Search This Blog

Showing posts with label Apple. Show all posts

Apple’s iPhone is the Easiest to Snoop on Using the Pegasus, Says Amnesty

 

NSO Group, an Israeli cyber intelligence firm, developed Pegasus spyware as a surveillance tool. As claimed by the corporation, this firm is known for developing advanced software and technology for selling primarily to law enforcement and intelligence agencies of approved nations with the sole objective of saving lives by preventing crime and terror activities. Pegasus is one such software designed to get unauthorized access to your phone, gather personal and sensitive data, and transfer it to the user who is spying on you. 

Pegasus spyware, according to Kaspersky, can read SMS messages and emails, listen to phone calls, take screenshots, record keystrokes, and access contacts and browser history. A hacker may commandeer the phone's microphone and camera, turning it into a real-time monitoring device, according to another claim. It's also worth mentioning that Pegasus is a complex and expensive spyware meant to spy on specific individuals, so the typical user is unlikely to come across it. 

Pegasus malware snooped on journalists, activists, and certain government officials, and Apple, the tech giant that emphasizes user privacy, was a victim of the attack. Indeed, according to Amnesty's assessment, Apple's iPhone is the easiest to snoop on with Pegasus software. According to the leaked database, iPhones running iOS 14.6 feature a zero-click iMessage exploit, which could have been used to install Pegasus software on the targeted entities' iPhones. The Cupertino behemoth has issued a statement condemning the assault. 

Apple’s Head of Security Engineering and Architecture, Ivan Krsti, in a statement said, "Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals. While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data." 

Citizen Labs had already uncovered this flaw. Zero-click attacks are practically invisible and run in the background because they do not require the user's involvement. In iOS 14, Apple included the Blastdoor framework to make zero-click attacks more difficult, although it does not appear to be operating as planned.

Low-Risk iOS Wi-Fi Naming Issue can Compromise iPhones Remotely

 

According to recent research, the Wi-Fi network name issue that entirely disabled an iPhone's network connectivity had remote code execution capabilities and was discreetly patched by Apple earlier this year. 

On Monday, Apple released iOS 14.7 for iPhones, which includes bug fixes and security improvements as well as a remedy for the Wi-Fi denial-of-service issue. However, the company has not yet provided security information that may suggest whether its vulnerability has been fixed. 

The denial-of-service vulnerability, which was discovered last month, was caused by the way iOS managed string formats associated with the SSID input, causing any up-to-date iPhone to crash when connected to wireless access points with percent symbols in their names, such as "%p%s%s%s%s%n." 

While the problem could be solved by resetting the network settings (Settings > General > Reset > Reset Network Settings), Apple is likely to provide a fix in iOS 14.7, which is currently accessible to developers and public beta testers. 

Researchers from mobile security automation business ZecOps discovered that the same flaw could be abused to accomplish remote code execution (RCE) on targeted devices by simply adding the string pattern " % @" to the Wi-Fi hotspot's name, which may have had far-reaching repercussions. 

The issue was termed "WiFiDemon" by ZecOps. It's also a zero-click vulnerability as it allows a threat actor to infect a device without needing user interaction, however, it does necessitate that the setting to automatically connect Wi-Fi networks is enabled (which it is, by default). 

"As long as the Wi-Fi is turned on this vulnerability can be triggered," the researchers noted. "If the user is connected to an existing Wi-Fi network, an attacker can launch another attack to disconnect/de-associate the device and then launch this zero-click attack." 

"This zero-click vulnerability is powerful: if the malicious access point has password protection and the user never joins the Wi-Fi, nothing will be saved to the disk," the company stated. "

After turning off the malicious access point, the user's Wi-Fi function will be normal. A user could hardly notice if they have been attacked.

The RCE variant was discovered to be exploitable in all iOS versions before iOS 14.3, with Apple "silently" fixing the problem in January 2021 as part of their iOS 14.4 release. The vulnerability was not issued a CVE identifier. 

Given the vulnerability's exploitability, iPhone and iPad owners must update to the most recent iOS version to reduce the risk associated with the flaw.

Cybercriminals Unleashing Malware for Apple M1 Chip

 

Apple Macs are becoming more popular in the workplace, and the number of malware variants targeting macOS is increasing as well. However, the M1, Apple's new system-on-a-chip, has produced a new generation of macOS-specific malware that anti-malware tools, threat hunters, and researchers must swiftly learn to recognize and, eventually, fight. Historically, most macOS malware has been reused from Windows malware variants. But when employees built up home offices as a result of the pandemic's shift to work-from-home, more Macs entered the industry, making them a more valuable target for attackers targeting enterprises. 

Apple's new ARM64-based microprocessor, the M1, has already witnessed an increase in malware types created expressly for it, according to Mac security specialist Patrick Wardle. "As attackers evolve and change their ways, we as malware analysts and security researchers need to stay abreast of that as well.” In 2020, around half of all macOS malware, such as adware and nation-state attack code, may have migrated from Windows or Linux. 

M1 offers faster and more efficient processing, graphics, and battery life, and is now available in Apple's new Macs and iPad Pro. It also has several new built-in security mechanisms, such as one that protects the computer from remote exploitation and another that protects physical access. 

