The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: iPhone

Test your Mobile Hacking and Penetration testing Skills with Damn vulnerable iOS app

Test your Mobile Hacking and Penetration testing Skills with Damn vulnerable iOS app
February 02, 2014Wang Wei
Smartphones are powerful and popular, with more than thousands of new mobile apps hitting the market everyday. Apps and mobile devices often rely on consumers' data, including private information, photos, and location, that can be vulnerable to data breaches, surveillance and real-world thieves. When developing a mobile application, developer has to fulfill high security requirements, established for apps that deal with confidential data of the users. If you are a developer then responsibilities for providing security to the users is very high in comparison to functionality you are going to feed into the app. e.g. A vulnerability found in Starbucks' iOS app could have caused a massive financial data loss. It is always important for all app developers to have enough knowledge about major Mobile platform Security threats and its countermeasures. Today we would like to introduce open source ' Damn Vulnerable IOS App (DVIA) ' developed by Prateek Gianchan

iOS 7 Untethered Jailbreak released for iPhone, iPad, and iPod devices

iOS 7 Untethered Jailbreak released for iPhone, iPad, and iPod devices
December 22, 2013Wang Wei
If you love iPhone you are surely going to love this news. iOS 7 was released in 3 months before and today finally the  evad3rs team has released   an untethered jailbreak  for iPhone , iPad, and iPod devices running  iOS 7.0 through iOS 7.0.4. The evasi0n installer is compatible with Windows, Mac OS X and Linux so no matter what operating system you're on, you should be able to jailbreak your device. Jailbreaking is the procedure of modifying the iOS of your iPhone to remove the limitations imposed by Apple. This allows a user to access and install a lot of new applications, software and other similar content which otherwise are not made available to iPhone users through the Apple Store. The process is very simple, and within five minutes you can jailbreak your device. According to the instructions, iTunes must be installed if you're running Windows and the only prerequisite is that the device should be running iOS 7.0.4. Team advice user to backup device data before using evas

Apple iOS 7.0.4 update released to patch Apple Store purchase vulnerability

Apple iOS 7.0.4 update released to patch Apple Store purchase vulnerability
November 16, 2013Wang Wei
Apple has released the latest version of its mobile platform i.e. iOS 7.0.4 includes bug fixes, security patches with some new features. The update is available for iPhone , iPad and iPod touch, identified as " build 11B554a ." Most importantly Apple has patched a critical security flaw that allowed to purchase stuff from the online Apple Store without having to tap in a valid password. Vulnerability assigned as  CVE-2013-5193 , " A signed-in user may be able to complete a transaction without providing a password when prompted. This issue was addressed by additional enforcement of purchase authorization. " Apple's security bulletin says. The patch restores the aforementioned authentication check and will allow app store transactions only  if the user will provide a valid password. The update also addressed an issue that would cause FaceTime calls to fail for some users. Apple recommended users to update their devices immediately. iOS users ca

Samsung Galaxy S4 and iPhone 5 zero-day exploits revealed at Pwn2Own 2013 Contest

Samsung Galaxy S4 and iPhone 5 zero-day exploits revealed at Pwn2Own 2013 Contest
November 14, 2013Wang Wei
At Information Security Conference PacSec 2013 in Tokyo, Apple's Safari browser for the iPhone 5 and the Samsung Galaxy S4 have been exploited by two teams of Japanese and Chinese white hat hackers. In HP's Pwn2Own 2013 contest , Japanese squad Team MBSD, of Mitsui Bussan Secure Directions won won $40,000 reward for zero day exploit for hacking Samsung Galaxy S4. The vulnerabilities allow the attacker to wholly compromise the device in several ways, such as using a drive-by download to install malware on the phone. In order for the exploit to be successful, the group lured a user to a malicious website, gained system-level privileges and installed applications that allowed the team to gather information, including SMS messages, contacts and browsing history. They  Another Hackers Team from Keen Cloud Tech in China showed how to exploit a vulnerability in iOS version 7.0.3 to steal Facebook login credentials and a photo from a device running iOS 6.1.4. They wo

