The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Cybersecurity News and Analysis: iPhone hacking

You Can Crash Anyone's iPhone Or iPad With A Simple Emoji Text Message

You Can Crash Anyone's iPhone Or iPad With A Simple Emoji Text Message
January 19, 2017Swati Khandelwal
A newly discovered bug in Apple's iOS mobile operating system is being exploited in a prank that lets anyone crash your iPhone or iPad by just sending an emoji-filled iMessage, according to several reports. YouTube star EverythingApplePro published a video highlighting a sequence of characters that temporarily freeze and restart an iPhone, which people can send to their iPhone buddies to trouble them. You can watch the video demonstration below. Here's the first troublesome text: A white Flag emoji, the digit "0" and a Rainbow emoji. This simple numeric character, flag, and rainbow emojis confuse iOS 10 devices when it tries to combine them into a rainbow flag. As soon as this text is received, the iPhone's software attempts to combine the emojis but fails, and the messaging app crashes and eventually reboots in a few minutes. The recipients do not even have to open or read the message. Video Demonstration Another iPhone-crashing method involves

Warning! Your iPhone Can Get Hacked Just by Opening a JPEG Image, PDF or Font File

Warning! Your iPhone Can Get Hacked Just by Opening a JPEG Image, PDF or Font File
October 25, 2016Mohit Kumar
What's worse than knowing that innocent looking JPEGs, PDFs and font files can hijack your iPhone, iPad, and iPod. Yes, attackers can take over your vulnerable Apple's iOS device remotely – all they have to do is trick you to view a maliciously-crafted JPEG graphic or PDF file through a website or an email, which could allow them to execute malicious code on your system. That's a terrible flaw (CVE-2016-4673), but the good news is that Apple has released the latest version of its mobile operating system, iOS 10.1 , for iPhones and iPads to address this remote-code execution flaw, alongside an array of bug fixes. And now that the company has rolled out a security patch, some hackers would surely find vulnerable Apple devices to exploit the vulnerability and take full control of them. So, users running older versions of iOS are advised to update their mobile devices to iOS 10.1 as soon as possible. Besides this remote code execution flaw, the newest iOS 10.1 incl

Edward Snowden Designs an iPhone Case to Detect & Block Wireless Snooping

Edward Snowden Designs an iPhone Case to Detect & Block Wireless Snooping
July 22, 2016Swati Khandelwal
We just cannot imagine our lives without smartphones, even for a short while, and NSA whistleblower Edward Snowden had not owned a smartphone since 2013 when he began leaking NSA documents that exposed the government's global surveillance program. Snowden fears that cellular signals of the smartphone could be used to locate him, but now, to combat this, he has designed an iPhone case that would detect and fight against government snooping. With help from renowned hardware hacker Andrew "Bunnie" Huang, Snowden has devised the design, which they refer to as an " Introspection Engine, " that would keep journalists, activists, and human rights workers from being tracked by their own devices leaking their location details. "This work aims to give journalists the tools to know when their smartphones are tracking or disclosing their location when the devices are supposed to be in airplane mode," Huang and Snowden wrote in a blog post published Thu

Beware! Your iPhone Can Be Hacked Remotely With Just A Message

Beware! Your iPhone Can Be Hacked Remotely With Just A Message
July 20, 2016Mohit Kumar
In Brief Do you own an iPhone? Mac? Or any Apple device? Just one specially-crafted message can expose your personal information, including your authentication credentials stored in your device's memory, to a hacker. The vulnerability is quite similar to the Stagefright vulnerabilities , discovered a year ago in Android, that allowed hackers to silently spy on almost a Billion phones with just one specially-crafted text message. Cisco Talos senior researcher Tyler Bohan, who discovered this critical Stagefright-type bug in iOS, described the flaw as "an extremely critical bug, comparable to the Android Stagefright as far as exposure goes." The critical bug (CVE-2016-4631) actually resides in ImageIO – API used to handle image data – and works across all widely-used Apple operating systems, including Mac OS X, tvOS, and watchOS. All an attacker needs to do is create an exploit for the bug and send it via a multimedia message (MMS) or iMessage inside a Tagg

