Metadata analysis of leaked photos suggest complete iPhone backups obtained

eppb

A forensics consult and security researcher who analyzed metadata from leaked photos of Kate Upton said that the photos appear to have been obtained using software intended for use by law enforcement officials, reports Wired. The software, Elcomsoft Phone Password Breaker (EPPB), allows users to download a complete backup of all data on an iPhone once the iCloud ID and password have been obtained.

If a hacker can obtain a user’s iCloud username and password with iBrute, he or she can log in to the victim’s iCloud.com account to steal photos. But if attackers instead impersonate the user’s device with Elcomsoft’s tool, the desktop application allows them to download the entire iPhone or iPad backup as a single folder, says Jonathan Zdziarski, a forensics consult and security researcher. That gives the intruders access to far more data, he says, including videos, application data, contacts, and text messages …

Read more

Apple denies iCloud breach was responsible for device lockout attack, advises users to change passwords

icloud

Last night we reported that several Mac and iOS users were finding their devices remotely locked by hackers who had gained access to the users’ Find My iPhone accounts and demanded a ransom to return the devices to a working state.

Today Apple issued a statement on the problem, noting that—as suspected—the iCloud service itself was not actually breached, but individual user accounts may have been compromised through password reuse or social engineering:

Read more

Australian Mac and iOS users find devices remotely locked, held for ransom (and how to keep yours safe)

1401164873077

The Sydney Morning Herald reports that several Australian Mac, iPhone, and iPad users are finding that their devices have been locked remotely through Apple’s Find My iPhone service by someone using the name “Oleg Pliss.” The hacker (or hackers) then demand payments of around $50 to $100 to an anonymous PayPal account in order to restore the devices to their owners.

An active thread on Apple’s support forum was started yesterday as users started to discover that they had been targeted by the attack. According to that discussion, users are finding all of their devices locked at once rather than a single device per user. Based on that report and the fact that Find My iPhone is being used to hold the devices hostage, it seems likely that the perpetrator has gained access to these users’ iCloud accounts—possibly through password reuse by those users—rather than some device-specific malware or hack.

Read more

Video: Connect your iPad to the Internet via Ethernet cable with this easy hack

iPad connected to the Internet via Ethernet only

iPad connected to the Internet via Ethernet only

After seeing an eager Redditor discuss their setup for deploying iPads online with just an Ethernet connection, I was curious myself to see if I could get my iPad Air to be wireless-less as well.

It’s obviously not an ideal way to use a tablet in 2014, as it’s probably easier and cheaper to travel with an inexpensive router than the equipment required to get your iPad wired in. But if you have the equipment lying around or just want to experience the proof-of-concept for yourself, it’s certainly a strange thing to witness.

Check below for the setup I used as well as my video experience. Read more

How to: Use a password manager to have strong, unique passwords for each website

Image: redorbit.com

Image: redorbit.com

Evernote, Adobe, even Apple … just a few of the companies who have found their user data compromised by hackers in recent times. The possibility of a hacker being able to access one of your web accounts is worrying enough – but if you use the same email address and password for almost all the websites you use, the risk becomes huge.

The first thing a hacker does when they get hold of a list of usernames and passwords is to use automated software to fire them at a whole bunch of popular websites. That means your online security is only as good as the most vulnerable of the websites you visit. Not good.

The answer, of course, is to use a unique – and strong – password for each website you access. But that creates its own hassles. Strong passwords aren’t easily memorised. Sure, we can ask our browsers to store logins for us, but when you might use several different computers, an iPhone and an iPad, you’d have to login once from each device as soon as you chose the password so it gets stored before you forget it. Not very convenient.

Which is where password managers come in. When you see the instructions, it’ll look like a long process, but it in fact takes only 10-20 mins if you have two or three devices …  Read more

Two minute SIM card hack could leave 25 percent of phones vulnerable to spying

Image: joyenjoys.com

Image: joyenjoys.com

A two minute SIM card hack could allow an intruder to listen to your phone calls, send text messages from your phone number and make mobile payments from your account. The vulnerability, discovered by a German security researcher, is present in an estimated 750 million SIM cards – around one in four of all SIM cards.