iOS apps vulnerable to HTTP Request Hijacking attacks over WiFi

iOS apps vulnerable to HTTP Request Hijacking attacks over WiFi
October 30, 2013Anonymous
Security researchers Adi Sharabani and Yair Amit  have disclosed details about a widespread vulnerability in iOS apps , that could allow hackers to force the apps to send and receive data from the hackers' own servers rather than the legitimate ones they were coded to connect to. Speaking about the issue at RSA Conference Europe 2013 in Amsterdam, researchers have provided details  on this  vulnerability , which stems from a commonly used approach to URL caching. Demonstration shows that insecure public networks can also provide stealth access to our iOS apps to potential attackers using HTTP request hijacking methods. The researchers put together a short video demonstrating, in which they use what is called a 301 directive to redirect the traffic flow from an app to an app maker's server to the attacker's server. There are two limitations also, that the attacker needs to be physically near the victim for the initial poisoning to perform this attack and t

'LinkedIn Intro' iOS app can read your emails in iPhone

'LinkedIn Intro' iOS app can read your emails in iPhone
October 25, 2013Mohit Kumar
Your LinkedIn profile is your digital resume. Yesterday, LinkedIn launched a new app for for iOS devices called Intro ' LinkedIn Intro '. With this feature an email on your iPhone will display a picture of the sender, with useful profile info from LinkedIn. Basically, to use the service, a LinkedIn user must route all of their emails (any provider i.e. Hotmail, Gmail, Yahoo, etc.) through LinkedIn's 'Intro' servers, which will inject fancy business centric HTML profile right in your emails, as shown. But this also means that LinkedIn is now able to read the complete content of your emails and also can store the passwords to users' external email accounts. The feature is enough to destroy the security and privacy of your mails. Another point to be noted that, Apple does not provide any APIs or frameworks for developers that would allow this kind of modification of its interface. Instead, LinkedIn is acting as a ' man in the middle ' by inter

Unbreakable Apple's iMessage encryption is vulnerable to eavesdropping attack

Unbreakable Apple's iMessage encryption is vulnerable to eavesdropping attack
October 18, 2013Mohit Kumar
Though Apple claims iMessage has end-to-end encryption, But researchers claimed at a security conference that Apple's iMessage system is not protected and the company can easily access it. Cyril Cattiaux - better known as pod2g, who has developed iOS jailbreak software, said that the company's claim about iMessage protection by unbreakable encryption is just a lie, because the weakness is in the key infrastructure as it is controlled by Apple: they can change a key anytime they want, thus read the content of our iMessages . Basically, when you send  an   iMessage to someone, you grab their public key from Apple, and encrypt your message using that public key. On the other end, recipients have their own private key that they use to decrypt this message. A third-party won't be able to see the actual message unless they have access to the private key. Trust and public keys always have a problem, but the  researchers noted that there's no evidence that Apple or

iPhone Fingerprint scanner hack allows attacker to hijack Apple ID using Flight Mode

iPhone Fingerprint scanner hack allows attacker to hijack Apple ID using Flight Mode
October 06, 2013Wang Wei
A German security firm SRL claims a vulnerability in Touch ID Fingerprint Scanner and iCloud allows a hacker to access a locked device and potentially gain control over an owner's Apple ID. SRL points out that Airplane mode can be enabled on a stolen phone from the lockscreen , which turns off wireless connectivity and so defeats the remote wipe facility . This can be accessed without requiring a passcode, could be a major vulnerability when it comes to physically stolen devices. In a video demonstration, they point out that while Apple lets users locate and remotely wipe a device using the Find My iPhone app. Since Find My iPhone can only perform a wipe if a device is connected to the Internet, but because airplane mode will disable Internet Connectivity, that may give a thief enough time to get fingerprints off of the device and eventually log in. An attacker can create a fake fingerprint on a laminated sheet and later attached to one of their fingers, as already explained

