iPhone | Breaking Cybersecurity News | The Hacker News

Though Apple claims iMessage has end-to-end encryption, But researchers claimed at a security conference that Apple's iMessage system is not protected and the company can easily access it. Cyril Cattiaux - better known as pod2g, who has developed iOS jailbreak software, said that the company's claim about iMessage protection by unbreakable encryption is just a lie, because the weakness is in the key infrastructure as it is controlled by Apple: they can change a key anytime they want, thus read the content of our iMessages . Basically, when you send  an   iMessage to someone, you grab their public key from Apple, and encrypt your message using that public key. On the other end, recipients have their own private key that they use to decrypt this message. A third-party won't be able to see the actual message unless they have access to the private key. Trust and public keys always have a problem, but the  researchers noted that there's no evidence that Apple or

A German security firm SRL claims a vulnerability in Touch ID Fingerprint Scanner and iCloud allows a hacker to access a locked device and potentially gain control over an owner's Apple ID. SRL points out that Airplane mode can be enabled on a stolen phone from the lockscreen , which turns off wireless connectivity and so defeats the remote wipe facility . This can be accessed without requiring a passcode, could be a major vulnerability when it comes to physically stolen devices. In a video demonstration, they point out that while Apple lets users locate and remotely wipe a device using the Find My iPhone app. Since Find My iPhone can only perform a wipe if a device is connected to the Internet, but because airplane mode will disable Internet Connectivity, that may give a thief enough time to get fingerprints off of the device and eventually log in. An attacker can create a fake fingerprint on a laminated sheet and later attached to one of their fingers, as already explained

Imagine a world where the software that powers your favorite apps, secures your online transactions, and keeps your digital life could be outsmarted and taken over by a cleverly disguised piece of code. This isn't a plot from the latest cyber-thriller; it's actually been a reality for years now. How this will change – in a positive or negative direction – as artificial intelligence (AI) takes on a larger role in software development is one of the big uncertainties related to this brave new world. In an era where AI promises to revolutionize how we live and work, the conversation about its security implications cannot be sidelined. As we increasingly rely on AI for tasks ranging from mundane to mission-critical, the question is no longer just, "Can AI  boost cybersecurity ?" (sure!), but also "Can AI  be hacked? " (yes!), "Can one use AI  to hack? " (of course!), and "Will AI  produce secure software ?" (well…). This thought leadership article is about the latter. Cydrill  (a

Here we go again! Earlier this week, Apple released iOS 7.0.2 just to fix some Lockscreen bugs in iOS 7 and but a researcher has found a new Lockscreen bug in new iOS 7.0.2. This new Lockscreen bug is found by Dany Lisiansky , and he uploaded a proof of concept video on YouTube with the complete step by step guide. Unlike the previous bugs it will not expose your Email, Photos, Facebook and Twitter but allows attackers to access your phone call history, voicemails and entire list of contacts. A step by step guide released by iDownloadblog : Make a phone call (with Siri / Voice Control) Click the FaceTime button When the FaceTime App appears, click the Sleep button Unlock the iPhone Answer and End the FaceTime call at the other end Wait a few seconds Done. You are now in the phone app Video demonstration  It would be easy for someone who knows you or your love partner or your business partner to obtain your phone and call themselves from it

The Iranian group defeated the very basic phenomenon of an iPhone Fingerprinting scanner, which allows them to unlock an iPhone device with multiple Fingerprints. Apple's iPhone 5s , was launched just available in stores two weeks before with a new feature of biometrics-based security system called " Touch ID ", that involves analyzing a user's fingerprint and using that to unlock the phone. Apple launched the technology that it promises will better protect devices from criminals and snoopers seeking access. With this you can purchase things from the iTunes App Store. Basically, you can now use it in place of your password. " Fingerprint is one of the best passcodes in the world. It's always with you, and no two are exactly alike, " according to the Apple's website. Last week Germany Hackers showed that how they were able to deceive Apple's latest security feature into believing they're someone they're not, using a well-honed technique for

