Jump to content

Search the Community

Showing results for tags 'iphones'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 10 results

  1. (Reuters) - Apple Inc held talks with Samsung Electronics Co Ltd and MediaTek Inc along with existing vendor Intel Corp to supply 5G modem chips for 2019 iPhones, according to an Apple executive’s testimony at a trial between Qualcomm Inc and the U.S. Federal Trade Commission on Friday. Between 2011 and 2016, Apple relied on San Diego-based Qualcomm as the sole supplier of such chips, which help iPhones connect to wireless networks. Starting in 2016, Apple split the business between Intel and Qualcomm, but in 2018, Apple moved solely to Intel for its newest phones. But Apple supply chain executive Tony Blevins testified on Friday that Apple has also considered MediaTek and Samsung, one of its largest rivals in the smart phone market, to supply the chips for the next generation of wireless networks known as 5G. Those networks are expected to start rolling out this year and provide faster data speeds than current 4G networks. The FTC is suing Qualcomm alleging the chip supplier engaged in anticompetitive patent licensing practices to preserve a dominant position in the premium modem chip market. On the stand at a federal courthouse in San Jose, California, Blevins testified that Apple has long sought multiple suppliers for modem chips but signed an agreement with Qualcomm to exclusively supply the chips because the chip supplier offered deep rebates on patent license costs in exchange for exclusivity. In 2013, Apple broke off work with Intel to start supplying modems for the iPad Mini 2 because Apple would lose its rebates by using Intel’s chips, rendering Intel’s products “economically unattractive” overall. Later that year after cost negotiations with Qualcomm did not go as Apple hoped, Apple kicked off “Project Antique” to secure a second modem supplier, Blevins testified. By 2016 and 2017, Apple introduced Intel’s modems in some of its iPhones but also still used Qualcomm chips. But Apple’s lawsuit against Qualcomm filed in early 2017 caused their business relationship to change “in a very profound and negative manner,” leading to using only Intel’s modems for the phones released last year. “The entire concept of Project Antique was to find a second supplier. No offense to (Intel) but we don’t want to be single supplier with them. We wanted both Qualcomm and (Intel) in the mix,” Blevins said. Blevins also testified Apple considered making Intel the sole supplier of modems for the Apple Watch, which added 4G connectivity in 2017 using Qualcomm chips. Blevins said that talking with Samsung, whose Galaxy and Note devices compete against the iPhone, is “not an ideal environment” for Apple, but that Samsung is currently the largest component supplier to Apple. Blevins did not say whether Apple had reached a decision on a 5G modem supplier or whether it would release a 5G iPhone in 2019. Citing sources, Bloomberg previously reported that Apple would not release such a phone until 2020. Source
  2. (Reuters) - Apple Inc , which slashed its quarterly sales forecast last week, has reduced planned production for its three new iPhone models by about 10 percent for the January-March quarter, the Nikkei Asian Review reported on Wednesday. That rare forecast cut exposed weakening iPhone demand in China, the world’s biggest smartphone market, where a slowing economy has also been buffeted by a trade war with the United States. Many analysts and consumers have said the new iPhones are overpriced. Apple asked its suppliers late last month to produce fewer-than-planned units of its XS, XS Max and XR models, the Nikkei reported, citing sources with knowledge of the request. The request was made before Apple announced its forecast cut, the Nikkei said. The bleaker sales outlook, which Apple attributed to weak China demand, triggered a broad sell-off in global stock markets. Market research firm Canalys estimates shipments fell 12 percent in China last year and expects smartphone shipments in 2019 to dip another 3 percent, to below 400 million for the first time since 2014. Overall planned production volume of both old and new iPhones is likely to be cut to a range of 40 million to 43 million units for January-March period, from an earlier projection of 47 million to 48 million units, the Nikkei reported, citing one source familiar with the situation. Apple did not respond to a Reuters request for comment. The report comes after chip suppliers Samsung Electronics Co Ltd and Skyworks Solutions Inc ) flagged weak first-quarter chip demand for smartphones. Samsung surprised the market on Tuesday with an estimated 29 percent drop in quarterly profit, blaming weak chip demand in a rare commentary issued to “ease confusion” among investors already fretting about a global tech slowdown. Apple’s iPhone suppliers include Taiwanese assemblers Hon Hai Precision Industry Co Ltd (Foxconn) (2317.TW) and Pegatron Corp (4938.TW). Pegatron declined to comment on the report when contacted by Reuters, while Foxconn did not reply to a request for comment. There was little reaction to the report among shares of major Apple suppliers, as the market has already digested production cuts after the iPhone maker’s forecast cut, analysts said. Shares of Foxconn, the world’s biggest electronics contract manufacturer, closed up 1.6 percent, while Pegatron closed up 1.3 percent. Apple shares were up 1.3 percent at $152.70 in early trading on Wednesday. Among iPhone component suppliers in Asia, South Korea’s LG Display Co Ltd closed up 0.5 percent, while Japan Display Inc was flat. “The Street is already well aware of a soft March guide so this latest report is not a new worry, as investors are starting to look ahead 6-9 months down the road for Apple and gauge how the company emerges from this dark chapter of soft demand,” Daniel Ives, analyst at Wedbush Securities, said. Source