Another iPhone lockscreen bypass vulnerability found in iOS 7.02

Another iPhone lockscreen bypass vulnerability found in iOS 7.02
September 30, 2013Mohit Kumar
Here we go again! Earlier this week, Apple released iOS 7.0.2 just to fix some Lockscreen bugs in iOS 7 and but a researcher has found a new Lockscreen bug in new iOS 7.0.2. This new Lockscreen bug is found by Dany Lisiansky , and he uploaded a proof of concept video on YouTube with the complete step by step guide. Unlike the previous bugs it will not expose your Email, Photos, Facebook and Twitter but allows attackers to access your phone call history, voicemails and entire list of contacts. A step by step guide released by iDownloadblog : Make a phone call (with Siri / Voice Control) Click the FaceTime button When the FaceTime App appears, click the Sleep button Unlock the iPhone Answer and End the FaceTime call at the other end Wait a few seconds Done. You are now in the phone app Video demonstration  It would be easy for someone who knows you or your love partner or your business partner to obtain your phone and call themselves from it

Exclusive : New Touch ID hack allows hacker to unlock an iPhone by multiple fingerprints

Exclusive : New Touch ID hack allows hacker to unlock an iPhone by multiple fingerprints
September 29, 2013Mohit Kumar
The Iranian group defeated the very basic phenomenon of an iPhone Fingerprinting scanner, which allows them to unlock an iPhone device with multiple Fingerprints. Apple's iPhone 5s , was launched just available in stores two weeks before with a new feature of biometrics-based security system called " Touch ID ", that involves analyzing a user's fingerprint and using that to unlock the phone. Apple launched the technology that it promises will better protect devices from criminals and snoopers seeking access. With this you can purchase things from the iTunes App Store. Basically, you can now use it in place of your password. " Fingerprint is one of the best passcodes in the world. It's always with you, and no two are exactly alike, " according to the Apple's website. Last week Germany Hackers showed that how they were able to deceive Apple's latest security feature into believing they're someone they're not, using a well-honed technique for

Mailbox iPhone app vulnerability executes any Javascript from HTML mail body

Mailbox iPhone app vulnerability executes any Javascript from HTML mail body
September 26, 2013Mohit Kumar
Italian Researcher Michele Spagnuolo recently revealed a serious vulnerability in the popular Mailbox iPhone app . Mailbox is a tidy iOS the email app recently purchased by Dropbox , has a pretty wide-open hole that could allow bad actors to hijack your device. The flaw occurs in the latest version of Mailbox (1.6.2) currently available from the App Store, that  executes any Javascript which is present in the body of HTML emails. With exploitation of this vulnerability, users could be subject to account hijacking, spam and phishing attacks by simply opening an HTML email containing embedded javascript. You can see a video demonstration below: The good news is that the problem is probably not as bad as it looks, because iOS is tightly sandboxed, its security features are built with this functionality in mind and normally do not allow any potentially harmful operation to take place without the user's permission. Mailbox's statement on this issue, &quo

iPhone 5s Users Fooled By Apple, NSA and A Fake middle finger

iPhone 5s Users Fooled By Apple, NSA and A Fake middle finger
September 24, 2013Wang Wei
Last week Apple releases the iPhone 5S  with Touch ID , a fingerprint-scanning feature, promoted by the company as " Your fingerprint is one of the best passwords in the world ". Just after the launch of iOS7 , Hackers around the world come up with a series of security issues and privacy concerns. One of the most embarrassing hack released yesterday, when a group of German Hackers fooled the iPhone 's biometric fingerprint security by just using a high resolution photo of someone's fingerprint. Now, We all are aware about many secret surveillance projects of NSA like PRISM , where U.S. government is collecting data from these Internet companies including - Apple. Apple claimed that, iPhone will never upload fingerprints to their server, but can we believe them anymore ? It is already proven that, During Surveillance operations and for Backup purpose, Smartphone applications can upload anything from your device to their online servers without any

