Team claims $1 million bounty for remotely jailbreaking iOS 9.1 & 9.2

124»

Comments

  • Reply 61 of 78
    gatorguygatorguy Posts: 24,176member

    Yeah...terrible. Notice figure 3. Notice the first name that is NOT in english. Chinese app.

     XcodeGhost apps are isolated to themselves. They don't hijack phones, don't snoop on other apps since iOS prevents that tight interaction. The only data those apps can get is what they can obtain from accessible iOS APIs (phone number) and what they gather from the user directly. So, if user thinks that it is okay if PhotoScanner Lt app suddenly asks for a password or credit card info, then I have no comment on that.
    Then it's not any more problem than many of the supposed Android exploits you mention? Then why did you imply that Android lapses that also require the user "think its OK" are an issue? Those are the only ones that have appeared in the wild AFAIK.
  • Reply 62 of 78
    Quote:

    Originally Posted by Gatorguy View Post





    Despite Apple's efforts XCode Ghost is still alive and kicking and now found here in the US too so no longer a China only issue

    Not really - notice on Figure 2 what is the largest industry that gets the most (65%) of those attempts to connect with XCodeGhost control servers - EDUCATION.

    Also notice apps that occupy 1-4 places in Figure 3. They are all used by Chinese people and the number of attempts from those 4 comprises 95+% of all attempts.

    In other words, those who use those apps are Chinese STUDENTS!

  • Reply 63 of 78
    gatorguygatorguy Posts: 24,176member
    Not really - notice on Figure 2 what is the largest industry that gets the most (65%) of those attempts to connect with XCodeGhost control servers - EDUCATION.

    Also notice apps that occupy 1-4 places in Figure 3. They are all used by Chinese people and the number of attempts from those 4 comprises 95+% of all attempts.

    In other words, those who use those apps are Chinese STUDENTS!
    Why would Apple care about Chinese users. Good point. Stuff like that sure couldn't happen to owners here in the good ol' US of A huh? Ignore the guy who discovered it saying "XcodeGhost has entered into U.S. enterprises and is a persistent security risk". He doesn't know what he's talking about.
  • Reply 64 of 78
    Quote:

    Originally Posted by Gatorguy View Post





    Then it's not any more problem than many of the supposed Android exploits you mention?



    No. For example couple of my friends got their Android phones hijacked by the app pretending to ask her "legitimately" to enter credit card info, while blocking any attempts to use a phone or call someone. They didn't have root access not did they enabled 3-party app launching. They didn't download any 3rd party apps nor they attempted to install it. However that was a successful attempt to infect devices...obviously.





     

  • Reply 65 of 78
    Quote:
    Originally Posted by Gatorguy View Post





    Why would Apple care about Chinese users. Good point.



    [sarcasm ON] Yes, of course Apple doesn't care about its slaves! Slaves should work on Apple Chinese factories and make money for Apple instead of using those devices [sarcasm OFF]



    The point was - those apps are still active because it is a special case of China and the way everything Internet related is handled there. 


    One more point is that - China is a champion in using Jailbroken iOS devices for which Apple shouldn't and will not guarantee anything, since it is not Apple iOS strictly speaking.

     

  • Reply 66 of 78
    gatorguygatorguy Posts: 24,176member

    No. For example couple of my friends got their Android phones hijacked by the app pretending to ask her "legitimately" to enter credit card info, while blocking any attempts to use a phone or call someone. They didn't have root access not did they enabled 3-party app launching. They didn't download any 3rd party apps nor they attempted to install it. However that was a successful attempt to infect devices...obviously.



     
    Seriously, no apps other than Google's own? That's really hard to believe. Really hard. And two different friends? Wow, just their luck. . . . What are the chances? :rolleyes:

    Where do your "friends" reside? Could it be China or Russia? Nearly all "Android malware" exists in just those two places. Not all that different from most iOS malware reported so far residing in China, which based on your generally dismissive comments is not a problem.

