I think Apple should be very circumspect about dealing with any Israeli company in any capacity. An Israeli company was behind a very serious industrial espionage breach of trust involving Samsung involving the theft of very valuable extensive details about their OLED manufacturing technology.
I think Apple should be very circumspect about dealing with any Israeli company in any capacity. An Israeli company was behind a very serious industrial espionage breach of trust involving Samsung involving the theft of very valuable extensive details about their OLED manufacturing technology.
That statement is problematic on a number of levels for obvious reasons.
And Apple's TouchID tech comes from an Israeli company they acquired.
I think Apple should be very circumspect about dealing with any Israeli company in any capacity. An Israeli company was behind a very serious industrial espionage breach of trust involving Samsung involving the theft of very valuable extensive details about their OLED manufacturing technology.
This is quite interesting. It suggests the possibility of serious industrial espionage with respect to Apple also.
It may be the reason that NSO was able find 3 major zero day exploits in iOS.
I still have an old Wallstreet PowerBook that runs Mac OS 9.2.2 that I can pull out of the closet. I may have to do just that if these kinds of attacks become common.
The JailbreakMe was just a jailbreak, and had to be executed willingly by the user, and wasn't silent.
I don't understand what point you're trying to make.
It worked by exploiting flaws down to the kernel, right? And it could have been used by the creator for nefarious purposes if they had chosen that route, like sending it as an SMS for someone to open, right? And the Cydia store that was installed had an installation that would fix the PDF exploit, to protect that user from any nefarious access with their exploit, right? So if you could access iOS 1.x–4.x, well before the device was encrypted, why are you suggesting it was impossible for JailbreakMe to steal data?
The Verge is wrong. It isn't the first web-actuated Jailbreak, as you pointed out. It wasn't impossible for JailbreakMe to steal data, it just wasn't a "one stop shop" to do so, like this attack is.
The israeli Company sells to many actors, and what's considered "high profile target" is very much up to interpretation.
The most worrisome aspect is this here: "Successive updates to the devices afflicted by the malware appear to have no effect on existing malware installations."
If I don't read that the wrong way: once infected, OS updates won't fix anything. In other words, you might have installed thus backdoor ages ago when devices were easier to exploit, and thus such software wasn't targeted only at high value targets, and you've been happily updating your iOS ever since, but you're still hacked?!?!
These things are why root level access for users must be possible: you can't run diagnostic software or monitor network traffic for suspicious activity without it. If iOS is breached, or if Apple is forced to compromise the system, or if an Apple employee manages to get a hidden backdoor in there which he sells on the black market: you have no way of knowing or checking.
If you read the article, it seems that a phone that has already been attacked isn't cured by a software update. So, first you have to determine if you've already been hacked and then what ? You throw the phone out and buy a new one?
If you read the article, it seems that a phone that has already been attacked isn't cured by a software update. So, first you have to determine if you've already been hacked and then what ? You throw the phone out and buy a new one?
How about wiping your phone and restoring from a backup. I doubt your device will backup executable code and App Store apps should be pulled from Apple's servers.
I think Apple should be very circumspect about dealing with any Israeli company in any capacity. An Israeli company was behind a very serious industrial espionage breach of trust involving Samsung involving the theft of very valuable extensive details about their OLED manufacturing technology.
This is quite interesting. It suggests the possibility of serious industrial espionage with respect to Apple also.
It may be the reason that NSO was able find 3 major zero day exploits in iOS.
I still have an old Wallstreet PowerBook that runs Mac OS 9.2.2 that I can pull out of the closet. I may have to do just that if these kinds of attacks become common.
From a BBC article on the hack:
Factfile: NSO
Founded in 2010 and has had several different names Based in Herzliya, Israel, and owned by US investment firm Francisco Partners Could be worth $1bn
According to the Surveillance Industry Index (SII), the NSO Group was
founded in 2010 and is based in Herzliya, an attractive city north of
Tel Aviv that is known as being a cluster of tech start-ups. The group
was likely funded by the elite 8200 Intelligence Unit, an Israeli
military-funded scheme for start-ups.
With 700-plus direct employees in Israel, the Herzliya R&D center is
Apple’s second-largest in the world, Apple CEO Tim Cook told local
staff on Thursday. ...
All your secrets are belong to us, to paraphrase an old game.
I love this bit:
Each year, the ministry said, hundreds of Arab
and Druze academics graduate college with relevant tech-industry
degrees — but are unable to find work, despite a plethora of jobs.