  3. According to new research by Kaspersky's GReAT team, the online criminal activities of the Roaming Mantis Group have continued to evolve since they were first discovered in April 2018. As part of their activities, this group hacks into exploitable routers and changes their DNS configuration. This allows the attackers to redirect the router user's traffic to malicious Android apps disguised as Facebook and Chrome or to Apple phishing pages that were used to steal Apple ID credentials. Recently, Kaspersky has discovered that this group is testing a new monetization scheme by redirecting iOS users to pages that contain the Coinhive in-browser mining script rather than the normal Apple phishing page. When users are redirected to these pages, they will be shown a blank page in the browser, but their CPU utilization will jump to 90% or higher. Blank page utilizing Coinhive This is caused by the page utilizing the Coinhive mining script shown below. Coinhive Mining Script The day after the GReAT discovered this new page, the attackers reverted back to redirecting to the Apple phishing page, so this appears to be a test that is not ready for full release. Limited hacking of Japanese devices After Japanese researchers started releasing reports regarding Roaming Mantis, the group is making an effort to avoid hacking Japanese devices. On landing pages that users were redirected to, Kaspersky noticed that there was JavaScript that checked if the device's language was set to "ja" or Japanese. If the ja language was detected, the page would not offer any malicious applications or redirects to the visitor. Checking for Japanese Browser Language Spreading via scam adverts on Prezi.com This group appears to also be taking a page out of the Adware handbook by promoting scam sites for adult videos, games, music, and downloads. These scam sites are being promoted through Prezi.com, a presentation sharing site, where the group would create page that contain links to URLS at https://tinyurl.com. When a visitor goes to these urls, though, they will be redirected to various scam sites as shown below. Prezi.com Ads Protecting your devices To protect yourself from attacks like this, make sure that your routers are upgraded to the latest firmware so that any vulnerabilities are patched. Kaspersky also suggests that Android users turn off the ability to install app from third-party sites. "We strongly recommend that Android users turn off the option that allows installation of applications from third-party repositories, to keep their device safe," stated Kaspersky's research. "They should also be suspicious if their phones become unusually hot, which may be a side-effect of the hidden crypto-mining application in action." Source
  4. (Reuters) - Apple Inc (AAPL.O) has blocked the plans of the biggest distributor of PC-based video games to extend its reach into iPhones, according to the game distributor, a sign that Apple is serious about protecting its ability to take a cut of digital purchases made inside games on its mobile devices. Steam, the dominant online store for downloaded games played on Windows PCs, had planned to release a free mobile phone app called Steam Link so that gamers could continue playing on their mobile phones while away from their desktop machines. But Apple has rejected the app, blocking its release, according to a statement from Steam’s parent company, the Bellevue, Washington-based Valve Corp. “The team here spent many hours on this project and the approval process, so we’re clearly disappointed,” Valve spokesman Doug Lombardi said in a statement to Reuters. “But we hope Apple will reconsider in the future.” Apple did not immediately return a request for comment. The magazine Variety earlier reported Steam’s rejection from the App Store. Bob O’Donnell, chief of TECHnalysis Research, said Apple’s move to block steam could hurt it with users between 18 and 24 years old, more than half of whom have iPhones, according to his research. “What they’re doing is denying iPhone owners access to the most important gaming ecosystem there is,” he said. “Given that the younger demographic skews toward iPhones, it seems particularly damaging.” Steam did not give a precise reason for the App Store denials, saying only that Apple cited “business conflicts with app guidelines.” But the conflict likely centers on what are known as in-app purchases or micro-transactions, in which gamers can spend small sums of money inside games to buy tokens, extra lives or others so-called digital goods. Lombardi said Steam disabled purchasing its iOS app but did not elaborate on how the change was made. Apple takes a 30 percent cut of such purchases made within apps distributed through its App Store. Analysts believe those purchases are among the primary drivers of revenue in Apple’s services business, which includes the App Store, iCloud and Apple Music. In Apple’s most recent quarter, services revenue hit $9.1 billion, beating Wall Street expectations and providing a bright spot for revenue growth as the smartphone market matures. Steam, however, also offers purchases within games distributed through its platform and also takes a cut of those purchases. Apple’s App Store guidelines ban such a store-within-a-store unless the purchases flow the Apple’s infrastructure and pay Apple’s cut. Source
