Posts Tagged ‘Hack’


Everything you do on your iPhone may be open to NSA snooping thanks to a covert software the agency can install without user’s knowledge. Apparently the app, called Dropout Jeep, can remotely send all of your text messages, contacts and voicemails to the NSA, and can activate your iPhone’s camera or mic for real time surveillance, too.

Security researcher says NSA can spy on your iPhoneSecurity researcher says NSA can spy on your iPhone

In a presentation at the 30th Chaos Communication Congress in Germany, security researcher Jacob Applebaum detailed the NSA’s iPhone spying capabilities. Along with being able to use Dropout Jeep to collect your conversations and contacts, the agency can use cell towers to find your location, and can remotely push new files to user’s iPhones.

The NSA documents Mr. Applebaum referenced say it has a perfect track record for installing Dropout Jeep on targeted iPhones, meaning they have been able to successfully install the software on every iPhone they want. Based on the agency’s success rate and the amount of data they’re able to collect, Mr. Applebaum questions Apple’s involvement.

He said in a presentation at the conference,

I don’t really believe that Apple didn’t help them. I can’t really prove it, but they [the NSA] literally claim that anytime they target an iOS device, that it will succeed for implantation. Either they have a huge collection of exploits that work against Apple products, meaning that they are hoarding information about critical systems that American companies produce and sabotaging them, or Apple sabotaged it themselves. Not sure which one it is. I’d like to believe that since Apple didn’t join the PRISM program until after Steve Jobs died, that maybe it’s just that they write shitty software.

PRISM is an NSA program to gain back door access to company servers so it can gather personal information and user activity without first gaining a court order. Apple has  claimed it doesn’t participate in PRISM, and went so far as to say it hadn’t even heard of the program until it first appeared in the news in June 2013.

In a public statement Apple said, “We do not provide any government agency with direct access to our servers, and any government agency requesting customer content must get a court order.”

Apple has since asked the NSA for better transparency on surveillance, and has said that text messages sent through iMessages are encrypted and that it can’t convert them back to readable text.

Apple has also said that it doesn’t collect data about user activities. If true, that would make a secret back door into the company’s servers less valuable, and would make something lie Dropout Jeep far more useful since it allows the NSA to gather whatever information it wants without directly involving Apple or its servers.

It’s a safe assumption that if the NSA has developed clandestine surveillance malware for the iPhone, it has done the same for other smartphone platforms, too. Android OS, Windows Mobile, and BlackBerry have all likely been targeted with similar malware, too.

A 2008 document that details Dropout Jeep said that in needed to be installed via “close access methods,” but that the agency was working on a way to remotely install the malware. Considering that was five years ago, it’s possible the NSA has moved on to remote installation, which could give the agency the ability to install its monitoring tools on any iPhone anywhere in the world at any time.

 

Balancing the right to privacy with national security is always a tricky act. While the NSA will deny the existence of many surveillance programs regardless of whether or not they actually exist, the number of leaked documents show the agency is involved in collecting massive amounts of personal information without court order or consent, and that means the scales have tipped away from privacy in a big way.

[Thanks to The Daily Dot for the heads up.]

Advertisements

Security researcher Phil discover a Cross-Site Scripting vulnerability exists in the “Chat Message” window in Skype 3.0.1 and earlier versions for iPhone and iPod Touch devices.

Skype uses a locally stored HTML file to display chat messages from other Skype users, but it fails to properly encode the incoming users “Full Name”, allowing an attacker to craft malicious JavaScript code that runs when the victim views the message.

XSS in Skype

To demonstrate the vulnerability, He captured a photo of a simple javascript alert() running within Skype.

Executing arbitrary Javascript code is one thing, but he found that Skype also improperly defines the URI scheme used by the built-in webkit browser for Skype. Usually you will see the scheme set to something like, “about:blank” or “skype-randomtoken”, but in this case it is actually set to “file://”. This gives an attacker access to the users file system, and an attacker can access any file that the application itself would be able to access.

File system access is partially mitigated by the iOS Application sandbox that Apple has implemented, preventing an attacker from accessing certain sensitive files. However, every iOS application has access to the users AddressBook, and Skype is no exception.

He also created a proof of concept injection and attack that shows that a users AddressBook can indeed be stolen from an iPhone or iPod touch with this vulnerability.

To further demonstrate the issue, he had recorded a video of this scenario.

Please see the video & use the comments section on his blog for your questions.

Skype Attack Message

Skype Attack Loading

Update
In case anyone is wondering, Phill disclosed the vulnerability to Skype on 8/24 & been told an update would be released early this August but no update yet.


Security blog Defense in Depth has found a glaring security flaw in OS X Lion that enables hackers to change the password of any user on a machine running Lion. “[While] non-root users are unable to access the shadow files directly, Lion actually provides non-root users the ability to still view password hash data,” Patrick Dunstan from Defense in Depth explained in a recent blog post. The result is that anyone could use a simple Python script, created by Dunstan himself, to discover a user’s password. It gets worse. Reportedly, OS X Lion does not require its users to enter a password to change the login credentials of the current user.

That means typing the command:

dscl localhost -passwd /Search/Users/CoreBuilder

will actually prompt you to set a new password for CoreBuilder. As CNET points out, a hacker could only take advantage of the known bug if he or she has local access to the computer and Directory Service access.

CNET suggests disabling automatic log-in, enabling sleep and screensaver passwords and disabling guest accounts as some preventative measures to keep your Mac secure.

[Via CNET]