Categories
Tech

iOS 14 Leaked in Full to Hackers and Jailbreakers, But iPhones May Still be Secure

An iPhone X is seen on a large video screen in the new Apple Visitor Center in Cupertino, California, US, November 17, 2017. (Photo: Reuters)

An iPhone X is seen on a large video screen in the new Apple Visitor Center in Cupertino, California, US, November 17, 2017. (Photo: Reuters)

This is the earliest that the iOS 14 source code has been leaked out to jailbreakers, but that may also come with a downside for cyber criminals.

  • News18.com
  • Last Updated: May 25, 2020, 10:30 AM IST

An early, in-development copy of iOS 14, nabbed from the market on a testing phase iPhone 11, has reportedly been doing the rounds on the internet from as early as February this year, according to a report by Vice US’ Motherboard. According to the sources that it spoke to, the early copy of iOS 14 was from December 2019, and was certified as a developer-only copy that wasn’t meant to be accessed outside of a tight circle. However, what’s alarming is that, with the iOS 14 developer build leaking out in full over eight months in advance, this made for one of the biggest leaks from Apple, for both hackers and security researchers alike.

According to Motherboard’s sources, the source code has been leaked out to a wide number of people including security researchers to explore possible flaws in the early iOS 14 framework, and hackers for the same reason as well. However, there are a number of factors at play here. Since this comes as a very early copy of iOS 14, many things may change about the final build of the OS. This is coupled with the fact that Apple does not sit back and take in leaks such as this, and this typically has stringent repercussions of jailbreakers and anyone that steals their code.

As a result, what remains to be seen is if the procuring of the iOS 14 source code does lead to the discovering of any particular flaw that deals lasting injury to Apple. Given the timelines, Apple will likely be able to work in-house on further identification of issues with iOS 14, and fix a host of them by themselves. As a result, despite the iOS 14 source code leaking out this early, it may not be so that the vaunted levels of security of iOS would be affected badly. This, in turn, would mean that your iPhones will likely still remain as secure as they are today.

However, that said, frequencies of jailbreaks for iPhones have increased. Hackers have so far managed to release jailbreaks of almost every version of iOS out there. The utility of jailbreaking iPhones has remained largely debatable — while some cite the lack of security that it represents, others have stated that getting a freedom from the walled garden approach of Apple can make the iPhone experience significantly different. That, however, is a large part of the Apple experience that the company has always attempted to sell to its users, and for the large part, it has worked.

As Motherboard said in its report, this is the first time that an upcoming version of iOS has leaked in full this many months ahead of its public launch, which will likely take place some time in September. This is coupled with the fact that exploitable iOS flaws are sold in the market at a significantly lesser rate, which does mean that some cracks are beginning to appear in iOS 14’s armour. For now, though, your iPhones will still be more secure than many other systems out there.




https://pubstack.nw18.com/pubsync/fallback/api/videos/recommended?source=n18english&channels=5d95e6c378c2f2492e2148a2&categories=5d95e6d7340a9e4981b2e0fe&query=iOS,14,Leaked,in,Full,to,Hackers,and,Jailbreakers,,But,iPhones,May,Still,be,Secure,apple,internals,Apple,iOS,14,&publish_min=2020-05-23T12:04:31.000Z&publish_max=2020-05-25T12:04:31.000Z&sort_by=date-relevance&order_by=0&limit=2

Next Story

Categories
Tech

easyJet Data Breach by Chinese Hackers Reportedly Compromises 9mn Users' Data

Photo: AFP Relaxnews/easyJet

Photo: AFP Relaxnews/easyJet

With the hackers mainly targeting travellers’ transit data, easyJet might just be imposed with a fine if they do not offer a suitable response.

  • Reuters
  • Last Updated: May 20, 2020, 12:30 PM IST

Chinese hackers are suspected of accessing email and travel details of about nine million easyJet customers, said two sources familiar with the investigation into a cyberattack disclosed by the British airline on Tuesday. The sources said the hacking tools and techniques used in the January attack pointed to a group of suspected Chinese hackers that has targeted multiple airlines in recent months.

