Tag Archive: iPhone Repair Aldergrove


Apple Fixes “Fundamental” SSL Bug in iOS 7

Apple quietly released iOS 7.06 late Friday afternoon, fixing a problem in how iOS 7 validates SSL certificates. Attackers can exploit this issue to launch a man-in-the-middle attack and eavesdrop on all user activity, experts warned.

“An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS,” Apple said in its advisory.

Users should update immediately.

Watch Out for Eavesdroppers
As usual, Apple didn’t provide a lot of information about the issue, but security experts familiar with the vulnerability warned that attackers on the same network as the victim would be able to read secure communications. In this case, the attacker could intercept, and even modify, the messages as they pass from the user’s iOS 7 device to secured sites, such as Gmail or Facebook, or even for online banking sessions. The issue is a “fundamental bug in Apple’s SSL implementation,” said Dmitri Alperovich, CTO of CrowdStrike.

The software update is available for the current version of iOS for iPhone 4 and later, 5th generation iPod Touch, and iPad 2 and later. iOS 7.06 and iOS 6.1.6. The same flaw exists in the latest version of Mac OS X but has not yet been patched, Adam Langley, a senior engineer at Google, wrote on his ImperialViolet blog. Langley confirmed the flaw was also in iOS 7.0.4 and OS X 10.9.1

Certificate validation is critical in establishing secure sessions, as this is how a site (or a device) verifies that the information is coming from a trusted source. By validating the certificate, the bank website knows that the request is coming from the user, and is not a spoofed request by an attacker. The user’s browser also relies on the certificate to verify the response came from the bank’s servers and not from an attacker sitting in the middle and intercepting sensitive communications.

Update Devices
It appears Chrome and Firefox, which uses NSS instead of SecureTransport, aren’t affected by the vulnerability even if the underlying OS is vulnerable, Langley said. He created a test site at https://www.imperialviolet.org:1266. “If you can load an HTTPS site on port 1266 then you have this bug,” Langley said

Users should update their Apple devices as soon as possible, and when the OS X update is available, to apply that patch as well. The updates should be applied while on a trusted network, and users should really avoid accessing secure sites while on untrusted networks (especially Wi-Fi) while traveling/

“On unpatched mobile and laptop devices, set ‘Ask to Join Networks’ setting to OFF, which will prevent them from showing prompts to connect to untrusted networks,” wrote Alex Radocea, a researcher from CrowdStrike.

Considering recent concerns about the possibility of government snooping, the fact that iPhones and iPads were not validating certificates correctly can be alarming for some. “I’m not going to talk details about the Apple bug except to say the following. It is seriously exploitable and not yet under control,” Matthew Green, a cryptography professor at Johns Hopkins University, posted on Twitter.

Check out this video from News Loop:

 

Source: PC World Security Watch

Researchers describe hacking iOS devices with malicious charger

Researchers from the Georgia Institute of Technology will be demonstrating a proof-of-concept method of hacking an iPhone using a malicious USB charger. Billy Lau, Yeongjin Jang, Chengyu Song announced the demonstration for Black Hat USA 2013, an annual conference for hackers and security researchers that begins on July 27th in Las Vegas.

The short version is the three researchers found a way to use USB protocols to bypass some of Apple’s security features in iOS that prevent unauthorized software from being installed on your iOS device. The three built a charger based on a BeagleBoard (see below)—a US$125 computer-on-a-circuit-board—that was able to successfully insert malware onto an iPhone plugged into it.

Worse, they can do so in under a minute.

“Despite the plethora of defense mechanisms in iOS, we successfully injected arbitrary software into current-generation Apple devices running the latest operating system (OS) software,” the researchers wrote on their BlackHat presentation description. “All users are affected, as our approach requires neither a jailbroken device nor user interaction.”

In the demonstration, they said will discuss Apple’s existing security mechanisms that protect against “arbitrary software installation,” which in layman’s terms essentially means malware. They will then describe how standard USB capabilities can be, “leveraged to bypass these defense mechanisms.” To finish it off, they will demonstrate how this same process can be used to then hide the resulting malware from the user the same way Apple hides its own built in software.

The three researchers named their malicious charger “Mactans.”

The BeagleBoard it is based on is an off-the-shelf circuit board that can be used to create all manner of tiny computing devices running Angstrom (Open Embedded), Debian, Ubuntu, and Gentoo. There are other BeagleBoard products as well, including a slightly larger model with a 1GHz Sitara ARM Cortex-A8 processors that can run Android.

The point the researchers are making is that their method can be accomplished with readily available technology.

“While Mactans was built with limited amount of time and a small budget,” they wrote, “we also briefly consider what more motivated, well-funded adversaries could accomplish.”

The researchers will offer methods for protecting yourself against such an attack—we’ll throw out that you should probably be choosy about using a charger whose provenance you can’t verify—and what Apple can do to make this attack, “substantially more difficult to pull off.”

Source: UPI

New iPhone app enables self-destructing sext messages

Sexting, or the act of sending sexually explicit messages or photographs between mobile phones, continues to grow increasingly popular. Mobile users often have private photos posted to the Internet without their permission, and politicians and celebrities alike have taken explicit photos that using mobile devices that were eventually leaked. Unfortunately for Anthony Weiner, the congressman wasn’t aware of an iPhone app by the name of Snapchat. The program is available for free in Apple’s App Store and allows users to send photos that self-destruct within 1-10 seconds. Images cannot be saved in the app, and Snapchat will even notify users if the recipient takes a screenshot — though there is no way to prevent screenshots from being taken, of course. It should also be noted that images are stored on the developer’s servers, and while the company “attempt(s) to delete image data as soon as possible after the message is transmitted,” it cannot guarantee messages will always be deleted. “Messages, therefore, are sent at the risk of the user,” the company’s privacy policy warns.

Source: Forbes / BGR