Apple Patents Technology to remotely disable your iPhone Camera at Concerts

Apple Patents Technology to remotely disable your iPhone Camera at Concerts
July 01, 2016Swati Khandelwal
Here's something you'll not like at all: Apple has been awarded a patent for technology that would prevent you from snapping pictures and shooting videos with your iPhone or iPad at places or events, like concerts or museums, where it might be prohibited or inappropriate. The patent , granted on Tuesday by the United States Patents and Trademark Office, is highly technical. Apple's latest patent describes an iPhone or iPad camera receiving coded infrared signals beamed from emitters in public places would temporarily disable device camera functionality, preventing any photography or recording for as long as the signal is on. "An infrared emitter can be located in areas where picture or video capture is prohibited," reads the patent. "An electronic device can then receive the infrared signals, decode the data and temporarily disable the device's recording function based on the command." The technology patented by Apple could also be used to be

Apple left iOS 10 Kernel Code Unencrypted, Intentionally!

Apple left iOS 10 Kernel Code Unencrypted, Intentionally!
June 24, 2016Mohit Kumar
Apple's new iOS 10 recently made headlines after MIT Technology Review revealed that the company had left the kernel of the mobile operating system unencrypted. Yes, the first developer preview of iOS 10 released at WWDC has an unencrypted kernel. When the headline broke, some of the users were surprised enough that they assumed Apple had made a mistake by leaving unencrypted kernel in iOS 10, and therefore, would get reverted in the next beta version of the operating system. However, Apple managed to confirm everyone that the company left the iOS 10 kernel unencrypted intentionally, as the kernel cache does not contain any critical or private information of users. On iOS, the kernel is responsible for things like security and how applications are capable of accessing the parts of an iPhone or an iPad. But, Why Apple had left the iOS wide open when other features like iMessage offer end-to-end encryption ? Apple did this on purpose, because by leaving the iOS 10 kernel

FBI paid Hacker $1.3 Million to Unlock San Bernardino Shooter's iPhone

FBI paid Hacker $1.3 Million to Unlock San Bernardino Shooter's iPhone
April 22, 2016Swati Khandelwal
In Brief Guess how much the FBI has paid an unknown grey-hat hacker to break into San Bernardino Shooter's iPhone? FBI Director James Comey hinted during an interview that the FBI spent more than $1.3 Million for breaking into the iPhone of a suspected terrorist and found nothing useful on it. Apple's  legal battle with the Federal Bureau of Investigation (FBI) ended following the bureau's announcement last month that it bought a hacking tool to break into the locked iPhone 5C belonging to the alleged San Bernardino shooter Syed Farook. At the time, the FBI did not disclose the name of the third party neither it revealed the cost of the hacking tool. But yesterday while speaking at the Aspen Security Forum in London, FBI Director James Comey gave a hint on the price it gave to the unnamed "outside party" for the hacking solution after Apple refused to help the agency bypass the iPhone's security mechanisms. The FBI Paid Over $1.3 MILLION f

FBI claims its iPhone Hacking Tool can't Unlock iPhone 5S, 6S and 6S Plus

FBI claims its iPhone Hacking Tool can't Unlock iPhone 5S, 6S and 6S Plus
April 07, 2016Mohit Kumar
Although everyone, including Apple, was worried about the iPhone hacking tool used by the Federal Bureau of Investigation (FBI) to access data on iPhone belonged to the San Bernardino shooter, the FBI director said the hack does not work on an iPhone 5S or later. FBI Director James Comey said Wednesday that the agency was able to avoid a prolonged legal battle with Apple by buying a tool from a private source to hack into terrorist Syed Farook's iPhone 5C. Apple was engaged in a legal battle with the Department of Justice (DOJ) for a month over a court order that forces the company to write new software, which could disable passcode protection on Farook's iPhone to help them access data on it. Apple refused to comply with the order, so the FBI worked with a third-party firm, most likely the Israeli mobile forensic firm Cellebrite, and was successfully able to access data on the locked iPhone used in the San Bernardino shooting incident last year. But speaking to the

