Apr 12 2023

NEW SPYWARE QUADREAM IS A REPLACEMENT OF PEGASUS SOFTWARE USED TO HACK IPHONES REMOTELY

Category: Hacking,Smart Phone,SpywareDISC @ 8:58 am

Security researchers have uncovered fresh malware with hacking capabilities comparable to those of Pegasus, which was developed by NSO Group. The software, which is sold by an Israeli firm named QuaDream, has previously been used by customers to target journalists, political opposition leaders, and an employee of an NGO. The company that makes and sells the spyware is called QuaDream.

The malware was spread to the victims’ phones when the operators of the spyware, who are thought to be government customers, sent them an invitation to an iCloud calendar. The cyberattacks took place between the years 2019 and 2021, and the term “Reign” is given to the hacking program that was used.

A phone that has been infected with Reign can, similar to a phone that has been infected with Pegasus, record conversations that are taking place near the phone, read messages that are stored on encrypted apps, listen to phone conversations, track the location of a user, and generate two-factor authentication codes on an iPhone in order to break into a user’s iCloud account.

Apple, which has been marketing its security measures as being among the finest in the world, has taken yet another hit as a result of the recent disclosures. It would seem that Reign poses an unprecedented and significant danger to the security of the company’s mobile phones.


The spyware that was built by QuaDream attacks iPhones by having the operators of the malware, who are believed to be government customers, issue an invitation to an iCloud calendar to the mobile users of the iPhones. Since the calendar invites were issued for events that had been recorded in the past, the targets of the hacking were not made aware of them because they were sent for activities that had already occurred.

Since users of the mobile phone are not required to click on any malicious link or do any action in order to get infected, these kind of attacks are referred to as “zero-click” attacks.

When a device is infected with spyware, it is able to record conversations that are taking place nearby by taking control of the recorder on the device, reading messages sent via encrypted applications, listening in on phone calls, and monitoring the position of the user.

The malware may also produce two-factor authentication tokens on an iPhone in order to enter a user’s iCloud account. This enables the spyware operator to exfiltrate data straight from the user’s iCloud, which is a significant advantage. In contrast to NSO Group, QuaDream maintains a modest profile among the general population. The firm does not have a website and does not provide any additional contact information on its page. The email address of Israeli attorney Vibeke Dank was included on the QuaDream business registration form; however, she did not respond to a letter asking for her opinion.

Citizen Lab did not name the individuals who were discovered to have been targeted by clients while they were using Reign. However, the organization did say that more than five victims were located in North America, Central Asia, south-east Asia, Europe, and the Middle East. These victims were described as journalists, political opposition figures, and an employee of an NGO. In addition, Citizen Lab said that it was able to identify operator sites for the malware in the countries of Bulgaria, the Czech Republic, Hungary, Ghana, Israel, Mexico, Romania, Singapore, the United Arab Emirates, and Uzbekistan.

In a security report that was published in December 2022 by Meta, the corporation that owns Facebook, the name of the firm was mentioned briefly. The report defined QuaDream as being an Israeli-based startup that was created by former NSO personnel.

At the time, Meta stated that it had removed 250 accounts on Facebook and Instagram that were linked to QuaDream. The company believed that the accounts were being used to test the capabilities of the spyware maker using fake accounts. These capabilities included exfiltrating data such as text messages, images, video files, and audio files.

The discovery of Reign underscores the continuous spread of very powerful hacking tools, even as NSO Group, the developer of one of the world’s most sophisticated cyberweapons, has received intensive investigation and been banned by the Biden administration, likely limiting its access to new clients. NSO Group is the maker of one of the most advanced cyberweapons in the world.

Global Spyware Scandal: Exposing Pegasus, Season 1



InfoSec Threats
 | InfoSec books | InfoSec tools | InfoSec services

Tags: Pegasus spyware, Quadream


Mar 28 2023

HACKING PHONES REMOTELY WITHOUT TOUCHING VIA NEW INAUDIBLE ULTRASOUND ATTACK

Category: Cyber Attack,Smart PhoneDISC @ 8:25 am

The Near-Ultrasound Invisible Trojan, or NUIT, was developed by a team of researchers from the University of Texas at San Antonio and the University of Colorado Colorado Springs as a technique to secretly convey harmful orders to voice assistants on smartphones and smart speakers.

If you watch videos on YouTube on your smart TV, then that television must have a speaker, right? According to Guinevere Chen, associate professor and co-author of the NUIT article, “the sound of NUIT harmful orders will [be] inaudible, and it may attack your mobile phone as well as connect with your Google Assistant or Alexa devices.” “That may also happen in Zooms during meetings. During the meeting, if someone were to unmute themselves, they would be able to implant the attack signal that would allow them to hack your phone, which was placed next to your computer.