According to a recent Malwarebytes survey, Windows malware detections are down 24% among business users, while Mac malware detections are up 31%. Wardle discovered in his research that when he separated the binaries for macOS malware into two categories, one for Intel-based Macs and the other for M1-based Macs, anti-malware systems detected the Intel-based malware more successfully than the M1-based malware, despite the fact that the binaries are "logically the same." 

For the M1 malware, their detection rate dropped by 10%. That's a clue, he says, that existing antivirus signatures are mostly for the Intel edition of the macOS malware, rather than the M1 variant. Because static analysis alone can fail, detections should also use behavior-based technology. 

It's a matter of honing malware analysts' and threat hunters' skills to the new Apple silicon, he says. With reverse-engineering abilities and an awareness of the ARM64 instruction set, he says he wants to "empower Mac analysts, red teams, and everyone in cybersecurity." Wardle says, "The M1 system actually does significantly improve security at the hardware level, but it's transparent to the everyday user."

Tim Cook Claims Android has 47 Times the Amount of Malware as iOS

 

During a live chat, Apple CEO Tim Cook stated that Android has more malware than iOS and that "sideloading" mobile software is not in the "best interests of users." Sideloading apps entails manually downloading and installing software over the Internet rather than from an app store. Apple's security and privacy would be ruined if it were compelled to enable side-loading programmes, as Android does, he stated on June 16 while speaking remotely at the VivaTech 2021 conference in Paris, France. 

When asked about the planned European law known as the Digital Markets Act (DMA), which attempts to prohibit big digital corporations from monopolizing their market position, Cook stated that Apple opposes it because it would require the company to allow consumers to install apps outside of the App Store. Cook also stated that Android has "47 times more malware" than Apple since iOS is created with a single app store. 

Explaining the reason, Cook added, "It's because we've designed iOS in such a way that there's one app store and all of the apps are reviewed prior to going on the store. And so that keeps a lot of this malware stuff out of our ecosystem, and customers have told us very continuously how much they value that, and so we're going to be standing up for the user in the discussions." 

Cook further claimed that the DMA's present language, which will compel side-loading on the iPhone, will "destroy the security" of the smartphone and many of the App Store's privacy measures. 

DMA targets firms with a huge user base, such as Apple, Google, and Amazon, and encourages them to open up their platforms to competitors. The proposed rule also intends to provide a more level playing field for businesses and individuals who rely on large "gatekeeper" online platforms to sell their goods and services in a single market. 

“We've been focusing on privacy for over a decade,” Cook stated when asked about Apple's commitment to privacy. “We see it as a basic human right. A fundamental human right. And we've been focused on privacy for decades. Steve used to say privacy was stating in plain language what people are signing up for and getting their permission. And that permission should be asked repeatedly. We've always tried to live up to that.”

Is Apple's Monopoly Making Its Security Vulnerable?


It's a well-known fact that Apple’s devices are undoubtedly way safer than any other company’s products, however, in recent research analysis, many reports claimed it to be a myth. 

According to the experts, Apple’s complex process of downloading apps has created a notion of added security but seemingly such is not the case, as revealed in deeper examinations. 

Reportedly, around 2% of the top-grossing iOS apps, are in some way, scams. Customers of several VPN apps, which protect users’ data, have complained against Apple App Store – saying that their devices are contaminated by a virus that tricks them to download and pay for software that they don’t need. 

An illegal QR code reader app that remains for a week on the store tricks users into paying $4.99. Moreover, some apps even mock themselves as being from big global organizations such as Amazon and Samsung. 

Apple always maintained its exclusive command on the App Store and describes this as its policy which is essential for customer’s sensitive personal credentials. Apple has a monopoly in the App market in terms of customer trust. However, some analysts said that this is indeed the biggest problem that there is no competition against this giant in the market, if some companies will come with alternatives then– as a matter of fact – Apple will invest more money in strengthening their security measures. 

“If consumers were to have access to alternative app stores or other methods of distributing software, Apple would be a lot more likely to take this problem more seriously,” said Stan Miles, an economics professor at Thompson Rivers University in British Columbia, Canada. 

As per the statistics, that Apple generates huge profit from the App store; around 30 percent of its revenue is constituted by the App store. 

Apple spokesperson Fred Sainz said in a statement that, “We hold developers to high standards to keep the App Store a safe and trusted place for customers to download software, and we will always take action against apps that pose a harm to users…” 

“…Apple leads the industry with practices that put the safety of our customers first, and we’ll continue learning, evolving our practices, and investing the necessary resources to make sure customers are presented with the very best experience.”

Apple’s Big Sur 11.4 Patches a Security Flaw that Could be Exploited to Take Screenshots

 

Big Sur 11.4 was updated this week to fix a zero-day vulnerability that allowed users to capture screenshots, capture video, and access files on another Mac without being noticed. The flaw lets users go around Apple's Transparency Consent and Control (TCC) architecture, which manages app permissions. 

According to Jamf's blog, the issue was identified when the XCSSET spyware "used this bypass especially for the purpose of taking screenshots of the user's desktop without requiring additional permissions." By effectively hijacking permissions granted to other programmes, the malware was able to get around the TCC. 