  5. Security flaws smash worthless privacy protection Analysis To protect mobile devices from being tracked as they move through Wi-Fi-rich environments, there's a technique known as MAC address randomization. This replaces the number that uniquely identifies a device's wireless hardware with randomly generated values. In theory, this prevents scumbags from tracking devices from network to network, and by extension the individuals using them, because the devices in question call out to these nearby networks using different hardware identifiers. It's a real issue because stores can buy Wi-Fi equipment that logs smartphones' MAC addresses, so that shoppers are recognized by their handheld when they next walk in, or walk into affiliate shop with the same creepy system present. This could be used to alert assistants, or to follow people from department to department, store to store, and then sell that data to marketers and ad companies. Public wireless hotspots can do the same. Transport for London in the UK, for instance, used these techniques to study Tube passengers. Regularly changing a device's MAC address is supposed to defeat this tracking. But it turns out to be completely worthless, due to a combination of implementation flaws and vulnerabilities. That and the fact that MAC address randomization is not enabled on the majority of Android phones. In a paper published on Wednesday, US Naval Academy researchers report that they were able to "track 100 per cent of devices using randomization, regardless of manufacturer, by exploiting a previously unknown flaw in the way existing wireless chipsets handle low-level control frames." Beyond this one vulnerability, an active RTS (Request to Send) attack, the researchers also identify several alternative deanonymization techniques that work against certain types of devices. Cellular radio hardware has its own set of security and privacy issues; these are not considered in the Naval Academy study, which focuses on Android and iOS devices. Each 802.11 network interface in a mobile phone has a 48-bit MAC address layer-2 hardware identifier, one that's supposed to be persistent and globally unique. Hardware makers can register with the Institute of Electrical and Electronics Engineers (IEEE) to buy a block of MAC addresses for their networking products: the manufacturer is assigned a three-byte Organizationally Unique Identifier, or OUI, with is combined with an additional three-byte identifier that can be set to any value. Put those six bytes together, and you've got a 48-bit MAC address that should be globally unique for each device. The IEEE's registration system makes it easy to identify the maker of a particular piece of network hardware. The IEEE also provides the ability to purchase a private OUI that's not associated with a company name, but according to the researchers "this additional privacy feature is not currently used by any major manufacturers that we are aware of." Alternatively, the IEEE offers a Company Identifier, or CID, which is another three-byte prefix that can be combined with three additional bytes to form 48-bit MAC addresses. CID addresses can be used in situations where global uniqueness is not required. These CID numbers tend to be used for MAC address randomization and are usually transmitted when a device unassociated with a specific access point broadcasts 802.11 probe requests, the paper explains. The researchers focused on devices unassociated with a network access point – as might happen when walking down the street through various Wi-Fi networks – rather than those associated and authenticated with a specific access point, where the privacy concerns differ and unique global MAC addresses come into play. Unmasking Previous security research has shown that flaws in the Wi-Fi Protected Setup (WPS) protocol can be used to reverse engineer a device's globally unique MAC address through a technique called Universally Unique IDentifier-Enrollee (UUID-E) reversal. The US Naval Academy study builds upon that work by focusing on randomized MAC address implementations. The researchers found that "the overwhelming majority of Android devices are not implementing the available randomization capabilities built into the Android OS," which makes such Android devices trivial to track. It's not clear why this is the case, but the researchers speculate that 802.11 chipset and firmware incompatibilities might be part of it. Samsung v Apple Surprisingly, Samsung devices, which accounted for 23 per cent of the researcher's Android data set, show no evidence of implementing MAC address