The attack works by playing sounds close to but not exactly at ultrasonic frequencies, so they may still be replayed by off-the-shelf hardware, using a speaker, either the one already built into the target device or anything nearby. If the first malicious instruction is to mute the device’s answers, then subsequent actions, such as opening a door or disabling an alarm system, may be initiated without warning if the first command was to silence the device in the first place.

“This is not only a problem with software or malicious software. It is an attack against hardware that makes use of the internet. According to Chen, the non-linearity of the microphone design is the flaw that has to be fixed by the manufacturer in order to eliminate the vulnerability. “Among the 17 smart gadgets we evaluated, [only] Apple Siri devices need the user’s voice to be hijacked, while other voice assistant devices may be triggered by using any voice or a robot voice,” the study’s authors write.

Using headphones is Chen’s recommendation for anybody worried about the NUIT attack, despite the fact that a genuine defense against NUIT would involve the usage of customized hardware. She indicates that the risk of being attacked by NUIT is reduced if you do not utilize the speaker to emit sound. “When using earphones, there is a limit to the amount of sound that can be sent to the microphone since the volume of the sound coming from the earphones is too low. In the event that the microphone is unable to pick up the subversive inaudible order, the underlying voice assistant won’t be able to be maliciously triggered by NUIT.


InfoSec Threats
 | InfoSec books | InfoSec tools | InfoSec services

Tags: HACKING PHONES REMOTELY, ULTRASOUND ATTACK


Dec 30 2022

EarSpy – A New Attack on Android Devices Use Motion Sensors to Steal Sensitive Data

Category: Cyber Attack,Smart PhoneDISC @ 10:17 am

There has been a new eavesdropping attack developed by a team of security experts for Android devices which has been dubbed “EarSpy.” With the help of this attack, attackers can detect the following things:-

  • Caller’s gender
  • Caller’s identity to various degrees
  • Speech content

As part of its exploratory purpose, EarSpy aims to capture motion sensor data readings generated by the reverberations from the ear speaker in mobile devices in order to create new methods of eavesdropping.

Universities Involved in this Project

Cybersecurity researchers from five American universities have undertaken this academic project called EarSpy. These are all the names of the universities that are affiliated with this project:-

  • Texas A&M University 
  • New Jersey Institute of Technology
  • Temple University
  • University of Dayton
  • Rutgers University

Evolution of Smartphone Tech

Smartphone loudspeakers have been explored as a potential target for such attacks. As a result of this, the ear speakers are incapable of generating enough vibration to allow eavesdropping to be executed properly for the side-channel attack.

While the audio quality and vibrations of modern smartphones have improved greatly as a result of more powerful stereo speakers.

Even the tiniest resonance from a speaker can be measured by a modern device because it has more sensitive motion sensors and gyroscopes.

It is remarkable how little data is recorded on the spectrogram from the earphones of a 2016 OnePlus 3T, while a stereo ear speaker on the 2019 OnePlus 7T produces a significant amount of information.

As part of their experiments, the researchers used a OnePlus 7T device as well as a OnePlus 9 device. Both of these devices were used by the researchers to play pre-recorded audio through their ear speakers only using a variety of pre-recorded audio sets.

Although the results of the tests varied according to the dataset and device, they indicated that eavesdropping via ear speakers can be accomplished successfully.

To Check more on Detection Performance & Recommendation:

Based on the features in the time/frequency domain of the ML algorithm, the detection performance for the OnePlus 7T device has been tested, and here below we have mentioned the output chart:- 

EarSpy Android


Infosec books | InfoSec tools | InfoSec services


Tags: Android, Steal Sensitive Data


Sep 26 2022

Hacking a powered-off iPhone: vulnerabilities never sleep

Can a device be hacked when switched off? Recent studies suggest so. Let’s see how this is even possible.

Researchers from the Secure Mobile Networking Lab at the University of Darmstadt, Germany, have published a paper describing a theoretical method for hacking an iPhone — even if the device is off. The study examined the operation of the wireless modules, found ways to analyze the Bluetooth firmware and, consequently, to introduce malware capable of running completely independently of iOS, the device’s operating system.

With a little imagination, it’s not hard to conceive of a scenario in which an attacker holds an infected phone close to the victim’s device and transfers malware, which then steals payment card information or even a virtual car key.

The reason it requires any imagination at all is because the authors of the paper didn’t actually demonstrate this, stopping one step short of a practical attack implementation in which something really useful nasty is loaded into the smartphone. All the same, even without this, the researchers did a lot to analyze the undocumented functionality of the phone, reverse-engineer its Bluetooth firmware, and model various scenarios for using wireless modules.

So, if the attack didn’t play out, what’s this post about? We’ll explain, don’t worry, but first an important statement: if a device is powered off, but interaction with it (hacking, for example) is somehow still possible, then guess what â€” it’s not completely off!

