Gevey SIM, the developers say they aren’t able to find an exploit yet but they are working day and night on it and will release the unlock iPhone 4 baseband 4.11.08 Gevey SIM as soon as possible.

However, they may be late as we heard that R-SIM 4’s production has started and it will be released soon. If you don’t want to wait for R-SIM 4 or Gevey SIM, you can use these 5 simple steps to unlock iPhone 44.11.08 baseband with AT&T. You can also use AT&T online support chat.

Read unlockboot

image