randomization. Apple, meanwhile, introduced MAC address randomization in iOS 8, only to break it in iOS 10. While the researchers were evaluating devices last year, Apple launched iOS 10 and changed its network probe broadcasts to include a distinct Information Element (IE), data added to Wi-Fi management frames to extend the Wi-Fi protocol. "Inexplicably the addition of an Apple vendor-specific IE was added to all transmitted probe requests," the paper explains. "This made identification of iOS 10 Apple devices trivial regardless of the use of MAC address randomization." This shortcoming aside, Apple handles randomization correctly, in the sense that it properly randomizes the full 48-bits available for MAC addresses (with the exception of the Universal/Local bit, set to distinguish between global MAC addresses and the local ones used for randomization, and the Unicast/Multicast Bit). The researchers find this interesting because the IEEE charges a fee for using the first three bytes of that space for CID prefixes, "meaning that Apple is freely making use of address space that other companies have paid for." In a phone interview with The Register, Travis Mayberry, assistant professor at the US Naval Academy and one of the paper's co-authors, expressed surprise that something like 70 per cent of Android phones tested did not implement MAC address randomization. "It's strange that Android was so vulnerable," he said. "It's just really bad at doing what it was supposed to do." 'Closest to being pretty good' Apple, meanwhile, fared better in terms of effort, though not results. "Apple is the closest to being pretty good," Mayberry said, but noted that Apple devices, despite the advantage of hardware consistency, are still vulnerable to an RTS (Request to Send) attack. Sending RTS frames to an Apple phone forces the device to reveal its global unique MAC address, rather than the randomized one normally presented to the hotspot. "No matter how hard you try, you can't defend against that because it's a property of the wireless chip itself," said Mayberry. There was single Android phone that fared well. "The one Android phone that was resistant to our passive attacks was the CAT S60 which is some kind of 'tough' phone used on construction sites and the like," Mayberry explained in an email. "It did not have a recognizable fingerprint and did not ever transmit its global MAC except when associating. It was still vulnerable to our active RTS attack though, since like I said, that is a problem with the actual chips and effects every phone." Mayberry was at a loss to explain why Apple shot itself in the foot by adding a trackable identifier to a system that previously worked well. "I initially thought it might be to support some of the 'continuity' features where multiple apple devices can discover and exchange stuff like open browser tabs and clipboard contents but that came out in earlier versions of iOS," he said. "It also might be linked to the HomeKit features that they added in iOS to control IoT devices. Basically it would have to be to purposefully identify and discover other Apple devices that are not associated, otherwise we wouldn't see it in probe requests. All of this is pure speculation though and we really don't have a strong reason for it." Mayberry said he hoped the research would help the industry understand the consequences of everyone doing things differently. There's no generally accepted way to handle MAC address randomization. "There are so many phones not using it," he said. "There should be a standard." By Thomas Claburn https://www.theregister.co.uk/2017/03/10/mac_address_randomization/
  6. Well-known iPhone hacker says nothing in CIA dump threatens up-to-date iPhones Of all the mobile devices featured in the alleged CIA documentation dump released by Wikileaks earlier this week, the iPhone is mentioned the most. Pages upon pages of research and exploits related to Apple’s smartphone are now in the hands of anyone with an internet connection. It might seem like a reason to panic, and plenty of people are already doing just that, but according to one of the most well-respected iPhone hackers on the planet, nothing in the collection of information should pose any threat to an up-to-date iPhone. Will Strafach is the CEO of Verify.ly, a software security firm specializing in mobile devices. He also used to be one of the most famous iOS jailbreakers around, and his opinion on mobile security exploits is one of the very few that you should actually care about. He’s taken a look at the CIA documents related to the iPhone, and doesn’t see anything to worry about — assuming you’re running the latest firmware. I have found nothing in the dump which an attacker could use to hack an iOS device on latest firmware (and older firmwares have public JBs) https://t.co/gnWDRX8tOz — Will Strafach (@chronic) March 8, 2017 “The one thing I was at least able to definitively clear up is this: the leak contains nothing which an attacker could download and use to hack an up-to-date mobile phone (iOS),” Strafach told us. “Android experts have said the same regarding android devices on the latest firmware as well, which is interesting as it demonstrates that Android (again, on latest firmware) can be decently secure just like iOS.” So