Someone just posted what experts say is the source code for a core component of the iPhone’s operating system on GitHub, which could pave the way for hackers and security researchers to find vulnerabilities in iOS and make iPhone jailbreaks easier to achieve.
The GitHub code is labeled “iBoot,” which is the part of iOS that is responsible for ensuring a trusted boot of the operating system. In other words, it’s the program that loads iOS, the very first process that runs when you turn on your iPhone. It loads and verifies the kernel is properly signed by Apple and then executes it—it’s like the iPhone’s BIOS.Read more
A French prosecutor has launched a preliminary investigation of U.S. tech giant Apple over alleged deception and planned obsolescence of its products following a complaint by a consumer organization, a judicial source said on Monday.
The investigation, opened on Friday, will be led by French consumer fraud watchdog DGCCRF, part of the Economy Ministry, the source said. Apple acknowledged last month that it takes some measures to reduce power demands - which can have the effect of slowing the processor - in some older iPhone models when a phone’s battery is having trouble supplying the peak current that the processor demands.Read more
Whenever you give iPhone apps permission to access your camera, the app can surreptitiously take pictures and videos of you as long as the app is in the foreground, a security researcher warned on Wednesday.
Felix Krause, who recently warned of the danger of malicious iPhone password popups, wrote a blog post as a sort of PSA for iPhone users. To be clear, this is not a bug, but likely intended behavior. What this means is that even if you don't see the camera "open" in the form of an on-screen viewfinder, an app can still take photos and videos. It is unknown how many apps currently do this, but Krause created a test app as a proof-of-concept.Read more
A Google security researcher has published proof-of-concept code for a vulnerability that can be exploited remotely via a WiFi connection to take over iPhone 7 handsets.
"The exploit gains code execution on the Wi-Fi firmware on the iPhone 7," says Gal Beniamini, a member of the Google Project Zero security team. "Upon successful execution of the exploit, a backdoor is inserted into the firmware, allowing remote read/write commands to be issued to the firmware via crafted action frames, thus allowing easy remote control over the Wi-Fi chip," Beniamini says.Read more
The new top-of-the-range iPhone does away with the home button and its built-in fingerprint reader in favor of a new biometric — called Face ID — which uses a 3D scan of the user’s face for authenticating and unlocking their device. It also replaces Touch ID for Apple Pay too.
Apple suggests this is an advancement over a fingerprint reader because it’s an easier and more natural action for the user to perform — you just look at the phone and it unlocks; no need to worry if you have wet fingers and so on. However offering to gate the smorgasbord of personal content that lives on a smartphone behind a face biometric inevitably raises lots of security questions.Read more
Apple is well-known for its maniacal approach to security, but it turns out not even the Cupertino heavyweight is safe from breaches: Popular YouTuber EverythingApplePro has stumbled upon a miniature hacking device that can crack the passcode of any iPhone 7 handset.
The device has a fairly compact size, but what is even more impressive is that, thanks to its three USB ports, it has the capacity to brute-force passcodes on three devices at the same time. To pull this off, EverythingApplePro says the creators of the tool exploited a loophole in the phone’s data recovery state that allows users to enter as many password attempts as they need.Read more
Donald Trump seems to have finally traded in his old and unsecured Android phone — for a new iPhone.
White House director of social media Dan Scavino Jr. tweeted tonight that Trump had switched to the Apple device, saying that he had been using it for "the past couple of weeks," and confirming that Twitter messages marked as coming from an iPhone were indeed from the president himself. Twitter users noticed that some of Trump's tweets appeared to be sent from an iPhone over the last few weeks, but it wasn't clear whether they were written by his own hand, or by staff members on secondary devices.Read more
Mobile devices have without a doubt brought convenience to the masses, but that benefit comes at a high price for journalists, activists, and human rights workers who work in war-torn regions or other high-risk environments.
Now, NSA whistleblower Edward Snowden has designed an iPhone accessory that could one day be used to prevent the devices from leaking their whereabouts. Working with renowned hardware hacker Andrew “Bunnie” Huang, Snowden has devised the design for what the team is calling the "Introspection Engine." For now, it's aimed only at iPhone 6 models, but eventually the pair hopes to create specifications for a large line of devices.Read more
Do you own an iPhone? Mac? Or any Apple device? Just one specially crafted message can expose your personal information, including your authentication credentials stored in your device's memory, to a hacker.
The vulnerability is quite similar to the Stagefright vulnerabilities, discovered a year ago in Android, that allowed hackers to silently spy on almost a Billion phones with just one specially-crafted text message. Cisco Talos senior researcher Tyler Bohan, who discovered this critical Stagefright-type bug in iOS, described the flaw as "an extremely critical bug, comparable to the Android Stagefright as far as exposure goes."Read more
Apple iPhone users are notorious for their slight indulgence towards those who prefer alternative platforms. Android is constantly under attack by malware and Trojans, they say, while iOS is immune to threats. Is it really that secure as Apple fans see it?
The answer is: no, it isn’t. In this article we will discuss several types of attacks which are as bad for the iPhones as they are for other devices. Phishing attacks target ‘what’s between a chair and a keyboard,’ meaning the users themselves. Phishers typically prey on human carelessness or a lack of overall awareness of security issues. It might seem as if the attributes of a phishing attack are known to everyone.Read more