How did we get to the point where switching something off doesn’t necessarily mean it’s actually off? Let’s start from the beginning…

Apple’s Low Power Mode

In 2021, Apple announced that the Find My service, which is used for locating a lost device, will now work even if the device is switched off. This improvement is available in all Apple smartphones since the iPhone 11.

If, for example, you lose your phone somewhere and its battery runs out after a while, it doesn’t turn off completely, but switches to Low Power Mode, in which only a very limited set of modules are kept alive. These are primarily the Bluetooth and Ultra WideBand (UWB) wireless modules, as well as NFC. There’s also the so-called Secure Element â€” a secure chip that stores your most precious secrets like credit card details for contactless payments or car keys — the latest feature available since 2020 for a limited number of vehicles.

Bluetooth in Low Power Mode is used for data transfer, while UWB — for determining the smartphone’s location. In Low Power Mode, the smartphone sends out information about itself, which the iPhones of passers-by can pick up. If the owner of a lost phone logs in to their Apple account online and marks the phone as lost, information from surrounding smartphones is then used to determine the whereabouts of the device. For details of how this works, see our recent post about AirTag stalking.

The announcement quickly prompted a heated discussion among information security experts about the maze of potential security risks. The research team from Germany decided to test out possible attack scenarios in practice.

When powering off the phone, the user now sees the “iPhone Remains Findable After Power Off” message. Source

Find My after power off

First of all, the researchers carried out a detailed analysis of the Find My service in Low Power Mode, and discovered some previously unknown traits. After power off, most of the work is handled by the Bluetooth module, which is reloaded and configured by a set of iOS commands. It then periodically sends data packets over the air, allowing other devices to detect the not-really-off iPhone.

It turned out that the duration of this mode is limited: in version iOS 15.3 only 96 broadcast sessions are set with an interval of 15 minutes. That is, a lost and powered-off iPhone will be findable for just 24 hours. If the phone powered off due to a low battery, the window is even shorter â€” about five hours. This can be considered a quirk of the feature, but a real bug was also found: sometimes when the phone is off, the “beacon” mode is not activated at all, although it should be.

Of most interest here is that the Bluetooth module is reprogrammed before power off; that is, its functionality is fundamentally altered. But what if it can be reprogrammed to the detriment of the owner?

Attack on a powered-off phone

In fact, the team’s main discovery was that the firmware of the Bluetooth module is not encrypted and not protected by Secure Boot technology. Secure Boot involves multistage verification of the program code at start-up, so that only firmware authorized by the device manufacturer can be run.

The lack of encryption permits analysis of the firmware and a search for vulnerabilities, which can later be used in attacks. But the absence of Secure Boot allows an attacker to go further and completely replace the manufacturer’s code with their own, which the Bluetooth module then executes. For comparison, analysis of the iPhone’s UWB module firmware revealed that it’s protected by Secure Boot, although the firmware isn’t encrypted either.

Of course, that’s not enough for a serious, practical attack. For that, an attacker needs to analyze the firmware, try to replace it with something of their own making, and look for ways to break in. The authors of the paper describe in detail the theoretical model of the attack, but don’t show practically that the iPhone is hackable through Bluetooth, NFC or UWB. What’s clear from their findings is that if these modules are always on, the vulnerabilities likewise will always work.

Apple was unimpressed by the study, and declined to respond. This in itself, however, says little: the company is careful to keep a poker face even in cases when a threat is serious and demonstrated to be so in practice.

Bear in mind that Apple goes to great lengths to keep its secrets under wraps: researchers have to deal with closed software code, often encrypted, on Apple’s own hardware, with made-to-order third-party modules. A smartphone is a large, complex system that’s hard to figure out, especially if the manufacturer hinders rather than helps.

No one would describe the team’s findings as breathtaking, but they are the result of lots of painstaking work. The paper has merit for questioning the security policy of powering off the phone, but keeping some modules alive. The doubts were shown to be justified.

A half powered-off device

The paper concludes that the Bluetooth firmware is not sufficiently protected. It’s theoretically possible either to modify it in iOS or to reprogram the same Low Power Mode by expanding or changing its functionality. The UWB firmware can also be examined for vulnerabilities. The main problem, however, is that these wireless modules (as well as NFC) communicate directly with the protected enclave that is Secure Element. Which brings us to some of the paper’s most exciting conclusions:

Theoretically, it’s possible to steal a virtual car key from an iPhone — even if the device is powered off! Clearly, if the iPhone is the car key, losing the device could mean losing the car. However, in this case the actual phone remains in your possession while the key is stolen. Imagine it like this: an intruder approaches you at the mall, brushes their phone against your bag, and steals your virtual key.

It is theoretically possible to modify the data sent by the Bluetooth module, for example, in order to use a smartphone to spy on a victim — again, even if the phone is powered off.

Having payment card information stolen from your phone is another theoretical possibility.

