#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

hacking iphone | Breaking Cybersecurity News | The Hacker News

Apple Weakens iOS 10 Backup Encryption; Now Can Be Cracked 2,500 Times Faster

Apple Weakens iOS 10 Backup Encryption; Now Can Be Cracked 2,500 Times Faster

Sep 23, 2016
After the iPhone encryption battle between Apple and the FBI , Apple was inspired to work toward making an unhackable future iPhones by implementing stronger security measures even the company can't hack. Even at that point the company hired one of the key developers of Signal — one of the world's most secure, encrypted messaging apps — its core security team to achieve this goal. But it seems like Apple has taken something of a backward step. Apple deliberately weakens Backup Encryption For iOS 10 With the latest update of its iPhone operating system, it seems the company might have made a big blunder that directly affects its users' security and privacy. Apple has downgraded the hashing algorithm for iOS 10 from "PBKDF2 SHA-1 with 10,000 iterations" to "plain SHA256 with a single iteration," potentially allowing attackers to brute-force the password via a standard desktop computer processor. PBKDF2 stands for Password-Based Key Deri
Apple releases 'Emergency' Patch after Advanced Spyware Targets Human Rights Activist

Apple releases 'Emergency' Patch after Advanced Spyware Targets Human Rights Activist

Aug 25, 2016
Apple has released iOS 9.3.5 update for iPhones and iPads to patch three zero-day vulnerabilities after a piece of spyware found targeting the iPhone used by a renowned UAE human rights defender, Ahmed Mansoor. One of the world's most invasive software weapon distributors, called the NSO Group, has been exploiting three zero-day security vulnerabilities in order to spy on dissidents and journalists. The NSO Group is an Israeli firm that sells spying and surveillance software that secretly tracks a target's mobile phone. The zero-day exploits have allowed the company to develop sophisticated spyware tools that can access the device location, contacts, texts, calls logs, emails and even microphone. Apple fixed these three vulnerabilities within ten days after being informed by two security firms, Citizen Lab and Lookout, who conducted a joint investigation. Background Story: Malware Discovery Mansoor, 46, ' Martin Ennals Award ' winner from the United Arab Emirate
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
Edward Snowden Designs an iPhone Case to Detect & Block Wireless Snooping

Edward Snowden Designs an iPhone Case to Detect & Block Wireless Snooping

Jul 22, 2016
We just cannot imagine our lives without smartphones, even for a short while, and NSA whistleblower Edward Snowden had not owned a smartphone since 2013 when he began leaking NSA documents that exposed the government's global surveillance program. Snowden fears that cellular signals of the smartphone could be used to locate him, but now, to combat this, he has designed an iPhone case that would detect and fight against government snooping. With help from renowned hardware hacker Andrew "Bunnie" Huang, Snowden has devised the design, which they refer to as an " Introspection Engine, " that would keep journalists, activists, and human rights workers from being tracked by their own devices leaking their location details. "This work aims to give journalists the tools to know when their smartphones are tracking or disclosing their location when the devices are supposed to be in airplane mode," Huang and Snowden wrote in a blog post published Thu
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
FBI may have found a New Way to Unlock Shooter's iPhone without Apple

FBI may have found a New Way to Unlock Shooter's iPhone without Apple

Mar 22, 2016
There's more coming to the high-profile Apple vs. FBI case. The Federal Bureau of Investigation (FBI) might not need Apple's assistance to unlock iPhone 5C  that belonged to San Bernardino shooter, Syed Rizwan Farook. If you have followed the San Bernardino case closely, you probably know everything about the ongoing encryption battle between the FBI and Apple. In short, the US Department of Justice (DOJ) wants Apple to help the FBI create a backdoored version of its iOS operating system that could let it access data on Farook's locked iPhone 5C. Apple, meanwhile, is evident on its part , saying that the FBI wants the company to effectively create the " software equivalent of cancer " that would likely open up all iPhones to malicious hackers. FBI to Apple: We'll Unlock iPhone by Our Own Now the Feds say they may be able to crack the iPhone without the Apple's assistance after all. In a court filing [ PDF ] submitted on Mo
New York Judge Rules FBI Can't Force Apple to Unlock iPhone

