Mobile devices have gone from a novelty option to being a huge part of our everyday lives. Less like phones and more like computers, we now use our smartphones and tablets for everything from gaming and surfing the net, to work & money management. No matter what we use our mobile devices for, the question we should all ask ourselves is – How secure are they?
In a statement issued moments ago, the company said while it has used Carrier IQ’s network diagnostic software in the past, it recently stopped supporting it and plans to remove it from its mobile devices in a future software update. It also denied collecting any personal information.
Apple has finally weighed in on the Carrier IQ debacle according to AllThingsD. In a statement issued moments ago, the company said while it has used Carrier IQ’s network diagnostic software in the past, it recently stopped supporting it and plans to remove it from its mobile devices in a future software update. It also denied collecting any personal information.
Continue reading “Apple Stopped Supporting Carrier IQ With iOS 5”
Six skilled authors Charlie Miller, Dion Blazakis, Dino DaiZovi, Stefan Esser ( aka i0n1c ), Vincenzo Iozzo, Ralf-Phillip Weinmann and MuscleNerd as tech editor have put together a new iOS book entitled iOS Hacker’s Handbook: Arm Yourself With The Tools Needed To Identify, Understand And Foil iOS Attacks
Six skilled authors Charlie Miller, Dion Blazakis, Dino DaiZovi, Stefan Esser ( aka i0n1c ), Vincenzo Iozzo, Ralf-Phillip Weinmann and MuscleNerd as tech editor have put together a new iOS book entitled iOS Hacker’s Handbook: Arm Yourself With The Tools Needed To Identify, Understand And Foil iOS Attacks
iOS is Apple’s mobile operating system for the iPhone and iPad. With the introduction of iOS5, many security issues have come to light. This book explains and discusses them all. The award-winning author team, experts in Mac and iOS security, examines the vulnerabilities and the internals of iOS to show how attacks can be mitigated. The book explains how the operating system works, its overall security architecture, and the security risks associated with it, as well as exploits, rootkits, and other payloads developed for it.
Charlie Miller, a former NSA analyst who now works as a researcher with consultancy Accuvant, created a proof-of-concept app called Instastock to show the vulnerability
Charlie Miller, a former NSA analyst who now works as a researcher with consultancy Accuvant, created a proof-of-concept app called Instastock to show the vulnerability. The simple program appears to merely list stock tickers, but also communicates with a server in Miller’s house in St. Louis, pulling down and executing whatever new commands he wants.
Security app for iOS devices? Maybe useful for over concerned users about mobile security but, in reality there’s actually no threats for iOS devices ( except phishing ). If you have a jailbroken device, you should take a few extra steps to increase security but, we’ll cover that in this post too.
Losing your smarpthone is bad enough. But if you lose your iPhone and don’t issue a remote wipe command (available for free with the Find My iPhone app) then you could find yourself in a world of hurt. Researchers at the Fraunhofer Institute Secure Information Technology (Fraunhofer SIT) can jailbreak and decrypt passwords from the iPhone’s keychain — for say, your Gmail account, corporate VPN, home WiFi, and MS Exchange — in about six minutes using existing, known exploits. Sorry kids, your flimsy lockscreen passcode won’t help.
Video proof, after the jump…
Continue reading “Fraunhofer SIT Researchers Steal iPhone Passwords In Six Minutes “
Stefan Esser, a security consultant and application developer for SektionEins, has found a way to support Address Space Layout Randomization (ASLR) in iOS, and has developed a new jailbreak tool – to be called antid0te – to implement it, making iPhones much more resistant to malware attacks.
A German security analyst is about to unveil a new jailbreaking process that will make iPhones much more secure. Stefan Esser, a security consultant and application developer for SektionEins, has found a way to support Address Space Layout Randomization (ASLR) in iOS, and has developed a new jailbreak tool – to be called antid0te – to implement it, making iPhones much more resistant to malware attacks. The tool will be announced at a security conference next week and should be available soon thereafter.
New day, new update in Cydia: Firewall iP. Firewall iP, the first and only Firewall for the iPhone, got an update to 1.49. The changes are all in the background, but massive.
New day, new update in Cydia: Firewall iP. Firewall iP, the first and only Firewall for the iPhone, got an update to 1.49. The changes are all in the background, but massive. It improves stability, memory usage and speed:
The firmware 3.1 beta 3 already includes the patch for SMS and then all the developers are already in a situation of complete security. Therefore, there is no need to perform a downgrade to version 3.0.1 .
Yesterday Apple released iPhone Firmware 3.0.1 . This update is NOT a major update, and it only ads a patch for the SMS security flaw , which was explained by Miller at the Black Hat Conference a few days ago.
The firmware upgrade does not update the baseband and you can still use the same tools to jailbreak and unlock your devices after upgrade. But there is only one trick to the process. You can read how to jailbreak and unlock iPhone firmware 3.0.1 on Mac and Windows , here.
In case you are using firmware 3.1 beta 3, you already using a firmware that includes the patch for SMS you are already in a situation of complete security. Therefore, there is no need to perform a downgrade to version 3.0.1 .
Through a bug in the SMS in fact, the device may be attacked and then run a program without user intervention. In the case of Jailbroken devices, this program would take the Administrator privileges.
Do you know who Charlie Miller is? Well, Charlie is a hacker who, during the Pwn2Own event, took full control of a Mac in just 2 seconds using a security flaw in Safari. Impressed? Oh well…
Charlie moved his attention on the iPhone and in particular to a security problem in the management of SMS that allows hackers to send malicious code without user intervention.
Through a bug in the SMS in fact, the device may be attacked and then run a program without user intervention. In the case of Jailbroken devices, this program would take the Administrator privileges.
Mr Miller has also held (during the conference Syscan Singapore) that Apple is already at work in search of a remedy. Basically, despite the limited number of characters available in 1 SMS you can send a small program in binary form through multiple consecutive messages.
Finally, Miller argues that the Jailbreak eliminates about 80% of the protection system Apple, for which an iPhone is even more vulnerable to this problem.
