Have you used a friend's laptop to charge your iPhone and gotten a prompt that says, "Trust This Computer?" Say yes, and the computer will be able to access your phone settings and data while they're connected.
And while it doesn't feel like your answer really matters—your phone will charge either way—researchers from Symantec warn that this seemingly minor decision has much higher stakes than you'd think. In fact, the Symantec team has found that hacks exploiting that misplaced "Trust" comprise a whole class of iOS attacks they call "trustjacking." Once a user authorizes a device, they open themselves to serious and persistent attacks.Read more
In what appears to be a major breakthrough for law enforcement, and a possible privacy problem for Apple customers, a major U.S. government contractor claims to have found a way to unlock pretty much every iPhone on the market.
Cellebrite, a Petah Tikva, Israel-based vendor that's become the U.S. government's company of choice when it comes to unlocking mobile devices, is this month telling customers its engineers currently have the ability to get around the security of devices running iOS 11. That includes the iPhone X.Read more
Someone just posted what experts say is the source code for a core component of the iPhone’s operating system on GitHub, which could pave the way for hackers and security researchers to find vulnerabilities in iOS and make iPhone jailbreaks easier to achieve.
The GitHub code is labeled “iBoot,” which is the part of iOS that is responsible for ensuring a trusted boot of the operating system. In other words, it’s the program that loads iOS, the very first process that runs when you turn on your iPhone. It loads and verifies the kernel is properly signed by Apple and then executes it—it’s like the iPhone’s BIOS.Read more
A French prosecutor has launched a preliminary investigation of U.S. tech giant Apple over alleged deception and planned obsolescence of its products following a complaint by a consumer organization, a judicial source said on Monday.
The investigation, opened on Friday, will be led by French consumer fraud watchdog DGCCRF, part of the Economy Ministry, the source said. Apple acknowledged last month that it takes some measures to reduce power demands - which can have the effect of slowing the processor - in some older iPhone models when a phone’s battery is having trouble supplying the peak current that the processor demands.Read more
Whenever you give iPhone apps permission to access your camera, the app can surreptitiously take pictures and videos of you as long as the app is in the foreground, a security researcher warned on Wednesday.
Felix Krause, who recently warned of the danger of malicious iPhone password popups, wrote a blog post as a sort of PSA for iPhone users. To be clear, this is not a bug, but likely intended behavior. What this means is that even if you don't see the camera "open" in the form of an on-screen viewfinder, an app can still take photos and videos. It is unknown how many apps currently do this, but Krause created a test app as a proof-of-concept.Read more
A Google security researcher has published proof-of-concept code for a vulnerability that can be exploited remotely via a WiFi connection to take over iPhone 7 handsets.
"The exploit gains code execution on the Wi-Fi firmware on the iPhone 7," says Gal Beniamini, a member of the Google Project Zero security team. "Upon successful execution of the exploit, a backdoor is inserted into the firmware, allowing remote read/write commands to be issued to the firmware via crafted action frames, thus allowing easy remote control over the Wi-Fi chip," Beniamini says.Read more
Apple is well-known for its maniacal approach to security, but it turns out not even the Cupertino heavyweight is safe from breaches: Popular YouTuber EverythingApplePro has stumbled upon a miniature hacking device that can crack the passcode of any iPhone 7 handset.
The device has a fairly compact size, but what is even more impressive is that, thanks to its three USB ports, it has the capacity to brute-force passcodes on three devices at the same time. To pull this off, EverythingApplePro says the creators of the tool exploited a loophole in the phone’s data recovery state that allows users to enter as many password attempts as they need.Read more
Donald Trump seems to have finally traded in his old and unsecured Android phone — for a new iPhone.
White House director of social media Dan Scavino Jr. tweeted tonight that Trump had switched to the Apple device, saying that he had been using it for "the past couple of weeks," and confirming that Twitter messages marked as coming from an iPhone were indeed from the president himself. Twitter users noticed that some of Trump's tweets appeared to be sent from an iPhone over the last few weeks, but it wasn't clear whether they were written by his own hand, or by staff members on secondary devices.Read more
Mobile devices have without a doubt brought convenience to the masses, but that benefit comes at a high price for journalists, activists, and human rights workers who work in war-torn regions or other high-risk environments.
Now, NSA whistleblower Edward Snowden has designed an iPhone accessory that could one day be used to prevent the devices from leaking their whereabouts. Working with renowned hardware hacker Andrew “Bunnie” Huang, Snowden has devised the design for what the team is calling the "Introspection Engine." For now, it's aimed only at iPhone 6 models, but eventually the pair hopes to create specifications for a large line of devices.Read more
Do you own an iPhone? Mac? Or any Apple device? Just one specially crafted message can expose your personal information, including your authentication credentials stored in your device's memory, to a hacker.
The vulnerability is quite similar to the Stagefright vulnerabilities, discovered a year ago in Android, that allowed hackers to silently spy on almost a Billion phones with just one specially-crafted text message. Cisco Talos senior researcher Tyler Bohan, who discovered this critical Stagefright-type bug in iOS, described the flaw as "an extremely critical bug, comparable to the Android Stagefright as far as exposure goes."Read more