    Look, if someone complains about something and wants to have a serious logical discussion about it I would expect intellectual honesty from all parties. Otherwise it's simply a bashfest with little interest in truth or facts. Why bother if that's the case?

    Not saying you sir are necessarily doing that but you do seem to consider "malware" on one platform (and generally isolated to a particular region) to be inexcusable while "malware" on another (and generally isolated to a particular region too) is different somehow and no big deal.
  • Reply 67 of 78
    Quote:
    Originally Posted by Gatorguy View Post



    Not saying you sir are necessarily doing that but you do seem to consider "malware" on one platform (and generally isolated to a particular region) to be inexcusable while "malware" on another (and generally isolated to a particular region too) is different somehow and no big deal.

    No, I simply pointed out hypocrisy! When stagefright I(not limited to China) happened, no one gave a frying flak about that. When developers in China by using non-genuine Xcode managed to get potentially nasty stuff into their apps, it was labelled as "major App Store hack/breach" even though that was not a breach.



    That reminds me of bendgate. When iPhone6 Plus bending (at 90 lbs) was discovered 1 year ago - fandroids were jumping out of their pants saying that Apple did shitty engineering.

    However when the same shit happened to Samsung several months ago and to HTC , no one gave f+ck again. Fandroids somehow forgot about "shitty and cheap engineering".



    And right now, you are trying to downplay stagefright problem. Fine. Name me at least several case of Xcode Ghost problem bring non-jailbroken phones down. And after you manage that (which you will not, since there are none) I can say that those were just ...how you put that..."What are the chances? 1rolleyes.gif".



    Also, I didn't say anything about Google apps - you pulled that from thin air. I mentioned only that their phones were Android OS based. 

    Honest discussion, he says....

     

  • Reply 68 of 78
    gatorguygatorguy Posts: 24,176member
    No, I simply pointed out hypocrisy! When stagefright I(not limited to China) happened, no one gave a frying flak about that. When developers in China by using non-genuine Xcode managed to get potentially nasty stuff into their apps, it was labelled as "major App Store hack/breach" even though that was not a breach.


    That reminds me of bendgate. When iPhone6 Plus bending (at 90 lbs) was discovered 1 year ago - fandroids were jumping out of their pants saying that Apple did shitty engineering.

    However when the same shit happened to Samsung several months ago and to HTC , no one gave f+ck again. Fandroids somehow forgot about "shitty and cheap engineering".


    And right now, you are trying to downplay stagefright problem. Fine. Name me at least several case of Xcode Ghost problem bring non-jailbroken phones down.

     
    Name me several cases of Stagefright bringing Android phones down. Stagefright exploits have never appeared in the wild AFAIK. NO devices have been "taken down" by it that I recall reading about. Feel free to link proof of it doing so if you can find one tho.

    It doesn't mean everything is hunky-dory because it isn't. At the same time there's a whole lotta proof-of-concept attack vectors out there, including those for Apple devices, that never result in real-world damage. The whole "Android malware" problem is more smoke and mirrors than fire IMHO.

    Also, I didn't say anything about Google apps - you pulled that from thin air. I mentioned only that their phones were Android OS based. 

    Honest discussion, he says....

     
    Of course you did. It's right there, linked right above my response to you. No third party apps was what you said. No biggie if that's not what you intended to say, but that's what you wrote. Here it is again.

    No. For example couple of my friends got their Android phones hijacked by the app pretending to ask her "legitimately" to enter credit card info, while blocking any attempts to use a phone or call someone. They didn't have root access not did they enabled 3-party app launching. They didn't download any 3rd party apps nor they attempted to install it. However that was a successful attempt to infect devices...obviously.



     
  • Reply 69 of 78
    dasanman69dasanman69 Posts: 13,002member
    gatorguy wrote: »
    Then it's not any more problem than many of the supposed Android exploits you mention?


    No. For example couple of my friends got their Android phones hijacked by the app pretending to ask her "legitimately" to enter credit card info, while blocking any attempts to use a phone or call someone. They didn't have root access not did they enabled 3-party app launching. They didn't download any 3rd party apps nor they attempted to install it. However that was a successful attempt to infect devices...obviously.

