Tag

ios

Browsing

Since mobile phone are far more pervasive than traditional computers, and because they are often times more complex while providing less information to users, mobile phones have been come the target-of-choice for criminal hackers:

Mobile phones have become the new prey of choice for hackers.

There are many simple ways to make yourself a harder target for hackers, including: using strong, unique passwords; installing system and app updates as soon as they’re available; using a dedicated email address for “Forgot my password” emails; installing apps only from trusted sources; not keeping personal information on your phone for too long; and installing privacy screens on your devices.

Mobile phones have become the new prey of choice for hackers and other nefarious individuals.

Hackers can take control of your phone number and transfer it to a new phone – one that they control.

These are just two ways that hackers can wreak havoc through your phone.

Learn how to protect yourself and your phone from attackers.

Did Apple purposely and strategically release the iOS 10 kernel obfuscated or was it an oversight?

The heart of an operating system is a component known as the kernel, which controls how programs can use a device’s hardware and enforces security. Apple has previously encrypted the kernel in iOS releases, hiding its exact workings and forcing researchers to find ways around or through it. But the kernel was left unobfuscated in the preview version of iOS 10 released to developers last week for the most recent Apple devices.

That doesn’t mean the security of iOS 10 is compromised. But looking for flaws in this version of the operating system will be much easier, says Jonathan Levin, author of an in-depth book on the internal workings of iOS. “It reduces the complexity of reverse engineering considerably,” he says.

The goodies exposed publicly for the first time include a security measure designed to protect the kernel from being modified, says security researcher Mathew Solnik. “Now that it is public, people will be able to study it [and] potentially find ways around it,” he says.

There is no way a company as large and focused as Apple accidentally left something as important as the kernel unobfuscated.

This was a strategic move, but to what end?

The shortsighted Federal Bureau of Investigation considered taking Apple to court due to their encryption capabilities built-in to iMessage, Facetime, and iOS devices:

The clash with Cupertino was reportedly sparked by an investigation this summer — “involving guns and drugs” — in which a court order was obtained, demanding that Apple provide real time iMessages exchanged by iPhone-using suspects. Due to the stringent security measures featured on iOS 8, Apple responded that it could not comply due to the advanced encryption used by the company.

Thankfully, the decision was taken not to pursue legal action. However, the case once again demonstrates the opposition that exists within government to Apple’s stance on user privacy.

In a previous open letter, F.B.I. director James Comey argued that the top-notch security on devices like the iPhone have potential to aid terrorist groups like ISIS.

Tim Cook, meanwhile, has argued that Apple is taking a moral stance by not mining user data.

I know many techies have this innate urge to tweak things and feel constrained by what Apple brings to the table with stock iOS, so they opt to jailbreak their beloved iPhone for various reasons. What a lot of people do not realize is, now confirmed by the Hacking Team hack, is jailbreaking your iPhone actually opens it up for far more exploits and nefarious use by malicious actors (emphasis added):

That external analysis has now been complemented by the Hacking Team’s internal documents. One pricelist shows a €50,000 ($56,000) price tag on an iOS snooping module with the note, “Prerequisite: the iOS device must be jailbroken.”

While jailbreaking an iOS device to install software has been a continuously sought-after option, and one that’s constantly revised by different parties as Apple fixes the exploits that allow it, there’s always been a concomitant knowledge that jailbreaking renders an iPhone or iPad vulnerable. Apple is certainly protecting its ecosystem, but researchers agree it’s also protecting system integrity.

Nick DePetrillo, a principal security researcher at Trail of Bits, says, “Jailbreaking your iPhone is running untrusted third-party exploit code on your phone that disables security features of your iPhone in order to give you the ability to customize your phone and add applications that Apple doesn’t approve.”

This should be fairly common sense. It is quite obvious the act of jailbreaking, for all intents and purposes, disables some iOS security feature so that the device can be used to run untrusted applications. If you jailbreak your phone and were unaware of this, then I suggest you restore your phone back to a known good stock iOS version, such as the recently released iOS 8.4

Although installing the malware on a jailbroken iOS device would seemingly require physical access, the related exploit of jailbreaking via malware installed on a trusted computer would allow bypassing that limitation.

