Apple releases server-side patch to Siri bug allowing access to photos, contacts under iOS 9.3.1

Posted by:
Date: Wednesday, April 6th, 2016, 08:42
Category: iOS, News, security, Software

ios9logo2

A Siri-based vulnerability that allowed access to a user’s photos and contacts under the right conditions under iOS 9.3.1 has been patched server-side by Apple.

Shared recently by Jose Rodriguez, the vulnerability used Siri’s ability to access Twitter to find an email link or phone number, which could be pressed to open up an editable list of contacts even on a device that was locked. Through access to contacts, a user’s full photo library was also visible.

The vulnerability relied on Siri to perform a Twitter search and could give direct access to photos and contacts/ The method appears to have been disabled on all devices as of today.

(more…)

Security hole in iOS 9.3.1 could offer access passcode-free access to photos, contacts under certain conditions

Posted by:
Date: Tuesday, April 5th, 2016, 08:35
Category: iOS, News, security

ios9logo2

If you’re running iOS 9.3.1 and gave Siri access to your Twitter information as well as yourContacts or Photos, this is something worth looking into.

A video surfaced online yesterday purporting to show a vulnerability in iOS 9.3.1 that allows anyone to access photos and contacts on a locked iPhone without having to enter a passcode.

The YouTube video, uploaded by Jose Rodriguez, depicts a user performing a Siri search followed by a series of relatively simple steps, one of which involves 3D Touch, limiting the exploit to iPhone 6s and 6s Plus devices.

(more…)

Rumor: FBI reaches out to Israeli mobile forensics company Cellebrite to help unlock San Bernadino iPhone 5c

Posted by:
Date: Wednesday, March 23rd, 2016, 07:31
Category: iPhone, Rumor, security

lockediphone5c

When in doubt, go to the Israelis for help.

The so-far unnamed third party that’s helping the FBI try to unlock the iPhone 5c linked to the San Bernadino shootings is Cellebrite, a mobile forensics company based in Israel.

The FBI has reportedly contacted Cellebrite to help break the encryption on the infamous iPhone according to sources close to the story. Cellebrite has not responded to the report. But if it is indeed the “third party” in question, and it is able to break into the terrorist’s iPhone, it would bring the high-stakes legal showdown between the government and Apple to an abrupt end. Cellebrite, considered one of the leading companies in the world in the field of digital forensics, has been working with the world’s biggest intelligence, defense and law enforcement authorities for many years. The company provides the FBI with decryption technology as part of a contract signed with the bureau in 2013.

(more…)

Some Apple employees might refuse to help FBI unlock iPhone 5c if ordered to do so

Posted by:
Date: Friday, March 18th, 2016, 08:15
Category: iOS, iPhone, Legal, News, security

lockediphone5c

As the iPhone unlocking controversy roars on, a number of Apple engineers have said they may decide not to cooperate with law enforcement.

Apple employees who might be called on to help the FBI are already considering their actions should Apple lose the case. This is according to interviews conducted by the New York Times with half a dozen people involved in the development of mobile products and security at Apple.

Per the interviews, some said they they may balk at the work, while others may even quit their premium jobs rather than undermine the security of the software they have already created, according to more than a half-dozen current and former Apple employees.

(more…)

Justice Department mentions that it could compel Apple for iOS source code to create back door to unlock San Bernadino iPhone 5c

Posted by:
Date: Tuesday, March 15th, 2016, 08:00
Category: iPhone, Legal, News, security

justicedepartmentlogo

The Justice Department is now stating that it could potentially demand Apple hand over iOS source code and a signing key in the San Bernadino iPhone case.

A recent court filing states that the Justice Department made the proposal as a footnote in a recent rebuttal of Apple’s arguments in the case. In the brief, government laywers said they have so far pursued their current strategy — asking Apple to build a passcode limit break for the FBI — because they thought handing over code would be “less palatable” to the company.

