Category Archives: Apple

Apple is a company that designs and manufactures computer devices. It is not immune to hackers who try by all means to hack their system.

Discovering security flaws on iOS doesn't make much money anymore

There are too many iPhone security vulnerabilities now.

Earlier this week, experts mentioned the fact that several security vulnerabilities are present on iOS, significantly lowering the value of these vulnerabilities that once could cost a large amount of money to discover it.

This article will also interest you: A security flaw discovered on the Safari browser would allow you to hack iPhones and Macs

The problem could surely come from the Cupertino firm's readiness to offer security fixes within a reasonable time frame. Indeed, when a security flaw is exposed publicly, it means that the security has already been plugged by the manufacturer or publisher of the programs concerned. This usually happens when manufacturers and computer security researchers conduct tests and bug-finding programs during the year the tool is made available. When these vulnerabilities are discovered, the manufacturing or publishing company is automatically informed often in exchange for financial consideration (more or less generous). This allows him to get a head start and prepare security patches to fill the gap.

However, the companies involved do not always react properly when a security flaw is discovered by an independent expert. What matters is the last most often to publicly communicate the generality, with the intention of either causing harm to the company or notifying users of the service (because the fault can cause huge problems for them). In some cases, companies are well informed but do not act quickly enough to produce the means necessary to close the security breach. This then makes it easier for hackers to use it to carry out their cyber-malveillance actions. "Sometimes things don't happen that way. And without a reaction from the companies involved, security researchers occasionally put them in front of the fait accompli, pointing the spotlight at large security holes still open and inviting hackers somewhere to rush into them. says Mathieu Chartier.

In this dynamic of discovery and transmission of loopholes in exchange for remuneration, a particular group was born. The one made up of people posing as wholesalers with security vulnerabilities. The aim of the latter is to massively buy the vulnerabilities discovered by independent researchers. These redeemed vulnerabilities allow them to either re-currency them with manufacturers for a more substantial income, or near developer or publisher of computer security solutions. Zerodium is one of those security vulnerability wholesalers. Recently this company announced in an official statement a news that will undoubtedly bring to the image of Apple. Indeed, the company specializing in the wholesale marketing of security vulnerabilities posted on its official Twitter page that it was suspending these activities of purchasing vulnerabilities from Apple devices. This is over a period of 2 to 3 months. The reason that could have pushed Zerodium would be a very large presence of security flaws from the Cupertino firm's devices.

According to the first zerodium official, Chouaki Bekrar, noted that the rewards for security flaws discovered on devices running on iOS for example dropped sharply. Some vulnerabilities that are not critical enough will be demonetized, making many people think that the market for iOS vulnerabilities is about to disappear. The head of the wholesaler firm did not fail to point out that the flaws discovered on Android smartphones are now much more expensive than those present on iOS. The eyes will then be on iOS 14 which is out by the end of this year. Experts expect an improvement in the security of this new version of iOS. For a brand that is known for its safety, this announcement of Zerodium will certainly hurt him. A security increase at iOS 14 would certainly be a way to enhance the market for vulnerabilities in iOS vulnerabilities.

Now access an unlimited number of passwords:

Check out our hacking software

Unlocking an iPhone without Apple: the FBI made this bet

We remember the Cupertino giant's categorical refusal to comply with the FBI regarding the unlocking of the 2 iPhones found during the attack on the Pensacola base in Florida in the United States.

An attack that killed 3 people and injured 8 people. The phones that were supposed to belong to the shooter. Despite Apple's positioning, the FBI recently announced that it had successfully unlocked one of the criminal's iPhones.

This article will also interest you: 8 features to adopt to better secure its iPhone iOS 12

The information was leaked on Monday following a statement made at a press conference by Christopher Wray, the director of the U.S. Federal Police and William Barr, the U.S. Attorney General. According to them, the FBI managed the feat of hacking an iPhone and accessing the contents of one of the phones of the culprit of the attack, known as Mohammed Saeed Alshamrani. Thanks to this feat of the specialists of the U.S. Federal Police, the authorities were able to have some information to highlight certain areas of shadow in their investigation. And according to his information, Mohammed Saeed Alshamrani is directly linked to Al Qaeda.

The U.S. authorities did not fail to raise the really successful fact of any assistance from the Cupertino firm. "We didn't get any help from Apple. Christopher Wray, the head of the federal police, noted strongly, despite the fact that the U.S. Attorney General had engaged in a tussle with the American digital giant in recent months, accusing him of refusing to participate in a criminal investigation, even though his assistance was substantial. Despite this, the U.S. authorities managed to unlock access that was intentionally damaged by the criminal. As a result, they were able to discover that he had a complex relationship with Al Qaeda operatives located in the Arabian Peninsula. They were also able to find a will stored in the attacker's smartphone. A will that was published two months after the attack on the American base by the alleged leader of Al Qaeda in the Arabian Peninsula, at the time when he came to claim the attack on behalf of his organization. "The evidence we have been able to gather from the killer's devices shows that the Pensacola attack was in fact the brutal culmination of years of planning and preparation," the US Federal Police chief said.

