Skip to main content

iPhone hack

See All Stories

As Apple offers $200k for iPhone vulnerabilities, Black Hat firm offers $500k

While security researchers may now be able to earn up to $200k by reporting vulnerabilities to Apple, some may find it hard to resist a counter-offer of $500k by blackhat company Exodus Intelligence.

While Exodus uses the innocuous-sounding label ‘Research Sponsorship Program,’ the firm makes its money by buying details of vulnerabilities and then making them available to those wishing to exploit them to hack devices …


Expand
Expanding
Close

LAPD successfully hacked a locked iPhone 5s during time FBI said it couldn’t access 5c

LAPD detectives have successfully hacked into a locked iPhone 5s despite the phone having a Secure Enclave, according to an LA Times report.

Los Angeles police investigators obtained a method to open the locked iPhone belonging to the slain wife of “The Shield” actor Michael Jace, according to court papers reviewed by The Times.

LAPD detectives found an alternative way to bypass the security features on the white iPhone 5S belonging to April Jace, whom the actor is accused of killing at their South L.A. home in 2014, according to a search warrant filed in Los Angeles County Superior Court.

More intriguingly still, this appears to have occurred during the time that the FBI was still demanding that Apple help it unlock the less secure iPhone 5c in the San Bernardino shooting case …


Expand
Expanding
Close

Hackers use Congressman’s iPhone to demo ability to listen into calls, monitor texts, track location [Updated]

CBS correspondent Sharyn Alfonsi, left, with hacker Karsten Nohl

Update: Rep. Ted Lieu has now written to the Chairman of the House Committee on Oversight and Government Reform requesting a formal investigation into the vulnerability. In his letter, the Congressman says that the flaw threatens ‘personal privacy, economic competitiveness and U.S. national security.’ The full text of his letter can be found at the bottom of the piece.

Apple may take iOS security so seriously that it’s willing to do battle with the FBI over it, but German hackers have demonstrated that all phones – even iPhones – are susceptible to a mobile network vulnerability that requires nothing more than knowing your phone number. Armed with just that, hackers can listen to your calls, read your texts and track your position.

60 Minutes invited the hackers to prove their claims by giving a brand new iPhone to Congressman Ted Lieu – who agreed to participate in the test – and telling the hackers nothing more than the phone number. The hackers later replayed recordings they’d made of calls made on that iPhone …


Expand
Expanding
Close

WaPo report claims Cellebrite not behind SB iPhone hack, FBI director says Apple ‘not a demon’

Site default logo image

 

Unnamed sources cited by the Washington Post contradict the widely-held belief that it was Israel-based mobile forensics company Cellebrite which helped the FBI hack into the locked San Bernardino iPhone. The report say that the agency was instead approached by a group of freelance hackers who revealed an iPhone passcode vulnerability to the FBI in return for a one-time fee.

The FBI cracked a San Bernardino terrorist’s phone with the help of professional hackers who discovered and brought to the bureau at least one previously unknown software flaw, according to people familiar with the matter […]

The researchers, who typically keep a low profile, specialize in hunting for vulnerabilities in software and then in some cases selling them to the U.S. government. They were paid a one-time flat fee for the solution … 


Expand
Expanding
Close

ACLU accuses FBI of gambling with cybersecurity as it fails to disclose iPhone hack details to Apple

The American Civil Liberties Union has accused the FBI of gambling with cybersecurity by failing to disclose to Apple the method used to access the San Bernardino iPhone, reports the WSJ.

Chris Soghoian, principal technologist at the ACLU, said the FBI is facing “a million-dollar question, and really what it comes down to is, does the FBI prioritize its own surveillance needs, or does it prioritize cybersecurity.’’

The longer the FBI keeps the security flaw to itself, he said, “the more they are gambling that no other entity will discover this flaw.’’ 

A former FBI official said that the agency’s decision on whether or not to reveal the method would likely depend on how many iPhone models it is able to unlock …


Expand
Expanding
Close

Security firm shows how Apple could bypass iPhone security to comply with FBI request

A security firm says that while Apple may fight hard to resist a California court order to help the FBI to break into an iPhone, it would be technically able to do so.

Apple had so far seemed to be in possession of the ultimate trump card in this situation: since iOS 8, it has been able to simply shrug and say that iPhones are encrypted and Apple doesn’t have the key. Even if a court ordered it to break into an iPhone, it would be unable to do so.

But while this is correct, security company Trail of Bits has described in a blog post how Apple could still make it possible for the FBI to hack into the phone …


Expand
Expanding
Close

Site default logo image

Black Box device can brute-force iOS 8.1 PINs, bypassing repeated attempts lockout & data-wipe

Security company MDSec has been testing a black box device that manages to gain access to iPhones running up to iOS 8.1 by brute-forcing the passcode over a USB connection to simulate keypad entry. Normally, trying every possible 4-digit PIN would be prevented by automated lockout or data wipe after ten incorrect attempts, but the IP Box manages to bypass this.

The IP Box is able to bypass this restriction by connecting directly to the iPhone’s power source and aggressively cutting the power after each failed PIN attempt, but before the attempt has been synchronized to flash memory.

After each attempt, it measures light levels on the screen to see whether it got access to the homescreen; if not, it restarts the phone fast enough that the PIN counter doesn’t get updated.

It’s not a very practical means of attack in the real world. Restarting the phone after every single attempt means that testing every single PIN would take around 111 hours, and thus take an average of around 55 hours to get access. You need physical access to the phone for those 55 hours, and need to have stopped it from gaining any kind of network access in that time to prevent the owner using Find My iPhone to remotely wipe it. But it’s an interesting proof of concept.

Apple appears to have fixed the vulnerability in iOS 8.1.1, as companies selling the kit note that it is not compatible with this version of iOS.

Although this isn’t something to worry about, it’s still good practice to use a complex passcode–not a great hardship on a recent iPhone, where you’ll be using Touch ID most of the time. Just go into Settings > Touch ID & Passcode and slide off the Simple Passcode switch.

Metadata analysis of leaked photos suggest complete iPhone backups obtained

Site default logo image

A forensics consult and security researcher who analyzed metadata from leaked photos of Kate Upton said that the photos appear to have been obtained using software intended for use by law enforcement officials, reports Wired. The software, Elcomsoft Phone Password Breaker (EPPB), allows users to download a complete backup of all data on an iPhone once the iCloud ID and password have been obtained.

If a hacker can obtain a user’s iCloud username and password with iBrute, he or she can log in to the victim’s iCloud.com account to steal photos. But if attackers instead impersonate the user’s device with Elcomsoft’s tool, the desktop application allows them to download the entire iPhone or iPad backup as a single folder, says Jonathan Zdziarski, a forensics consult and security researcher. That gives the intruders access to far more data, he says, including videos, application data, contacts, and text messages …


Expand
Expanding
Close

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications