Hackers Infest iOS Devices With Zero Day Attacks For Over Two Years

Coming from two sites sent over by Kilo, hackers have successfully attacked iOS devices, including the iPhone, with zeroday attacks compromising login credentials, photos, and other personal data. This is a topic covered extensively with a plan to circumvent the data collection methods in the Privacy, Security and Anonymity (PSA) Course. From arstechnia.com:

The attackers could get a listing of all installed apps on an infected device and make an ad-hoc request to download container directories for any specific apps that weren’t on the list. The attackers could also issue an “allapp” command that would download the container directories for all apps on the device. The malware checked an attacker-controlled server every 60 seconds for commands.

The implant also sent attackers a complete copy of the iOS keychain. The keychain contains a large amount of highly sensitive data, including credentials and certificates used to log into services such as Gmail, Facebook, and countless other services and SSIDs and passwords for all saved Wi-Fi access points. The keychain also contains long-lived tokens used by services such as Google’s iOS Single-Sign-On to enable Google apps to access the user’s account. By uploading this data, the attackers could maintain access to the user’s Google account even once the implant is no longer running.

As noted earlier, the installed implant binary doesn’t survive a reboot, meaning a device will be disinfected as soon as its restarted. It’s not clear if the lack of persistence was intentional or the result of developer limitations. In either case, iPhones can go weeks or longer without being rebooted. By that point, the data obtained likely gave attackers other means to continue surveilling targets of interest.

And from Gizmodo:

“Real users make risk decisions based on the public perception of the security of these devices,” Beers wrote. “The reality remains that security protections will never eliminate the risk of attack if you’re being targeted.”

“To be targeted might mean simply being born in a certain geographic region or being part of a certain ethnic group,” he said. “All that users can do is be conscious of the fact that mass exploitation still exists and behave accordingly; treating their mobile devices as both integral to their modern lives, yet also as devices which when compromised, can upload their every action into a database to potentially be used against them.”

Many, especially some I’ve known who claim to be security ‘experts’ continue a large number of these bad practices such as being attached at the hip to their phones or playing non-stop on social media while telling folks otherwise. As a rule I do not log into any account from a phone, nor do much of anything else aside from critical tasks. Its important to understand that these not just leave you vulnerable but are actively data mining everything about you. And if you thought the idea of ‘red flag’ laws were bad before, just wait until the data mine can pre-predicts your moves…your political affiliations…and your beliefs.

Science fiction is now science fact. 

 

Spread the love
                

Share This Story, Choose Your Platform!

About the Author: admin

5 Comments

  1. brunop September 3, 2019 at 14:03

    I was trying to leave a 4.5 review, and it ‘took’ at 2.5… I’ve been trying to fix for 10 minutes and am giving up. Good article. Thanks for the reminder.

    • NC Scout September 3, 2019 at 20:29

      Thanks Brother.

  2. Bryce Sharper September 3, 2019 at 16:37

    I suspect IoT was invented as a way of selling more WLAN chipsets. THe consumer has never asked for a toaster connected to the internet. There is no useful application of IoT technology other than an advanced form of industrial manufacturing control, which already existed.

  3. Anonymous September 4, 2019 at 08:15

    5

  4. Kilo September 4, 2019 at 21:01

    The plot thickens.

    With google, you never get the whole story, especially when it brings then into negative light.

    So, yes, iPhones were targeted, but so were google android devices as well as microsoft devices. Yes, I do know rules for capitalization, but that is only for proper nouns that deserve respect, IMO.

    So, here is a bit more of the story which may still not be complete, but is much more complete than google originally released.

    https://www.techspot.com/news/81698-iphone-hacking-websites-also-targeted-google-windows-devices.html

    https://www.forbes.com/sites/thomasbrewster/2019/09/01/iphone-hackers-caught-by-google-also-targeted-android-and-microsoft-windows-say-sources/#4e2b8acc4adf

    -K

Comments are closed.

GUNS N GEAR

Categories

Archives

Spread the love