The news of the data breach could result in a hefty fine for the budget airline, which has already been forced to ground its flights because of the COVID-19 pandemic and is battling its founder and biggest shareholder in a long-running dispute over the carrier’s business strategy. An easyJet spokeswoman declined to comment on who was responsible for the attack and Reuters could not determine on whose behalf the hackers were working. The Chinese embassy in London did not respond to a request for comment. Beijing has repeatedly denied conducting offensive cyber operations and says it is frequently the victim of such attacks itself.

Johan Lundgren, easyJet’s chief executive, said there was heightened concern about personal data being used for online scams as more people worked from home because of the COVID-19 pandemic. “As a result, and on the recommendation of the ICO (watchdog), we are contacting those customers whose travel information was accessed and we are advising them to be extra vigilant, particularly if they receive unsolicited communications,” he said.

Targeting travel records

The sources, who spoke on condition of anonymity because of the sensitivity of the matter, said the same group of hackers had previously targeted travel records and other data to track the movement of specific individuals, as opposed to stealing credit card details for financial gain.

“Interest in who is travelling on which routes can be valuable for counter-intelligence or other tracking of persons of interest,” said Saher Naumaan, a threat intelligence analyst at BAE Systems, who has investigated similar attacks. EasyJet said that credit card details of more than 2,000 customers had also been compromised but it did not look like any personal information had been misused. The company said it had engaged forensic experts to investigate the issue and also notified Britain’s National Cyber Security Centre (NCSC).

An NCSC spokesman said: “We are aware of this incident and have been working with easyJet from the outset to understand how it has affected people in the UK.” Britain’s Information Commissioner’s Office (ICO) said it was also investigating the attack and urged anyone affected by data breaches to be particularly vigilant for phishing attacks and scam messages. “People have the right to expect that organisations will handle their personal information securely and responsibly. When that doesn’t happen, we will investigate and take robust action where necessary,” it said.

The ICO protects information rights and has the power to impose fines. British Airways, owned by airlines group AIG, is still appealing against a 183.4 million pound ($225 million) fine it received from the ICO after hackers stole credit card details of hundreds of thousands of its customers in 2018. EasyJet shares, which have lost 64% of their value in three months, were down almost 1% at 1640 GMT.



https://pubstack.nw18.com/pubsync/fallback/api/videos/recommended?source=n18english&channels=5d95e6c378c2f2492e2148a2&categories=5d95e6d7340a9e4981b2e0fe&query=easyJet,Data,Breach,by,Chinese,Hackers,Reportedly,Compromises,9mn,Users’,Data,chinese,hackers,EasyJet,&publish_min=2020-05-21T18:32:08.000Z&publish_max=2020-05-23T18:32:08.000Z&sort_by=date-relevance&order_by=0&limit=2

Categories
Tech

Money Remains Motivating Factor for Hackers Around the World: Verizon

Image for Representation.

Image for Representation.

Verizon Business 2020 Data Breach Investigations Report found that confirmed data breaches doubled from the prior year.

  • Reuters
  • Last Updated: May 19, 2020, 12:35 PM IST

Money trumped spying as the top motivator for data breaches last year, according to Verizon’s annual report on cybercrimes published on Tuesday. About nine out of 10 breaches were financially motivated, based on an examination of more than 32,000 incidents and nearly 4,000 confirmed break-ins in 81 countries, the report said.

Verizon Business 2020 Data Breach Investigations Report found that confirmed data breaches doubled from the prior year. As the coronavirus pandemic has forced people indoors, cyber attacks on businesses are expected to climb. The report found that 86% of breaches were for money, not for purposes of spying. Credential theft, phishing and compromising business emails caused 67% of the cyber attacks.

As more businesses moved to web-based solutions, so did hackers. According to the report, breaches on web and cloud applications rose to 43%, double the previous year. Companies like Facebook Inc and Salesforce have extended working remotely to at least the rest of the year, with more businesses expected to follow suit. Verizon Business Group CEO Tami Erwin said the “digital transformation” to the work-from-home model during the coronavirus pandemic has presented a number of security red flags.