what about the people claiming the information included in the leak is of dire security concern to everyone with an iOS device? “The best you can do is to ask anyone who claims danger within this leak to go ahead and prove it,” Strafach says. “I guarantee you that if you ask someone to download this leak and try to use the information in it to hack your phone, they would fail.” The seasoned security expert also wants to clear up some misconceptions about the government potentially keeping vulnerabilities secret rather than reporting them. “Some imply keeping a vulnerability private will make users unsafe,” Strafach explains. “This is an ethical debate rather than a technical one and is up to opinion, but what I can at least say is that the practice is also prevalent among experienced security researchers who need to maintain access to future revisions of an OS in order to continued their research to find new vulnerabilities, which they may either disclose or submit to a bug bounty, or create a jailbreak tool for, etc.” “While I agree that it can be healthy sometimes to question government and call out actual abuse, in this situation, it is more about having a level playing field and I do not believe there is an ethical issue here,” Strafach says. [Enjoy your iPhone! ]
  7. In the latest skirmish over privacy in the cellphone age, a federal judge in Chicago has rejected a law enforcement request to force potential targets in an ongoing investigation to provide fingerprints to unlock any iPhones or other Apple devices. The order by U.S. Magistrate Judge David Weisman concerned a request for a warrant to search a residence where investigators believed someone was using the internet to traffic images of child pornography, court records show. The prosecution filing seeking the search warrant on the FBI's behalf remains under seal, but the judge's opinion said the government requested "the authority to compel any individual who is present at the subject premises at the time of the search" to provide a fingerprint or thumbprint needed to unlock an Apple device. Weisman, a former federal prosecutor and FBI agent, wrote in his 14-page opinion last month that the government hadn't presented enough facts in its application that would justify such sweeping "intrusions," including any specific information about those who might be living at the residence or their connection to the child pornography investigation. He also called out prosecutors over what he called the dated boilerplate language often seen in search warrant affidavits dealing with technological issues, from referring to a Blackberry as a "Personal Digital Assistant" to suggesting that most people still use cables to download information. Weisman's ruling comes a year after the high-profile battle between Apple and the FBI over the encrypted iPhone used by one of the San Bernardino, Calif., terrorist attackers who killed 14 people and seriously wounded 22 others in 2015. That dispute was resolved after the FBI was able to hack into the phone without Apple's help. But experts say the debate over where to draw the line between privacy and investigative interests has lingered, particularly as law enforcement agencies across the country are searching to bypass the relatively new technology of fingerprint readers and other encryption built into many cellphones. Although Weisman's ruling was narrow in scope, it provided an important shot across the bow to federal agencies looking for sweeping powers to search individuals' cellphones without probable cause, according to Jennifer Lynch, a senior staff attorney at the Electronic Frontier Foundation, a nonprofit digital rights group. "This is a very new area of the law. We've only had the ability to unlock our phones with our fingerprints for a few years now," Lynch said. "And so in this situation, there's nobody on the other side to say to the court this is outrageous and there are some cases to back us up." In a landmark 2014 decision, the U.S. Supreme Court ruled that police must obtain a warrant before they can search an arrestee's phone. The court has previously held that physical evidence like fingerprints can be collected without judicial approval. But some legal experts say there should be a higher legal threshold when it comes to unlocking a smartphone with a fingerprint because it potentially gives the government access to a trove of personal information. David Shapiro, an attorney with Northwestern University's MacArthur Justice Center, said Weisman was correct in putting the brakes on a "remarkably intrusive search." "A cellphone is almost a record of your mind and your life," Shapiro said. "It reveals your thoughts. It reveals who your friends are. It reveals where you go, where you spend your time. It reveals what books you buy on Amazon." A spokesman for the U.S. attorney's office in Chicago declined to comment. The case was just one of many across the country where authorities have sought access to a locked or encrypted smartphone as part of an ongoing criminal investigation. An Apple spokesman has previously said the company receives thousands of requests every year and complies with about 80 percent of them. But the issue exploded in February 2016 when Apple publicly refused to comply with the FBI's request that the