Search This Blog

Showing posts with label Apple Security. Show all posts

Hackers use stolen Apple prototypes to break into iPhone

Apple's production lines are so massive that it's easy to imagine iPhones being smuggled out of there.

We all know the story of the prototype iPhone 4 that was left at a bar, spoiling what could have been one of the biggest surprises in Apple history. But have you heard the one about the stolen prototype iPhones that are still winding up in unintended hands — in this case, hackers bent on finding ways to break into Apple’s operating system?

As per a report, some of the most prominent iOS hackers have made use of prototype iPhones to break into iOS.

Just like every smartphone maker, Apple also develops a prototype or 'dev-fused' iPhone for testing different technologies, modems, chips.

If you are an iPhone user, chances are that you know about Cydia, the jailbroken app store for iPhone and iPads. While Jailbreaking is a type of hack that is mostly used to sideload paid apps for free, there are other types of hacks as well. Hacks that are either much more problematic or useful, depending on which side of the hack one is in. Apple phones come with a Secure Enclave Processor (SEP) that encrypts sensitive data on the phone and is set-up as a separate entity. Motherboard investigated how some of the best hackers were able to get study the chip and the answer is said to be a “dev-fused” iPhone, which is an iPhone that was lifted before finishing the production process.

As per the report, these dev-fused iPhones are pre-jailbroken devices in which many security features are disabled. This is so that researchers can test them easily but these devices were never intended to get out of Apple’s reach.

The Motherboard report says there’s now a gray market for “dev-fused” iPhones and each product sells for thousands of dollars. Why? Because they help hackers, security researchers crack iPhones and find critical vulnerabilities in them.

Gaining root access to these pre-production iPhones is said to be much easier than doing the same on a commercially available iPhone.

Apple refutes claim of iPhone passcode hack

Apple has dismissed claims made by security researcher Matt Hickey who said he had found a way to bypass iPhone security protections to enter passcodes as many times as needed.

Hickey, co-founder of cyber security firm Hacker House, had tweeted a video on Friday showing how this can be done by sending a stream of all possible combinations to the device, which will trigger an interrupt request.

He explained that if all combinations are sent in one go using keyboard inputs while the device is plugged in instead of with pauses in between tries, it will trigger an interrupt request that takes precedence over everything else on the device.

However, Apple has since come out and refuted the claim and a spokesperson on Saturday said, "The recent report about a passcode bypass on iPhone was in error, and a result of incorrect testing." 

Retracting his previous position, Hickey tweeted on Sunday that devices are still protected from brute-force attacks as not all passcodes that are being tested are sent.

This was in reference to a previous tweet by Stefan Esser, CEO of security firm Antid0te UG, where he explained that the command to erase iPhone data after 10 tries wasn’t triggered because the various combinations were all “ignored” and counted as a single try.

“The device doesn’t actually try those passcodes until you pause,” Stefan tweeted.

Aside from its initial statement, Apple has not provided any further explanations. The company is planning on including a feature called USB Restricted Mode in its upcoming iOS 12 update that will protect iPhones and iPads from USB-related exploits.

How the Mackeeper failed to secure Mac

Mackeeper, the program designed to keep Mac computers secure suffers from a critical remote code execution vulnerability.

This flaw lies in the lack of input validation during the handling of custom URLs by the program. It allows hackers to execute arbitrary commands with root privilege with little to no user interaction. It can happen when users visited specially crafted webpages in the Safari browser.

If the user had already provided their password to MacKeeper during normal course of operation of the program, the user will not be alerted for their password prior to the execution of the arbitrary command.

If the user did not previously authenticate, they will be prompted to enter their authentication details, however, the text that appears for the authentication dialogue can be manipulated to appear as anything, so the user might not realize the true consequences of the action.

The vulnerability, quite possibly a zero-day one was discovered by security researcher Braden Thomas who released a demonstration link as proof-of-concept (POC) through which the Mackeeper program was automatically un-installed upon simply clicking the external link. 

Mackeeper is a controversial program amongst the Mac users owing to its pop-up and advertisements, but apparently has 20 million downloads worldwide.

The vulnerability existed even in  the latest version 3.4. The company has advised users to run Mackeeper update tracker and install 3.4.1 or later. For users who have not updated, they can use a browser other than Safari or remove the custom URL scheme handler from Mackeeper's info.plist file.

Recover forgotten login passwords using Apple Power adapters

The New Scientist has uncovered a new patent from Apple that stores password recovery secrets into peripheral devices , including a power adapter. The patent aims to stop thieves of laptops, iPads and iPhones gaining unauthorised access to the portable computing devices.

The application would prompt you to plug in your specific power adapter to confirm your identity. The memory chip on your power charger could store your password secret - for instance, an encrypted version of your password reminder hint. If you've forgotten your password you could just plug your laptop into the wall, to receive the secret password hint.

The password hint can be stored in other peripheral devices such as printer, an external monitor or a wireless router.

plugin for retrieving password

    New Scientist said in their Blog:
    The technology is predicated on the fact that when you lose a laptop, or have it stolen, you don't tend to lose the power adapter as well. So it makes the power adapter a critical part of the recovery routine for forgotten passwords.

    In US patent filing 2012/0005747 Apple proposes a power adapter whose transformer unit has a small memory module built into it. This stores either an encrypted password (or recovery question) whose key is stored on the laptop or smartphone. This way only the correct computer or phone can access the recovery data. For added security, part of the encrypted password could reside on a network server, too.

    There's a clear need for this, says Apple: "If the password is not easily and conveniently recoverable, the consumer is likely to choose either not to use a password at all or to use a trivial password. Both choices increase the threat of data loss," it says in the patent.

    Of course, once the bad guys know the adapter is important, they'll steal that too if it's available - but Apple suggests further security can be added by storing some of the password recovery data in other (not generally mobile) peripherals, like printers and Wi-Fi routers, too.

    The full patent application can be found here: