Hackers lock iPhones remotely and demanding $100 to unlock it


In recent hours, a number of users from Australia had a nightmare as cyber criminals locked their devices and demanding payment of a ransom.

The locked devices show the following message "Device Hacked by Oleg Pliss" and instructs victims to send $100 dollars to lock404@hotmail.com to unlock their devices.

The cyber attack came to light, after one user from Melbourne shared his experience in Apple support forum and asked help to fix the problem.  Following his post, several users have reported of being affected by this attack.

It appears hackers used stolen Apple IDs and passwords to access iCloud account that allowed them to lock victim's devices and display a message.

What you should do? Don't pay the Ransom !
Affected users are advised to contact Apple directly to regain access to their account.  

Once you have access to your account, change the password immediately and enable two step authentication feature for your account.

iOS 7 Beta Hack allows anyone to Bypass iPhone Lockscreen


Every time Apple attempts to improve the security in the new version of iOS, it ends up with a new security bug.

Here comes another iPhone hack to bypass the iOS Lock Screen.  A Spanish iPhone users sent a video to Forbes showing how to hack the iOS 7 Beta version to bypass the iPhone Lockscreen.

The security bug can be easily reproduced by going to iOS control Room,  accessing the Phone's calculator and then accessing the phone's camera.  It is said that the bug allows to deleting, sharing the photos.

The bug has been confirmed by the Forbes. iOS 7 is still in the beta version so it's only available to those with developer accounts.

Earlier this year, we became aware that Vulnerability-Lab discovered iOS Lockscreen vulnerability that allowed anyone to access the data stored on the device.

Researchers can hack iPhone within one minute using malicious Charger


You should think twice or even thrice or even more before using someone else's charger next time your iPhone running out of battery.

Three security researchers , Billy Lau, Yeongjin Jang and Chengyu Song from the Georgia Institute of Technology found a way to hack your iPhone with a malicious charger.

The team will demonstrate the proof-of-concept of the hack at upcoming BlackHat hacker conference in late July.

Researchers claim they can compromise any iOS device within one minute of being plugged to the malicious charger.

The hack attack apparently does not require any user interaction and it works against even devices that are not jailbroken.

Reference:
http://www.blackhat.com/us-13/briefings.html#Lau

iPhone spyware can be used to capture Desktop computer Key strokes

iPhone can be used to capture the Desktop computer keystrokes.  Sounds interesting?A team of researchers at Georgia Tech demonstrated how to use the accelerometers of a smartphone to capture the Keystrokes of Desktop Computers by placing nearby.

Patrick Traynor, an assistant professor in Georgia Tech's School of Computer Science, admits that the technique is difficult to accomplish reliably but claims that the accelerometers built into modern smartphones can sense keyboard vibrations and decipher complete sentences with up to 80% accuracy.

"We first tried our experiments with an iPhone 3GS, and the results were difficult to read," said Traynor. "But then we tried an iPhone 4, which has an added gyroscope to clean up the accelerometer noise, and the results were much better. We believe that most smartphones made in the past two years are sophisticated enough to launch this attack."

Researcher posted what displayed in iPhone:

Presently the spyware cannot determine the pressing of individual keys through the iPhone's accelerometer, but "pairs of keystrokes" instead. The software determines whether the keys are on the right or left hand side of a standard QWERTY keyboard, and then whether the pair of keys are close together or far apart.

With the characteristics of each pair of keystrokes collected, it compares the results against a dictionary - where each word has been assigned similar measurements.

For example, take the word "canoe," which when typed breaks down into four keystroke pairs: "C-A, A-N, N-O and O-E." Those pairs then translate into the detection system’s code as follows: Left-Left-Near, Left-Right-Far, Right-Right-Far and Right-Left-Far, or LLN-LRF-RRF-RLF. This code is then compared to the preloaded dictionary and yields "canoe" as the statistically probable typed word.

For understandable reasons, the technique is said to only work reliably on words which have three or more letters.

Text recovery

Henry Carter, one of the study's co-authors, explained the attack scenario that they envisaged could be used:

"The way we see this attack working is that you, the phone’s owner, would request or be asked to download an innocuous-looking application, which doesn’t ask you for the use of any suspicious phone sensors."

"Then the keyboard-detection malware is turned on, and the next time you place your phone next to the keyboard and start typing, it starts listening."