company help access an iPhone used by San Bernardino gunman Syed Rizwan Farook. The FBI wanted Apple to create a program specifically for that particular phone to help the bureau review the data on it. Apple refused, saying to require the company to build a "backdoor" into its devices would set a terrible precedent. In fighting the request, Apple released details of a dozen similar instances in which the federal government sought data from Apple devices by invoking the All Writs Act of 1789. Three of those requests were filed in Illinois. In one case, the FBI sought — and a judge granted — permission to access an iPhone belonging to Pethinaidu and Parameswari Veluchamy, a suburban couple later charged with bankruptcy and passport fraud. Records show Apple complied with the judge's order in that case, but the FBI was unable to access any data because the phone's data had been encrypted. The issue is not unique to federal court. In Cook County criminal court, prosecutors have asked a judge to force an alleged serial rapist to unlock his iPhone. The defendant, tanning salon owner Marc Winner, allegedly exchanged at least two text messages with one of his victims implicating himself in the attack. "Are you ok?" Winner texted in one message, according to screen shots of the texts taken by the alleged victim. "I'm away from you," the woman replied. "Of course I'm okay." "Don't talk to me agaon," she texted soon after. "Your a rapist." Winner has since been charged with three other sexual assaults of women who were either employees or customers at his salons. But two years after his arrest, the contents of his phone remain locked as both sides await a ruling. Winner has pleaded not guilty to all charges. In his recent decision, Weisman authorized agents to search the premises and remove computers and electronic storage devices found during the raid — the more traditional requests made in search warrants. Weisman's ruling on the fingerprint issue came only after he took the unusual step of asking the U.S. attorney's office to submit a memorandum detailing its position. The judge then presented a draft of his order to prosecutors for their "consideration" before publishing it with some "minor edits," according to his ruling. Weisman acknowledged that given the still-developing nature of the child pornography investigation, it wasn't surprising that some information was missing from the government's application for a search warrant. He said any evidence garnered from the search could be used to apply for additional warrants in the future. "We simply are not there yet," Weisman said. By jmeisner & sschmadeke http://www.chicagotribune.com/news/ct-forced-fingerprinting-iphones-met-20170305-story.html
  8. A customer at an Apple Store in Dijon, France went on a destructive rampage after an apparent disagreement with store staff. The incident was captured in a series of videos, in which the man can be heard shouting about his rights as a consumer. According to Business Insider, his displeasure arose from an alleged 'repayment issue', but some reports suggest that there was a dispute over Apple's warranty cover for his device. As the videos show, the man casually walked around the store, removing devices from their display stands, and smashing them with a boule, a heavy steel ball used in a popular French game, in which larger balls are rolled or thrown as close as possible towards a smaller ball. The man can be seen smashing numerous iPhones and at least one MacBook, causing thousands of dollars' worth of damage. It's believed that he also destroyed further devices that weren't caught on camera. It appears that staff at the store evacuated other shoppers for their safety as the man continued his destructive spree, until security staff from the mall in which the store is located were able to attend. The man is also seen attempting to escape from the security officers, unsuccessfully. According to Le Parisien, he was later handed over to the local police force, which has opened an investigation into the incident. Source: Business Insider / Le Parisien | Videos via 'kekess _______' (YouTube) Article source
  9. Senators briefed about hack used to break into iPhone The FBI vs. Apple soap-opera continues with a new episode, this time involving the feds, as reports coming from sources close to the matter reveal that a number of US Senators have been briefed about the method used to break into the San Bernardino iPhone. The agency managed to hack the iPhone with the help of an undisclosed third-party, but refused to provide information regarding the hack to Apple, preferring instead to keep it secret for the time being and decide whether the company should receive such details after it finalizes the investigation in this case. Senators finding out about the hack But in the meantime, it appears that the FBI has already started sharing information about the way it unlocked the device in private briefings with US Senators. Senator Dianne Feinstein was one of the first to find out about FBI’s method to hack iPhones, reports coming from the National Journal and CNET reveal, but just as expected, absolutely no details are being disclosed. In case you’re wondering how come Feinstein is getting access to such information, she is the vice chairman of the Senate