Major zero-day security flaws in iOS & OS X allow theft of both Keychain and app passwords

mac-os-x-ios-hack

Researchers from Indiana University and the Georgia Institute of Technology said that security holes in both iOS and OS X allow a malicious app to steal passwords from Apple’s Keychain, as well as both Apple and third-party apps. The claims appear to have been confirmed by Apple, Google and others.

We completely cracked the keychain service – used to store passwords and other credentials for different Apple apps – and sandbox containers on OS X, and also identified new weaknesses within the inter-app communication mechanisms on OS X and iOS which can be used to steal confidential data from Evernote, Facebook and other high-profile apps

The Register says the team reported the flaws to Apple in October of last year. At that time, Apple said that it understood the seriousness of the flaws and asked the researchers to give it six months to address them before the exploit was made public. In February, Apple requested an advance copy of the paper, yet the flaws remain present in the latest versions of both operating systems …  Read more

Tim Cook talks privacy & encryption, criticizes Google during award reception

timcook

While speaking at the Electronic Privacy Information Center’s (EPIC) Champions of Freedom Awards Dinner yesterday night, Apple CEO Tim Cook gave a speech during which he addressed the ongoing issues that surround privacy in the technology space. Cook, who was not physically in Washington D.C. for the event but rather spoke remotely, commented on both the steps Apple takes at ensuring customer privacy and how other companies are failing at the same task (via TechCrunch).

Read more

Nasty Mac vulnerability allows remote attack, survives OS X reinstallation & even drive format

bios

A serious vulnerability in Macs more than a year old would allow an attacker to take permanent control of the machine, retaining control even if the user reinstals OS X or reformats the drive.

The vulnerability was discovered by security researcher Pedro Vilaca, who found a way to reflash the BIOS – code stored in flash memory, not on the drive. This means that the machine remains compromised even if the hard drive is physically replaced …  Read more

Hundreds of dollars being stolen from Starbucks app users – weak/duplicated passwords blamed

starbucks

Starbucks has confirmed multiple reports of users of its smartphone app having three-figure sums stolen from their accounts in the form of gift certificates, reports CNN.

One user lost $550 in a matter of minutes, his account auto-reloaded each time it was emptied by a hacker sending a series of $50 gift cards. Other users have also reported three-figure losses within a matter of seconds or minutes …  Read more

Security flaw allows attackers to crash carrier iOS devices within range of a fake WiFi hotspot

Security researchers yesterday demonstrated a method of creating a ‘No iOS zone,’ inside of which all carrier iPhones and iPads on iOS 8 are rendered impossible to use, reports Skycure. Most apps that connect to the Internet crash on opening (shown above), and it’s even possible to put iOS devices into a constant boot loop (shown below).

The approach exploits an SSL bug in iOS, causing an app to crash when it attempts to establish a secure connection to a server. Although the exploit requires the iPhone or iPad to connect to a fake WiFi hotspot, the researchers were able to force devices to do so …  Read more

OS X 10.10.3 update failed to fix Rootpipe vulnerability, says former NSA staffer

A former NSA staffer says that the OS X 10.10.3 update which Apple claims fixed a significant security vulnerability has failed to do so, reports Forbes. Patrick Wardle, who now heads up research at security firm Synack, demonstrated the vulnerability in a video (without revealing exactly how it was done) to allow Apple time to issue a further fix.

The Rootpipe vulnerability allows an attacker with local access to a Mac to escalate their privileges to root – allowing them full control of the machine – without further authentication. A second security researcher confirmed the flaw …  Read more

HTTPS bug leaves 1,500 iOS apps vulnerable to man-in-the-middle attacks, finds analytics company

The buggy code highlighted by arsTechnica

The buggy code highlighted by arsTechnica

A bug in the way that 1,500 iOS apps establish secure connections to servers leaves them vulnerable to man-in-the-middle attacks, according to analytics company SourceDNA (via arsTechnica). The bug means anyone intercepting data from an iPhone or iPad could access logins and other sensitive information sent using the HTTPS protocol.

A man-in-the-middle attack allows a fake WiFi hotspot to intercept data from devices connecting to it. Usually, this wouldn’t work with secure connections, as the fake hotspot wouldn’t have the correct security certificate. However, the bug discovered by SourceDNA means that the vulnerable apps fail to check the certificate …  Read more

Apple, Google & other large tech companies urge the White House & Congress not to renew the Patriot Act

patriot-act-reform

Apple is one of ten tech giants to once again call on the US Government not to reauthorize the Patriot Act in its current form. The Act expires on 1st June unless it is renewed by Congress. Apple was joined by AOL, Dropbox, Evernote, Facebook, Google, LinkedIn, Microsoft, Twitter and Yahoo.

In an open letter to President Obama, NSA Director Admiral Rogers and other prominent government figures, the companies urge Congress to end the bulk collection of communications metadata–the logs that determine how and when ordinary citizens contact each other.

The letter says that mass surveillance must end, and that a revised bill must contain mechanisms to ensure that future government surveillance is both transparent and accountable …  Read more

Snowden: The CIA has been working “for years” to break iPhone, iPad and Mac security

cia

The Central Intelligence Agency has conducted “a multi-year, sustained effort to break the security of Apple’s iPhones and iPads,” claims The Intercept, referencing new Snowden leaks of a document from the CIA’s internal wiki system.

A presentation on the attempts, focusing on breaking Apple’s encryption of iOS devices, was said to have been delivered at an annual CIA conference called the Jamboree.

Studying both “physical” and “non-invasive” techniques, U.S. government-sponsored research has been aimed at discovering ways to decrypt and ultimately penetrate Apple’s encrypted firmware. This could enable spies to plant malicious code on Apple devices and seek out potential vulnerabilities in other parts of the iPhone and iPad currently masked by encryption.

One route reportedly taken by the CIA was to create a modified version of Xcode, which would allow it to compromise apps at the point at which they are created …  Read more

Security flaw places Mac, iOS & Android users at risk from hacking on some major websites

freak

Cryptographers have discovered that a security flaw dating back to the ’90s is placing OS X, iOS and Android users at risk from hacking attacks when visiting some major websites, including American Express, Airtel, Bloomberg, Business Insider, Groupon, Marriott and many more.

The FREAK exploit allows an attacker to force a website to use lower-grade encryption for HTTPS connections, which can be cracked within a few hours when using a small botnet of just 75 computers. Once cracked, attackers would be able to hack the website as well as steal personal data from those visiting the site …  Read more

Tim Cook talks Snowden, Apple Car and Steve Jobs as the best teacher he’s ever had

2,w=993,c=0.bild

Tim Cook appears to be using his international tour, which so far includes Israel, Germany and the UK, to push a second product every bit as hard as the Apple Watch: privacy. In an interview with the German newspaper BILD posted yesterday (paywall), Cook went as far as to praise Edward Snowden for his role in prompting discussion of the issue.

If Snowden did anything for us at all, then it was to get us to talk more about these things. [Apple’s] values have always been the same.

The comments follow a meeting with German Chancellor Angela Merkel, at which data privacy was reportedly a key topic. Cook also told the Telegraph last week that “none of us should accept that the government or a company or anybody should have access to all of our private information.” Cook has in the past resisted FBI pressure to compromise its strong encryption, and was the only tech CEO to attend a recent White House cybersecurity summit.

In the BILD interview, Cook reiterated Apple’s stance on privacy, and also said that as Apple had grown larger, it had taken deliberate decisions to be less secretive about some aspects of its business …  Read more