Researchers identified this activity while analyzing XCSSET "after detecting a considerable spike of identified variations observed in the wild". In its inclusion in the CVE database, Apple has yet to offer specific details regarding the issue. “The exploit in question could allow an attacker to gain Full Disk Access, Screen Recording, or other permissions without requiring the user’s explicit consent–which is the default behaviour,” researchers said. 

Last August, Trend Micro researchers identified the XCSSET malware after they detected fraudsters introducing malware into Xcode developer projects, causing infestations to spread. They recognized the virus as part of a package known as XCSSET, which can hijack the Safari web browser and inject JavaScript payloads that can steal passwords, bank data, and personal information, as well as execute ransomware and other dangerous functionalities. 

At the time, Trend Micro researchers discovered that XCSSET was exploiting two zero-day flaws: one in Data Vault, which allowed it to bypass macOS' System Integrity Protection (SIP) feature, and another in Safari for WebKit Development, which permitted universal cross-site scripting (UXSS). 

According to Jamf, a third zero-day issue can now be added to the list of flaws that XCSSET can attack. Jamf detailed how the malware exploits the issue to circumvent the TCC.

Avast Security Evangelist Luis Corrons recommends not waiting to update your Mac. “All users are urged to update to the latest version of Big Sur,” he said. “Mac users are accustomed to receiving prompts when an app needs certain permissions to perform its duties, but attackers are bypassing that protection completely by actively exploiting this vulnerability.”

M1RACLES Bug Impacts Apple M1 Chips

 

A security researcher identified the first-ever vulnerability in Apple M1 chips that requires a silicon redesign to fix. The good news is that the flaw is considered low-risk, and even the security researcher who identified it believes the flaw is insignificant and has sought to avoid exaggerating the problem while presenting his findings. 

The vulnerability was codenamed M1RACLES and is presently tracked as CVE-2021-30747. It was discovered by Hector Martin, a software engineer at Asahi Linux, a project that works on porting Linux for Mac devices. 

In a simplified explanation, Martin explained that the vulnerability allowed two apps running on the same device to exchange data via a hidden channel at the CPU level, circumventing memory, sockets, files, and other standard operating system features. While the discovery is notable because of the amount of time, work, knowledge, and proficiency required to find bugs in a CPU's physical design, Martin states that the problem is of no benefit to attackers. 

The only way Martin can see this bug being abused is by dodgy advertising businesses, which could abuse an app they already had installed on a user's M1-based device for cross-app tracking, which would be a really bizarre scenario since the ad industry has many other more reliable data collection methods. 

Even though the M1RACLEs bug violates the OS security model by allowing a CPU process to transfer data to another CPU process over a secret channel, Martin believes the flaw was caused by a human error on Apple's M1 design team. 

“Someone in Apple’s silicon design team made a boo-boo. It happens. Engineers are human,” he said. Martin further added that he has informed Apple of his discoveries, but the firm has yet to clarify whether the flaw will be fixed in future M1 chip silicon versions. Martin revealed and debunked his own findings on a dedicated website that ridiculed similar sites developed in the past to advertise CPU vulnerabilities—many of which, like M1RACLEs, were similarly meaningless and insignificant to people's threat models. 

Martin concludes that exploitation on iOS may be used to overcome privacy protections adding that a malicious keyboard app may act as a keylogger by transferring typed text to another malicious app, which could subsequently transfer the information to the internet. 

However, he suggests that because of Apple's constraints on creating code at runtime, the firm could detect exploit attempts if it subjected App Store submissions to static analysis. The hypervisors disable guest access to the vulnerable register by default, the flaw can be mitigated by utilizing a virtual machine, but there aren't many other solutions, particularly on macOS.

Apple Fixes macOS Zero Day Vulnerability, Abused by XCSSET macOS Malware

 

Apple has released security updates for a variety of its products, including a patch for three macOS and tvOS zero-day vulnerabilities. The patch comprises a zero-day vulnerability fix that has been exploited in the wild for nearly a year by the XCSSET malware gang. 

Apple said it was aware of allegations that the security flaws "may have been actively exploited" in all three cases, but it didn't go into detail about the assaults or threat actors who might have exploited the zero-days. 

WebKit on Apple TV 4K and Apple TV HD devices is affected by two of the three zero-days (CVE-2021-30663 and CVE-2021-30665). Webkit is an HTML rendering engine used by Apple's web browsers and applications on its desktop and mobile platforms, including iOS, macOS, tvOS, and iPadOS.Threat actors might use maliciously generated web content to attack the two vulnerabilities, which would allow arbitrary code execution on unpatched devices due to a memory corruption issue. 

The third zero-day (CVE-2021-30713) is a permission issue found in the Transparency, Consent, and Control (TCC) framework that affects macOS Big Sur devices. The TCC framework is a macOS subsystem that prevents installed apps from accessing sensitive user information without asking the user for explicit permission via a pop-up message. A maliciously constructed application could be used to exploit this issue, bypassing Privacy settings and gaining access to sensitive user data. 

While Apple didn't provide much detail about how the three zero-days were exploited in assaults, Jamf researchers found that the macOS zero-day (CVE-2021-30713) patched was leveraged by the XCSSET malware to get beyond Apple's TCC privacy measures. 