New York Judge Rules FBI Can't Force Apple to Unlock iPhone

Mar 01, 2016
Apple - 1; The FBI - 0 Apple Won a major court victory against the Federal Bureau of Investigation (FBI) in an ongoing legal battle similar to San Bernardino. In a New York case, a federal magistrate judge has ruled in favor of Apple, rejecting the U.S. government's request to force Apple to help the FBI extract data from a locked iPhone. This ruling from United States Magistrate Judge James Orenstein for the Eastern District of New York is a significant boost to Apple's pro-privacy stance to resist the agency's similar efforts over unlocking iPhone 5C of an alleged San Bernardino terrorist. The ruling [ PDF ] was issued on Monday as part of the criminal case against Jun Feng , who was pleaded guilty in October last year to drug charges. The Drug Enforcement Administration (DEA) seized Feng's iPhone 5 last year, but even after consulting the FBI, it was unable to access the iPhone. According to both the DEA and FBI, it's impossible for them to ov
Hackers WIN $1 Million Bounty for Remotely Hacking latest iOS 9 iPhone

Hackers WIN $1 Million Bounty for Remotely Hacking latest iOS 9 iPhone

Nov 02, 2015
Well, here's some terrible news for all Apple iOS users… Someone just found an iOS zero-day vulnerability that could allow an attacker to remotely hack your iPhone running the latest version of iOS, i.e. iOS 9. Yes, an unknown group of hackers has sold a zero-day vulnerability to Zerodium , a startup by French-based company Vupen that Buys and Sells zero-day exploits. And Guess what, in How much? $1,000,000. Yes, $1 Million. Last month, a Bug bounty challenge was announced by Zerodium for finding a hack that must allow an attacker to remotely compromise a non-jailbroken Apple device through: A web page on Safari or Chrome browser, In-app browsing action, or Text message or MMS. Zerodium's Founder Chaouki Bekrar confirmed on Twitter that an unnamed group of hackers has won this $1 Million Bounty for sufficiently submitting a remote browser-based iOS 9.1/9.2b Jailbreak (untethered) Exploit. NO More Fun. It's Serious Threat to iOS Use
Apple told Judge: It's Impossible to Access Data on Locked iPhones

Apple told Judge: It's Impossible to Access Data on Locked iPhones

Oct 21, 2015
US Federal Official: Unlock that iPhone for me? Apple: Sorry, Nobody can do this! Neither we, nor you. Yes, in a similar manner, Apple told a U.S. federal judge that it is " IMPOSSIBLE " to access data stored on a locked iPhone running iOS 8 or later iOS operating system. In short, Apple has reminded everyone that the tech giant can not, and will not, break its users' encryption if the government official asks it to. Apple revealed this in a court filing late Monday in response to the U.S. federal magistrate judge, who is being requested by the Justice Department to force the company to help authorities extract data from a seized iPhone. However, Apple says that it has the " technical ability " to help federal enforcement unlock older iOS devices – and almost 10 percent of iOS devices are running older versions of the operating system. In the brief filed Monday, Apple said : "In most cases now and in the future, the government's requested order would
YiSpecter — First iOS Malware that Attacks both: Non-jailbroken and Jailbroken Devices

YiSpecter — First iOS Malware that Attacks both: Non-jailbroken and Jailbroken Devices

Oct 05, 2015
Less than a month after Apple suffered one of its biggest malware attacks ever, security researchers have discovered another strain of malware that they claim targets both jailbroken as well as non-jailbroken iOS devices . Last month, researchers identified more than 4,000 infected apps in Apple's official App Store, which was targeted by a malware attack in which some versions of software used by developers to build apps for iOS and OS X were infected with malware, named XcodeGhost . And Now: Researchers from a California-based network security firm Palo Alto Networks have discovered new malware that targets Apple's iOS users in China and Taiwan. Capabilities of YiSpecter Malware Dubbed YiSpecter , the malware infects iOS devices and once infected, YiSpecter can: Install unwanted apps Replace legitimate apps with ones it has downloaded Force apps to display unwanted, full-screen ads Change bookmarks as well as default search engines in Safari S
Latest iOS 9.0.1 Update Failed to Patch Lockscreen Bypass Hack

Latest iOS 9.0.1 Update Failed to Patch Lockscreen Bypass Hack

Sep 26, 2015
iOS 9.0.1 – Apple's first update to its new iOS 9 mobile operating system, came out on Wednesday, addressed several bugs in its software. However, unfortunately, it seems that the latest update iOS 9.0.1 doesn't fix the lock screen bypass vulnerability reported by iPhone user Jose Rodriguez. Yes, the serious flaw in iOS 9 that allows anyone – with physical access of your iPhone or iPad – to bypass your device's lock screen and get into your contacts and personal photographs, also Works on iOS 9.0.1 . Video Demonstration: Rodriguez published a new video detailing a step-by-step explanation on how to bypass the passcode on iOS 9 and iOS 9.0.1 device, using the benevolent nature of Apple's personal assistant Siri. The lock screen bypass vulnerability works on all iOS versions from iOS 5.1.1 to the latest released iOS 9.0.1 . Mitigation So, until Apple rolls out an update to patch this bug, the only way available to iPhone users to mitiga
For Better Privacy & Security, Change these iOS 9 Settings Immediately

