#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Apple iphone hack | Breaking Cybersecurity News | The Hacker News

New iPhone Passcode Bypass Found Hours After Apple Releases iOS 12.1

New iPhone Passcode Bypass Found Hours After Apple Releases iOS 12.1

Oct 30, 2018
It's only been a few hours since Apple releases iOS 12.1 and an iPhone enthusiast has managed to find a passcode bypass hack, once again, that could allow anyone to see all contacts' private information on a locked iPhone. Jose Rodriguez , a Spanish security researcher, contacted The Hacker News and confirmed that he discovered an iPhone passcode bypass bug in the latest version of its iOS mobile operating system, iOS 12.1, released by Apple today. To demonstrate the bug, Rodriguez shared a video with The Hacker News, as shown below, describing how the new iPhone hack works, which is relatively simple to perform than his previous passcode bypass findings. Instead, the issue resides in a new feature, called Group FaceTime , introduced by Apple with iOS 12.1, which makes it easy for users to video chat with more people than ever before—maximum 32 people. How Does the New iPhone Passcode Bypass Attack Work? Unlike his previous passcode bypass hacks, the new method w
Hackers Used Malicious MDM Solution to Spy On 'Highly Targeted' iPhone Users

Hackers Used Malicious MDM Solution to Spy On 'Highly Targeted' iPhone Users

Jul 13, 2018
Security researchers have uncovered a "highly targeted" mobile malware campaign that has been operating since August 2015 and found spying on 13 selected iPhones in India. The attackers, who are also believed to be operating from India, were found abusing mobile device management (MDM) protocol—a type of security software used by large enterprises to control and enforce policies on devices being used their employees—to contol and deploy malicious applications remotely. Exploiting Apple MDM Service to Remotely Control Devices To enroll an iOS device into the MDM requires a user to manually install enterprise development certificate, which enterprises obtained through the Apple Developer Enterprise Program. Companies can deliver MDM configuration file through email or a webpage for over-the-air enrollment service using Apple Configurator. Once a user installs it, the service allows the company administrators to remotely control the device, install/remove apps, in
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
'iTunes Wi-Fi Sync' Feature Could Let Attackers Hijack Your iPhone, iPad Remotely

'iTunes Wi-Fi Sync' Feature Could Let Attackers Hijack Your iPhone, iPad Remotely

Apr 19, 2018
Be careful while plugging your iPhone into a friend's laptop for a quick charge or sharing selected files. Researchers at Symantec have issued a security warning for iPhone and iPad users about a new attack, which they named " TrustJacking ," that could allow someone you trust to remotely take persistent control of, and extract data from your Apple device. Apple provides an iTunes Wi-Fi sync feature in iOS that allows users to sync their iPhones to a computer wirelessly. To enable this feature, users have to grant one-time permission to a trusted computer (with iTunes) over a USB cable. Once enabled, the feature allows the computer owner to secretly spy on your iPhone over the Wi-Fi network without requiring any authentication, even when your phone is no longer physically connected to that computer. "Reading the text, the user is led to believe that this is only relevant while the device is physically connected to the computer, so assumes that disconnecti
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
New Hack: How to Bypass iPhone Passcode to Access Photos and Messages

New Hack: How to Bypass iPhone Passcode to Access Photos and Messages

Nov 17, 2016
Setting a passcode on your iPhone is the first line of defense to help prevent other people from accessing your personal details. However, it's pretty much easy for anyone with access to your iPhone to bypass the passcode protection (doesn't matter if you configured Touch ID or not) and access your personal photos and messages. A new critical security flaw discovered in iOS 8 and newer, including 10.2 beta 3, allows anyone to bypass iPhone's passcode and gain access to personal information using the benevolent nature of Apple's personal assistant Siri. The security glitch has been discovered by EverythingApplePro and iDeviceHelps and now that they have gone public with a video demonstration, you can expect Apple to fix this issue in the next iOS beta version. All an attacker need is to find out the phone number of the target's iPhone and access to the phone for a few minutes. But, what if you don't have target's phone number? No worries. You can
Instead of spending $1.3 million, FBI could have Hacked iPhone in just $100

Instead of spending $1.3 million, FBI could have Hacked iPhone in just $100

Sep 16, 2016
Do you remember the infamous encryption fight between the FBI and Apple for unlocking an iPhone 5C belongs to a terrorist? Yes, you got it right, the same Apple vs. FBI case where the FBI paid almost $1.3 Million to a group of hackers to unlock that iPhone. However, if the agency had shown some patience to explore more ways to get into that iPhone, then it might have cost them nothing less than US$100. Yes, you heard that right. Now anyone can unlock an iPhone for less than $100, for which the FBI paid more than $1 million . Cheap Method to Unlock iPhone 5C Cambridge University security researcher Sergei Skorobogatov has published a new research paper detailing a technique that would have helped the FBI bypass the iOS passcode limit on the shooter's iPhone 5C. Dubbed NAND Mirroring , the technique was proposed to the FBI earlier this year, but the agency claimed that the method would not work. "It does not work," FBI Director James Comey said back in March,
Apple Patents Technology to remotely disable your iPhone Camera at Concerts

