alt=
203x44-linked-in
News
▶ Apple
Silent 911 dialler

No user intervention needed

In October 2016, an exploit for iOS was discovered which caused iPhones to repeatedly dial 911 without any intervention from the user at all.

In some places, this hit so hard that the 911 emergency call center in one area was classed as being in "immediate danger" of losing service, and two more were also at risk.

The investigation into these incidents is now complete, and the results show it was much more serious than it first appeared.

The count of the number of calls made was first determined to be in the low hundreds, but it has now been established the number is massively higher. A single tweeted link was clicked on a total of 117,502 times - each click causing a 911 call to be made. 

News
▶ Apple
iPhone Pegasus

Clicking just one link is all it takes

Apple has released a patch to bring iPhone and iPad users up to iOS 9.3.5 specifically to kill malware known as "Pegasus".

The worrying issue regarding this malware isn't just the fact Apple devices were supposed to be immune to this sort of attack. It's the fact the user can't even easily detect if they are infected or not. Even worse, it's extremely low-level hiding capabilities meant no amount of encryption can protect them.

The spyware hides at system level and can access data before it is passed to other apps such as WhatsApp, which encrypts the data after Pegasus has seen it in the clear. 

The software was allegedly created by Israeli firm NSO to target a Middle Eastern human rights activist. It's developers also discovered three new security flaws unknown to Apple.

News
▶ Apple
iPhone Stagefright

Uses the same attack vector as the Android version

The dreaded Stagefright vulnerability has now appeared in OSX and iOS, one year after it was first discovered on Android. Google has released dozens of patches throughout that time aimed at fixing it, the most recent being just this week.

The idea behind Stagefright, and the reason it is so hard to close down every variant, is that the target is the core multimedia handler present in the heart of the OS, which has by necessity special privileges in order to do its job of playing audio, video and showing images, etc.

Since the multimedia handler has to accept the media as data, the attacks arrive in the form of data which appears to be correctly formed, so that it gets to the handler in the first place, but in fact is specially crafted to carry just the right payload needed to trigger the attack.

News
▶ Apple
Spike Apple Smartphone Virus

Hack uses Siri, Twitter and email search

Youtube user EverythingApplePro has demonstrated another iOS hack which works with the current live version (as at the time of writing) of iOS 9.

With a locked iPhone 6S Plus, he issues a simple Siri query which lets a user access a users photos and contacts. Securing this has proved a headache for Apple for years, and this latest hack just goes to show how difficult a task this is proving to be.

He stesses the trick is to get Siri to answer with an email, which then following through by tapping on it opens up the contacts app. Once in, the hacker can create new contacts and access the devices photos.