Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label iPhone Hacks. Show all posts
Spyware
Apple Cyber Security data security iPhone Hacks Mobile Hacking Mobile Spyware Pegasus Pegasus Spyware Spyware

Apple Alerts Pegasus-like Attack on Indian Activists and Leaders

 

On July 10, two individuals in India received alarming notifications from Apple, Inc. on their iPhones, indicating they were targeted by a “mercenary” attack. This type of spyware allows attackers to infiltrate personal devices, granting access to messages, photos, and the ability to activate the microphone and camera in real time. Apple had previously described these as “state-backed” attacks but revised the terminology in April. 

Iltija Mufti, political adviser and daughter of former Jammu and Kashmir Chief Minister Mehbooba Mufti, and Pushparaj Deshpande, founder of the Samruddha Bharat Foundation, reported receiving these alerts. Both Mufti and Deshpande confirmed to The Hindu that they had updated their phones and planned to have them forensically examined. A spokesperson for Apple in India did not provide an immediate comment. 

Although the alert did not specifically mention state involvement, it cited Pegasus spyware as an example. Pegasus, developed by the Israeli NSO Group Technologies, is exclusively sold to governments. The Indian government has not confirmed or denied using Pegasus and declined to participate in a Supreme Court-ordered probe into its deployment. This is the first instance in months where such spyware alerts have been issued. 

The last known occurrence was in October, when Apple devices belonging to Siddharth Varadarajan of The Wire and Anand Mangnale of the Organized Crime and Corruption Report Project received similar warnings. Forensic analysis later confirmed they were targeted using vulnerabilities exploited by Pegasus clients. Both Mufti and Deshpande criticized the Union government, accusing it of using Pegasus. Mufti stated on X (formerly Twitter), “BJP shamelessly snoops on women only because we refuse to toe their line,” while Deshpande highlighted the government’s misplaced priorities, focusing on deploying Pegasus rather than addressing India’s significant challenges. 

An international investigation in 2021 by the Forbidden Stories collective exposed widespread targeting of civil society organizations, opposition politicians, and journalists with Pegasus spyware. The Indian government denied illegal activity but did not clearly confirm or deny the use of Pegasus. Alleged targets included Rahul Gandhi, former Election Commissioner Ashok Lavasa, student activist Umar Khalid, Union Minister Ashwini Vaishnaw, the Dalai Lama’s entourage, and individuals implicated in the 2018 Bhima Koregaon violence.
Read more »
USB
Data Breach FBI iPhone Hacks Juice Jacking Personal Data Personal Information Software Unauthorized access USB

FBI Warns of Hackers Exploiting Public Charging Stations to Steal iPhone Data

The FBI has issued a warning about a new threat targeting iPhone users - hackers using public charging stations to steal personal data. As the popularity of public charging stations continues to grow, so does the risk of falling victim to this type of cyber attack.

The technique, known as 'juice jacking,' involves hackers installing malicious software on charging stations or using counterfeit charging cables to gain access to users' iPhones. Once connected, these compromised stations or cables can transfer data, including contacts, photos, and passwords, without the user's knowledge.

The FBI's warning comes as a reminder that convenience should not outweigh security. While it may be tempting to plug your iPhone into any available charging port, it is essential to exercise caution and take steps to protect your personal information.

To safeguard against juice jacking attacks, the FBI and other cybersecurity experts offer several recommendations. First and foremost, it is advisable to avoid using public charging stations altogether. Instead, rely on your personal charger or invest in portable power banks to ensure your device remains secure.

If using public charging stations is unavoidable, there are additional precautions you can take. One option is to use a USB data blocker, commonly known as a 'USB condom,' which blocks data transfer while allowing the device to charge. These inexpensive devices act as a protective barrier against any potential data compromise.

It is also crucial to keep your iPhone's operating system and applications up to date. Regularly installing updates ensures that your device has the latest security patches and protections against known vulnerabilities.