Israeli Forensic Firm 'Cellebrite' is Helping FBI to Unlock Terrorist's iPhone

Israeli Forensic Firm 'Cellebrite' is Helping FBI to Unlock Terrorist's iPhone
March 23, 2016Swati Khandelwal
Meet the security company that is helping Federal Bureau of Investigation (FBI) in unlocking San Bernardino shooters' iPhone: The Israeli mobile forensics firm Cellebrite . Yes, Cellebrite – the provider of mobile forensic software from Israel – is helping the FBI in its attempt to unlock iPhone 5C that belonged to San Bernardino shooter, Syed Rizwan Farook, the Israeli YNetNews reported on Wednesday. The company's website claims that its service allows investigators to unlock Apple devices running iOS 8.x " in a forensically sound manner and without any hardware intervention or risk of device wipe. " If Cellebrite succeeds in unlocking Farook's iPhone, the FBI will no longer need Apple to create a backdoored version of its iOS operating system that could let it access data on Farook's locked iPhone 5C. Apple is engaged in a legal encryption battle with the US Department of Justice (DoJ) over a court order that forces the company to write

Warning — Hackers can Silently Install Malware to Non-Jailbroken iOS Devices

Warning — Hackers can Silently Install Malware to Non-Jailbroken iOS Devices
March 17, 2016Mohit Kumar
Hard time for mobile phone users! Just recently, two severe vulnerabilities in Qualcomm Snapdragon chip and Stagefright were spotted on the Android platform, affecting more than a Billion and Millions of devices respectively. And now: Hackers have discovered a new way to install malicious apps onto your iPhone without your interaction. Researchers at Palo Alto Networks have uncovered a new strain of malware that can infect Non-Jailbroken (factory-configured) iPhones and iPads without the owner's knowledge or interaction, leaving hundreds of millions of Apple iOS devices at risk. Dubbed AceDeceiver , the iPhone malware installs itself on iOS devices without enterprise certificates and exploits designing flaws in Apple's digital rights management (DRM) protection mechanism called FairPlay. What's more concerning about this malware: Unlike most iOS malware, AceDeceiver works on factory-configured (non-jailbroken) iOS devices as well. FairPlay

How to Steal Secret Encryption Keys from Android and iOS SmartPhones

How to Steal Secret Encryption Keys from Android and iOS SmartPhones
March 04, 2016Mohit Kumar
Unlike desktops, your mobile devices carry all sorts of information from your personal emails to your sensitive financial details. And due to this, the hackers have shifted their interest to the mobile platform. Every week new exploits are discovered for iOS and Android platform, most of the times separately, but the recently discovered exploit targets both Android as well as iOS devices. A team of security researchers from Tel Aviv University , Technion and The University of Adelaide has devised an attack to steal cryptographic keys used to protect Bitcoin wallets, Apple Pay accounts, and other highly sensitive services from Android and iOS devices. The team is the same group of researchers who had experimented a number of different hacks to extract data from computers. Last month, the team demonstrated how to steal sensitive data from a target air-gapped computer located in another room. Past years, the team also demonstrated how to extract secret decryption key

France could Fine Apple $1 Million for each iPhone it Refuses to Unlock

France could Fine Apple $1 Million for each iPhone it Refuses to Unlock
March 02, 2016Swati Khandelwal
The United States is not the only one where Apple is battling with the federal authorities over iPhone encryption. Apple could face $1 Million in Fine each time the company refused to unlock an iPhone in France. Despite its victory in a New York court yesterday, Apple may not be so successful elsewhere in fighting against federal authorities over iPhone encryption battle. Yann Galut, a member of France's Socialist Party, has submitted an amendment to a bill aimed at strengthening the French government's ability to fight against terrorism — by arguing that… Apple should pay a Million Euro ( $1.08 Million ) fine for every iPhone Apple refuses to unlock when asked to by law enforcement, The Local reported . The same €1 Million penalty could apply to Google as well under similar conditions, forcing the tech companies to help its investigators extract data from a suspect's smartphone in terrorism cases. The French police seized eight smartphones last year in terror investiga