But all this of course still remains to be proven. The work of the team from Germany shows once more that adding new functionality carries certain security risks that must be taken into account. Especially when the reality is so different from the perception: you think your phone is fully off, when in fact it isn’t.

This is not a completely new problem, mind. The Intel Management Engine and AMD Secure Technology, which also handle system protection and secure remote management, are active whenever the motherboard of a laptop or desktop computer is connected to a power source. As in the case of the Bluetooth/UWB/NFC/Secure Element bundle in iPhones, these systems have extensive rights inside the computer, and vulnerabilities in them can be very dangerous.

On the bright side, the paper has no immediate impact on ordinary users: the data obtained in the study is insufficient for a practical attack. As a surefire solution, the authors suggest that Apple should implement a hardware switch that kills the power to the phone completely. But given Apple’s physical-button phobia, you can be sure that won’t happen.

Source: https://tvfil78.com
Nguồn bĂ i viáşżt: https://ift.tt/2buBjo9

Tags: powered-off iPhone


Jul 13 2022

The weaponizing of smartphone location data on the battlefield

Category: Smart PhoneDISC @ 8:40 am

How smartphone location data is obtained

For a country at war, monitoring the cellular networks in the conflict zone provides the most comprehensive view of mobile device activity. But before the conflict even begins, the nation can identify phones of interest, including the devices belonging to soldiers.

Because mobile app location data is often sold to commercial data brokers and then repackaged and sold to individual customers, a country can access such a database and then pick out the phones likely belonging to soldiers. Such devices will ping regularly in the locations of known bases or other military facilities. It’s even possible to identify the owner of a device by tracking the phone to its home address and then referencing publicly available information.

A country can also use information obtained from one or more data breaches to inform their devices of interest. The T-Mobile breach in 2021 demonstrated how much customer data is in the hands of a mobile operator, including a phone’s unique identifier (IMEI) and its SIM card’s identifier (IMSI).

Spies can also physically monitor known military sites and use devices known as IMSI catchers – essentially fake cell towers – to collect phone data from the phones in the vicinity. The Kremlin reportedly did this in the UK, with GRU officers gathering near some of the UK’s most sensitive military sites.

When a phone of interest appears on the monitored mobile network, the country can keep a close eye on the device’s location and other cellular data. The presence of two or more such devices in close proximity indicates that a mission may be taking place.

In addition to monitoring cell networks, a nation at war can utilize IMSI catchers on the battlefield to gather phone data for the purposes of locating and identifying devices. Location can be determined by triangulating signal strengths from nearby cell towers or by pinging a targeted device’s GPS system. Russia’s Leer-3 electronic warfare system, which consists of two drones containing IMSI catchers along with a command truck, can locate up to 2,000 phones within a 3.7-mile range.

To counter these location-finding drones, an opposing nation may jam a drone’s GPS signal, using a radio emitter to block the drone from receiving GPS signals. The country can also try GPS spoofing, employing a radio transmitter to corrupt the accuracy of the drone’s reported location. To counter such spoofing, systems for validating GPS signals have been deployed on the battlefield. In the larger picture, the corruptibility of GPS data has forced some nations to build their own geopositioning systems. For the US, M-Code serves as a military-only GPS signal that is both more accurate and provides anti-jamming and anti-spoofing capabilities.

Spyware is a more targeted approach to obtaining location data. It can be delivered over the cell network (via a malicious carrier update) or through an IMSI catcher. It’s also not uncommon for operators to pose as single women on social media sites to lure soldiers into downloading a malicious app. Hamas has reportedly used this tactic many times against Israeli soldiers. Such spyware can capture a device’s real-time location, among other capabilities.

The risks of captured smartphone location data

location services

Cell Phone Location Evidence for Legal Professionals: Understanding Cell Phone Location Evidence from the Warrant to the Courtroom

Are Smartphones a Threat to Privacy?

Location, health, and other sensitive information: FTC committed to fully enforcing the law against illegal use and sharing of highly sensitive data

DISC InfoSec

#InfoSecTools and #InfoSectraining

#InfoSecLatestTitles

#InfoSecServices

Ask DISC an InfoSec & compliance related question

Tags: FTC, location data, smartphone location data


Jun 22 2022

Interpol busts 2000 suspects in phone scamming takedown

Category: Mobile Security,Smart PhoneDISC @ 8:51 am

Sick of the unending stream of email and phone calls you receive from scammers claiming to represent your bank? Amazon? Microsoft? The tax office? The police?

We sympathise – we’re sick of them too, especially landline calls that could be a loved one calling for help or advice, and thus need to be answered…

…but that rarely, if ever, turn out to have a familiar voice at the other end.

Perhaps you’re one of the 40,000,000 or so viewers of famous science-and-engineering YouTuber Mark Rober’s video entitled Pranks Destroy Scam Callers – GlitterBomb Payback?