Furthermore, using strong, unique passcodes or biometric authentication methods, such as Face ID or Touch ID, adds an extra layer of security to your device. Additionally, enabling two-factor authentication for your Apple ID and regularly monitoring your device for any suspicious activity are proactive steps to safeguard your data.

The FBI's warning serves as a timely reminder of the evolving threats in the digital landscape. As technology advances, so do the tactics employed by hackers. Staying informed and adopting best practices for cybersecurity is essential to protect personal information from unauthorized access.

The FBI's warning emphasizes the possible dangers of using public charging stations as well as the significance of taking safeguards to safeguard iPhone data. Users can lessen their risk of becoming a victim of juice jacking attacks and maintain the confidentiality of their personal information by exercising caution and adhering to suggested security measures.
Read more »
Visa
Exploits iOS iOS security iPhone iPhone Hacks Mobile Security Security Flaws Visa

Researchers Make Contactless Visa Payment Using iphone Flaw

 

Cybersecurity experts in a video showed how to make a contactless Visa payment of €1,000 from a locked iphone. These unauthorised payments can be made while the iPhone is locked, it is done via exploiting an Apple Pay feature built to assist users transaction easily at ticket barriers payments with Visa. 

Apple responded by saying the problem is concerned with a Visa system. However, Visa says that its payments are safe and the such attacks lie outside of its lab and are impractical. Experts believe that the problem exists in the Visa cards setup in 'Express Transit' mode in iPhone wallet. 

It is a feature (express transit) which allows users to make fast contactless payments without unlocking their phone. However, the feature turned out to be a drawback with Visa system, as experts found a way to launch an attack. While scientists demonstrated the attack, the money debited was from their personal accounts. 

How does the attack look? 

  • A small radio is placed beside the iPhone, the device thinks of it as a legit ticket barrier. 
  • Meanwhile an android phone runs an application to relay signals (developed by experts) from the iPhone to a contactless transaction platform, it could be in a shop or a place that is controlled by the criminal. 
  • As the iPhone thinks the payment is being done to a ticket barrier, it doesn't unlock. 
However, the iPhone's contact with the transaction platform is altered to make it think that the iPhone has been unlocked and an authorized payment is done which allows high value payments, without the need of fingerprint, PIN, or Face Id verification. 

The experts while demonstrating in a video did a €1,000 Visa transaction without unlocking the iPhone, or authorizing the payment. According to experts, the payment terminals and android phones used here don't need to near the targeted iPhone. 

As of now, the demonstration has only been done by experts in the lab and no reports of the feature exploit in the wild have been reported. "The researchers also tested Samsung Pay, but found it could not be exploited in this way.They also tested Mastercard but found that the way its security works prevented the attack. 

Co-author Dr Ioana Boureanu, from the University of Surrey, said this showed systems could be "both usable and secure". The research is due to be presented at the 2022 IEEE Symposium on Security and Privacy," reports BBC.
Read more »
Spyware
Apple Extortion Scheme iPhone Hacks malware Pegasus Spyware

Pegasus iPhone Hacks Used as Bait in Extortion Scam

 

A new extortion fraud attempts to profit from the recent Pegasus iOS spyware attacks to threaten victims to pay a blackmail demand. 

Last month, Amnesty International and the non-profit project Forbidden Stories disclosed that the Pegasus spyware was installed on completely updated iPhones via a zero-day zero-click iMessage vulnerability. 

A zero-click vulnerability is a flaw that can be exploited on a device without requiring the user's interaction. For instance, a zero-click hack would be a vulnerability that could be exploited just by visiting a website or getting a message. 

Governments are believed to have employed this spyware to eavesdrop on politicians, journalists, human rights activists, and corporate leaders worldwide. This week, a threat actor began contacting users, informing them that their iPhone had been compromised with a zero-click vulnerability that allowed the Pegasus spyware software to be installed. 

According to the fraudster, Pegasus has tracked the recipient's actions and captured recordings of them at "the most private moments" of their lives. According to the email, the threat actor will disseminate the recordings to the recipient's family, friends, and business partners if a 0.035 bitcoin (roughly $1,600) payment is not made. 

