O'Grady's PowerPage » security

FBI not submitting San Bernadino iPhone hack for peer review

Posted by:
Date: Thursday, April 28th, 2016, 08:50
Category: Hack, iPhone, Legal, News, security

lockediphone5c

The FBI is keeping the San Bernadino iPhone hack technique to itself for the time being.

A recent report has stated that the FBI will not be submitting the exploit used to break into the iPhone 5c of San Bernardino shooter Syed Rizwan Farook to a review process that could clear it for sharing with outside parties.

The FBI, which used a third party to unlock the iPhone, apparently didn’t acquire the rights to the technical details used in the hack, according to Amy Hess, the FBI’s executive assistant director for science and technology. As a result, Hess said the agency doesn’t “have enough technical information about any vulnerability” that could be considered for release.

(more…)

Unlocked San Bernadino iPhone providing some leads in investigation

Posted by:
Date: Tuesday, April 19th, 2016, 11:46
Category: iPhone, Legal, security

lockediphone5c

In spite of all the controversy and kerfuffle surrounding the San Bernadino iPhone and the steps taken to unlock it, sources are indicating that the FBI is getting some useful information and leads from the device.

Investigators are now more confident that terrorist Syed Farook didn’t make contact with another plotter during an 18-minute gap that the FBI said was missing from their time line of the attackers’ whereabouts after the mass shooting, the officials said. The phone has helped investigators address lingering concern that the two may have help, perhaps from friends and family.

(more…)

Safari Technology Preview 2.0 released, available for download and testing

Posted by:
Date: Wednesday, April 13th, 2016, 16:53
Category: Developer, News, security, Software

safari-preview

If you’re interested in what’s on the horizon via Safari’s upcoming versions, you’re going to like this.

Apple released Safari Technology Preview version 2.0 today. The updated browser lets you play around with a slew of upcoming technologies and offers the following fixes and changes:

Browser Differences:
– Changed the CFBundleSignature to allow Apple Events, like those sent from AppleScript, to correctly distinguish between Safari and Safari Technology Preview.

(more…)

FBI may have contacted “grey hat” hacker group along with Cellebrite to unlock San Bernadino iPhone 5c

Posted by:
Date: Wednesday, April 13th, 2016, 08:56
Category: Hacks, iOS, iPhone, Legal, News, security, Software

lockediphone5c

The plot continues to thicken.

A group of unnamed sources cited by the Washington Post contradict the widely-held belief that it was Israel-based mobile forensics company Cellebrite which helped the FBI hack into the locked San Bernardino iPhone. The report say that the agency was instead approached by a group of freelance hackers who revealed an iPhone passcode vulnerability to the FBI in return for a one-time fee.

The researchers, who typically keep a low profile, specialize in hunting for vulnerabilities in software and then in some cases selling them to the U.S. government. They were paid a one-time flat fee for the solution.

(more…)

Cellebrite says it’s “optimistic” it can unlock iPhone 6 units

Posted by:
Date: Monday, April 11th, 2016, 09:51
Category: iOS, iPhone, Legal, News, security

lockediphone5c

Cellebrite, the company that is believed to have been hired by the FBI and successfully unlocked the San Bernadino shooter’s iPhone 5c, says that it is “optimistic” that it will also be able to access a locked iPhone 6.

Earlier this year, Italian architect Leonardo Fabbretti met with the company last week to see whether it could help gain access to his dead son’s iPhone. Before his death from bone cancer, 13-year-old Dama Fabbretti had added his father’s thumbprint to allow him access – but the phone required the passcode after a restart, and his father didn’t know the code.

Apple had told him it was impossible to access the iPhone without the passcode, but Fabretti stated that Cellebrite has already made progress.

(more…)

Adobe updates Flash Player to version 21.0.0.213, works to patch new vulnerability (updated)

Posted by:
Date: Friday, April 8th, 2016, 07:36
Category: News, security, Software

flashplayericon

As useful as Adobe’s Flash Player tends to be, this is sort of a mess.

Less than a month after a critical Flash vulnerability allowed an attacker to take control of a Mac, Adobe has issued an emergency update for yet another critical flaw, bringing the current version to 21.0.0.213. The latest one is already being exploited by ransomware that encrypts Windows PCs, but while there’s no known exploit for OS X as yet, Adobe says that the same vulnerability exists on all platforms, and users should update immediately.

(more…)

FBI director Comey says purchased hack tool will only unlock iPhone 5c units running iOS 9

Posted by:
Date: Thursday, April 7th, 2016, 08:07
Category: iPhone, Legal, News, privacy, security, Software

lockediphone5c

The tool the FBI bought to crack the San Bernadino shooter’s iPhone 5c can only be used on an iPhone 5c running iOS 9.

According to FBI director James Comey, the tool will not work on the iPhone 5s or 6 series, a statement Comey offered during a speech late Wednesday at Kenyon College.

The government is considering whether it should disclose to Apple the flaw that aided the hack: “We just haven’t decided yet,” he said at the Ohio college’s Center for the Study of American Democracy.

(more…)

FBI unsure if unlocked San Bernadino iPhone data may be useful

Posted by:
Date: Thursday, April 7th, 2016, 07:14
Category: iPhone, News, security

lockediphone5c

The good news is that the FBI was able to unlock the San Bernadino shooter’s iPhone 5c.

The bad news is that it might not be a treasure trove of information.

According to a recent report, despite having had access to all the data on the phone for more than a week, the FBI has apparently not yet found anything of value.

FBI general counsel James Baker told an International Association of Privacy Professionals conference that it was “too early” to say whether anything useful would be found, and that it may or may not choose to reveal the answer once it is certain.

“We’re now doing an analysis of that data, as we would in any other type of criminal terrorism investigation,’’ Mr. Baker said, adding: “That means we would follow logical leads.” But because the agency has only had access to the data for a short period of time, he said “it’s simply too early’’ to say whether anything found on the phone has been valuable to investigators […]

(more…)

Apple releases server-side patch to Siri bug allowing access to photos, contacts under iOS 9.3.1

Posted by:
Date: Wednesday, April 6th, 2016, 08:42
Category: iOS, News, security, Software

ios9logo2

A Siri-based vulnerability that allowed access to a user’s photos and contacts under the right conditions under iOS 9.3.1 has been patched server-side by Apple.

Shared recently by Jose Rodriguez, the vulnerability used Siri’s ability to access Twitter to find an email link or phone number, which could be pressed to open up an editable list of contacts even on a device that was locked. Through access to contacts, a user’s full photo library was also visible.

The vulnerability relied on Siri to perform a Twitter search and could give direct access to photos and contacts/ The method appears to have been disabled on all devices as of today.

(more…)

Security hole in iOS 9.3.1 could offer access passcode-free access to photos, contacts under certain conditions

Posted by:
Date: Tuesday, April 5th, 2016, 08:35
Category: iOS, News, security

ios9logo2

If you’re running iOS 9.3.1 and gave Siri access to your Twitter information as well as yourContacts or Photos, this is something worth looking into.

A video surfaced online yesterday purporting to show a vulnerability in iOS 9.3.1 that allows anyone to access photos and contacts on a locked iPhone without having to enter a passcode.

The YouTube video, uploaded by Jose Rodriguez, depicts a user performing a Siri search followed by a series of relatively simple steps, one of which involves 3D Touch, limiting the exploit to iPhone 6s and 6s Plus devices.

(more…)