(more…)

Hardware hack for San Bernadino iPhone 5c possible but risky

Posted by:
Date: Thursday, March 10th, 2016, 07:49
Category: Hardware, iPhone, News, security

lockediphone5c

The data onboard the iPhone 5c at the heart of the decryption/unlocking scandal could be accessible via a hardware technique.

This hardware technique, apparently, isn’t for the faint of heart.

In recent days, the American Civil Liberties Union’s technology fellow and former NSA contractor Edward Snowden have suggested a method that would let investigators repeatedly guess the iPhone’s password.

Federal investigators fear San Bernardino shooter Syed Rizwan Farook may have configured his work phone to use an Apple security feature that erases a key for decrypting data after 10 incorrect guesses of the phone’s password.

The forensic technique to get at the data, known as “chip off,” involves removing a NAND flash memory chip and copying its data. If successful, this would yield a decryption key that can be restored if it is erased after incorrect guesses.

(more…)

Husband of San Bernadino shooting survivor takes Apple’s side in iPhone encryption controversy

Posted by:
Date: Tuesday, March 1st, 2016, 12:36
Category: iPhone, Legal, News, security, Software

lockediphone5c

While a recent poll has suggested that the majority of Americans support the FBI and would have Apple decrypt the San Bernadino shooter’s iPhone 5c, Apple apparently has the backing of the husband of one of the survivors of the terrorist attack, which left 14 people dead and 22 others seriously injured, after he changed his mind over the case.

Salihin Kondoker, whose wife Anies Kondoker was shot three times in the attack but avoided the main hall after taking a trip to the bathroom, filed a friend of the court brief siding with Apple in its dispute with the FBI. Writing in a letter to Judge Sheri Pym, Kondoker, Kondoker explains how his opinion on the case turned when he delved deeper into the longer term implications of the FBI’s order.

(more…)

Malware, leaked emails, code samples point to HackingTeam’s return on the Mac

Posted by:
Date: Tuesday, March 1st, 2016, 07:27
Category: Developer, News, security, Software

trojanhorse

HackingTeam has apparently returned.

A group of researchers has uncovered what appears to be malware from the HackingTeam group. The group had surfaced last July, creating malware-as-a-service software.

Recently, a sample of the group’s work, posted to the Internet, revealed 400 gigabytes worth of the group’s private e-mail and source code.

The sample was uploaded on February 4 to the Google-owned VirusTotal scanning service, which at the time showed it wasn’t detected by any of the major antivirus programs. A technical analysis published Monday morning by SentinelOne security researcher Pedro Vilaça showed that the installer was last updated in October or November, and an embedded encryption key is dated October 16, three months after the HackingTeam compromise.

(more…)

Justice Department looking to have Apple help extract data from 12 additional iPhones

Posted by:
Date: Tuesday, February 23rd, 2016, 07:12
Category: iPhone, Legal, News, security

lockediphone5c

The plot thickens.

In the midst of the controversy between Apple and the Department of Justice regarding the unlocking of the San Bernadino shooter’s iPhone, the U.S. Department of Justice is pursuing additional court orders that would force Apple to help federal investigators extract data from twelve other encrypted iPhones that may contain crime-related evidence.

The revelation comes nearly one week after a U.S. federal judge ordered Apple to assist the FBI with unlocking an iPhone belonging to suspected San Bernardino terrorist Syed Rizwan Farook. Apple strongly opposed the court order last week in an open letter to customers.

(more…)

Apple releases updated iOS 9.2.1 variant to make amends for handsets affected by Error 53

Posted by:
Date: Thursday, February 18th, 2016, 13:00
Category: Hardware, iOS, iPhone, News, security

error53

A bit of an apology from Apple following the “Error 53” controversy.

Apple on Thursday released an updated version of iOS 9.2.1, bypassing what the company has admitted to be a factory test of the Home button during start up.

Apple released an updated version of iOS 9.2.1 to restore newer iPhones that were disabled by Error 53. This iOS update will prevent future iPhones from experiencing Error 53 if they have their Home buttons repaired by a third-party repair shop. This update can only be installed by connecting the iPhone to iTunes on a Mac or PC, not over the air.

(more…)