According to the researchers, "the exploit in question could allow an attacker to gain Full Disk Access, Screen Recording, or other permissions without requiring the user's explicit consent — which is the default behavior." 

"We, the members of the Jamf Protect detection team, discovered this bypass being actively exploited during the additional analysis of the XCSSET malware, after noting a significant uptick of detected variants observed in the wild. The detection team noted that once installed on the victim’s system, XCSSET was using this bypass specifically for the purpose of taking screenshots of the user’s desktop without requiring additional permissions." 

Trend Micro's Mac Threat Response and Mobile Research teams first detected XCSSET in August 2020. According to the researchers, the vulnerability can be used to provide malicious applications with permissions such as disk access and screen recording. As a result of this, threat actors will be able to take screenshots of affected PCs. 

Last month, Trend Micro discovered a new XCSSET version that was upgraded to work with the newly launched Apple-designed ARM Macs. The CVE-2021-30713 vulnerability was discovered shortly after Craig Federighi, Apple's head of software stated that macOS has an "unacceptable" level of malware, which he linked to the diversity of software sources. 

Apple addressed two iOS zero-days in the Webkit engine earlier this month, allowing arbitrary remote code execution (RCE) on vulnerable devices solely by visiting malicious websites. In addition, Apple has been releasing fixes for a number of zero-day bugs that have been exploited in the wild in recent months, including one that was resolved in macOS in April and a bunch of other iOS vulnerabilities that were resolved in the prior months.  

A Chinese Hacking Competition May Have Given Beijing New Ways to Spy on the Uyghurs

 

In 2019, Apple aimed to reassure its customers when it revealed in a blog post that it had fixed a security flaw in its iOS operating system. According to Apple, the exploited vulnerability was "narrowly focused" on websites with data relevant to the Uyghur community. 

It has since been revealed that the flaw in question was found at China's leading hacking competition, the Tianfu Cup, where a skilled hacker was rewarded for his efforts. The standard procedure would be to notify Apple of the flaw. However, it is said that the violation was kept hidden, with the Chinese government obtaining it to spy on the country's Muslim minority. 

Hacking competitions are a well-established method for technology companies like Apple to identify and address security flaws in their software. However, with state-sponsored hacking on the rise, the possibility that the Tianfu Cup is providing Beijing with new surveillance tools is worrying, particularly given how Chinese competitors have long dominated international hacking competitions. 

When software is compromised, it's usually because an attacker discovered and exploited a cybersecurity flaw that the software provider was unaware of. Finding these flaws before they're discovered by cybercriminals or state-sponsored hackers will save tech firms a lot of money. Until 2017, Chinese hackers took home a large percentage of the Pwn2Own awards. However, after a Chinese billionaire argued that Chinese hackers should "stay in China" because their work is strategic, Beijing replied by prohibiting Chinese people from participating in international hacking competitions.

In 2018, the Tianfu Cup was founded in China. A hacker participating in the Tianfu Cup in its first year created a prize-winning hack called "Chaos." The hack could be used to gain remote access to even the most recent iPhones, making it an easy target for surveillance. After being used in a targeted way against Uyghur iPhone users, Google and Apple both discovered the hack “in the wild” two months later. 

Despite the fact that Apple was able to mitigate the hack within two months, this case demonstrates the dangers of exclusive national hacking competitions, particularly when they take place in countries where people are required to comply with government demands. 

Hacking contests are intended to reveal "zero-day" vulnerabilities, which are security flaws that software vendors haven't discovered or predicted. The tactics used by prize-winning hackers are meant to be shared with vendors so that they can find ways to fix them up. However, keeping zero-day vulnerabilities secret or passing them on to government agencies raises the likelihood of them being used in state-sponsored zero-day attacks. 

In early 2021, Four zero-day vulnerabilities in Microsoft Exchange were used to launch massive attacks against tens of thousands of organizations. Hanium, a Chinese government-backed hacking group, has been linked to the attack. Evidence indicates that cybercriminal gangs are operating closely, and even interchangeably, with state-sponsored hacking groups in Russia and China. 

The Tianfu Cup appears to have given China access to a new talent pool of expert hackers, who are inspired by the competition's prize money to develop potentially dangerous hacks that Beijing would be able to use both at home and abroad.

Apple isn't Happy About the Amount of Mac Malware

 

During testimony defending Apple in a lawsuit with Fortnite developer Epic Games, a top Apple executive said that Mac malware has now surpassed Apple's tolerance level and framed safety as the justification for keeping iPhones locked to the App Store. According to a top Apple executive, this is why Apple must keep iPhone, iPad, and other mobile products behind the App Store's walled garden. 

Craig Federighi, Apple's head of software engineering, told a California court that the existing levels of malware were "unacceptable." "Today, we have a level of malware on the Mac that we don't find acceptable," he stated in response to questions from Apple's lawyers, as ZDNet sister site CNET reports. 

Apple is defending its activities after Epic Games filed a lawsuit in the United States stating because Apple kicked its Fortnight game off the App Store after Epic implemented a direct payment scheme for in-game currency, bypassing Apple's 30% developer fee. Apple, according to Epic, is too restrictive. 