    You're seriously going to use anecdotal evidence to prove your point?
  • Reply 70 of 78
    Quote:

    Originally Posted by dasanman69 View Post





    You're seriously going to use anecdotal evidence to prove your point?



    to support the claim that there is a working virus that does that is enough. 

    Anecdotal evidence to the claim that there are green leaves in the forest is enough - two leaves is enough to prove the point of them existing.

  • Reply 71 of 78
    dasanman69dasanman69 Posts: 13,002member
    dasanman69 wrote: »
    You're seriously going to use anecdotal evidence to prove your point?


    to support the claim that there is a working virus that does that is enough. 

    Anecdotal evidence to the claim that there are green leaves in the forest is enough - two leaves is enough to prove the point of them existing.

    It's unprovable. Are we to just take your word for it?
  • Reply 72 of 78
    Originally Posted by AppleInsider View Post


     

    I’m more impressed that they apparently hacked the individual pixels to display multiple colors.

  • Reply 73 of 78
    Quote:

    Originally Posted by dasanman69 View Post





    It's unprovable. Are we to just take your word for it?



    Well, you apparently have no problem of that sort when reading reports from various security firms.

  • Reply 74 of 78
    Quote:

    Originally Posted by tenly View Post





    What makes you think it's impossible? Just because it hasn't been done yet? it *has* in fact been done - many times in many different types of software. Or did you mean to limit your comments to Operating Systems? They are certainly a lot more complex than other types of software - but there is nothing inherently unique about them that would make it *impossible* to secure them.



    I suspect that your only evidence is going to be the statement that "if it were possible, somebody would already have done it". LOL! Do us a favour and please don't try to use such ridiculous logic on us.



    It's (obviously) very, very difficult to do - but that certainly doesn't mean that it's impossible. "Very difficult" does not mean "impossible". One day we'll have it - and the next we won't - because new software is being written all the time - and some of it is sloppy and will introduce new bugs into previously bug-free code.



    There is plenty of software out there that is currently bug free and secure. To my knowledge there aren't any OS platforms that are currently "bug free and FULLY secure" - but again - that doesn't mean it's impossible.



    The simpler the program, the easier it is to create something bug free and secure.



    Impossible means "not able to occur, exist or be done".



    So - enlighten us all with your wisdom....what is it that you think makes it completely *not possible* to create a bug free and secure OS platform (remembering that *unlikely*, *difficult* and *hasnt been done yet* do nothing to prove that it's actually *impossible*!

     

     

    So you fabricate what you think my position is and argue against that? Even to the point of predicting my responses? Pathetic.

  • Reply 75 of 78
    solipsismysolipsismy Posts: 5,099member
    I’m more impressed that they apparently hacked the individual pixels to display multiple colors.

    If you think that's good, check out this "virus" hidden within an individual pixel.

    1000
  • Reply 76 of 78
    Originally Posted by SolipsismY View Post

    If you think that's good, check out this "virus" hidden within an individual pixel.

     

    Now I have to go watch more CSI/NCIS/whatever montages of terrible computing talk.

  • Reply 77 of 78
    gatorguygatorguy Posts: 24,176member
    So how much is Zerodium paying for exploits targeting our computing devices? Quite a lot.

    [IMG ALT=""]http://forums.appleinsider.com/content/type/61/id/65452/width/500/height/1000[/IMG]

    So to completely take over your computer thru your Safari browser? Your friendly neighborhood hacker can pocket up to $50K. Attacking your Chrome browser? That's a bit tougher to do and might be worth $80K.

    We all know mobile OS's are tougher to break, but still doable. Hacker selling an exploit for Android or WinMo can get maybe $100K. Then of course there's iOS where Zerodium might be willing to pay out upwards of $500K. That $1M bounty the AI article writes about was a one-time offer apparently intended for PR. It served it's purpose obviously as every hacker looking for a payday and every private firm, corporate entity and government agency with a vested interest in monitoring some segment of computer users now knows who to call.
Sign In or Register to comment.