New York Judge Rules FBI Can't Force Apple to Unlock iPhone

New York Judge Rules FBI Can't Force Apple to Unlock iPhone
March 01, 2016Mohit Kumar
Apple - 1; The FBI - 0 Apple Won a major court victory against the Federal Bureau of Investigation (FBI) in an ongoing legal battle similar to San Bernardino. In a New York case, a federal magistrate judge has ruled in favor of Apple, rejecting the U.S. government's request to force Apple to help the FBI extract data from a locked iPhone. This ruling from United States Magistrate Judge James Orenstein for the Eastern District of New York is a significant boost to Apple's pro-privacy stance to resist the agency's similar efforts over unlocking iPhone 5C of an alleged San Bernardino terrorist. The ruling [ PDF ] was issued on Monday as part of the criminal case against Jun Feng , who was pleaded guilty in October last year to drug charges. The Drug Enforcement Administration (DEA) seized Feng's iPhone 5 last year, but even after consulting the FBI, it was unable to access the iPhone. According to both the DEA and FBI, it's impossible for them to ov

Apple is working on New iPhone Even It Can't Hack

Apple is working on New iPhone Even It Can't Hack
February 25, 2016Unknown
Amid an ongoing dispute with the United States government over a court order to unlock iPhone 5C of one of the San Bernardino shooters Syed Farook… ...Apple started working on implementing stronger security measures "even it can't hack" to achieve un-hackability in its future iPhones. The Federal Bureau of Investigation (FBI) is deliberately forcing Apple to create a special, backdoored version of iOS that could let them brute force the passcode on Farook's iPhone without erasing data. However, the FBI approached the company to unlock the shooter's iPhone 5C in various ways like: Create a backdoor to shooter's iPhone. Disable the Auto-destruct feature after numerous tries. Increase the brute force time to try out all combinations. Minimize the time of waiting for a window after each try. ..and much more Apple is still fighting the battle even after the clear refusal to the court that it will not provide any backdoor access to the a

Apple vs. FBI — Google Joins Tim Cook in Encryption Backdoor Battle

Apple vs. FBI — Google Joins Tim Cook in Encryption Backdoor Battle
February 17, 2016Mohit Kumar
In the escalating battle between the Federal Bureau of Investigation (FBI) and Apple over iPhone encryption, former National Security Agency (NSA) contractor Edward Snowden and Google chief executive Sundar Pichai just sided with Apple's refusal to unlock iPhone . Yesterday, Apple CEO Tim Cook refused to comply with a federal court order to help the FBI unlock an iPhone owned by one of the terrorists in the mass shootings in San Bernardino , California, in December. Here's What the FBI is Demanding: The federal officials have asked Apple to make a less secure version of its iOS that can be used by the officials to brute force the 4-6 digits passcode on the dead shooter's iPhone without getting the device's data self-destructed. Cook called the court order a "chilling" demand that "would undermine the very freedoms and liberty our government is meant to protect." He argued that to help the FBI unlock the iPhone would basically

Judge Orders Apple to Unlock iPhone Used by San Bernardino Shooters

Judge Orders Apple to Unlock iPhone Used by San Bernardino Shooters
February 17, 2016Unknown
The Tech Giant Apple has come into an entangled situation which could be a potential security threat for Apple users in near future: Help the FBI Unlock an iPhone . The US Magistrate Judge Sheri Pym has ordered Apple to provide a reasonable technical assistance in solving a critical case of Syed Farook ; who with his wife Tashfeen Malik planned a coordinated "2015 San Bernardino attack" that killed 14 people injured 22. As part of the investigation, the Federal Bureau of Investigation (FBI) had seized the Farook's iPhone 5C that would be considered as an insufficient evidence until and unless the iPhone gets unlocked by any means. Previously, Apple had made several crystal clear statements about its Encryption Policy , stating that even the company is not able to decrypt any phone data as the private key lies at the user's end. A similar problem encountered three years back with Lavabit, who was forced to shut down its services soon after when F