On May 03, the Apple-Epic case began. Phil Schiller, the CEO of the App Store, stated yesterday that the App Store has always prioritized protection and privacy. According to Federighi, 130 different forms of Mac malware have been discovered since May, with one version infecting 300,000 systems. iOS devices can only install applications from Apple's App Store, while Macs can install software from anywhere on the internet. 

Mac malware is already outpacing Windows malware, according to Malwarebytes, a US protection company that offers Mac antivirus. However, the company pointed out that the risks to Macs, which mainly consisted of adware, were not as harmful as malware for Windows. Federighi contrasted the Mac to a car, while iOS was created with children's protection in mind, according to 9to5Mac. 

"The Mac is a car. You can take it off-road if you want and you can drive wherever you want. That's what you wanted to buy. There's a certain level of responsibility required. With iOS, you wanted to buy something where children can operate an iOS device and feel safe doing so. It's really a different product," he stated.

Federighi also said that things would change significantly if Apple allowed iOS users to sideload applications.

Apple's Find My Network: Can be Abused to Leak Secrets Via Passing Devices

 

Apple's Find My network, which is used to track iOS and macOS devices – as well as more recently AirTags and other kits – has been revealed to be a possible espionage tool. 

In brief, passing Apple devices can be used to send data over the air from one location to another, such as a computer on the other side of the world, without the need for any other network connection. 

Using Bluetooth Low Energy (BLE) broadcasts and a microcontroller designed to act as a modem, Fabian Bräunlein, co-founder of Positive Security, invented a way to send a limited amount of arbitrary data to Apple's iCloud servers from devices without an internet connection. A Mac application can then download the data from the cloud. He dubbed his proof-of-concept service Send My in a blog post on Wednesday. 

When activated in Apple devices, the Find My network acts as a crowdsourced location-tracking system. Participating devices transmit over BLE to other nearby Apple devices, which then relay data back to Cupertino's servers via their network link. Authorized device owners can then use the company's iCloud-based Find My iPhone or iOS/macOS Find My app to get location reports on enrolled hardware. 

Researchers from Germany's Technical University of Darmstadt – Alexander Heinrich, Milan Stute, Tim Kornhuber, and Matthias Hollick – released an overview of Apple's Find My network's protection and privacy in March, uncovering a few issues along the way. 

Bräunlein's aim was to see if the Find My network could be exploited to send arbitrary data from devices that didn't have access to the internet. "Such a technique could be employed by small sensors in uncontrolled environments to avoid the cost and power consumption of mobile internet," he states. "It could also be interesting for exfiltrating data from Faraday-shielded sites that are occasionally visited by iPhone users." Since he didn't find any rate-limiting mechanism for the number of location reports devices can send over the Find My network, he theorizes that his strategy may be used to deplete smartphone users' data plans. 

With each report being more than 100 bytes, broadcasting a large number of unique public encryption keys as part of the Find My protocol would increase the amount of mobile traffic sent. Bräunlein used an ESP32 microcontroller with OpenHaystack-based firmware to transmit a hardcoded default message and listen for new data on its serial interface for his data exfiltration scheme. These signals will be picked up by nearby Apple devices that have to Find My broadcasting switched on and transferred to Apple's servers. 

In order to satisfy Apple's authentication criteria for accessing location data, obtaining data from a macOS computer necessitates the use of an Apple Mail plugin that runs with elevated privileges. To view the unsanctioned transmission, the user must also install OpenHaystack and run DataFetcher, a macOS app created by Bräunlein.

Apple Covered a Mass Hack on 128 Million iPhone Users in 2015

 

Apple and Epic are now embroiled in a legal dispute, and as a result, some shocking material has surfaced on the internet. Epic recently demonstrated Apple's desire to conquer the industry by deciding not to unleash the iMessage platform on Android. Now, according to a recent email filed in court, Apple decided not to alert 128 million iPhone users of its first-ever mass hack. This was back in 2015 when the iPhone 6s series was first introduced. 

The massive hack was first discovered when researchers discovered 40 malicious App Store applications, which quickly grew to 4,000 as more researchers looked into it. The apps included malware that turned iPhones and iPads into botnets that stole potentially sensitive user data. 

According to an email filed in court last week in Epic Games' litigation against Apple, Apple managers discovered 2,500 malicious apps on September 21, 2015, that had been downloaded a total of 203 million times by 128 million users, 18 million of whom were in the United States. 

“Joz, Tom, and Christine—due to the large number of customers potentially affected, do we want to send an email to all of them?” App Store VP Matthew Fischer wrote, talking to Apple's Greg Joswiak, senior vice president of worldwide communications, and Tom Neumayr and Christine Monaghan, who work in public relations. 

The email continued: "If yes, Dale Bagwell from our Customer Experience team will be on point to manage this on our side. Note that this will pose some challenges in terms of language localizations of the email, since the downloads of these apps took place in a wide variety of App Store storefronts around the world (e.g. we wouldn’t want to send an English-language email to a customer who downloaded one or more of these apps from the Brazil App Store, where Brazilian Portuguese would be the more appropriate language)." 