Fake Grand Theft Auto V iFruit Android app fools thousands

Fake Grand Theft Auto V iFruit Android app fools thousands
September 23, 2013Wang Wei
Android malware is continuing to cause problems for end users with huge amounts of fraud and Malware campaigns going on. A lot of fake apps are currently on Google Play Store fooling thousands of consumers. Grand Theft Auto 5 , which hit stores last Tuesday and is shaping up to be the most lucrative video game release ever. Now, Rockstar Game do plan to bring their Grand Theft Auto V iFruit app for Android devices, but before official released, it's fake malicious versions are out in Google Play Market. Rockstar have confirmed that they haven't released the Android version yet, only the iOS version is available right now and Android owners are warned not to download them, because some could contain malicious malware . There are at least two fake apps have surfaced on the Google Play Store that use the same icon as iFruit in an attempt to mimic the real thing. The deceptive part about these apps is that the developer publicly listed appears as "Rockstar Game," suggesting that th

Finally, iPhone's Fingerprint Scanner 'TouchID' hacked first by German Hackers

Finally, iPhone's Fingerprint Scanner 'TouchID' hacked first by German Hackers
September 23, 2013Anonymous
Apple has marketed TouchID both as a convenience and as a security feature. " Your fingerprint is one of the best passwords in the world ," says an Apple promotional video. A European hacker group has announced a simple, replicable method for spoofing Apple's TouchID fingerprint authentication system. The Apple TouchID it the technology developed by Apple to replace passcode on its mobile and help protect users' devices, it is based on a sensor placed under the home button and it is designed to substitute the four-digit passcode to unlock the handset and authorize iTunes Store purchases. But is it really so? Hackers members of the Chaos Computer Club claim to have defeated Apple TouchID fingerprint sensor for the iPhone 5S, just after the start of its sale to the public. " Fingerprints should not be used to secure anything. You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints, " a hacker named Starbug was quoted as sa

Turning your iPhone or Android camera into Microscope

Turning your iPhone or Android camera into Microscope
September 22, 2013Wang Wei
Have you ever been wanting to take a picture of something you're looking at under your microscope but you just can't? Well, but now the Microphone Lens turns your iPhone or Android camera phone into a portable handheld microscope. By attaching a lightweight, inexpensive device to the back of a smart phone, researchers at the University of California (UCLA) can convert the phone into a sensitive fluorescence microscope. Microphone Lens allows the phone's camera to take pictures of single nanoparticles and viruses, possibly providing a portable diagnostic tool for health care workers in developing countries. In an experiment, A Nokia 808 PureView smartphone has been used to do fluorescent imaging on individual nanoparticles and viruses. By clipping on a 3D-printed attachment that included a laser bought on eBay Their work is funded by Nokia university research funding, the Army Research Office, the National Science Foundation, and other sources.

Second iOS 7 Lockscreen vulnerability lets intruders to make calls from locked iPhone

Second iOS 7 Lockscreen vulnerability lets intruders to make calls from locked iPhone
September 21, 2013Wang Wei
Just two days back Apple has yet fixed a security flaw in iOS 7 that allows anyone to bypass the lock screen to access users' personal data and the next one has already appeared. The new vulnerability was discovered by Karam Daoud, a 27 year old from the West Bank city of Ramallah in Palestine, that allows anyone to make calls from a locked iPhone , including international calls and calls to premium numbers. In a video, Daoud showed that calls can be made to any number from a locked iPhone running iOS 7 by using a vulnerability in the device's emergency calling function. The person needs to dial a number and then rapidly tap the call button until an empty screen with an Apple logo appears and makes the call to the particular number. The Forbes writer tested the flaw on two iPhone 5 devices on separate networks and it worked both times. This is the second malfunction found in the lock screen since iOS 7 was seeded to all iPhone owners this past Wednesday.

