Showing posts with label Apple Security. Show all posts

GrayKey, a tool that allows law enforcement agencies to unlock or crack iPhones, now is unable to get the passcodes or unlock any iPhone or iPad running iOS 12 or later, meaning police or FBI can't obtain any encrypted files and metadata anymore, according to Forbes.


Grayshift's GrayKey iPhone unlocking tools that have been sold to multiple law enforcement agencies across the United States. Essentially, the box connects to an iPhone and then installs the software that's designed to crack the passcode of the device. It could take 6 minutes to crack a device that uses 4-digit passcode, and will take longer as the passcode gets longer.

Now, though, Apple has put up what may be an insurmountable wall. Multiple sources familiar with the GrayKey tech tell Forbes the device can no longer break the passcodes of any iPhone running iOS 12 or above. On those devices, GrayKey can only do what’s called a “partial extraction,” sources from the forensic community said. That means police using the tool can only draw out unencrypted files and some metadata, such as file sizes and folder structures.

The way of GrayKey no longer works on iOS devices likely because of the implementation of USB Restricted Mode that prevent other USB tools from accessing an iPhone or iPad if it's been more than an hour since the device was last unlocked, the USB access will cut off.

Adware Doctor, the top-selling paid Utilities app on the Mac App Store in the United States has been found to steal the browser history of anyone who downloads it. Now, Apple has removed the app from Mac App Store, reports TechCrunch, who quoted security researcher Patrick Wardle's discovery on this.


Wardle says that Adware Doctor withdraws sensitive user data, and made password-protected archive called History.zip, then upload these data to a server in China. Though the researcher has contacted Apple on the matter, the company simply explains that they will investigate it. Until earlier today, Apple hasn't yet removed it.

Wardle found that the downloaded app jumped through hoops to bypass Apple’s Mac sandboxing features, which prevents apps from grabbing data on the hard drive, and upload a user’s browser history on Chrome, Firefox, and Safari browsers. [...]

Once the data is collected, it’s zipped into an archive file and sent to a domain based in China.

Apple itself claims that the Mac App Store as "the safest place to download apps for your Mac," the greatest concern is why Apple has left the malware in the Mac App Store a month after he noticed the company to his findings. And now, they has not only removed Adware Doctor, but also the developer's other app "AdBlock Master."

Image Via Mac Heat

Security researcher Matthew Hickey discovered a USB-based security exploit to brute force the lock screen password of iOS devices. As we know that you can set it up a setting for erase all data if someone enter wrong passwords 10 times. However, Hickey's method circumvents this restriction.

For example, when a hacker connects an iPhone or iPad to a computer, he can send all password attempts to the iPhone, which is 0000 to 9999, for brute-forcing the device. This hacking method works on iOS devices that are running way up to iOS 11.3.


To brute forcibg an iPhone or iPad, just boot up and using a Lightning cable. Hickey's brute force cracking method takes 3-5 seconds to enter each 4-digit password, and for sure, it is not as advanced as the Grayshift unlocking tool.

Luckily, Apple’s iOS 12 added a new USB-restricted mode. New features will fix Hickey's brute force methods and will also disable the Grayshift cracking tool. If the device has not been unlocked for the last hour, the USB access will be cut off.

macOS has a very useful function - Quick Look, when the the user selecte certain files, pictures, you can press the space bar to preview the details. However, this practical feature has recently been found a bug, of which its preview thumbnail storage mechanism will lead to the user's encrypted files easily to be leaked.


Security researcher Wojciech Regula first discovered and published the bug disccovery on The Hacker News website. When macOS implements the Quick Look feature, it will generate a thumbnail file or folder and then cache it in a specific area of the hard drive.

But Regula found that Apple did not store these thumbnails on Mac's encrypted hard drive, but instead stored it in an open area. So a file even though sets it up as an encrypted file, it will be completely exposed by the thumbnail cache file that is saved by Quick Look.

It's worth to say that the issue has at least existed on Mac for eight years, but we expect that Apple will fix it rather sooner than later. We recommend that you should clean your thumbnail files more frequently.

Pangu Research Lab has discovered a common type of security exploit during iOS app security audits targeting different customers. After creating the exploit signature, they conducted traceability analysis and similar exploit index on the Janus platform and found that about 10% of iOS apps may be affected by the security flaw.

While auditing iOS Apps from various customers, Pangu Lab noticed a common programming error, which leads to severe consequences such as data overwritten and even code execution in the context of affected Apps. We created a signature for the issue and performed a large-scale search on our App analysis platform Janus. Surprisingly, we found thata round 10% iOS Apps might be affected by the same or similar issue

Once a user downloaded and use these apps in an insecure WiFi environment; an attacker would able to arbitrary code execution in the app. After manual analysis, the research lab confirmed that apps like Weibo, Facebook Moments, Google for iOS, Google Translate, and so on are affected!