“A lot of people ended up sending workers to work from home without really thinking through what were some of the security elements in the future,” Erwin told Reuters. “I think employees working from home are probably more vulnerable to attacks,” Erwin said businesses can protect themselves from cyber attacks by keeping employees educated on phishing and other fraudulent tactics to access sensitive information.




https://pubstack.nw18.com/pubsync/fallback/api/videos/recommended?source=n18english&channels=5d95e6c378c2f2492e2148a2&categories=5d95e6d7340a9e4981b2e0fe&query=Money,Remains,Motivating,Factor,for,Hackers,Around,the,World:,Verizon,Cloud,applications,hacking,coronavirus,&publish_min=2020-05-21T06:18:15.000Z&publish_max=2020-05-23T06:18:15.000Z&sort_by=date-relevance&order_by=0&limit=2

Next Story

Categories
Tech

Data Breach Leaks Personal Data of Top Celebrities Including Priyanka Chopra, Lady Gaga, Madonna

Picture for representation only.

Picture for representation only.

The data was stolen from a large media and entertainment law firm by hackers which included a total of 756GB including contracts, nondisclosure agreements, phone numbers and email addresses, and personal correspondence.

  • IANS
  • Last Updated: May 12, 2020, 12:08 PM IST

A large media and entertainment law firm in the US representing top-notch celebrities like Priyanka Chopra, Lady Gaga, Madonna, Nicki Minaj, Bruce Springsteen and more has experienced a major data breach where hackers got access to personal data of these celebrities. The trove of data stolen from the New York-based firm by hackers “a total of 756GB” includes contracts, nondisclosure agreements, phone numbers and email addresses, and “personal correspondence “, reports Variety.

The law firm Grubman Shire Meiselas & Sacks, or gsmlaw.com for short, experienced a ransomware attack that apparently involved the appropriately named REvil malware. Other celebrities whose sensitive personal data has been hacked are Christina Aguilera, Mariah Carey, Jessica Simpson, Naomi Campbell, Robert De Niro, Sofia Vergara, Spike Lee, the Osbournes (Ozzy, Sharon and Kelly), and several more.

Representatives for the law firm did not issue comment and their website gsmlaw.com was effectively offline, displaying only its logo. In addition, top companies on the firm’s client list include Discovery, EMI Music Group, Facebook, HBO, Imax, MTV, NBA Entertainment, Playboy Enterprises, Samsung Electronics, Sony Corp. Spotify, Tribeca Film Festival, Universal Music Group and Vice Media Group, among others. According to global cybersecurity firm Sophos, rather than simply knocking the law firm out of action temporarily, the ransomware crooks have stolen personal data from a laundry list of celebrity clients.

In such ransomware attacks, said Sophos, cybercriminals use the threat of releasing the stolen data as leverage to extort payment. REVil, also known as Sodin or Sodinokibi, isn’t just operating on the old-school ransomware model of “scramble your files and offer to sell you back the decryption key”. The latest trend in ransomware attacks is to use a double-barrelled weapon that gives victims two reasons to pay up.

According to Sophos, the original criminal plot behind ransomware was that if you didn’t have reliable backups that you could restore quickly, then you might have little choice but to pay up to decrypt all your scrambled files and get your business moving again. In recent months, however, the cybercriminals have doubled down on their leverage. Before scrambling all your files as a way of grabbing your attention, the crooks quietly upload huge troves of so-called acetrophy data” that they use to blackmail anyone who is hesitant to pay up.

In other words, the financial extortion is no longer just a “kidnap ransom” to get your files back, but also a blackmail demand to stop the crooks leaking your data – or, worse still, your customers’ data – to the world. “Indeed, the REvil crew has already followed through on its threats to embarrass victims who don’t pay,” Sophos said in a statement on Tuesday. Given that ransomware crooks are no longer just keeping you away from your data but also threatening to put the rest of the world in touch with it, prevention is very much better than cure, said Sophos.