Rober makes some alarming but entirely believable claims of just how much money [a] a top call-centre scammer can make if they hit their on-target earnings and [b] just how much a typical call centre of this sort turns over each day.

If you haven’t seen it, the video starts with the words, â€śI have 100 cockroaches here, and I placed them in this James Bond-style contraption,” so you can probably imagine how things end.

Despite the not-very-threatening outcome when Rober later releases the insects inside a scam call centre where he has access to footage from the CCTV feed, the video gives a good visual indication of just how industriously and unrelentingly these scammers operate. (When not driven from their work pods by roaches, that is.)

Fake refund scams

The scammers in Rober’s video seem to go in mainly for what are known as “fake refund” tricks, which go something like this:

  • Scammers “refund” you an impressive but believable amount, say $2000, for an “over-billing” for a product or service you actually use.
  • They then “help” you login to your bank account to ensure that the transaction went through.
  • They sneakily edit the HTML in your browser so the page shows a transaction for ten times the amount originally mentioned.
  • They cry out in alarm, claiming they themselves must have typed in an extra zero and that they’ve accidentally refunded too much.
  • Then they burst into tears, or turn on the emotional blackmail, claiming they (or you!) will be liable for the massive difference, so please, oh! please! won’t you help?

Their goal is to lure, browbeat, wheedle, threaten, cajole, beg and convince you to refund the “extra” money out of your own account.

After all, you can see the giant refund is there… except that it isn’t, because the item on the page is fake, with the HTML modified in memory to show a huge deposit and a vastly increased balance.

You’re scammed into thinking that they’ve made a mistake that will definitely get them in trouble, and could get you into trouble, too.

The crooks therefore hope to persuade you to help them “cover up” their mistake by withdrawing the “excess” from your own account and paying the non-existent “difference” back to them via some other channel.

While you might be sure that no criminal would ever catch you out with an apparently obvious trick like this, you’ll probably admit that, like most things, this sort of scam is only truly obvious the second time you see it or hear about it.

Scams 2022: An Exposition to Scams and How Not to be the Next Victim: Protecting Yourself From Every Type of Fraud

Tags: phone scamming


Nov 27 2021

How to find hidden spy cameras with a smartphone

Category: Smart PhoneDISC @ 4:59 pm

Researchers from the National University of Singapore and Yonsei University in South Korea have devised a mobile application that uses smartphones’ time-of-flight (ToF) sensor to find tiny spy cameras hidden in everyday objects.

The app is more successful at detecting hidden cams than existing state-of-the-art commercial hidden camera detectors (CC308+, K18) and much more successful than the human eye/brain.

find hidden cameras smartphone

How to find hidden spy cameras with a smartphone – How the app works

Hidden Camera Detector – Anti Spy Finder Large Infrared Viewer and 12 Super Bright Red LEDs. Travel Size Pro Security and Privacy for AirBnB, Hotels, Bathrooms. Search quickly & easily with both eyes.

Tags: spy cameras


Oct 18 2021

Experts hacked a fully patched iOS 15 running on iPhone 13 at China’s Tianfu Cup hacking contest

Category: Hacking,Smart PhoneDISC @ 9:21 am

White hat hackers earned $1.88 million at the Tianfu Cup hacking contest by finding vulnerabilities in popular software.

The Tianfu Cup is the most important hacking contest held in China, this year white hat hackers earned $1.88 Million demonstrating vulnerabilities in popular software.

The edition of this year took place on October 16 and 17 in the city of Chengdu, participants had three attempts of 5 minutes to demonstrate their exploits.

The winner is the security firm Kunlun Lab who earned $654,500, below the tweet of the amazing expert @mj0011 CEO of Cyber-Kunlun & Kunlun Lab and former CTO of Qihoo 360 and founder of team 360Vulcan.

Tags: China’s Tianfu, ios 15, iPhone 13


Oct 05 2021

Cheating on Tests

Interesting story of test-takers in India using Bluetooth-connected flip-flops to communicate with accomplices while taking a test.

What’s interesting is how this cheating was discovered. It’s not that someone noticed the communication devices. It’s that the proctors noticed that cheating test takers were acting hinky.

How to Prevent Cheating on Workplace Exams - HR Daily Advisor

Cheating on Tests: How To Do It, Detect It, and Prevent It

Tags: Bluetooth, cheating, Cheating on Tests, India, schools


Sep 29 2021

Expert discloses new iPhone lock screen vulnerability in iOS 15

Category: Security vulnerabilities,Smart PhoneDISC @ 2:12 pm

The security researcher Jose Rodriguez discovered a new lock screen vulnerability for iOS 15 (& iOS 14.8) that has yet to be fixed.

The security researcher Jose Rodriguez (@VBarraquito) discovered a new lock screen vulnerability for iOS 15 (& iOS 14.8) that has yet to be addressed by Apple. A threat actor with physical access to a vulnerable device can access Notes via Siri/Voice Over.

