iPhone Hacking

Hacking the iPhone has long been considered a rarified endeavor, undertaken by sophisticated nation states against only their most high-value targets. But a discovery by a group of Google researchers has turned that notion on its head: For two years, someone has been using a rich collection of iPhone vulnerabilities with anything but restraint or careful targeting. Instead, they've indiscriminately hacked thousands of iPhones just by getting them to visit a website.
On Thursday evening, Google's Project Zero security research team revealed a broad campaign of iPhone hacking. A handful of websites in the wild had assembled five so-called exploit chains, tools that link together security vulnerabilities, allowing a hacker to penetrate each layer of iOS's digital protections. The rare and intricate chains of code exploited a total of 14 security flaws, targeting everything from the browser's "sandbox" isolation mechanism to the core of the operating system known as the kernel, ultimately gaining complete control over the phone.
They were also used anything but sparingly. Google's researchers say the malicious sites were programmed to assess devices that loaded them, and to compromise them with powerful monitoring malware if possible. Almost every version of iOS 10 through iOS 12 was potentially vulnerable. The sites were active since at least 2017, and had thousands of visitors per week.
"This is terrifying," says Thomas Reed, a Mac and mobile malware research specialist at the security firm Malwarebytes. "We’re used to iPhone infections being targeted attacks carried out by nation-state adversaries. The idea that someone was infecting all iPhones that visited certain sites is chilling."

A New Paradigm

The attack is notable not just for its breadth, but the depth of information it could glean from a victim iPhone. Once installed, it could monitor live location data, or be used to grab photos, contacts, and even passwords and other sensitive information from the iOS Keychain.
With such deep system access, the attackers could also potentially read or listen to communications sent through encrypted messaging services, like WhatsApp, iMessage, or Signal. The malware doesn't break the underlying encryption, but these programs still decrypt data on the sender and receiver's devices. Attackers may have even grabbed access tokens that can be used to log into services like social media and communication accounts. Reed says that victim iPhone users would probably have had no indication that their devices were infected.
Google hasn't named the websites that served as a "watering hole" infection mechanism, or shared other details about the attackers or who their victims were. Google says it alerted Apple to its zero-day iOS vulnerabilities on February 1, and Apple patched them in iOS 12.1.4, released on February 7. Apple declined to comment about the findings. But based on the information Project Zero has shared, the operation is almost certainly the biggest known iPhone hacking incident of all time.
It also represents a deep shift in how the security community thinks about rare zero-day attacks and the economics of "targeted" hacking. The campaign should dispel the notion, writes Google Project Zero researcher Ian Beer, that every iPhone hacking victim is a "million dollar dissident," a nickname given to now-imprisoned UAE human rights activist Ahmed Mansour in 2016 after his iPhone was hacked. Since an iPhone hacking technique was estimated at the time to cost $1 million or more—as much as $2 million today, according to some published prices—attacks against dissidents like Mansour were thought to be expensive, stealthy, and highly focused as a rule.
  • BY 
    DAVID NIELD
The iPhone-hacking campaign Google uncovered upends those assumptions. If a hacking operation is brazen enough to indiscriminately hack thousands of phones, iPhone hacking isn't all that expensive, says Cooper Quintin, a security researcher with the Electronic Frontier Foundation's Threat Lab.
"The prevailing wisdom and math has been incorrect," says Quintin, who focuses on state-sponsored hacking that targets activists and journalists. "We've sort of been operating on this framework, that it costs a million dollars to hack the dissident’s iPhone. It actually costs far less than that per dissident if you’re attacking a group. If your target is an entire class of people and you're willing to do a watering hole attack, the per-dissident price can be very cheap."
It remains far from clear who might be behind the brazen campaign, but both its sophistication and focus on espionage suggest state-sponsored hackers. And Quintin argues that the campaign's mass infection tactics imply a government that wants to surveil a large group that might self-select by visiting a certain website. "There are plenty of minority groups like the Chinese Uyghurs, Palestinians, people in Syria, whose respective governments would like to spy on them like this," Quintin says. "Any of those governments would be happy to pull out this technique, if they came into exploit chains of this magnitude."
The campaign bears many of the hallmarks of a domestic surveillance operation, says Jake Williams, a former NSA hacker and founder of the security firm Rendition Infosec. And the fact that it persisted undetected for two years suggests that it may have been contained to a foreign country, since this kind of data traveling to a far away server would have otherwise raised alarms. "After two years without getting caught, I can’t fathom this has crossed national boundaries," he says.