Less star-studded but no less worrying is a simultaneous report that global mailing equipment company Pitney Bowes has experienced an attack by the Maze ransomware. According to Sophos, Maze is another cybercrime gang that goes in for huge ransoms and threatens to expose stolen data, infamously demanding about $6,000,000 last year from cable and wire manufacturer Southwire. Southwire hit back by filing a so-called John Doe (the name used in the USA where defendants haven’t yet been identified) civil lawsuit against the as-yet-unknown criminals behind Maze.



https://pubstack.nw18.com/pubsync/fallback/api/videos/recommended?source=n18english&channels=5d95e6c378c2f2492e2148a2&categories=5d95e6d7340a9e4981b2e0fe&query=Data,Breach,Leaks,Personal,Data,of,Top,Celebrities,Including,Priyanka,Chopra,,Lady,Gaga,,Madonna,Bruce,Springsteen,celebrities,data,hack,&publish_min=2020-05-18T11:17:04.000Z&publish_max=2020-05-20T11:17:04.000Z&sort_by=date-relevance&order_by=0&limit=2

Categories
Tech

Hackers Are Targetting Online Educational Portals More Than Ever

Image for Representation.

Image for Representation.

Hackers are taking advantage of the current situation when people are locked down in their homes and are heavily reliant on digital resources.

  • IANS
  • Last Updated: May 9, 2020, 4:59 PM IST

The overall number of Distributed Denial of Service (DDoS) attacks during the first three months of this year have seen a significant spike in attacks on educational websites as millions joined online classes during the pandemic, a new report claimed on Saturday. The increased demand in online resources was noted by cyber attackers, who conducted attacks on the most vital digital services or those that are growing in popularity.

“This can be due to the fact that Distributed Denial of Service (DDoS) actors are taking advantage of the current situation when people are locked down in their homes and are heavily reliant on digital resources,” according to the report from cybersecurity firm Kaspersky.

The coronavirus pandemic, beginning in the first quarter of 2020, has caused almost all activities – be it learning, work, or leisure – to shift online. Previously most attacks were conducted against the public-facing resources of companies. “We now see that DDoS attacks target internal infrastructure elements, for example, corporate VPN gateways or email servers,” said Alexey Kiselev, Business Development Manager on the Kaspersky DDoS Protection team. The US government’s Department of Health and Human Services, a group of hospitals in Paris, and servers of an online game were all targets of DDoS attacks in February and March.

Kaspersky’s Q1 2020 DDoS attacks report also revealed notable growth in attacks on educational resources and cities’ official websites. In Q1 2020, this number tripled compared to the same period in 2019. The share of such attacks amounted to 19 percent of the total number of incidents in Q1 2020. In general, the total amount of DDoS attacks in Q1 2020 has increased as well. During this period, Kaspersky DDoS Protection detected and blocked double the amount of attacks than in Q4 2019, and 80 percent more in comparison with Q1 2019. The average duration of attacks also grew as in Q1 this year, a DDoS attack lasted 25 percent longer than in Q1 2019.



Categories
Tech

Google Chrome Flaw With Unknown Risk Affects 2 Billion Users: Update App Right Away

Image for representation.

Image for representation.

Google has asked its users to upgrade to the latest version of the Chrome browser if they have not already downloaded.

  • News18.com
  • Last Updated: April 21, 2020, 8:09 PM IST

Google was carrying a serious vulnerability for which it has released the much-awaited Chrome update v81.0.4044.113. In a blog post, Google also divulged that there existed an exploit identified as CVE-2020-6457, while adding a vague description: Use after free in speech recognizer. However, the tech giant has not revealed anything else on the aforementioned vulnerability, but after security specialists have dug into the details, they found that the exploit has been marked ‘Reserved’ by the National Vulnerability Database of the United States. This suggests that the exploit in question may be a zero-day vulnerability.

While Chrome 81.0.4044.113 is being rolled out for Windows, Mac and Linux based systems automatically, you can check your version by yourself too. To do so, click on the three dots at the right top corner of the browser window. Then, click on Help — About Chrome Browser. This reveals the present version, following which users can manually check for updates.

As for the flaw itself, cyber security experts suspect that the issue at hand is a zero-day hack because of the way Google is disclosing the issue. For such threats, if a hacker gets to know about the vulnerability code, they can easily tap into the source code, unearth the flaw and use it to breach a wide variety of data through the Chrome browser. Web browsers, as we have come to know, store a vast trove of personal data, which makes the situation more serious.

Alongside a new tab organisation feature that the update is bringing, it is imperative that users look out for this update keenly, and push the update to their systems promptly. Going forward, it remains to be seen if a future disclosure would reveal exactly what this threat may have brought with itself, and how this may have affected us had it not been for Google’s apparently timely update.