Researchers have also found so far that Hacking Team has a legitimate Apple enterprise signing certificate, which is used to create software that can be installed by employees of a company who also accept or have installed a profile that allows use of apps signed by the certificate. It was shown last November that an enterprise certificate combined with a jailbroken iOS device could be used to bypass iOS protections on installing apps. Further, Hacking Team had developed a malicious Newsstand app that could capture keystrokes and install its monitoring software.

Still want to jailbreak?

Forbes has done some outstanding writing on their article about inside China’s iphone jailbreaking industrial complex:

It was a bizarre trip hosted by an equally bizarre and secretive entity called TaiG (pronounced “tie-gee”), which flew the hackers to China to share techniques and tricks to slice through the defences of Apple’s mobile operating system in front of an eager conference-hall crowd. Why such interest and why such aggrandisement of iOS researchers? In the last two years, jailbreaking an iPhone – the act of removing iOS’ restrictions against installing unauthorized apps, app stores and other features by exploiting Apple security – has become serious business in China. From Alibaba to Baidu, China’s biggest companies are supporting and even funding the practice, unfazed at the prospect of peeving Apple, which has sought to stamp out jailbreaking ever since it became a craze in the late 2000s.

Any hacker who can provide the full code for an untethered jailbreak, where the hack continues to work after the phone reboots, can expect a big pay check for their efforts. “Many experts agree the price for an untethered jailbreak is around $1 million,” says Nikias Bassen, aka Pimskeks, a lanky 33-year-old iOS hacker who is part of the evad3rshacker collective. More often, sellers of iOS zero-day vulnerabilities – the previously-unknown and unpatched flaws required for jailbreaks – make thousands if not hundreds of thousands of dollars from Chinese firms, private buyers or governments, in particular three-letter agencies from the US.

Such big sums are on offer due to the explosion of the third-party app store industry in China. There are at least 362 million monthly active mobile app users in China, according to data provided by iResearch. Whilst smartphone owners in Western nations are content within the walled gardens of Apple and Google app stores for their games, media and work tools, the Chinese are fanatical about apps and want the broadest possible choice from non-Apple app stores. Jailbreaks, which do away with Apple’s chains and allow other markets on the device, are thus vital to meeting that demand.

I had no idea jailbreaking was such big money in China, however somehow I am not surprised at all by this development.

Federico Viticco reviews Spark by Readdle, a brand new iOS email client aiming to help you enjoy your email experience yet again

I’ve had a complicated relationship with email over the years. Part of the problem has been the Sisyphean effort of third-party apps that tried to modernize email: the more developers attempted to reinvent it, the more antiquated standards, platform limitations, and economic realities kept dragging them down. I’ve seen email clients for iOS rise and fall (and be abandoned); I’ve tried many apps that promised to bring email in the modern age of mobile and cloud services but that ultimately just replaced existing problems with new ones. Sparrow. DispatchMailboxCloudMagicOutlook. Each one revolutionary and shortsighted in its own way, always far from the utopia of email reinvention on mobile.

Spark by Readdle, a new email app for iPhone released today, wants to enhance email with intelligence and flexibility. To achieve this, Readdle has built Spark over the past eighteen months on top of three principles: heuristics, integrations, and personalization. By combining smart features with thoughtful design, Readdle is hoping that Spark won’t make you dread your email inbox, knowing that an automated system and customizable integrations will help you process email faster and more enjoyably.

I’ve been using Spark for the past three weeks, and it’s the most versatile email client for iPhone I’ve ever tried. It’s also fundamentally limited and incomplete, with a vision that isn’t fully realized yet but promising potential for the future.

Read the entire review for the full details. Bottom line: Spark is an impressive email client but without companion iPad and OS X applications, it offers an iOS-only, incomplete, imperfect vision, but one that is better than anything else available today.

I continue to play with Spark and will offer some thoughts of my own by the end of the week. So far, I really enjoy what I am seeing but it is missing a major feature I really need because of my workflow.

I aggregate multiple email accounts, to include gmail accounts, and standard imap accounts, to a single fastmail account. Because of this process, I require email aliases so I can send-as any one of the aggregated accounts. Without this capability, it is nearly impossible for me to send email using Spark. I suspect I am not the only person in this situation.

More to come …