Hackers Can Remotely Record and Listen Calls from Your Samsung Galaxy Phones

Hackers Can Remotely Record and Listen Calls from Your Samsung Galaxy Phones
November 13, 2015Swati Khandelwal
If you own a Samsung Galaxy Phone – S6, S6 Edge or Note 4 , in particular – there are chances that a skilled hacker could remotely intercept your voice calls to listen in and even record all your voice conversations. Two security researchers, Daniel Komaromy of San Francisco and Nico Golde of Berlin, have demonstrated exactly the same during a security conference in Tokyo. The duo demonstrated a man-in-the-middle (MITM) attack on an out-of-the-box and most updated Samsung handset that allowed them to intercept voice calls by connecting the device to fake cellular base stations. The issue actually resides in the Samsung's baseband chip , which comes in Samsung handsets, that handles voice calls but is not directly accessible to the end user. How to Intercept Voice Calls? The researchers set up a bogus OpenBTS base station that nearby Samsung devices, including the latest Samsung S6 and S6 Edge , think is a legitimate cellular tower. Once connected to

NSA-linked Spying Malware Infected Top German Official's Computer

NSA-linked Spying Malware Infected Top German Official's Computer
October 27, 2015Swati Khandelwal
The German authorities have initiated a further investigation into espionage by the United States secret service NSA and British intelligence agency GCHQ after...   ...the head of the German Federal Chancellery unit had his private laptop infected. According to a recent report published by Der Spiegel , the laptop of the Chancellery division leader was infected with Regin – a highly advanced espionage malware program that has been linked to the National Security Agency (NSA) and its UK counterpart, the Government Communications Headquarters (GCHQ). As The Hacker News reported almost a year ago, Regin is one of the most highly advanced, sophisticated malware programs that was used to spy on a wide range of international targets including: Internet service providers (ISPs) Telecommunications backbone operators Energy firms Airlines Government entities Research institutes Other high-profile individuals …around the world since at least 2008. Regin has d

Hackers Can Use Radio-waves to Control Your Smartphone From 16 Feet Away

Hackers Can Use Radio-waves to Control Your Smartphone From 16 Feet Away
October 14, 2015Swati Khandelwal
What if your phone starts making calls, sending text messages and browsing Internet itself without even asking you? No imaginations, because hackers can make this possible using your phone's personal assistant Siri or Google Now. Security researchers have discovered a new hack that could allow hackers to make calls, send texts, browser a malware site, and do many more activities using your iOS or Android devices' personal assistant Siri or Google Now — without even speaking a single word. A Group of researchers from French government agency ANSSI have discovered that a hacker can control Apple's Siri and Android's Google Now by remotely and silently transmitting radio commands from as far as 16 feet away... ...only if it also has a pair of headphones plugged into its jack. How does the Hack Work? It is very interesting and a mind-blowing technique. The Hack utilizes: An iPhone or Android handset with headphones plugged in A radio tra

YiSpecter — First iOS Malware that Attacks both: Non-jailbroken and Jailbroken Devices

YiSpecter — First iOS Malware that Attacks both: Non-jailbroken and Jailbroken Devices
October 05, 2015Swati Khandelwal
Less than a month after Apple suffered one of its biggest malware attacks ever, security researchers have discovered another strain of malware that they claim targets both jailbroken as well as non-jailbroken iOS devices . Last month, researchers identified more than 4,000 infected apps in Apple's official App Store, which was targeted by a malware attack in which some versions of software used by developers to build apps for iOS and OS X were infected with malware, named XcodeGhost . And Now: Researchers from a California-based network security firm Palo Alto Networks have discovered new malware that targets Apple's iOS users in China and Taiwan. Capabilities of YiSpecter Malware Dubbed YiSpecter , the malware infects iOS devices and once infected, YiSpecter can: Install unwanted apps Replace legitimate apps with ones it has downloaded Force apps to display unwanted, full-screen ads Change bookmarks as well as default search engines in Safari S
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.