Rodriguez explained that in real incidents, unattended or stolen devices with a lock screen bypass vulnerability are exposed to attacks that could leverage a lock screen vulnerability to access sensitive information.

This specific type of vulnerability represents a serious threat to individuals and organizations, for this reason, the expert suggests including their research when conducting a mobile pen-testing assessment.

The expert disclosed details about the lock screen bypass vulnerability after Apple downplayed similar flaws, tracked as CVE-2021-1835 and CVE-2021-30699, reported by the researcher earlier this year.

The flaws allowed an attacker to access instant messaging apps like WhatsApp or Telegram even while the mobile device was locked.

Rodriguez explained that Apple partially fixed the issue and did not involve him in the test of the released patch.

Then the expert proposed a variant of the same bypass issue that leverages Apple Siri and VoiceOver services to access the Notes app.

The expert also published a video PoC for the latest screen bypass vulnerability:

Let me suggest reading a post published by the expert that includes a long list of similar vulnerabilities:

https://blog.dinosec.com/2014/09/bypassing-ios-lock-screens.html

The iPhone Manual – Tips and Hacks

Tags: ios 15, iPhone Hacks, iPhone lock screen vulnerability, iPhone manual, iPhone tips


Sep 02 2021

Zero-Click iPhone Exploits

Category: Smart PhoneDISC @ 2:31 pm

IT’S A SHOCKING revelation: The Bahraini government allegedly purchased and deployed sophisticated malware against human rights activists, including spyware that required no interaction from the victim—no clicked links, no permissions granted—to take hold on their iPhones. But as disturbing as this week’s report from the University of Toronto’s Citizen Lab may be, it’s also increasingly familiar.

These “zero-click” attacks can happen on any platform, but a string of high-profile hacks show that attackers have homed in on weaknesses in Apple’s iMessage service to execute them. Security researchers say the company’s efforts to resolve the issue haven’t been working—and that there are other steps the company could take to protect its most at-risk users.

Interactionless attacks against current versions of iOS are still extremely rare, and almost exclusively used against a small population of high-profile targets around the world. In other words, the average iPhone owner is very unlikely to encounter them. But the Bahrain incident shows that Apple’s efforts to defuse iMessage risks for its most vulnerable users have not fully succeeded. The question now is how far the company is willing to go to make its messaging platform less of a liability.

“It’s frustrating to think that there is still this un-deletable app on iOS that can accept data and messages from anyone,” says longtime macOS and iOS security researcher Patrick Wardle. “If somebody has a zero-click iMessage exploit, they can just send it from anywhere in the world at any time and hit you.”

The Stealthy iPhone Hacks That Apple Still Can’t Stop

After another “zero-click” attack, security experts say it’s time for more extreme measures to keep iMessage users safe.

Tags: exploits, iPhone, NSO Group, zero click


Aug 26 2021

T-Mobile Hacker Who Stole Data on 50 Million Customers

Category: Information Security,Mobile Security,Smart PhoneDISC @ 9:49 pm

Their Security Is Awful’

A 21-year-old American said he used an unprotected router to access millions of customer records in the mobile carrier’s latest breach

The hacker who is taking responsibility for breaking into T-Mobile US Inc.’s TMUS -1.63% systems said the wireless company’s lax security eased his path into a cache of records with personal details on more than 50 million people and counting.

John Binns, a 21-year-old American who moved to Turkey a few years ago, told The Wall Street Journal he was behind the security breach. Mr. Binns, who since 2017 has used several online aliases, communicated with the Journal in Telegram messages from an account that discussed details of the hack before they were widely known.

The August intrusion was the latest in a string of high-profile breaches at U.S. companies that have allowed thieves to walk away with troves of personal details on consumers. A booming industry of cybersecurity consultants, software suppliers and incident-response teams have so far failed to turn the tide against hackers and identity thieves who fuel their businesses by tapping these deep reservoirs of stolen corporate data.

A 21-year-old American said he used an unprotected router to access millions of customer records in the mobile carrier’s latest breach

Tags: T-Mobile Hack


Aug 20 2021

Apple’s iPhone Backdoor

Category: Backdoor,Information Security,Smart PhoneDISC @ 11:43 am

More on Apple’s iPhone Backdoor

In this post, I’ll collect links on Apple’s iPhone backdoor for scanning CSAM images. Previous links are here and here.

Apple says that hash collisions in its CSAM detection system were expected, and not a concern. I’m not convinced that this secondary system was originally part of the design, since it wasn’t discussed in the original specification.

Good op-ed from a group of Princeton researchers who developed a similar system:

Our system could be easily repurposed for surveillance and censorship. The design wasn’t restricted to a specific category of content; a service could simply swap in any content-matching database, and the person using that service would be none the wiser.