Wake-Up Call

The hackers still made some strangely amateurish mistakes, Williams points out, making it all the more extraordinary that they operated so long without being detected. The spyware the hackers installed with their zero-day tools didn't use HTTPS encryption, allowing anyone on the same network as a victim to read or intercept the data it stole in transit. And that data was siphoned off to a server whose IP addresses were hardcoded into the malware, making it far easier to locate the group's servers, and harder for them to adapt their infrastructure over time. (Google carefully left those IP addresses out of its report.)

LEARN MORE


Mysterious iOS Attack Changes Everything We Know About iPhone Hacking
The WIRED Guide to the iPhone
Given the mismatch between crude spyware and highly sophisticated zero-day chains used to plant it, Williams hypothesizes that the hackers may be a government agency that bought the zero day exploits from a contractor, but whose own inexperienced programmers coded the malware left behind on targeted iPhones. "This is someone with a ton of money and horrible tradecraft, because they’re relatively young at this game," Williams says.
Regardless of who may be behind it, the mass undetected hacking of thousands of iPhones should be a wake-up call to the security industry—and particularly anyone who has dismissed iOS hacking as an outlier phenomenon, unlikely to affect anyone whose secrets aren't worth a million dollars. "To be targeted might mean simply being born in a certain geographic region or being part of a certain ethnic group," Google's Beer writes. "All that users can do is be conscious of the fact that mass exploitation still exists and behave accordingly; treating their mobile devices as both integral to their modern lives, yet also as devices which when compromised, can upload their every action into a database to potentially be used against them."

Comments

Post a Comment

Popular posts from this blog

Uganda Airlines Launches Mobile App

Image
  Uganda Airlines Launches Mobile App Sherry Karungi /  1 min 0 3 min read Share this article Facebook Twitter Email Print In the constantly evolving world of aviation, airlines are constantly seeking ways to improve the passenger experience. Uganda Airlines unveiled its state-of-the-art mobile app. This launch is more than just another app in the market; it’s a reflection of the airline’s commitment to providing an efficient, secure, and delightful experience for its customers. At the heart of this launch is the dedication to make life easier for travellers. The Uganda Airlines Mobile App, available for both iOS and Android smartphones, embodies convenience. It is meticulously designed to offer all Uganda Airlines flight information and customer service tools in a single, user-friendly interface. Whether you’re at home planning your next adventure or on the move, all you need is your smartphone to access the airline’s plethora of services. In the digital age, the safety of pe...
Read more

Penetration Testing Tools for Hackers and Security Professionals

Network  Security & Penetration Testing Tools Scanning / Pentesting OpenVAS – OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. Metasploit Framework – A tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive and related research. Kali – Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. Kali Linux is preinstalled with numerous penetration-testing programs, including nmap (a port scanner), Wireshark (a packet analyzer), John the Ripper (a password cracker), and Aircrack-ng (a software suite for penetration-testing wireless LANs). pig – A Linux packet crafting tool. scapy – Scapy: the python-based interactive packet manipulation program & library. Pompem – Pompem is an open source tool, which...
Read more

Creating a WiFi hotspot in Windows 7 + Sharing Internet connection for use, in Android

Image
Posted August 3, 2012 by Sanju in Tips n Tricks . 231 Comments Nowadays, almost all cell phones have an inbuilt WiFi adapter. And also, Android OS is much popular these days. Thus most of us have an Android phone with latest WiFi technology, may be 802.11 b/g/n. As almost all PC’s today are equipped with a WiFi adapter and almost every computer OS provides the feature of creating a Wireless Connection, one may think of creating one and share the internet connection for use in Android. But it is of no use, as Android is unable to detect “ad-hoc” wireless networks and it needs an “infrastructure network” . Its well enough if you have a wireless router as its somewhat not possible to create an “infrastructure network” using PC’s WiFi. But, here comes the twist. The line you read just 2 seconds ago is wrong. Yeah, one can create a Wireless Network using PC’s WiFi for use in Android (Under some conditions!). This guide features a complete tutorial on creating a Wirel...
Read more