Tech Expert Mentions The Possibility of Hacking in Apple Devices

Tech Expert: “Apple Devices Can Be Hacked in Different Ways”

We have been relying to tech experts about our loved devices. Recently, one of them mentioned the possibility of Apple devices being hacked because of a new feature.

The iPhone X, which is the latest model released by Apple has a new feature. This feature grabbed the interest of iOS users around the globe. It’s the Face ID. A review of this feature can be found here: https://technewsgadget.net/2017/12/apple-iphone-x-what-wrong-to-iphone-xs-face-id/.

One concerned user stated that Apple itself could use the data to benefit other sectors of its business, sell it to third parties for surveillance purposes, or receive law enforcement requests to access it facial-recognition system.

Your Device Can be Hacked with Just One Photo

Have you ever watched the movie “The Ring”? If yes, then you’d know how this works.

Just viewing one photo which was sent to you can get your device hacked.

Experts are urging Apple users to manually update their operating systems after Apple issued a patch for a new security exploit that could let a hacker take over their devices with a single image.

When an attacker knows your cellphone number, all that they have to do is send you the photo. It could be sent through email or even an MMS.

Hackers could theoretically hide malicious instructions inside the code for a photo sent to you to launch an attack on your device.

If your operating system is earlier than 9.3.3 on iOS or earlier than 10.11.6 for OS X, it could be vulnerable.

The attack is theoretical at this point and there have been no reports of it being used, so far. But prevention is better than cure so might as well update your phones now.

Google Chrome hacked with sandbox bypass

A Russian student who studies in Canada has successfully hacked into a fully patched Windows 7 64-bit version. He used a remote code execution vulnerability/exploit in Google Chrome.

Sergey Glazunov is a security researcher who finds security holes in Chrome and reports it directly to Google.

He earned $60,000 due to his exploits. He targeted two distinct zero-day vulnerabilities in the sub-system of the Chrome extension. Google is trying to partner with hackers to find holes in the system. In exchange they pay the hacker for his job. They call the Pwnium hacker contest which they are running this year.

Justin Schuh of Google said that, “It didn’t break out of the sandbox [but] it avoided the sandbox.” Glazunov’s exploits bypassed the browser sandbox in its entirety.

He also added, “It was an impressive exploit. It required a deep understanding of how Chrome works. This is not a trivial thing to do. It’s a very difficult and that’s why we’re paying $60,000.”

Sergei is a regular contributor in the Google bug bounty program. He also did a similar sandbox bypass bug before that is similar to his work. Schuh said that these types of full code execution that executes code outside the browser sandbox from a very small percentage of bug submissions.

Image source: isp101.net

One hundred phishers charged

Following a multi-national investigation into a phishing scheme that covered the United States and Egypt, the Federal Bureau of Investigation (FBI) announced today that it had charged 53 defendants in the U.S, thirty-three of which were already arrested while the others are still being sought.

Authorities in Egypt on the other hand have charged 47 defendants who are also linked to the phishing operation, taking the total to 100, the largest number ever charged in a cybercrime case.

The investigation, which was dubbed “Operation Phish Phry”, begun in 2007.

“The sophistication with which Phish Phry defendants operated represents an evolving and troubling paradigm in the way identity  is now committed,” Keith Bolcar, acting assistant director of the FBI in Los Angeles, said in a statement.

“Criminally savvy groups recruit here and abroad to pool tactics and skills necessary to commit organized theft facilitated by the computer, including hacking, fraud and identity theft, with a common greed and shared willingness to victimize Americans.”

The 53 defendants in the U.S. face charges of conspiracy to commit bank and wire fraud that could cost them a maximum of 20 years in prison. Hmmn, let’s see if they can hack they’re way of out that.

Source: http://www.informationweek.com/news/security/attacks/showArticle.jhtml?articleID=220301571

iPhone 3G S unlocked

Yes, he did it again.

George Hotz, 19, who was first known to the world as the first person who unlocked iPhone, claims to have developed an application that can “jailbreak” the latest gadget from Apple.

The application – purplera1n – allows third-party software to be installed in the iPhone 3G S which means even those applications not approved by Apple can run in the phone.

This recent development in the hacking world is a big deal because not only does it make the phone more open to more apps, it also shows that overcoming Apple’s built-in security is not an impossibility.

Hotz released the software which can run on a Windows-based computer on July 3, less than a month after iPhone 3G S was made available to the public. This can run on a PC and the latest version of iTunes and an iPhone 3G S running on the latest iPhone 3.0 software. He released a Mac version of the app today.

He is quick to point out to people though, to do a backup before starting the application as this is still a Beta version.

A lot of blogs posts scattered in the internet have confirmed that the application does work, thus testifying to his er..hacking prowess. And so he says, “We release, Apple fixes, we find new holes”.

Source:

http://digital.venturebeat.com/2009/07/05/teen-hacker-releases-windows-and-mac-jailbreaking-programs-for-iphone-3g-s/