Italian Researcher Michele Spagnuolo recently revealed a serious vulnerability in the popular Mailbox iPhone app . Mailbox is a tidy iOS the email app recently purchased by Dropbox , has a pretty wide-open hole that could allow bad actors to hijack your device. The flaw occurs in the latest version of Mailbox (1.6.2) currently available from the App Store, that  executes any Javascript which is present in the body of HTML emails. With exploitation of this vulnerability, users could be subject to account hijacking, spam and phishing attacks by simply opening an HTML email containing embedded javascript. You can see a video demonstration below: The good news is that the problem is probably not as bad as it looks, because iOS is tightly sandboxed, its security features are built with this functionality in mind and normally do not allow any potentially harmful operation to take place without the user's permission. Mailbox's statement on this issue, &quo

Last week Apple releases the iPhone 5S  with Touch ID , a fingerprint-scanning feature, promoted by the company as " Your fingerprint is one of the best passwords in the world ". Just after the launch of iOS7 , Hackers around the world come up with a series of security issues and privacy concerns. One of the most embarrassing hack released yesterday, when a group of German Hackers fooled the iPhone 's biometric fingerprint security by just using a high resolution photo of someone's fingerprint. Now, We all are aware about many secret surveillance projects of NSA like PRISM , where U.S. government is collecting data from these Internet companies including - Apple. Apple claimed that, iPhone will never upload fingerprints to their server, but can we believe them anymore ? It is already proven that, During Surveillance operations and for Backup purpose, Smartphone applications can upload anything from your device to their online servers without any

Android malware is continuing to cause problems for end users with huge amounts of fraud and Malware campaigns going on. A lot of fake apps are currently on Google Play Store fooling thousands of consumers. Grand Theft Auto 5 , which hit stores last Tuesday and is shaping up to be the most lucrative video game release ever. Now, Rockstar Game do plan to bring their Grand Theft Auto V iFruit app for Android devices, but before official released, it's fake malicious versions are out in Google Play Market. Rockstar have confirmed that they haven't released the Android version yet, only the iOS version is available right now and Android owners are warned not to download them, because some could contain malicious malware . There are at least two fake apps have surfaced on the Google Play Store that use the same icon as iFruit in an attempt to mimic the real thing. The deceptive part about these apps is that the developer publicly listed appears as "Rockstar Game," suggesting that th

Apple has marketed TouchID both as a convenience and as a security feature. " Your fingerprint is one of the best passwords in the world ," says an Apple promotional video. A European hacker group has announced a simple, replicable method for spoofing Apple's TouchID fingerprint authentication system. The Apple TouchID it the technology developed by Apple to replace passcode on its mobile and help protect users' devices, it is based on a sensor placed under the home button and it is designed to substitute the four-digit passcode to unlock the handset and authorize iTunes Store purchases. But is it really so? Hackers members of the Chaos Computer Club claim to have defeated Apple TouchID fingerprint sensor for the iPhone 5S, just after the start of its sale to the public. " Fingerprints should not be used to secure anything. You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints, " a hacker named Starbug was quoted as sa

Have you ever been wanting to take a picture of something you're looking at under your microscope but you just can't? Well, but now the Microphone Lens turns your iPhone or Android camera phone into a portable handheld microscope. By attaching a lightweight, inexpensive device to the back of a smart phone, researchers at the University of California (UCLA) can convert the phone into a sensitive fluorescence microscope. Microphone Lens allows the phone's camera to take pictures of single nanoparticles and viruses, possibly providing a portable diagnostic tool for health care workers in developing countries. In an experiment, A Nokia 808 PureView smartphone has been used to do fluorescent imaging on individual nanoparticles and viruses. By clipping on a 3D-printed attachment that included a laser bought on eBay Their work is funded by Nokia university research funding, the Army Research Office, the National Science Foundation, and other sources.