For Better Privacy & Security, Change these iOS 9 Settings Immediately

Sep 17, 2015
iOS 9 is out, and it's time to update your iPhone or iPad to the latest version of Apple's mobile operating system. The new iOS is better, faster, and more efficient than its predecessors, with a number of new features and improvements including enhanced multitasking for iPad, Proactive Assistant Siri, new Low Power mode, Transit directions in Maps and many more. You need to download iOS 9 right away. But, after installing it on your iOS device, you should immediately change these security settings to protect your privacy. Besides various new features, iOS 9 also comes with a handful of security and privacy improvements. So, before doing anything like loading new apps, customizing your phone, or syncing your data, you need to check these settings – and if necessary, changed. 1. Locking the Door Boost iOS 9 Security by Setting a Longer 6-digit Passcode When you set up an iOS device, you are asked to create a passcode to encrypt your entire iPho
Here's How You Can Replace Your iPhone Battery For Free

Here's How You Can Replace Your iPhone Battery For Free

Jul 04, 2015
Nothing is scarier than your iPhone alerting you that your battery had hit 5%, especially when you just took it off the charger with a 100 percent full battery about an hour ago.  To be very honest, it literally sucks. However, you no need to worry about this problem now, as there's a solution. Apple has just modified its warranty programs to make it easier for you to get your iPhone battery or in some cases, the whole device exchanged at an Apple Store. Under its new AppleCare+ policy , the company is offering to replace the batteries in your iOS devices for free until January 2016 , but if and only if you are eligible. Are you Eligible for New iPhone Battery? To make sure your iPhone is eligible, you need to check these simple things: You need to have bought the iPhone between September 2012 and January 2013 If yes, then the capacity of your battery also has to hold less than 80% of its original capacity Previously, the policy offers replacement of
This Simple Message Can Crash Skype Badly and Forces Re-Installation

This Simple Message Can Crash Skype Badly and Forces Re-Installation

Jun 03, 2015
Just last week iPhone and iPad users were dealing with an iOS text bug that caused the app to crash and iPhones to reboot , now a similar bug has been found that takes out Skype — the popular video chat and messaging service. Yes, Microsoft-owned Skype VoIP client is also affected by a bug that crashes almost every single version of the Skype client on both desktops and mobile phones with a single message containing just eight characters. Also: The impacts are so bad that it requires a re-install in order to get things working hitch-free again. Just Send 'https://:' and Crash Skype If a user receives a message during a conversation on Skype containing the text string " https://: " (without the quotes), it reportedly crashes Skype when running on Windows, Android, or iOS operating system, according to reports on Skype forums . However, Skype app for Mac and the modern touch-optimized version of Skype app for Windows 8.1 are reportedly unaffecte
This Simple Text Message Can Crash and Reboot Your iPhone

This Simple Text Message Can Crash and Reboot Your iPhone

May 27, 2015
A newly discovered bug in Apple's iOS mobile operating system has emerged this evening that lets iPhone users crash another user's iPhone by just sending a tiny string of text characters in a message. The bug is related to the Messages app and the notification system used by iPhone and iPad devices and appears to work only if there is iPhone to iPhone communication. A string of particular Arabic characters ( see the image above ) used in the text message causes the iPhone to continuously crash when a certain text is received and — reportedly in some cases — causes the iPhone to reboot without notice. How to Crash an iPhone with a Message: iPhone users who receive the string of text characters with Messages open would not be able to go back to other conversations without crashing the app, but… ...if the string is received while the iPhone is on the lock screen, users would be unable to open the Messages app entirely , or in some cases, the text could cause t
CIA Has Been Hacking iPhone and iPad Encryption Security