Practical Mobile Forensics: Forensically investigate and analyze iOS, Android, and Windows 10 devices

Tags: iPhone Backdoor, Mobile Forensics


Aug 16 2021

Copyright scammers turn to phone numbers instead of web links

Category: Smart Phone,Social networkDISC @ 9:41 am

Copyright scams aren’t new – we’ve written about them many times in recent years.

These scammers often target your Facebook or Instagram account, fraudulently claiming that someone has registered a complaint about content that you’ve posted, such as a photo, and telling you that you need to resolve the issue in order to avoid getting locked out of your account.

The problem with copyright infringement notices is that if they’re genuine, they can’t just be ignored, because social media sites are obliged to try to resolve meaningful copyright complaints when they’re received.

To discourage bogus complaints and reduce harrassment – and if you are a content producer or influencer yourself, with an active blog, video or social media account, you will probably have had many well-meaning but ill-informed complaints in your time – sites such as Facebook, Instagram, Twitter and the like don’t put the complainant directly in touch with you.

The process usually goes something like this:

  • The complainant makes their claim to the service provider concerned. The service provider expects them to give full contact details, in order to discourage anonymous harasssment.
  • If the claim seems to hold water, the service alerts you, without giving your details to the complainant, and invites you to defend or to accept the complaint. (Obviously bogus claims, such as complaints about an images or video content in an article that is all text, shouldn’t go any further.)
  • If the claim is incorrect, you can repudiate it, for example by stating that you took a photo yourself or by showing a licence you acquired for a music clip.
  • If you don’t wish to contest the claim, you are usually expected to remove the allegedly infringing material promptly, and report that you have done so.

In either case, assuming that the service provider considers the case resolved, it’s then closed without the complainant getting to contact you directly, and without you needing to deal directly with the complainant in return.

Scam Me If You Can: Simple Strategies to Outsmart Today’s Rip-off Artists

Tags: Copyright scammers, Phone scams, Scam Me If You Can


Jul 20 2021

NSO Group Hacked

There’s a lot to read out there. Amnesty International has a report. Citizen Lab conducted an independent analysis. The Guardian has extensive coverage. More coverage.

Worldwide probe finds tech by Israel's NSO Group targeted media,  politicians | The Times of Israel

Most interesting is a list of over 50,000 phone numbers that were being spied on by NSO Group’s software. Why does NSO Group have that list? The obvious answer is that NSO Group provides spyware-as-a-service, and centralizes operations somehow. Nicholas Weaver postulates that “part of the reason that NSO keeps a master list of targeting…is they hand it off to Israeli intelligence.”

This isn’t the first time NSO Group has been in the news. Citizen Lab has been researching and reporting on its actions since 2016. It’s been linked to the Saudi murder of Jamal Khashoggi. It is extensively used by Mexico to spy on — among others — supporters of that country’s soda tax.

 here’s a tool that you can use to test if your iPhone or Android is infected with Pegasus. (Note: it’s not easy to use.)

7 Steps to Removing Spyware

7 Steps to Removing Spyware by Nick Laughter

Spyware and Adware

Spyware and Adware

Tags: Amnesty International, mobile spyware, NSO Group Hacked, rouge anti-spyware, Spyware, Spyware and Adware


May 27 2021

I hacked my friend’s website after a SIM swap attack

Category: Hacking,Smart PhoneDISC @ 10:01 am

Here’s how easily your phone number could be stolen, why a successful SIM swap scam is only the beginning of your problems, and how you can avoid becoming a victim of the attack

Just how easy is it to conduct a SIM swap attack and what can the attacker do once they have taken control of your phone number? In short, it’s worryingly easy and the criminals can do a lot once they have the keys to the kingdom.

We hear of SIM swapping – also known as SIM hijacking and SIM swap scams – all the time, and yet many people think it can’t ever happen to them. Indeed, people often tell me that they will never get hacked in any way and they actually even wonder why anyone would even target them. But the truth is that we are part of a huge numbers game for many malicious actors and they will continue to target the low-hanging fruit. So why don’t we just implement a few precautionary methods to reduce this risk?

I will come back to what you can do to mitigate the risks later, but first I want to tell you how I tested a SIM swap attack just so I could generate a talk and help people understand the risks. A real-life story is always better when helping people to be more cyber-aware. In fact, I ran a similar experiment last year when I showed how easy it is to hack anyone’s WhatsApp account by knowing their phone number. It was a very valuable lesson for the colleague-turned-victim.

I have known my friend – a let’s call him Paul – since school and we’ve been close friends ever since. I asked him recently if I could attempt to ethically hack him for the greater good and use anything that came from it in the name of cyber-awareness and helping protect people from future attacks. He was happy to oblige and even thought it would be fun to be part of an experiment.