The full text of the email stated: 
"Hi there Hello, 
I'm going to share important information with you. 
Have you heard about Pegasus? 
You have become a collateral victim. It's very important that you read the information below. 
Your phone was penetrated with a “zero-click” attack, meaning you didn't even need to click on a malicious link for your phone to be infected. 
Pegasus is a malware that infects iPhones and Android devices and enables operators of the tool to extract messages, photos, and emails, record calls and secretly activate cameras or microphones and read the contents of encrypted messaging apps such as WhatsApp, Facebook, Telegram, and Signal.
Basically, it can spy on every aspect of your life. That's precisely what it did. I am a blackhat hacker and do this for a living. Unfortunately, you are my victim. Please read on. 
As you understand, I have used the malware capabilities to spy on you and harvested datas of your private life.
My only goal is to make money and I have perfect leverage for this. As you can imagine in your worst dream, I have videos of you exposed during the most private moments of your life when you are not expecting it. 
I personally have no interest in them, but there are public websites that have perverts loving that content. 
As I said, I only do this to make money and not trying to destroy your life. But if necessary, I will publish the videos. If this is not enough for you, I will make sure your contacts, friends, business associates and everybody you know sees those videos as well. 
Here is the deal. I will delete the files after I receive 0.035 Bitcoin (about 1600 US Dollars). You need to send that amount here bc1q7g8ny0p95pkuag0gay2lyl3m0emk65v5ug9uy7 
I will also clear your device from malware, and you keep living your life. Otherwise, shit will happen. The fee is non-negotiable, to be transferred within 2 business days. 
Obviously do not try to ask for any help from anybody unless you want your privacy to be violated. 
I will monitor your every move until I get paid. If you keep your end of the agreement, you won't hear from me ever again. 
Take care." 

Apparently, the bitcoin address indicated in the sample email seen by BleepingComputer has not received any payments. However, other bitcoin addresses might be utilized in this fraud. One may believe that no one would fall for this swindle, yet similar methods in the past have fetched over $50,000 in a week.
Read more »
Mobile Security
Cyber Hacking Hacking iPhone iPhone Hacks iPhone Malware Mobile Security

iPhone hacking sites were also after Android, Windows users


Those hackers Google’s researchers sussed out earlier this week apparently went after more than just iPhone users. Microsoft’s operating system along with Google’s own were also targeted, according to Forbes, in what some reports are calling a possibly state-backed effort to spy on the Uighur ethnic group in China.

Google’s Threat Analysis Group was the first to discover the scheme earlier this year (news of the campaign was first disclosed Thursday). It involved a small group of websites aiming to infect visitors’ devices to gain access to their private information, including live location data and encrypted information on apps like on WhatsApp, iMessage, and Telegram. These websites were up for two years, during which thousands of visitors purportedly accessed them each week.

In February, Google notified Apple of 14 vulnerabilities the site’s malware exploited, which the company fixed within days with iOS 12.1.4. Apple disclosed in that update that the flaws, referred to as “memory corruption” issues, were fixed with “improved input validation.” The company hasn’t publicly addressed Google’s account of the hack since the news broke earlier this week.

While the Google team only reported iPhone users being targeted by this attack, sources familiar with the matter told Forbes that devices using Google and Microsoft operating systems were also targeted by these same sites. Thus widening the potential scale of an already unprecedented attack.

Whether Google found or shared evidence of this is unclear, as is whether the attackers used the same method of attack as they did with iPhone users, which involved attempting to sneak malicious code onto users’ phones upon their visit to the infected websites. When asked about these reported developments, a Google spokesperson said the company had no new information to disclose. We also reached out to Microsoft and will update this article with their statements.
Read more »
iPhone Hacks
App App Store App vulnerability iPhone iPhone Contacts iPhone Hacks

iPhone contacts app vulnerable to hack attack, says security firm


Apple has never shied away from boasting about how secure its systems are, but researchers have found that contacts saved on iPhones are vulnerable to an SQLite hack attack which could infect the devices with malware.

