Jump to content
House Price Crash Forum

Archived

This topic is now archived and is closed to further replies.

Oliver Sutton

Iphone Bug Could Let Hackers Into Any Apple Ios Device With Just One Tap

Recommended Posts

Yes, but as Snowden has said pretty much ALL mobile phones are totally insecure. They can be turned on remotely, used to listen in even when switched off etc etc.

It's why Snowden asked visitors to turn their phones off and put them in his fridge.

Pretty much people should expect that the Government/somebody is listening in or hacking their stuff.

Share this post


Link to post
Share on other sites

We used to have a pretty spooky one when I was a kid. In the dead of night you'd sometimes hear faint music, put your head to the fridge and you'd find it was coming from there - picking up radio stations somehow. Apparently a pretty common occurrence in olden days - even reports of tooth fillings able to pick up radio if you had too many.

My mates Amstrad Music system would pick up Radio 2 if he turned the treble up.

Share this post


Link to post
Share on other sites

Yes, but as Snowden has said pretty much ALL mobile phones are totally insecure. They can be turned on remotely, used to listen in even when switched off etc etc.

It's why Snowden asked visitors to turn their phones off and put them in his fridge.

Pretty much people should expect that the Government/somebody is listening in or hacking their stuff.

Does putting the phone in the fridge still work if it's a smart fridge??

Share this post


Link to post
Share on other sites

Yes, but as Snowden has said pretty much ALL mobile phones are totally insecure. They can be turned on remotely, used to listen in even when switched off etc etc.

It's why Snowden asked visitors to turn their phones off and put them in his fridge.

Pretty much people should expect that the Government/somebody is listening in or hacking their stuff.

But I thought Apple products were special. Can't be hacked. Never get any viruses etc.

Share this post


Link to post
Share on other sites

But I thought Apple products were special. Can't be hacked. Never get any viruses etc.

Yeah. Moving on ( :D ), it appears to be called "Trident" and is part of the Pegasus suite of spyware tools. Here's a tech symopsis:

Lookout’s analysis determined that the malware exploits three zero-day vulnerabilities, or Trident, in Apple iOS:

  1. CVE-2016-4655: Information leak in Kernel – A kernel base mapping vulnerability that leaks information to the attacker allowing him to calculate the kernel’s location in memory.
  2. CVE-2016-4656: Kernel Memory corruption leads to Jailbreak – 32 and 64 bit iOS kernel-level vulnerabilities that allow the attacker to silently jailbreak the device and install surveillance software.
  3. CVE-2016-4657: Memory Corruption in Webkit – A vulnerability in the Safari WebKit that allows the attacker to compromise the device when the user clicks on a link.

The attack sequence, boiled down, is a classic phishing scheme: send text message, open web browser, load page, exploit vulnerabilities, install persistent software to gather information. This, however, happens invisibly and silently, such that victims do not know they’ve been compromised.

According to vuldb, a vulnerability database, the exploit is priced at $25k-$50k, so currently not scipt-kiddie stuff.

CVE-2016-4657, the CVE ref for the vulnerability in the safari Webkit, remains reserved but with no details. I guess that par for the course with non-open source software.

vuldb states that this is a buffer overflow exploit:

This vulnerability affects an unknown function of the component WebKit. The manipulation with an unknown input leads to a buffer overflow vulnerability (trident). As an impact it is known to affect confidentiality, integrity, and availability.

Good stuff.

Tell your friends. Tell your acquaintances. Tell the guy waiting for the train. Tell 'em it won't be the last time. Tell 'em Vlad can afford it. tell 'em Vlad could break the payments system if we all used mobile phones instead of cash. Ask 'em how they'd feel not just w/o SnapChat, Instagram, twitter, Facebook, internet access or e-bankin, but w/o any way to pay at the till, for Starbucks, petrol, Subways or even a pint of milk. Then ask them what they think of a cashless society.

Hackers. They are all that stand between us and tyranny, even if the tyrants are their best customers. By the same token, the NRA should give up their pop guns and insist on the right to bear malware.

Share this post


Link to post
Share on other sites

Yes, but as Snowden has said pretty much ALL mobile phones are totally insecure. They can be turned on remotely, used to listen in even when switched off etc etc.

It's why Snowden asked visitors to turn their phones off and put them in his fridge.

Pretty much people should expect that the Government/somebody is listening in or hacking their stuff.

Pretty much the best vulnerability exploitation tools are sponsored by one Government or another. Israel is reckoned to be hot at this stuff.

Share this post


Link to post
Share on other sites

I can see Mr Sledgehead reads "TheRegister" too! Yes my work sometimes involves hardening up IT stuff for industrial use, so I am quite keen on some of these naughty exploits.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

  • The Prime Minister stated that there were three Brexit options available to the UK:   99 members have voted

    1. 1. Which of the Prime Minister's options would you choose?


      • Leave with the negotiated deal
      • Remain
      • Leave with no deal

    Please sign in or register to vote in this poll. View topic


×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.