How SIM swapping works

Tags: SIM swap attack


May 09 2021

iPhone Hack Allegedly Used to Spy on China’s Uyghurs

Category: Smart PhoneDISC @ 10:02 pm

U.S. intelligence said that the Chaos iPhone remote takeover exploit was used against the minority ethnic group before Apple could patch the problem.

In 2019, a Chinese security researcher working with the internet security and antivirus company Qihoo 360 unveiled an intricately woven exploit: One that would allegedly let a remote attacker easily jailbreak an iPhone X iOS 12.1. 

The researcher, Qixun Zhao, dubbed the exploit Chaos, for good reason. As this proof-of-concept video allegedly shows, a successful exploit would allow a remote attacker to jailbreak an iPhoneX, with the targeted user none the wiser, allowing the intruder to gain access to a victim’s data, processing power and more. It worked as a drive-by malware download, only requiring that the iPhone user visit a web page containing Qixun’s malicious code. 

It would have made a superb spying tool, seeing how it would let an attacker easily take control of even the newest, most up-to-date iPhones, enabling a snooper to read a victim’s messages and passwords and to track their location in near-real time. 

Source: iPhone Hack Allegedly Used to Spy on China’s Uyghurs

Tags: China’s Uyghurs, iPhone


May 01 2021

Identifying People Through Lack of Cell Phone Use

Category: Cybercrime,Smart PhoneDISC @ 11:46 am

But FaĂŻd’s true mentors were the criminals he’d grown up idolizing onscreen. “He had a phenomenal memory,” his brother Abdeslam tells me. “And he was completely immersed in movies.” Abdeslam recalls an eight-year-old RĂ©doine returning home from a matinee of the 1975 French crime film Peur Sur la Ville (released in the U.S. as The Night Caller), starring Jean-Paul Belmondo, and enchanting their mother and his siblings with a scene-by-scene reenactment. “I’d seen the film,” Abdeslam says, “and his version was just as I remembered it.”

his former lawyer, Raphael Chiche, explained on French television in a documentary about Faïd. “He had to create his own methodology. What better way than movies to get inspired and learn the operational modes of criminality?”

The foresight with which FaĂŻd planned these robberies led his associates to give him a nickname—Doc, after Doc McCoy, Steve McQueen’s character in 1972’s The Getaway, a bank robber on the run who, like FaĂŻd, has a preternatural ability to visualize how jobs will play out. McCoy also made a habit of carrying out “thoughtful hits,” FaĂŻd explains to me. “He had to rob in a precise and neat way.” FaĂŻd likewise stresses the neatness of his own robberies. As he puts it, he executed his hits “as gentlemanly as possible.” He wants to be known as a master thief who took careful precautions to avoid acts of violence.

In this entertaining story of French serial criminal Rédoine Faïd and his jailbreaking ways, there’s this bit about cell phone surveillance:

A police notice issued after Fad's July 2018 escape from Rau which launched the largest manhunt in French history.

Tags: cell phones, crime, France, prison escapes, prisons


Feb 28 2021

Why enterprises need rugged devices with integrated endpoint management systems

Paired longevity solutions in hardware and software

There is a solution to both these issues – durability and security.

Rugged devices are designed specifically for your hardworking enterprise operations. They integrate seamlessly into UEM and MDM platforms, can be trained to only engage with secure networks, and can be geofenced to turn themselves into expensive paperweights if taken off-property.

Rugged devices are not only trusted for their durability and performance, but their security capabilities are also unparalleled when it comes to providing your IT security team with top-down controls over device management and data security.

Their sturdy construction, replaceable shift batteries, and stable software platform ensures that your investment will last for years and will eliminate “down-time” (if used correctly).

What’s more, a survey conducted by Samsung found that employees were not only open to using ruggedized devices, over 90% of respondents currently using rugged tech – and over half of non-user respondents – wanted management to invest more into such devices.

Why enterprises need rugged devices with integrated endpoint management systems

Tags: MDM, UEM


Feb 17 2021

“ScamClub” gang outed for exploiting iPhone browser bug to spew ads

Category: Smart Phone,Web SecurityDISC @ 3:51 pm

Digital ad company Confiant, which claims to “improve the digital marketing experience” for online advertisers by knowing about and getting rid of malicious and unwanted ads, has just published an analysis of a malvertising group it calls ScamClub.

According to Confiant, this group is behind a massive number of those annoying and scammy popup campaigns you will almost certainly have seen, where you visit an apparently honest web page and then get pestered with online surveys.

We’ve warned our readers many times about the risks of online surveys â€“ even ones that don’t obviously or explicitly lead to attempted malware infections.

At best, you will often end up giving away a surprising amount of personal data, typically in return for a minuscule chance of winning a free product (fancy phones, high-value gift cards and games consoles are typically used as lures).

“ScamClub” gang outed for exploiting iPhone browser bug to spew ads

Tags: browser bug


Next Page »