The so-called ZipperDown exploit is somewhat related to the affected app features and permissions. In some apps, attackers can only use it to corrupt or overwrite the app's data; however, in some apps, an attacker may able to acquire arbitrary code execution capability in the context of the app. Furthermore, the iOS system's sandbox will also limit the scope of the security flaw.

As of now, Pangu told us that they have tested 168,951 apps, and about 10% of the apps are vulnerable to it. The team also found a similar exploit on the Android platform and have confirmed it has already found on a large number of Android apps! Hopefully, Apple will soon issue a software update to fix the security flaw.

For more information, please visit ZipperDown.org

Last week, a Motherboard's report highlighted that GreyKey, a tool that allows law enforcement agencies to unlock up-to-date iPhones, the report didn't point out how much time is required to crack the iPhones. And now we have informed that a 6-digit passcode can be calculated in 11 hours.

This was revealed by John Hopkins Information Security Institute's Matthew Green, who said in his Tweet with an exploit that disables Apple's passcode-guessing protections, it would take 6.5 hours to unlock the iPhone with a 4-digit passcode, and 46 days to crack an iPhone with an 8-digit passcode.

Guide to iOS estimated passcode cracking times (assumes random decimal passcode + an exploit that breaks SEP throttling):
4 digits: ~13min worst (~6.5avg)
6 digits: ~22.2hrs worst (~11.1avg)
8 digits: ~92.5days worst (~46avg)
10 digits: ~9259days worst (~4629avg)


As Apple’s iOS security guide explains, There is an option that can erase an iPhone's data after 10 incorrect passcode guessing attempts and there are automatic delays after a wrong passcode has been entered more than five times. But apparently, GreyKey has found a way to avoid these delays and just keep guessing passcodes.
So we strongly recommend you that stop using the passcode only made by six numbers. Majority security experts have admitted that people should use an alphanumeric passcode that's at least 7 characters long and mixed with numbers, uppercase/lower letters, as well as symbols.

“People should use an alphanumeric passcode that isn't susceptible to a dictionary attack and that is at least 7 characters long and has a mix of at least uppercase letters, lowercase letters, and numbers,” Ryan Duff, a researcher who’s studied iOS and the Director of Cyber Solutions for Point3 Security, told me in an online chat. “Adding symbols is recommended and the more complicated and longer the passcode, the better.”

To change your device's passcode, go to Settings app on your Home screen, tap on Touch ID & Passcode, click on Change Passcode, select Custom Alphanumeric Code, and type your passwords. Do you have any comments on this?

According to Motherboard, who reports that local police forces and federal agencies from all across the U.S. have been able to purchase relatively cheap tools that allows them to unlock up-to-date iPhones and bypass all encryption.

This can be done by using a device called GrayKey, which have successfully unlocked iPhones without knowing the passcode. As the photo shows in the below, the device is four inches wide by four inches deep and two inches tall, with two lightning cables sticking out of the front to plug in two iPhones at the same time to the box.


With GrayKey, it can take anywhere between 2 hours and 3 days depending on the length and complexity of the passcode to bypass it. Once it's fully unlocked, the iPhone's backup as well as the full filesystem can be downloaded onto the GrayKey device. Local police departments like Indiana and Maryland police are able to use the box to unlock encrypted devices, including the iPhone X.

“It demonstrates that even state and local police do have access to this data in many situations,” Matthew Green, an assistant professor and cryptographer at the Johns Hopkins Information Security Institute, told Motherboard in a Twitter message. “This seems to contradict what the FBI is saying about their inability to access these phones.”

FBI Director Christopher Wray said recently that they are "increasingly unable ti access" information stored on the encrypted devices. However, it appears Wray is not telling the truth. Hopefully, Apple could fix these loopholes in the future to stand against FBI.

Image Via 9to5Mac

A new security hole was being discovered in the current version of macOS High Sierra that allowed the App Store menu in System Preferences to be unlocked with any password. It's worth to note here that it can't be accessed with a non-administrator account. And Apple already patched the bug in the latest macOS 10.13.3 beta.

In order to reproduce the issue on macOS High Sierra version 10.13.2, which is the latest public release of the operating system, you are required to use an administrator account. System Preferences, click on App Store, click on the padlock icon to lock it if necessary. click on the padlock icon again, enter your username and any password, and click Unlock.


This means that anyone with administrator-level access to your Mac could unlock the App Store preferences, and enable or disable settings to automatically install macOS updates, app updates. The good news is that this bug appears to be only limited to the App Store preference page, suggesting user accounts and other settings can’t be changed.

Apple will likely want to fix this latest security vulnerability as quickly as possible, so it's possible we'll see a similar supplemental update released, or perhaps it will fast track the release of macOS High Sierra version 10.13.3. As for macOS 10.12 or earlier version, we were unable to reproduce the issue on macOS Sierra version 10.12.6, suggesting the issue affects macOS High Sierra only.