Categories
Tech

Zoom Security Issues Were So Many that Even Other Companies Paid Hackers to Fix Flaws

Zoom’s security and privacy issues are no longer breaking news. However, as more and more information is unearthed about the platform, it becomes clearer as to why users across all sectors must exercise plenty of caution before proceeding to use Zoom. A New York Times investigation on the matter has revealed that Zoom was very well aware of the sheer volume of security issues that its service had, but seemingly did very little to proactively make its service safer. In fact, it was so unsecured that Dropbox, one of Zoom’s then-business partners and now investor, actually hired hackers privately to identify major vulnerabilities on the service, and then urged the video calling startup to fix the issues at hand.

Zoom’s popularity skyrocketed in March as the coronavirus pandemic spread out across the world, pushing more and more companies to extensively work from home. This beckoned the need for a low cost, easy to use and flexible video conferencing service, and Zoom offered just that. It features a highly intuitive interface that is easy to use, and even its free version allows features such as up to 50 participants in free live conferencing mode, screen sharing, file sharing, chats with transcriptions and so on. In fact, despite all its privacy and security issues today, it does remain one of the most intuitively designed video conferencing apps in the market.

Many Zoom stakeholders, as well as industry experts, argue that since Zoom was designed as a service for the enterprise sector, it was never designed keeping security as a design feature from the ground-up. In simpler words, Zoom was designed to rely on the security protocol of companies, and hence may have never deemed it important enough to take these privacy concerns with utmost importance. It is this that the new NYT report highlights, revealing that when Dropbox organised these private-scale bug bounty programmes and informed Zoom about the severe underlying security issues at hand, they found that the company was rather lax in their promptness to fix them.

It hence comes down to the fact that Zoom knew very well that their platform was never safe to use. Even in the enterprise space, having so many security flaws in its code meant that attackers could have remotely exploited specific vulnerabilities to elevate system-level access to enterprise systems, thereby putting certain company data at risk. This may have held particularly true for non-technology small and medium businesses, who are often seen to not follow the best Wi-Fi and internet security practices.

On a user level, Zoom’s security issues have led to malicious users reportedly selling zero-day hacks to interested parties for as much as $500,000 (~Rs 3.8 crore), tapping and selling usernames and password databases for similar amounts, crashing video sessions with pornographic and other lewd content (an act now popularly called ‘zoombombing’), intercepting private information due to lack of better encryption standards, routing calls through surveillance states, and in one case (that has now been fixed), passing this information on to another company.

Zoom’s founder Eric Yuan, his newly hired security consultant Alex Stamos and the entire company has since attempted to control the damage by citing the made-for-enterprise excuse, apologising profusely, updating privacy policy, launching tutorials, making specific design changes and then apologising some more, for all the privacy and security gaffes. Going forward, Zoom has promised to first fix all its security issues before looking to build new features into its platform. More importantly, it has promised to build a stronger encryption standard in the coming weeks, and even work with governments to meet stringent privacy rules.

While Zoom’s assurances seem legitimate right now, it is difficult to trust a company that knowingly left its platform with multiple security flaws, and made little effort to rectify them in the years preceding its newfound popularity.

The full report by The New York Times can be read here.

Categories
Tech

Hackers May Get Access To Your Phone Through 'Backdoor Secrets': Here is How

Image for Representation
(Image: Reuters)

Image for Representation
(Image: Reuters)

According to a study, a large number of mobile phone apps have hidden or harmful behaviours about which end users know little to nothing, allowing hackers to access private data.

  • IANS
  • Last Updated: April 1, 2020, 4:29 PM IST

Cybersecurity researchers have discovered that a large number of mobile phone applications contain hardcoded ‘backdoor secrets’ allowing hackers to access private data or block content provided by users. “The study’s findings: that the apps on mobile phones might have hidden or harmful behaviours about which end users know little to nothing,” said study author Zhiqiang Lin from the Ohio State University in the US.

“Typically, mobile apps engage with users by processing and responding to user input. For instance, users often need to type certain words or sentences or click buttons and slide screens. Those inputs prompt an app to perform different actions,” Lin added.