Bagwell talks about the complexities of notifying all 128 million impacted customers, localizing updates to each user's language, and "accurately including the names of the applications for each client" about 10 hours later. 

Unfortunately, it seems that Apple never carried out its plans. There was no indication that such an email was ever sent, according to an Apple spokesperson. Apple instead released only this now-deleted article, according to statements the representative submitted on background—meaning I'm not allowed to quote them.

'XcodeGhost' Malware Infected Around 128M iOS Users

 

In a recent malware attack over 128 million iOS customers have been targeted. The malware employed by the attackers goes by the name "XcodeGhost" which first came into the public domain in 2015. This attack is responsible for injecting malware into several Apple devices' app stores including iPhone and iPad apps that were subsequently uploaded to the App Store. 

During the Epic Games vs Apple trial, the internal Apple emails have warned that almost 128 million users downloaded approximately 2,500 apps that were infected by the malware which came into existence from the fake copy of Xcode. 

While Motherboard has also reported on the same issue saying over 2,500 infected apps have been downloaded over 203 million times in the App Store. 

Some employer has disclosed that around 55 percent users are Chinese and also 66 percent of downloads relates to China. According to the report, many developers have downloaded the infected Xcode as Apple’s servers were slow, hence they were looking for alternative download links. 

Notably, some of the widely popular apps have also been infected by this malware, including the game ‘Angry Birds 2′. 

When the malware was identified, Apple suggested developers immediately revise their apps with a legal version of Xcode, the report added. 

In the wake of the security incident, Apple has taken several security measures to fix the attack including malware scanning and the security of the Xcode execution process while submitting apps to the App Store. As the legal battle was going on between Apple and Epic Games in the USA this week, new technical details have surfaced, disclosing that Epic Games CEO Tim Sweeney had suggested Apple CEO Tim Cook open their devices to other app stores as early as 2015. 

An Award-Winning iPhone Hack Used by China to Spy on Uyghur Muslims

 

According to a recent article, the Chinese government used an award-winning iPhone hack first uncovered three years ago at a Beijing hacking competition to spy on the phones of Uyghur Muslims. The government was able to successfully tap into the phones of Uyghur Muslims in 2018 using a sophisticated tool, according to a study published Thursday by MIT Technology Review. 

For years, the US government and other major technology firms have recognized that China has been waging a violent campaign against ethnic minorities using social media, phones, and other technologies. The movement also attacked journalists and imitated Uyghur news organizations. 

According to MIT Technology Review report the hacking vulnerability was discovered during the Beijing competition. The Tianfu Cup hacking competition began in November 2018 in China as a way for Chinese hackers to discover vulnerabilities in popular tech software. According to the paper, the competition was modeled after an international festival called Pwn2Own, which attracts hackers from all over the world to show technical bugs so that marketers can discover and patch defects throughout their goods. 

However, China's Tianfu Cup was designed to enable Chinese hackers to show those vulnerabilities without exposing them to the rest of the world. According to the paper, this will enable the Chinese government to use those hacking methods found at the event for their own purposes. 

The very first event took place in November of 2018; Qixun Zhao, a researcher at Qihoo 360, won the top prize of $200,000 for demonstrating a remarkable chain of exploits that helped him to easily and reliably take control of even the newest and most up-to-date iPhones. He discovered a flaw in the kernel of the iPhone's operating system, originating from inside the Safari web browser. 

What's the end result? Any iPhone that accessed a web page containing Qixun's malicious code might be taken over by a remote intruder. It's the type of hack that could be traded on the black market for millions of dollars, allowing hackers or governments to spy on huge groups of people. It was given the name "Chaos" by Qixun. 

Apple patched it two months later, but an analysis revealed that it had been used by the Chinese government to hack Uyghur Muslims' iPhones in the interim. After US surveillance found it and confirmed it to Apple, the company released a low-key press release acknowledging it, but the full scale of it wasn't understood until now.

App Census Study Reveals that Android Devices Leak User Data Stored in Contact Tracing Applications

 

According to security experts, hundreds of third-party applications on Android devices have access to confidential information collected by Google and Apple API contact-tracking devices. The Department of Homeland Security provided about $200,000 to App Census, a U.S. start-up that specializes in data protection practices in Android applications, earlier this year for testing and validating the reliability of contact tracking apps. 

The researchers of the business observed that the primary contact tracking information inside the device's system logs are recorded by Android Phones logging data from applications that use Google and Apple's Exposure Notifications System (ENS), that is used for collecting details, and usually where applications receive usage analytics and malfunction reports data. 

In an effort to assist medical authorities around the globe to develop contact tracing apps associated with the data protection requirement underlying the Android and iOS ecosystems, Google and Apple jointly launched ENS last year. API built by Apple and Google allows governments to build decentralized Bluetooth-based contact tracking software. 

The app-equipped devices send confidential, regularly changing IDs, known as RPIs, that are diffused via Bluetooth in such a way that nearby telephones that also use the application can be "heard". 

The observations of App Census reveal that the two Tech Giants' privacy pledge has certain deficiencies. Both transmitted and heard RPIs can indeed be identified in the machine logs of Android phones – as well as the device even records the existing Bluetooth MAC address of the destination server on RPIs that have been heard. Thus App Census found many ways of using and computing datasets to conduct data protection attacks since the RPI and the Bluetooth MAC addresses are unique and anonymized.