CIA Has Been Hacking iPhone and iPad Encryption Security

Mar 10, 2015
Security researchers at the Central Intelligence Agency (CIA) have worked for almost a decade to target security keys used to encrypt data stored on Apple devices in order to break the system. Citing the top-secret documents obtained from NSA whistleblower Edward Snowden, The Intercept blog reported that among an attempt to crack encryption keys implanted into Apple's mobile processor, the researchers working for CIA had created a dummy version of Xcode . CIA's WEAPON TO HACK APPLE DEVICES Xcode is an Apple's application development tool used by the company to create the vast majority of iOS apps. However using the compromised development software, CIA, NSA or other spies agencies were potentially allowed to inject surveillance backdoor into programs distributed on Apple's App Store. In addition, the custom version of Xcode could also be used to spy on users, steal passwords, account information, intercept communications, and disable core security features of
iOS vulnerability allows to disable 'Find My iPhone' without password

iOS vulnerability allows to disable 'Find My iPhone' without password

Feb 09, 2014
Smartphone manufacturers are adding ways for owners to track and manage their phones if they ever get lost or stolen. Find My iPhone is a service that comes with every iOS device that allows you to track your iPhone, whether it was lost or stolen. Normally, the iPhone requires a password if you want to deactivate " Find My iPhone ", but it isn't entirely perfect and thieves are now smart enough to disable ' Find My iPhone ' on devices running iOS 7.0.4 and lower version, without having to enter a password. The exploit was discovered and demonstrated security researcher ' Bradley Williams ' and performing a successful bypass means you won't be able to locate, make sound and wipe out. The vulnerability could put the devices at risk, and the exploitation method involves a few simple steps that involve making changes in the iCloud settings, even if they don't know the password. Steps to hack 'Find My iPhone': Navigate to iCloud in the settin
DROPOUTJEEP: NSA's Secret program to access any Apple iPhone, including microphone & camera

DROPOUTJEEP: NSA's Secret program to access any Apple iPhone, including microphone & camera

Jan 02, 2014
In the era of Smartphones, Apple's iPhone is the most popular device that exists, which itself gives the reason to target it. According to leaked documents shared by Security researcher  Jacob Appelbaum , a secret NSA program code named DROPOUTJEEP has nearly total access to the Apple's iPhones, which uses " modular mission applications to provide specific SIGINT functionality. " While giving the presentation at the Chaos Communications Congress (30C3) in Hamburg, Germany on Monday, Appelbaum revealed that NSA reportedly sniffing out every last bit of data from your iPhone. DROPOUTJEEP is a software implant for the Apple iPhone that utilizes modular mission applications to provide specific SIGINT functionality. This functionality includes the ability to remotely push/pull files from the device. SMS retrieval, contact list retrieval, voicemail, geolocation, hot mic, camera capture, cell tower location, etc. Command, control and data exfiltration can occur over SMS messaging or a GPRS
Exclusive : New Touch ID hack allows hacker to unlock an iPhone by multiple fingerprints

Exclusive : New Touch ID hack allows hacker to unlock an iPhone by multiple fingerprints

Sep 29, 2013
The Iranian group defeated the very basic phenomenon of an iPhone Fingerprinting scanner, which allows them to unlock an iPhone device with multiple Fingerprints. Apple's iPhone 5s , was launched just available in stores two weeks before with a new feature of biometrics-based security system called " Touch ID ", that involves analyzing a user's fingerprint and using that to unlock the phone. Apple launched the technology that it promises will better protect devices from criminals and snoopers seeking access. With this you can purchase things from the iTunes App Store. Basically, you can now use it in place of your password. " Fingerprint is one of the best passcodes in the world. It's always with you, and no two are exactly alike, " according to the Apple's website. Last week Germany Hackers showed that how they were able to deceive Apple's latest security feature into believing they're someone they're not, using a well-honed technique for
Hacking iPhone to bypass iOS 7 Lockscreen

Hacking iPhone to bypass iOS 7 Lockscreen

Jun 12, 2013
About this time every year, Apple gives a gift to mobile developers: the newest version of iOS. The all-new Apple iOS 7 launched at WWCD 2013 this week and Just after 48 hours of  iOS 7  release, 36-year old Jose Rodriguez iPhone user able to hack and bypass Lockscreen to access the Photos in just a few seconds. iOS is infamously popular for its lockscreen security bugs that let anyone bypass the passcode on a device to gain access to information that would otherwise be private. Forbes points us to a new video showing how to completely bypass the iPhone's password protection by accessing the calculator available on the lock screen. " By opening iOS's Control Room and accessing the phone's calculator application before opening the phone's camera, anyone can access, delete, email, upload or tweet the device's photos without knowing its passcode. " iOS 7 beta only available to those with developer accounts for now, cost $99 a year through Apple's websit
Cybersecurity Resources