For this study, the team evaluated 150,000 apps. They selected the top 100,000 based on the number of downloads from the Google Play store, the top 20,000 from an alternative market, and 30,000 from pre-installed apps on Android smartphones. They found that 12,706 of those apps, about 8.5 per cent, contained something the research team labelled “backdoor secrets” – hidden behaviours within the app that accept certain types of content to trigger behaviours unknown to regular users.

They also found that some apps have built-in “master passwords,” which allow anyone with that password to access the app and any private data contained within it. And some apps, they found, had secret access keys that could trigger hidden options, including bypassing payment.

“Both users and developers are all at risk if a bad guy has obtained these ‘backdoor secrets,’. In fact, motivated attackers could reverse engineer the mobile apps to discover them,” Lin said. According to the study, developers often wrongly assume reverse engineering of their apps is not a legitimate threat. “A key reason why mobile apps contain these ‘backdoor secrets’ is because developers misplaced the trust,” said study lead author Qingchuan Zhao.

To truly secure their apps developers need to perform security-relevant user-input validations and push their secrets on the backend servers. In addition, the research team have developed an open-source tool, named InputScope, to help developers understand weaknesses in their apps and to demonstrate that the reverse engineering process can be fully automated. The study was accepted for publication by the 2020 IEEE Symposium on Security and Privacy in May. The conference has been moved online because of the global coronavirus (COVID-19) outbreak.

Categories
Tech

Chinese Hackers Undertake Largest Cyber Espionage in Recent Years Amid COVID-19 Panic

Chinese hacker collective APT41, which is often suspected to have links to the nation’s governing authorities, is said to have carried out one of the largest known cyber espionage attacks in recent times. The report, which has been published online by cyber security research firm FireEye, noted a period between January 20 and March 11, during which APT41 attackers are said to have attempted exploits of known vulnerabilities of Cisco routers, Citrix Netscaler traffic controllers and Zoho’s remote terminal management software. The total number of companies they attempted to infiltrate are at least 75, covering 20 countries and numerous critical fields of business such as finance, defense, oil & gas, and more.

Of the flaws that the Chinese APT41 group attempted to exploit, were Citrix’s systems backdoor vulnerability, which was actually reported as a zero-day exploit (i.e. a previously unreported flaw) back in December. While the vulnerability was registered as CVE-2019-19781 and a patch was issued for it in January, this did not stop the group from looking for vulnerable systems using this flaw, and in turn installing system backdoors, which may be exploited even further at a later date to gain system privilege escalation, or even spy on sensitive organisation data.

The second objective in this series of attacks included targeting of Cisco’s RV320 VPN routers for small and medium businesses, which began with the targeting of a telecom organisation, and was primarily identified as the attackers looking to gain remote code execution privilege on these routers. Interestingly, this too would have attempted to give the attackers unlimited leeway into accessing critical organisation files from a remote location, thereby raising the possibility of the state-backed attackers looking to execute large-scale data espionage.

Finally, the third exploitation by the APT41 group also revealed a zero-day vulnerability, now patched and listed as CVE-2020-10189. This flaw was targeted at Zoho’s remote terminal management tools, and allowed the attackers to download specific Java and Microsoft payloads remotely on systems, following which the attackers seemingly attempted to use publicly available and known full-feature malware sets such as Cobalt Strike and Meterpreter to take down systems or gain access to privileged files.

FireEye has made a number of interesting observations regarding the APT41 attacks, revealing that while the hackers had previously showed a clear trait of making financially motivated attacks, their recent streak of attacks show a rather targeted exploit to spy on sensitive documents in organisations. The timeline also shows clear gaps in the attacks, which fall in line with the Chinese New Year vacations, and the coronavirus lockdown that was imposed by China back in February.

With at least 75 organisations affected with the spyware, FireEye has not given cues of exactly how much damage might the APT41 attacks have caused globally, since that would be difficult to estimate without companies undertaking self-audits and checks, as well as depend on any stolen document appearing on the Dark Web, or being forged by a competitor elsewhere. FireEye’s report reveals India to be among the countries where companies were targeted, and with critical industries being listed as affected, the APT41 attacks may just have been one of the largest and most critical cyber attacks that happened in the recent years.