iPhone's iOS 7 Lockscreen hack allows to bypass Security

iPhone's iOS 7 Lockscreen hack allows to bypass Security
September 20, 2013Mohit Kumar
Like most iOS lock screen vulnerabilities, the passcode lock screen on iOS 7 also suffers from a bug that allows anyone with direct access to the iPhone or iPad. Although Apple claims to have fixed 80 security vulnerabilities with iOS 7, including the ability to bypass the lock screen in iOS 6.1.3, the same person who found the previous vulnerability has found yet another in iOS 7. Discovered by ' Jose Rodriquez ', an iPhone user reported a security flaw in iOS that lets anyone bypass the lockscreen passcode and access sensitive information stored in photos, Twitter, email and more. The flaw resides on users who lock their devices with a traditional PIN code or password. The security flaw is demonstrated in the video below and it works as follows: Swipe up from the bottom of the Lock screen to open Control Center and Launch the Clock app. Open the Alarm Clock section of the Clock app and Hold down the power button. Quickly tap Cancel the immediately doubl

NSA: Steve Jobs is the real Big Brother and iPhone buyers are zombies

NSA: Steve Jobs is the real Big Brother and iPhone buyers are zombies
September 10, 2013Mohit Kumar
As we reported yesterday that, your Smartphone is a goldmine for the US National Security Agency (NSA), they have the full access to your Data available on your Smartphones including Android , iPhone and Blackberry. But among other Smartphones,  iPhone apparently is the most popular with the National Security Agency. Another NSA presentation leaked by NSA whistle-blower Edward Snowden and published by German paper Der Spiegel , describing Steve Jobs as the real Big Brother and iPhone buyers as the "zombies" . By cracking mobile operating systems and eavesdropping on mobile communications, the data obtained in this way includes contacts, call lists, SMS traffic, notes and location information. " Such as a iPhone picture of a foreign government official who took selfies while watching TV, and a picture of an unknown man, apparently an Afghani fighter, in the mountains of Afghanistan. And remember the iPhone's location bug? That enabled tracking of people over exten

NSA can access your data on Smartphones including iPhone, BlackBerry and Android devices

NSA can access your data on Smartphones including iPhone, BlackBerry and Android devices
September 08, 2013Mohit Kumar
National Security Agency (NSA)  has the capability to access a broad range of data on most Smartphones out there, including iPhone, BlackBerry, and Android devices, according to the  documents provided by former US intelligence contractor Edward Snowden to the  German news agency Der Spiegel report. A 2009 NSA document states that it can " see and read SMS traffic ". This data includes Contact, call lists, SMS traffic, notes and location data about where a user has been, the NSA has set up teams to specialize in cracking each operating system. The leaked information also revealed that the NSA has organized a working group for each operating system. The documents also state the NSA has successfully accessed BlackBerry email data, a system previously thought to be very secure. Recently, two Guardian reporters , the Newspaper primarily responsible with leaking NSA documents, discovered a mystery app on their iPhones . It has no title, no identifying image,

Apple's new technology will allow government to control your iPhone remotely

Apple's new technology will allow government to control your iPhone remotely
August 29, 2013Mohit Kumar
Recently, The Social Media is buzzing over reports that Apple has invented a new technology that now can Switch off iPhone Camera and Wi-Fi, when entering a 'sensitive area'. Technology would broadcast a signal to automatically shut down Smartphone features, or even the entire phone. Yes ! It's true, On June 2008 - Apple filed a patent ( U.S. Patent No. 8,254,902 ) - titles " Apparatus and methods for enforcement of policies upon a wireless device " that defines the ability of U.S. Government to remotely disable certain functions of a device without user consent. All they need to do is decide that a public gathering or venue is deemed sensitive and needs to be protected from externalities. Is it not a shame that you can't take a photo of the police officer beating a man in the street because your oppressive government remotely disabled your Smartphone camera? Civil liberties campaigners fear it could be misused by the authorities to silence 'awkward citi
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.