"Of course, the information has to be logged somewhere to do the contact-tracing, but that should be internally in the ENS," Gaetan Leurent, a researcher at the French National Institute for Research in Digital Science and Technology (INRIA), stated. "It is unsettling that this information was stored in the system log. There is no good reason to put it there." 

The RPIs could have been used along with different pieces of datasets to determine that whether users checked for COVID-19 positively, whether they had contacted an infectious individual or whether two persons met each other with access to device registers from multiple users. It is meant to preserve privacy in the contact tracing process, and precisely this type of data should be avoided. Therefore, the entire defense which should form the foundation of this protocol is defeated. 

A Google spokesperson told: "We were notified of an issue where the Bluetooth identifiers were temporarily accessible to some pre-installed applications for debugging purposes. Immediately upon being made aware of this research, we began the necessary process to review the issue, consider mitigations and ultimately update the code." 

The spokesman added that these Bluetooth identifications neither disclose the location of a customer nor provide any other identifying details, and also they are not aware that they were used in any manner. As per Google, roll started many weeks ago with the upgrade on Android devices and is due to be completed in the coming days. Previous publications of the researcher have shown that irrespective of implementation, the use of digital technology for contact tracking would necessarily present a risk to privacy.

Hackers Attack Apple Prior to Launch Event, Demand Ransom

 

On the day when Apple was ready to declare a new series of products at its Spring Load Event, there happened a leak from an unexpected quarter. The infamous cybercrime gang REvil took the responsibility for stealing data and schematics from Apple's supplier 'Quanta computer' relating unreleased products. The gang also threatened to sell the data to the highest bidder if the target failed to pay a ransom of $50 Million. For the credibility of the attack, the hackers release caches of docs relating to upcoming MacBook Pros. iMac schematics have also been added since the last attacks. 

The suspenseful timing and links to Apple raise controversy about the attack. However, it is also a reflection towards the rising no of disturbing ransomware incidents that appear today. Hackers have evolved through years of developing their mass data encryption techniques to log targets out of their own devices. Presently, these gangs are more focused towards data theft and extortion as their primary means of attacks, while demanding hefty ransoms in the process. 

"Our team is negotiating the sale of large quantities of confidential drawings and gigabytes of personal data with several major brands. We recommend that Apple buy back the available data by May 1," said REvil in the stolen data post. Since the start, ransomware attacks have involved capturing the victim's device, encrypting files, and then demanding ransom through simple transactions, in return for providing the decryption key. 

Now, however, hackers have moved towards a unique approach, along with encrypting the files, they steal files and threaten to leak them, this gives them leverage over their victim, assuring ransom payment. Even if the victim recovers his data, the risk of a hacker leaking his data still persists. The Wired reports, "and in the past couple of years, prominent ransomware gangs like Maze have established the approach. Today incorporating extortion is increasingly the norm. And groups have even taken it a step further, as is the case with REvil and Quanta, focusing completely on data theft and extortion and not bothering to encrypt files at all."

Apple will pay $100 million to Russian hackers for leaking data on new products

Apple's database was hacked due to cybersecurity deficiencies of the Taiwanese equipment manufacturer. The stolen information is estimated at $50 million, and the Russian hacker group is to be blamed.

Quanta, which produces MacBooks and peripherals for Apple, reported hacking of its own system and theft of engineering, production schemes of current and future products. We are talking, in particular, about the Air 2020, M1 2020 model of laptops and an unreleased copy with additional ports.

The group, described as the most dangerous in global cyberspace, REvil, sent an extortion message to Apple with samples of stolen technical files. The hackers are demanding a ransom of $50 million if Quanta pays the full amount by April 27. After that date, the amount will double to $100 million. The message was distributed through the Tor anonymous network connection, protected from eavesdropping.

According to profile portal Bleeping Computer, by Saturday, April 24, REvil had published more than a dozen schematics and diagrams of laptop components on its Darknet leak site. However, no links were found to the fact that the data relate to Apple products.

Quanta confirmed that its servers had been hacked. As Bloomberg reported, Quanta Computer's information security team is working with outside IT experts to review several cyberattacks on a few Quanta servers. The manufacturer says the hack will not significantly affect the company's future operations

The company also said that it has not yet figured out the extent of the leak. The images that leaked to the Net include the schematics of the redesign of the iMac just presented by Apple, which until this situation has not been seen by anyone outside of Apple's sphere of influence. This confirms the fact that the documents are indeed accurate.

Recall that REvil's largest illegal extortion profit was $18 million. The money was anonymously cashed and laundered through a cryptocurrency exchange.

Leaked Apple Schematics & Extortion Threats Removed From Dark Web

 

According to MacRumors, the ransomware group that stole schematics from Apple supplier Quanta Computer last week and threatened to release the trove of documents has mysteriously deleted all references to the extortion attempt from its dark web blog. 

Last Tuesday, the ransomware group REvil claimed that it had gained access to Quanta's internal computers and obtained some photographs and schematics of unreleased Apple products. The group requested $50 million from Quanta in order to retrieve the data. However, according to a statement posted on the hacker group's website on April 20, Quanta declined to pay the ransom, which led the criminals to turn their attention to Apple. 