Select Committee on Intelligence and one of the senators who backed regulations that would force phone manufacturers to install backdoors for government access on devices sold in the United States. In addition to Feinstein, Senator Richard Burr also got access to similar information. He’s also one of the backers of pro-backdoor bills and together with Feinstein, took FBI’s side in the case against Apple, emphasizing that the agency shouldn’t tell Cupertino how it unlocked the San Bernardino iPhone. “I don't be­lieve the gov­ern­ment has any ob­lig­a­tion to Apple. No com­pany or individual is above the law, and I'm dismayed that any­one would refuse to help the government in a ma­jor terrorism investigation,” Feinstein was quoted as saying. Apple expects the hack to leak While the FBI refuses to tell Apple about the method used to unlock the iPhone, the company expects information regarding this hack to leak in the near future. That will be the moment when Apple’s security can develop a patch and then ship it to iPhones in the US, as a hack freely available out there could easily expose its customers. Without a doubt, the more people find out about the hack, the bigger the chances for the leak to take place, but for the moment, it appears that those who are briefed about it are mostly anti-Apple senators who are very likely to keep everything secret. Apple hasn’t yet issued a response to news that US senators are being briefed about FBI’s hack, but an official statement is expected to be offered by a company executive sometimes soon. From: http://news.softpedia.com/news/fbi-discloses-method-to-hack-iphones-to-us-senators-502676.shtml
  10. Mobile device management systems at insurance giant Aviva UK were last month hit by an attack based on the Heartbleed exploit that allowed hackers to royally screw with workers' iPhones. The insurance giant has played down the breach but El Reg's mole on the inside claims Aviva is in talks about moving to a new platform in the wake of the incident. Aviva was using BYOD service MobileIron to manage more than 1,000 smart devices such as iPhones and iPads. On the evening of the 20 May, a hacker compromised the MobileIron admin server and posted a message to those handhelds and the email accounts, according to our source. The hacker then performed a full wipe of every device and subsequently took out out the MobileIron server itself. Hacker taunts Aviva after Heartbleed hack Our tipster has forwarded a screenshot of the messages that everyone received before their phones got wiped. He claimed the incident caused millions in damages, a suggestion the insurance giant firmly denies. In a statement sent to us, Aviva downplayed the impact of the breach, and moved to reassure clients that customer data was not exposed. The issue was specific to iPhones and none of Aviva's business data was accessed or lost. Someone gained access to a third party supplier, which also enabled them to reset mobile devices for some Aviva users. There were no financial losses or repercussions. It was an overnight issue and by the start of the next day we had begun to restore devices. Aviva reportedly moved impacted staff onto a new Blackberry 10 service to manage all their Apple devices, and are in discussions with MobileIron reseller Esselar to cancel their contract. The incident was first reported by insurance industry site Postonline.co.uk. In response to queries from El Reg, Mobileiron described the snafu at Aviva as an isolated problem that didn't affect its other customers. Our investigation concluded that this incident neither resulted from nor exploited any compromise or vulnerability in MobileIron systems or software. All indications are that this was an isolated incident that does not represent a threat to other MobileIron customers. Ken Munro, a partner at Pen Test Partners who has looked into the security shortcomings of mobile device management systems, said one of the most surprising aspects of the attack was that it happened a full six weeks after Heartbleed was discovered in March because "any perimeter scan would have found it to be vulnerable". "Maybe it [the MobileIron server] was vulnerable, the creds were stolen, it was then patched, but the creds weren’t changed? Then the creds were used some time later," Munro speculated. "The other possibility is that another filtering/proxying device in front of the MobileIron server was vulnerable, and creds were stolen from that instead." he added. The infamous Heartbleed security bug stems from a buffer overflow vulnerability in the Heartbeat component of OpenSSL. The practical upshot of the vulnerability is that all manner of sensitive data including encryption keys, bits of traffic, credentials or session keys might be extracted from unlatched systems. The flaw was first publicly disclosed in early April. Updated MobileIron has been in touch to add the following statement: "It is important to note that foundational components of the MobileIron Infrastructure are not vulnerable to the attack including our VSP (management console), Sentry (Secure Mobile Gateway), ConnectedCloud, Anyware, and the MobileIron client. None of these product components are vulnerable. We also conducted a recent webinar reviewing this for our customers." Source
×
×
  • Create New...