It should be noted that this is one of the few times that authorities have been able to access the encrypted content of an iPhone-type smartphone. Being in our case iPhones 5 and 7, it is difficult to determine if this could be repeated in the future and on other models of the American brand. This is what the head of the federal office points out when he says, "Unfortunately, the technique we have developed is not a solution to our overall problem." While the head of the U.S. Federal Police denies receiving outside help, some computer security experts have indicated that the FBI may have used cellebrite, an Israeli company whose industry would be the development of hacking tools. The latter did not want to declare anything on the subject

The Cupertino firm, for its part, is defending itself against the charges of the U.S. Attorney General. It believes it has accomplished what it had to accomplish within legal limits such as providing iCloud backups, transaction data, account information… "The false statements made about our society are an excuse to weaken encryption and other security measures that protect millions of users and our national security. This is because we take our responsibility to national security so seriously that we do not believe in the creation of a backdoor, which will make every device vulnerable to malicious people who threaten our national security and the security of our customers' data. said Apple.

One wonders how long this tussle between the FBI and Apple will continue. It was not the first time and it will certainly not be the last.

Now access an unlimited number of passwords:

Check out our hacking software

Apple faces it as a computer security researcher

The soap opera Apple and the firm Corellium continues to take a more or less unsightly turn and this affects the entire sector.

The Cupertino firm would necessarily like to put the start-up at the foot of the wall.

This article will also interest you: A security flaw on iPhone that could allow iOS Jailbreaks permanently

A few months ago, Apple filed a lawsuit against Corellium for making available computer security researchers, virtual machines running on iOS, with the goal for security researchers to be able to conduct tests on Apple's ecosystem without going through jailbreak. For the American giant, this is clearly an infringement of the protection of its intellectual property, because it has never consented to the development of such a tool as well as its deployment. In a sense, we can say that Apple is totally within its rights. However, Cupertino's hard work against Corellium continues to cause a lot of misunderstanding and worsen its poor relations with security professionals. This only develops and reveals the resentments that have always existed towards Apple.

That's why the vast majority of IT security specialists mentioned that the Cupertino firm didn't really help them with their tasks. And this is even highlighted by the fact that the apple brand took a long time before setting up the Bounty bug system for its devices and systems. And even when it was introduced in 2016, the program was originally only available to a limited number of hackers who were hand-picked. It was not until long after the American firm finally fell to let others participate in its program, long before many other companies of its caliber. This sudden turnaround has no other explanation than the appearance of security vulnerabilities on iPhones for some time. Enough to push American society not only to allow anyone to participate from now on in its Bug Bounty programs but with huge rewards.

But all this hasn't stopped the disgruntled, especially these times when Apple has made a limited selection of security researchers, to whom it has given jailbroken iPhones for their research. Leaving other specialists to fend for themselves, forcing some to buy iPhones to unlock on the black market at often extreme prices. It is in such a context that the solution proposed by Corellium is timely, proving to be very practical as an alternative, because it saves much more time.

While the American giant pointed out in its complaint that its objective is not to obstruct computer security research in any way, it remains that the background it has with several researchers aggrieved by its behavior makes it difficult to believe with such statements, believing that the latter seeks only excuses and would seek behind his complaint , to limit searches yet on iOS. Apple also noted that it would not allow its operating system to be marketed fraudulently for any reason. On Twitter, MalwareTech wrote on the issue: "Apple wants to keep control over the research and the flaws that result from it. His intention is probably to prevent researchers from selling loopholes to brokers."

In its defense, Corellium claims to have participated in several Bounty bug programs launched by Apple. This is using these virtualization technologies that have allowed it to deliver certain security flaws to the American giant. That at no time: "Apple has never made any remarks about a possible intellectual property infringement," a legal document read.

Obviously, Apple's legal action is bearing fruit. Indeed, the giant said the start-up was inciting people who used its software to sell the flaws to the highest bidders. To avoid reprisals from the American giant, many researchers prefer not to turn to Corellium and its solution.

Now access an unlimited number of passwords:

Check out our hacking software

IOS: iPhone users forced to enter into fraudulent subscriptions

Recently the information was carried that iPhone iOS users therefore, (nearly 3.5 million), would be forced to make subscriptions that do not meet the standards.

Publishers affected by this fraud would use a somewhat fuzzy system to mislead users, who find themselves trapped after trial periods, even when the app is already installed on the phone. "Mobile app publishers are taking advantage of a blurring of the mobile app blinds subscription system to charge for subscriptions after a free trial period, even when the user has uninstalled the app. explains the report by Sophos, a firm specializing in computer security. According to the latter, more than 3 million iPhone users have been deceived by this kind of fraudulent system.