Just two days back Apple has yet fixed a security flaw in iOS 7 that allows anyone to bypass the lock screen to access users' personal data and the next one has already appeared. The new vulnerability was discovered by Karam Daoud, a 27 year old from the West Bank city of Ramallah in Palestine, that allows anyone to make calls from a locked iPhone , including international calls and calls to premium numbers. In a video, Daoud showed that calls can be made to any number from a locked iPhone running iOS 7 by using a vulnerability in the device's emergency calling function. The person needs to dial a number and then rapidly tap the call button until an empty screen with an Apple logo appears and makes the call to the particular number. The Forbes writer tested the flaw on two iPhone 5 devices on separate networks and it worked both times. This is the second malfunction found in the lock screen since iOS 7 was seeded to all iPhone owners this past Wednesday.

Like most iOS lock screen vulnerabilities, the passcode lock screen on iOS 7 also suffers from a bug that allows anyone with direct access to the iPhone or iPad. Although Apple claims to have fixed 80 security vulnerabilities with iOS 7, including the ability to bypass the lock screen in iOS 6.1.3, the same person who found the previous vulnerability has found yet another in iOS 7. Discovered by ' Jose Rodriquez ', an iPhone user reported a security flaw in iOS that lets anyone bypass the lockscreen passcode and access sensitive information stored in photos, Twitter, email and more. The flaw resides on users who lock their devices with a traditional PIN code or password. The security flaw is demonstrated in the video below and it works as follows: Swipe up from the bottom of the Lock screen to open Control Center and Launch the Clock app. Open the Alarm Clock section of the Clock app and Hold down the power button. Quickly tap Cancel the immediately doubl

As we reported yesterday that, your Smartphone is a goldmine for the US National Security Agency (NSA), they have the full access to your Data available on your Smartphones including Android , iPhone and Blackberry. But among other Smartphones,  iPhone apparently is the most popular with the National Security Agency. Another NSA presentation leaked by NSA whistle-blower Edward Snowden and published by German paper Der Spiegel , describing Steve Jobs as the real Big Brother and iPhone buyers as the "zombies" . By cracking mobile operating systems and eavesdropping on mobile communications, the data obtained in this way includes contacts, call lists, SMS traffic, notes and location information. " Such as a iPhone picture of a foreign government official who took selfies while watching TV, and a picture of an unknown man, apparently an Afghani fighter, in the mountains of Afghanistan. And remember the iPhone's location bug? That enabled tracking of people over exten

National Security Agency (NSA)  has the capability to access a broad range of data on most Smartphones out there, including iPhone, BlackBerry, and Android devices, according to the  documents provided by former US intelligence contractor Edward Snowden to the  German news agency Der Spiegel report. A 2009 NSA document states that it can " see and read SMS traffic ". This data includes Contact, call lists, SMS traffic, notes and location data about where a user has been, the NSA has set up teams to specialize in cracking each operating system. The leaked information also revealed that the NSA has organized a working group for each operating system. The documents also state the NSA has successfully accessed BlackBerry email data, a system previously thought to be very secure. Recently, two Guardian reporters , the Newspaper primarily responsible with leaking NSA documents, discovered a mystery app on their iPhones . It has no title, no identifying image,

Recently, The Social Media is buzzing over reports that Apple has invented a new technology that now can Switch off iPhone Camera and Wi-Fi, when entering a 'sensitive area'. Technology would broadcast a signal to automatically shut down Smartphone features, or even the entire phone. Yes ! It's true, On June 2008 - Apple filed a patent ( U.S. Patent No. 8,254,902 ) - titles " Apparatus and methods for enforcement of policies upon a wireless device " that defines the ability of U.S. Government to remotely disable certain functions of a device without user consent. All they need to do is decide that a public gathering or venue is deemed sensitive and needs to be protected from externalities. Is it not a shame that you can't take a photo of the police officer beating a man in the street because your oppressive government remotely disabled your Smartphone camera? Civil liberties campaigners fear it could be misused by the authorities to silence 'awkward citi