Via MacRumors And 9to5Mac, Image Credit Wccftech

Apple has confirmed that the Meltdown and Spectre bugs in ARM and Intel processors are affected by all Mac systems and iOS devices, but that there're no known exploits impacting customers right now. The company says it has fixed the recent "Meltdown" vulnerability in previously released iOS 11.2, macOS 10.13.2, and tvOS 11.2 updates.

Apple explains that since exploiting this issue requires a malicious app to be loaded onto your device, it recommends users only download software from “trusted sources such as the App Store.” As for an update for Safari to help protect against Spectre, the Cupertino firm says the update is coming.


So what exactly are Spectre and Meltdown? Well, they are serious vulnerabilities that take advantage of the speculative execution mechanism of a CPU. As these use hardware-based flaws, operating system manufacturers are required to implement software workarounds. That said, these software workarounds can impact processor performance.

However, Intel has insisted everyday users that they won't see serious slowdowns. Apple says neither of macOS nor iOS suffers from a “measurable reduction in performance” in benchmarking or in web browsing testing.

Apple released mitigations for Meltdown in iOS 11.2, macOS 10.13.2, and tvOS 11.2. watchOS did not require mitigation. Our testing with public benchmarks has shown that the changes in the December 2017 updates resulted in no measurable reduction in the performance of macOS and iOS as measured by the GeekBench 4 benchmark, or in common Web browsing benchmarks such as Speedometer, JetStream, and ARES-6.

Meltdown, which allows a malicious program to read kernel memory, accessing data like passwords, photos, and more. The Meltdown can be exploited to read the entire physical memory of a target machine. The Spectre covers two exploitation techniques, breaks the isolation between different applications. so it is difficult to exploit, it can be done using JavaScript in a web browser. 

Apple says it will continue to test further mitigations for Spectre and will release them in future versions of iOS, macOS, tvOS, and watchOS. Read Apple’s full support article here

Via MacRumors And 9to5Mac, Image Credit Wccftech

Apple today released a security fix for the macOS High Sierra users. This security update quickly fixed a vulnerability that an attacker may be able to log into an admin account using the username "root" with no password, including a blank one. 


The security update is rolling out on the Mac App Store now, it should be installed by all users running macOS High Sierra as soon as possible. Regardless, starting later today, the update will be automatically installed on all Macs running macOS High Sierra 10.13.1.

While the security vulnerability was a rather serious one, Apple has promptly responded with a fix less than 24 hours after it became public. The issue did not affect older versions of macOS, although there doesn’t appear to be a fix available for macOS 10.13.2 beta yet. The company has since apologized for the vulnerability in a statement.

Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS.

When our security engineers became aware of the issue Tuesday afternoon, we immediately began working on an update that closes the security hole. This morning, as of 8 a.m., the update is available for download, and starting later today it will be automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra.

We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again.

Via MacRumors And 9to5Mac, Image Credit AppleInsider

According to a Associated Press report, the United States Federal Bureau of Investigation was unable to retrieve data from 6,900 mobile devices that attempted to access over the course of last 11 months. FBI director Christopher Wray made the comment while speaking at a conference over the weekend, acknowledging that there needs to be a balance between encryption and public safety.


While Wray didn’t specify what percentage of those devices were iPhones or iPads, but he says it’s a “huge, huge problem”, the devices in question could be connected to cases relating to counterterrorism, gangs, child exploitation, and more. He went on to explain there’s a balance that needs to be struck between public safety and encryption, as threats from homegrown extremists with the foreign terror  organizations keep increasing.

“To put it mildly, this is a huge, huge problem,” Wray said. “It impacts investigations across the board — narcotics, human trafficking, counterterrorism, counterintelligence, gangs, organized crime, child exploitation.”

[....]“I get it, there’s a balance that needs to be struck between encryption and the importance of giving us the tools we need to keep the public safe,” Wray said.

“The threats that we face keep accumulating, they are complex, they are varied,” Wray said, describing threats from foreign terror organizations and homegrown extremists.

Encryption has been an issue between Apple and the FBI since last year when the two clashed over the unlocking of an iPhone 5c owned by Syed Farook, one of the shooters in the December 2015 attacks in San Bernardino. FBI took Apple to court in an attempt to force Apple to create a version of iOS that would disable passcode security features and allow passcodes to be entered electronically.


Ultimately, the FBI was unable to unlock the device without Apple’s help, as the company continues to make improvements to device security, the FBI is finding it harder to access the data it sees necessary. "Apple believes deeply that people in the United States and around the world deserve data protection, security and privacy. Sacrificing one or the other only puts people and countries at greater risk."

Via MacRumors And 9to5Mac, Image Credit NPR And NBC News
Powered by Blogger.