Give me any phone number and there is some chance I will, a few minutes later, be able to remotely control this SIM card and even make a copy of it …  Read more

Hack brings Russian subscription TV service ‘UnliMovie.tv’ to Apple TV, no jailbreak required

Russian blog iGuides.ru points us to a new hack for Apple TV users that brings Russian subscription TV & movie service Unlimovie.tv to the device with no jailbreak required. The service, which is currently in beta, requires users to manually change the DNS on their device (easily accessible from within Settings) in order to access its digital TV service directly through Apple’s own Trailers app.

It isn’t the first hack of its kind: Just a couple weeks back, one of our favorite media servers, Plex, arrived on Apple TV without a jailbreak through what appeared to be a similar hack of the stock Trailers app.

The Unlimovie.tv service is currently in beta, allowing users to access a number of Russian digital TV channels for free, but the creators plan to officially launch the service in September through its paid subscriptions. That is, of course, if Apple doesn’t put an end to it in the meantime. Read more

Developer gets iOS 6 Maps with Flyovers and turn-by-turn running on iPhone 4

With the introduction of iOS 6 this fall, many iOS users will be left out on some of the new operating system’s flagship features. We already covered Apple’s official list of compatibility for iOS 6 features, and by far one of the most disappointing for iPhone 4 users was the news that they would not have access to the Flyover and turn-by-turn navigation features in Apple’s new in-house Maps app. Today, we have news from Russian website iGuides (via SlashGear) that iOS developer Anton Titkov found a way to get Apple’s new 3D maps up and running on the iPhone 4:

After yesterday’s release of jailbreak iOS 6 developer, well known to all users iGuides Anton Titkov (iTony) decided to dig a little bit in the new firmware, and became the first man in the world, who managed to get working 3D card on the iPhone 4. New tweak from Anton Titkova called 3DEnabler , and at the moment we can confidently say that it adds support for 3D cards on the “old” devices, but it is possible that the “unavailable” Turn-by-turn navigation will be defeated by our talented developer.

iGuides offers instructions for the hack on its website, while another video of 3DEnabler running on iPhone 4 is below:
Read more

Developer hacks his Samsung Series 7 to run OS X Lion

Samsung’s Series 7, originally intended for Windows 7, has been hacked to run a Hackintosh version of OS X Lion, a user on the tonymacx86 forums highlighted today. Awkward, considering the whole Samsung vs Apple fight. As you can see in the video above, the version of Lion runs relatively smoothly, but the big issue is an external monitor is needed to display the video. The user highlights the tools needed:

8GB USB KEY, mini-HDMI to HDMI cable/adapter, USB Keyboard and mouse. After you make a UniBeast USB key you have some space still left on it so I made a folder and downloaded MultiBeast 4.1.0: Lion Edition.

If you’ve got a Series 7 laying around and are tired of the bleh Windows, you should definitely try this hack out (if you’ve got the technical know-how). With specs close to the MacBook Air — an 11.6-inch display, 64GB SSD, and i5 processor — this device seems pretty perfect to run full on OS X in a mobile setting. It also gives you a little more horsepower than an iPad 2, though that’s like comparing Apples and Oranges.

For all of the technical details, hit up the tonymacx86 forums. We’ve already shared our thoughts on the Hackintosh community, and we’re certainly proponents of what they’re doing. We’re going to keep an eye out as this project gets more bug fixes, specifically the screen issue. Luckily, the developer says he is committed to working on this project.

New iOS security exploit lets apps read users’ information by executing unsigned code

Security expert Charlie Miller has found a flaw in code signing on iOS devices (via Forbes) that allows developers to sneak malware apps onto the App Store without Apple’s detection. The malware can then be used to read user’s contacts, make the phone vibrate or sound a ringtone, steal user’s photos, and more whenever the developer chooses. Sketchy!

To shed more light on the exploit Miller is giving a talk at the SysCan conference in Taiwan next week, but he does a good job in showing it off in the video above. Miller isn’t a novice to iOS and Mac security by any means. In 2008 Miller broke into the MacBook Air in two minutes through Safari and more.

Users would definitely be taken by surprise, seeing as we’re all pretty comfortable with how secure Apple keeps the App Store with the company’s review process. Sadly, it looks like any app could be used to harm users. For now, we suggest you keep away from lesser-known apps and developers until Apple issues a fix for the exploit.

Miller’s app has been both removed from the App Store and his developer account has been closed. At any rate, this was definitely a nice find.