A Georgia Tech researcher has found a weakness in Apple's iOS mobile platform that could let hackers to hide malicious code inside apps and can be surreptitiously planted on the Apple App Store. Researchers team created a proof-of-concept attack that was published in the Apple App Store and used to remotely launch attacks on a controlled batch of devices , enabling them to post unauthorized tweets, take photos and even go after other apps. " Our research shows that despite running inside the iOS sandbox, a Jekyll-based app can successfully perform many malicious tasks, such as posting tweets, taking photos, sending email and SMS, and even attacking other apps all without the user's knowledge. " Using a BeagleBoard, team created a USB malicious charger called Mactans  that can install apps without user knowledge within a minute of being plugged in. In one demonstration, the attacker was able to hide the iPhone Facebook application and install a malicious copy in

It's been over a day now since Apple 's online Dev Center went offline, and latest message can be seen in the screenshot, which explains that the current maintenance has took a lot longer than they expected. " We apologize that maintenance is taking longer than expected. If your program membership was set to expire during this period, it has been extended and your app will remain on the App Store. If you have any other concerns about your account, please contact us. Thank you for your patience. " message said. Since that time, developers have been unable to access the site and cannot visit the forums or download Mac or iOS SDKs, the iOS 7 beta, or the Mavericks beta. It was first seemed like Apple having some backend issues but according to tweets from many developers, they have received a message from Apple that an attempt was made to reset their user ID's password . Such notices pointing that Apple's Developer Center website may have been compromised. But if it is a sec

Tumblr posted a blog post Tuesday night warning users to change their passwords and released a very important security update for iOS users after identifying a breach that compromised their passwords. It seems that, under certain circumstances, the prior versions of the iPhone and iPad apps would allow an individual with malicious intent to sniff or intercept passwords as they are in transit across a local network. The problem arose because the iPad and iPhone apps fail to log users in through a secure server.  The vulnerability does not seem to have affected Tumblr's Android app. The company urged users to download the latest version of the Tumblr app, which is available in the Apple iTunes Store. The company did not provide further details on the breach. It's also good practice to use different passwords across different services by using an app like 1Password or LastPass. It doesn't appear that any passwords got in the hands of malicious individuals, though you

The US Department of Defense has cleared Apple's iPhone and iPad for use on its military networks, along with the Samsung Galaxy S4 and BlackBerry 10 devices, the agency said in a statement Friday. The entire DOD is much, much larger, of course, and mobile devices are increasing in importance for the military just as much as they are for we civilians. The report notes that out of more than 600,000 mobile devices used by the Defense Department, only about 41,000 of those are Apple products, with most of those not connected directly to the military's networks. But because these platforms have previously not been certified or cleared for use, such devices had not been connected to secure military networks, except for testing. The move was hardly shocking, but Samsung devices running the Knox security suite and BlackBerry 10 already trickling into the hands of Pentagon employees, the decision sets the stage for a three-way bout for military market supremacy. Offic

The security features built into Apple 's iOS software are so good that the police are unable to gain access to defendant's iPhones when they need to.  Companies like Apple and Google are being asked by law enforcement officials to bypass these protections to aid in investigations. Apple receives so many police demands to decrypt seized iPhones that it has created a waiting list to handle the deluge of requests. In one of the recent cases, according to court documents, the federal agents were baffled by the encrypted iPhone 4S of a man in Kentucky who was charged for supplying crack cocaine. CNET reports that ATF agent Rob Maynard spent three months trying to "locate a local, state, or federal law enforcement agency with the forensic capabilities to unlock" an iPhone 4S. After everyone said that they did not have the capabilities, Maynard turned to Apple. Apple can reportedly bypass the security lock to get access to data on a phone, download it to an external devic

Privacy conscious phone users are being offered a new app that claims to be the world's first totally secure messaging service. A London-based iPhone messaging app claims to be unhackable and is offering reward to anyone who can intercept a message sent by it.  Redact believes that messages sent via the app are completely secure, and to prove it a reward of £10,000 has been offered. The application creates a secure and encrypted peer-to-peer network between two iPhones, with messages sent directly from one phone to another and not through the company's servers.  The company has already offered its Secure Messenger service for free to MPs and submitted the technology to CESG, the Government's National Technical Authority for Information Assurance, which provides advice on the security of communications and electronic data. With Redact there are no user names, phone numbers or email addresses. Instead, new users are automatically assigned a unique PIN, simi