SQLite - the most widespread database engine in the world - is available in every operating system (OS), desktop and mobile phone. Windows 10, macOS, iOS, Chrome, Safari, Firefox and Android are popular users of SQLite.

Security firm Check Point has demonstrated a technique being used to manipulate Apple's iOS Contacts app. Searching the Contacts app under these circumstances triggers the device to run malicious codes, Apple Insider reported on Saturday.

The vulnerability has been identified in the industry-standard SQLite database.

Documented in a 4,000-word report, the company's hack involved replacing one part of Apple's Contacts app and while apps and any executable code has to go through Apple's startup checks, an SQLite database is not executable.

"Persistence (keeping the code on the device after a restart) is hard to achieve on iOS as all executable files must be signed as part of Apple's Secure Boot. Luckily for us, SQLite databases are not signed," the report quoted the Check Point researchers as saying.

As of now, Apple has not commented on Check Point's report.
Read more »
iPhone Hacks
Apple iOS iPhone Hacks

A Slip-Up of Apple Leads to Most of Its Up-To-Date iPhones Vulnerable to Hacking Risk




Apple has apparently left its most up-to-date iPhones vulnerable against a rather hacking risk due to unpatching a bug in the most recent iOS 12.4 update that it had fixed in the earlier iOS 12.3 update. Furthermore, because of the slip-up, all iPhones running iOS 12.4 would now be very easily jailbroken and a few iPhone users have just tweeted that they are effectively running the "jailbreak".

Since jailbreaking an iPhone gives users a chance to modify their iOS devices and run unsupported apps,some security researchers have officially begun exploiting the vulnerability in iOS 12.4 and released a public "jailbreak" on an 'open-sourced software development platform' GitHub.

A security researcher going by the name of "Pwn20wnd" has published a jailbreakfor iOS 12.4, " The exploits for the iPhone can sell for millions of dollars, which means that no one has been willing to release jailbreak code publicly because Apple will quickly patch it," said the report.

Since had fixed this defect, found by a Google hacker, in the earlier iOS 12.3 version.

Ivan Krstic, Head of Security Engineering and Architecture at Apple had as of late declared to pay up to $1 million to security researchers for discovering the flaws and vulnerabilities as a feature of its bug bounty program, during the annual  Black Hat security conference in Las Vegas.

Nonetheless Security experts continue to warn users to be careful of what apps they download with this jailbreak.

Read more »
iPhone Hacks
Apple Charging Cables. Computer Hacking Hacker group Hackers iPhone iPhone Hacks

These legit looking iPhone cables allow hackers to take charge of your computer

When they said you should be wary of third-party accessories and unbranded cables for charging your smartphone, they were serious. And the latest example of what a cable that isn’t original can do, should be enough to scare you. There is apparently a Lightning Cable that looks just as harmless as an iPhone cable should. But it has a nasty trick up its sleeve, which allows a hacker to take control of your computer, the moment you plug this in to the USB port. This cable has been dubbed the OMGCable.

A security researcher with the Twitter handle @_MG_ took a typical USB to Lightning cable and added a Wi-Fi implant to it. The moment this gets plugged into the USB port on a PC, a hacker sitting nearby with access to the Wi-Fi module hidden inside the cable can run a malicious code and take charge of a PC or remotely access data without the user even noticing.

“This specific Lightning cable allows for cross-platform attack payloads, and the implant I have created is easily adapted to other USB cable types. Apple just happens to be the most difficult to implant, so it was a good proof of capabilities,” said MG, as reported by the TechCrunch website.

The thing with phone charging cables is that no one really gives them a second look. You see one, you plug it in and you let it be. At the same time, a lot of users are wary about using USB drives, also known as pen drives or thumb drives, because they are popular as carriers of malware and viruses that can pretty much ruin your PC.
Read more »
Subscribe to: Posts (Atom)