Apple Patents Technology to remotely disable your iPhone Camera at Concerts

Jul 01, 2016
Here's something you'll not like at all: Apple has been awarded a patent for technology that would prevent you from snapping pictures and shooting videos with your iPhone or iPad at places or events, like concerts or museums, where it might be prohibited or inappropriate. The patent , granted on Tuesday by the United States Patents and Trademark Office, is highly technical. Apple's latest patent describes an iPhone or iPad camera receiving coded infrared signals beamed from emitters in public places would temporarily disable device camera functionality, preventing any photography or recording for as long as the signal is on. "An infrared emitter can be located in areas where picture or video capture is prohibited," reads the patent. "An electronic device can then receive the infrared signals, decode the data and temporarily disable the device's recording function based on the command." The technology patented by Apple could also be used to be
Apple hires Encryption Expert to Beef Up Security on its Devices

Apple hires Encryption Expert to Beef Up Security on its Devices

May 25, 2016
The FBI and other law enforcement agencies have waged legal war on encryption and privacy technologies. You may have heard many news stories about the legal battle between Apple and the FBI over unlocking an iPhone that belonged to the San Bernardino shooter. However, that was just one battle in a much larger fight. Now, in an effort to make its iPhone surveillance-and-hack proof, Apple has rehired security expert and cryptographer Jon Callas , who co-founded the widely-used email encryption software PGP and the secure-messaging system Silent Circle that sells the Blackphone. This is not Apple's first effort over its iPhone security . Just a few months back, the company hired Frederic Jacobs , one of the key developers of Signal — World's most secure, open source and encrypted messaging app . Now Apple has rehired Callas, who has previously worked for Apple twice, first from 1995 to 1997 and then from 2009 to 2011. During his second joining, Callas designed a ful
Israeli Forensic Firm 'Cellebrite' is Helping FBI to Unlock Terrorist's iPhone

Israeli Forensic Firm 'Cellebrite' is Helping FBI to Unlock Terrorist's iPhone

Mar 23, 2016
Meet the security company that is helping Federal Bureau of Investigation (FBI) in unlocking San Bernardino shooters' iPhone: The Israeli mobile forensics firm Cellebrite . Yes, Cellebrite – the provider of mobile forensic software from Israel – is helping the FBI in its attempt to unlock iPhone 5C that belonged to San Bernardino shooter, Syed Rizwan Farook, the Israeli YNetNews reported on Wednesday. The company's website claims that its service allows investigators to unlock Apple devices running iOS 8.x " in a forensically sound manner and without any hardware intervention or risk of device wipe. " If Cellebrite succeeds in unlocking Farook's iPhone, the FBI will no longer need Apple to create a backdoored version of its iOS operating system that could let it access data on Farook's locked iPhone 5C. Apple is engaged in a legal encryption battle with the US Department of Justice (DoJ) over a court order that forces the company to write
FBI Director — "What If Apple Engineers are Kidnapped and Forced to Write (Exploit) Code?"

FBI Director — "What If Apple Engineers are Kidnapped and Forced to Write (Exploit) Code?"

Mar 02, 2016
What If Apple Engineers are Kidnapped and Forced to Write (Exploit) Code? Exactly this was what FBI Director James Comey asked in the congressional hearing on Tuesday. The House Judiciary Committee hearing on "The Encryption Tightrope: Balancing Americans' Security and Privacy" over the ongoing battle between Apple and the FBI ended up being full of drama. The key to the dispute is whether the Federal Bureau of Investigation (FBI) can force Apple to develop a special version of its mobile operating system that would help the agency unlock an iPhone  belonged to San Bernardino shooter Syed Farook . FBI Director James Comey was there with a prepared testimony about why the FBI wants Apple to create a backdoor into the killer's iPhone. Comey: Encryption is a Long-Term Threat to Law Enforcement Yesterday, a New York magistrate judge refused a similar order in a drug case in which the authorities asked Apple to help with the data stored in an
Warning — Setting This Date On iPhone Or iPad Will Kill Your Device Permanently