This article will also interest you: The iPhone 11 of Lev Parnas, 2 months to succeed in hacking it

Applications that are used to fool users and take advantage of the flaws in app blinds subscription systems are named by security specialists Fleecewares. These programs complicate the termination process, therefore forcing the user to pay money at the end of the trial period. Clearly, this is how the processes go in a few words. No matter the operating system, whether the device is iOS or Android, it has allowed app publishers to offer their software for paid or free use. When it is paid for, it comes with a trial period in some cases. And often at the end of the trial, the subscription is automatically activated, prompting the user to subscribe, charging it directly to their account. This is what now allows him to enjoy the application as easily as he wishes. However, "Fleecewares, these fraudulent applications, take advantage of the fact that this system allows app publishers to continue charging users, even when they have uninstalled their smartphone app. Sophos' report notes.

We know, for example, that Apple and Google in their respective app stores give software vendors the ability to design their own subscription and termination procedures. And that is surely the problem. Because if publishers can end the subscription as soon as the user has uninstalled the application of his terminal, there are some who allow themselves to maintain the subscription and continue to charge users even if they no longer use the software concerned. "Some unscrupulous developers take advantage of this system to continue charging users even when they have uninstalled their smartphone app. And while the less greedy were content with a few dollars, the stingiest managed to steal hundreds of dollars from users who had no idea that their trial period had expired and that the paid subscription had gone off. ». Jagadeesh Chandraiah, Sophos' security expert, who is behind the report, explained.

Already last year, the security firm had identified more than 50 Android-powered software that had been installed by nearly 600 million users, applications that carried out the same practices as those described above. And it allowed them to extract huge sums of money from users who got caught in this trap. In general, there are even software that offers only some basic functions such as horoscopes, photo filters, flashlights. On the App store this year, nearly 32 apps have been discovered on this scam. The levy can be up to $400 per year. Jagadeesh Chandraiah advises Android and iOS users in his report to regularly check the subscription settings of the apps that use it. They must check if he had not subscribed to any plan account by mistake. And always under-write before uninstalling a subscription app.

However, it wouldn't be as bad if Google and Apple cleaned up a bit of their app stores. While these app publishers act according to the terms and conditions of this software store, it does cause harm to users. So the intervention of these two giants could be beneficial this level.

Now access an unlimited number of passwords:

Check out our hacking software

Security flaw discovered on Safari browser would hack iPhones and Macs

Last week it was published, having been discovered on Apple's browser, Safari, a security flaw deemed critical.

This security flaw would allow a hacker to access the webcam and microphone of your iPhone or iMac. "The flaw in the Webkit rendering engine allows you to obtain permission to access sensitive components without your consent and thus spy on you without your knowledge. David Igue, IT journalist, explained.

This article will also interest you: Hacking the Apple Mac, something that seems so easy for some experts

Apparently the security flaw is an old vulnerability that was discovered by Ryan Pickren, a computer security researcher, during one of a Bounty bug program that recently exposed it with Apple's permission. In simpler terms, the vulnerability would come from a system of requesting permission. Indeed, when users are on a website, and browsing, the site asks for permission to access the microphone or the webcam of the iPhone or Mac, the browser of Apple usually keeps the parameters of the authorization, so that next time, the request does not repeat. Just to make navigation easier. It is exactly this aspect that is causing the basis of our problem. Because by using a malicious script, a hacker can mislead the browser, by making it believe, that the site under its control also has the same rights of access to the webcam and the microphone of the terminals. At least that is how the researcher proceeded. It should then be noted that it is this "confusion in the form of a chain reaction that would make a malicious site similar to Skype (for example), from Safari's point of view," explained researcher Ryan Pickren.

Under some (still vulnerable) terminals, this Safari vulnerability allows the hacker to "discreetly launch webcam infiltration software to record conversations and take photos, or even perform screen sharing." Detail the researcher. It is for this reason that he strongly recommended updating these iPhone or Macs devices as soon as possible. Since January and March, fixes have been proposed to close the security loophole. Apple had been informed for some time, in the course of December 2019 by the researcher when it discovered the vulnerability during the program. He pocketed a $75,000 reward after alerting the American giant to the problem.

Moreover, such a security flaw is truly dangerous in this period of containment, because the use of webcam communication means is really increased with the explosion of Internet traffic. It would be prudent then to make sure that all of its terminals are up to date.

This case further demonstrates that Apple's Bounty bug program has notable advantages. It will be a way for the American giant to make up for the mistakes made towards the end of 2019 in terms of the safety of this device.

Now access an unlimited number of passwords:

Check out our hacking software