The hackers publicly posted a handful of images depicting unreleased product schematics, including in total, 21 images showing different features of an alleged upcoming MacBook Pro, an SD card slot, HDMI slot, and a MagSafe charger, to prove they had hacked into Quanta's servers and to increase the pressure on Apple. 

Unless Apple paid the $50 million ransom demand in return for removing the files, the group threatened to publish new data every day leading up to May 1. The extortion attempt was timed to coincide with Apple's "Spring Loaded" digital event on April 20, at which the company unveiled AirTag item trackers, new iPad Pro models, and new iMacs. Despite the threat, after the original demand was made public, no further stolen documents have been leaked online. 

REvil isn't known for bluffing and regularly shares stolen documents if its victims don't pay up, so it's unclear why the group didn't follow through this time. According to MacRumors, the photos were mysteriously deleted from their dark web location. The group has not stated why the photos were deleted, and all references to the blackmail attempt have been removed. 

Apple is still yet to comment on the breach, although it has a history of refusing to deal with hackers. A hacker group tried to extort money from Apple in 2017 by keeping consumer data hostage. "We do not reward cybercriminals for violating the law," Apple told the community, and the company has yet to comment on the breach. 

The group is still aggressively extorting other businesses, so it's unclear what caused it to delete all material related to the Quanta hack.

Apple's AirDrop Comes with a Security Flaw

 

Due to its intriguing features, the much-hyped announcement of AirDrop at the Apple event drew a lot of attention. However, it has recently been discovered that AirDrop has a security loophole that allows users to see personal information such as email addresses and phone numbers. This may result in a data leak affecting over 1.5 billion Apple users, as well as other security concerns. 

According to a study citing researchers from Germany's Technische Universitat Darmstadt, everyone can reach Apple users' email addresses and phone numbers, even if they are strangers, by simply opening the sharing pane on the smartphone and initiating the sharing process. A secure Wi-Fi link and proximity between the two Apple devices are needed to complete this task. 

The researchers discovered a flaw in the Contacts Only setting. You use the iOS Sharing function and choose AirDrop as the method to share a file with anyone via AirDrop. If the other person's AirDrop is set to Contacts Only, Apple must check to see if you're on their contact list. The corporation does this by comparing the contact number and email address to entries in the other person's address book. 

Apple uses a hashing feature to obfuscate your phone number and email address during this process to keep it secure. However, university researchers have already found that this hashing would not effectively preserve the data's privacy. 

“As an attacker, it is possible to learn the phone numbers and email addresses of AirDrop users—even as a complete stranger," the researchers said in the report. "All they require is a Wi-Fi-capable device and physical proximity to a target that initiates the discovery process by opening the sharing pane on an iOS or macOS device.”

The researchers said they developed their own approach, called "PrivateDrop," to replace the insecure AirDrop design. Without needing to swap the insecure hash values, PrivateDrop can easily and safely verify whether you're in a fellow iPhone user's contact list using optimised cryptographic protocols. PrivateDrop is available for third-party review on GitHub.

For the time being, the researchers recommend that users disable AirDrop. To do so on an iPhone or iPad, go to Settings, General, and then press the AirDrop entry. Select Receiving Off from the drop-down menu.

Hackers Demand $50 Million Ransom From Apple

 

A Russian hacking group claims to have obtained schematics for some yet-to-be-released Apple products. The hackers have demanded a $50 million ransom in exchange for not leaking any of the designs they have on hand. 

According to a report by Bloomerg, the group gained access to sensitive data by hacking into Quanta, an Apple supplier that produces MacBooks and other products. The Taiwan-based third-party manufacturer has reported the data leak. 

The threat actors from the hacking group called REvil, first tried to extort money from Quanta in exchange for the stolen data. When Quanta declined to pay to recover the stolen data, the hackers turned their attention to Apple, the company's largest customer. According to a report by The Record, the group announced their intentions in a message posted on a dark website. 

REvil started sharing stolen photographs of Apple products as proof before Apple’s Spring Loaded event that was hosted virtually earlier this week. The hacking group shared 21 screenshots of the newly released iMac's schematics, which had not been made public before the launch. The post thus came as a testament to the legitimacy of the stolen data. 

Aside from iMac pictures, the group also shared images of the M1 MacBook Air, which was released in 2020, and manufacturing diagrams for an unreleased laptop. Notably, all of the diagrams included a disclaimer that read, “This is Apple's property, and it must be returned.” 

The hacking group has threatened to release new data every day before Apple or Quanta pays the $50 million ransom. The group is attempting to receive the ransom by May 1. Besides Apple, Quanta Computer has a long list of clients, including some of the most well-known names in the laptop industry. HP, Dell, Microsoft, Toshiba, LG, Lenovo, and other companies are among them. 

REvil has hinted in a post on the dark web that it has data from other companies as well. The REvil operators wrote, “Our team is negotiating the sale of vast quantities of classified drawings and gigabytes of personal data with many major brands.” 

The implications of the cyber-attack and the resulting data leak are still unclear.