Warning — Setting This Date On iPhone Or iPad Will Kill Your Device Permanently

Feb 15, 2016
Don't Try this at Home! An interesting software bug has been discovered in Apple's iOS operating system that could kill your iPhone, iPad or iPod Dead Permanently . Yes, you heard me right. An issue with the date and time system in iOS had emerged recently when Reddit users started warning people that changing your iPhone's or any iOS device's date to January 1, 1970, will brick your iPhone forever . Video Demonstration You can watch the whole process in the video given below. Even regular recovery tricks do not work. So, you are recommended to Not Try This Trick with your iOS device really – unless you book a trip to your local Apple Store. While I don't have any intention or desire to try it out with my iPhone 6s to confirm the authenticity of the bug, it is pretty much clear based on reports that seem legitimate. YouTuber Zach Straley first discovered the issue, which was later confirmed by iClarified, who tested the trick on an i
Warning! Popular Apple Store Apps Infected with Data-Theft Malware

Warning! Popular Apple Store Apps Infected with Data-Theft Malware

Sep 21, 2015
Unlike Google Play Store, Apple App Store is well known for not allowing any malformed apps to enter its Apple ecosystem because of its tight security checks. But, not anymore. Hundreds of malicious apps managed to get hosted on Apple's official App store and subsequently downloaded by  several hundred Million iPad and iPhone owners . Out of them, Palo Alto Networks published a list of 39 malicious yet legitimate apps that made ways to the App Store.  First Major Malware Attack on Apple's App Store Yes, Apple App Store is targeted by a malware attack in which some versions of software used by software developers to build their apps for iOS and OS X were infected with malware, named XcodeGhost . XcodeGhost secretly sniffs off data from customer's device and uploads it to the attacker's servers without the user's knowledge, according to security firm Palo Alto Networks. Apps were infected after developers used a malicious version of the X
iOS 8 Vulnerability Lets Hackers Crash Any iPhone and iPad Within Wi-Fi Range

iOS 8 Vulnerability Lets Hackers Crash Any iPhone and iPad Within Wi-Fi Range

Apr 22, 2015
Security researchers have uncovered a zero-day vulnerability in iOS 8 that could repeatedly crash users' Apple iPhones, iPads and iPods when the devices connect to a malicious wireless hotspot. It's like Denial of Service (DoS) attack on Apple's iOS devices that results in crashing either individual iOS apps or users' entire iPhones. NO iOS ZONE Adi Sharabani and Yair Amit of Mobile security firm Skycure presented their latest research, titled " No iOS Zone ", at the RSA security conference in San Francisco on Tuesday. The duo showed: It is possible for an attacker to create malicious Wi-Fi networks in order to crash nearby users' mobile devices with incredible accuracy. Also, even the "No iOS Zone" attack is capable to make iOS things within the range completely unusable by triggering constant numbers of reboots. It is nothing but a DoS attack… ...that makes the device inaccessible by its users, just like in the ca
Win Apple's iPhone 6 For Free – A New Facebook Scam

Win Apple's iPhone 6 For Free – A New Facebook Scam

Sep 17, 2014
Apple's iPhone 6 FREE ? Of course not ! It's only a hoax, but scammers have announced the just release iPhone 6 free. Another Facebook scam is circulating across the popular social networking website just days after Apple unveiled its upcoming iPhone 6 and iPhone 6 Plus, as scammers take advantage of all the hype and use them to lure Facebook users. THREE SIMPLE STEPS AND iPHONE 6 IS YOURS — REALLY? As usual, This new scam promises a chance to Win a free iPhone 6 to those users who complete a series of steps, as reported by Hoax-Slayer. You just need to go through "three easy steps" to get a chance to win the device: Like the Facebook page created to propagate the scam Share the page with your Facebook friends Download a "Participation Application" But before you proceed to the last step, a pop-up window leads you to participate in a survey before you can download the application. The survey will ask you to share your name, address, p
Apple to Add Security Alerts for iCloud Users after Celebrity Nude Photo Hack

Apple to Add Security Alerts for iCloud Users after Celebrity Nude Photo Hack

Sep 07, 2014
In the wake of the biggest digital exposure of personal nude selfies belonging to as many as 100 high-profile celebrities, Apple said the company plans to add extra security measures to keep hackers out of user accounts. Not just this, the company also plans to extend its two-factor authentication (2FA) feature to account logins to the iCloud service from mobile device in order to avoid future intrusions. APPLE BROADEN SECURITY WITH NEW RELEASE The company's chief executive, Tim Cook told the Wall Street Journal in an interview that the company will introduce more features to tighten up the security of its users' online accounts, but he " aggressively encourage " users to be more alert to the risks posed by cyber criminals, as you can't leave everything on the service providers. " We want to do everything we can do to protect our customers, because we are as outraged if not more so than they are, " Cook told the Journal. Apple will give alerts to users via emails a
Cybersecurity Resources