The reason for this is not necessarily racism,
said the ministry, but often a culture clash, with Arab and Druze
academics lacking the skills to present themselves at interviews, and
having a marked discomfort with the highly competitive atmosphere in
many companies.
That's Ok then, for a minute there it looked awfully like racism. Funny how someone could manage to get a degree in electrical engineering, which isn't exactly the easiest one to get, but just be mentally incapable of managing a job interview.
Time to review your investment, Tim.
PS: Is it possible to write a custom iOS kernel without having access to the source code for iOS?
PS: Is it possible to write a custom iOS kernel without having access to the source code for iOS?
That depends on what you mean.
Can you alter the kernel within iOS? No. Do you have access to an encrypted version of the kernel used in iOS? Yes. Is the kernel open source? Yes.
The kernel in macOS, iOS, tvOS, and preseumably watchOS are all Darwin Kernel Version 15.6.0, which is another way of stating it's Apple's XNU. For 9.3.5 it appears it was upgraded from build 3248.60.9 in 9.3.4 to 3248.61.1.
I forget if you're required to open source your code if you use BSD.
PS: Is it possible to write a custom iOS kernel without having access to the source code for iOS?
That depends on what you mean.
Can you alter the kernel within iOS? No. Do you have access to an encrypted version of the kernel used in iOS? Yes. Is the kernel open source? Yes.
The kernel in macOS, iOS, tvOS, and preseumably watchOS are all Darwin Kernel Version 15.6.0, which is another way of stating it's Apple's XNU. For 9.3.5 it appears it was upgraded from build 3248.60.9 in 9.3.4 to 3248.61.1.
I forget if you're required to open source your code if you use BSD.
Thanks.
According to an article I read about the hack, one tool 'located the kernel' and another replaces the iOS kernel with a modified version so I was wondering how one would be able to do that. Furthermore, given you say the kernel is encrypted, how would you replace it without having Apple's signing keys?
The first attack exploited a vulnerability in the Safari, fooling the
phone into launching a browser session. The second located the core of
the phone’s operating system, known as the kernel. The third exploit
replaced the kernel, becoming a part of iOS. “Once you become the kernel, at that point you are the phone,”
Can you alter the kernel within iOS? No. Do you have access to an encrypted version of the kernel used in iOS? Yes. Is the kernel open source? Yes.
The kernel in macOS, iOS, tvOS, and preseumably watchOS are all Darwin Kernel Version 15.6.0, which is another way of stating it's Apple's XNU. For 9.3.5 it appears it was upgraded from build 3248.60.9 in 9.3.4 to 3248.61.1.
I forget if you're required to open source your code if you use BSD.
Thanks.
According to an article I read about the hack, one tool 'located the kernel' and another replaces the iOS kernel with a modified version so I was wondering how one would be able to do that. Furthermore, given you say the kernel is encrypted, how would you replace it without having Apple's signing keys?
From what I've read, and could be wrong, the kernel is encrypted, but once it's loaded and running, that's no longer the case. If the exploit found a way to get access to the kernel wouldn't that also mean that all of Apple's OSes are at risk if they use XNU since they've all been synced to the same versions for many years now?
This hack is complex that I wonder if was discovered by a gov't. and how long it's been in the wild. Hopefully someone with programming and computer forensic knowledge will be able to post something more succinct and more clear on the topic.
Speaking of hacks, NOVA did a great episode that covered Stux Net in detail.
Can you alter the kernel within iOS? No. Do you have access to an encrypted version of the kernel used in iOS? Yes. Is the kernel open source? Yes.
The kernel in macOS, iOS, tvOS, and preseumably watchOS are all Darwin Kernel Version 15.6.0, which is another way of stating it's Apple's XNU. For 9.3.5 it appears it was upgraded from build 3248.60.9 in 9.3.4 to 3248.61.1.
I forget if you're required to open source your code if you use BSD.
Thanks.
According to an article I read about the hack, one tool 'located the kernel' and another replaces the iOS kernel with a modified version so I was wondering how one would be able to do that. Furthermore, given you say the kernel is encrypted, how would you replace it without having Apple's signing keys?
From what I've read, and could be wrong, the kernel is encrypted, but once it's loaded and running, that's no longer the case. If the exploit found a way to get access to the kernel wouldn't that also mean that all of Apple's OSes are at risk if they use XNU since they've all been synced to the same versions for many years now?
This hack is complex that I wonder if was discovered by a gov't. and how long it's been in the wild.
Other sources said it had been in use for at least two years.
From what I've read, and could be wrong, the kernel is encrypted, but once it's loaded and running, that's no longer the case. If the exploit found a way to get access to the kernel wouldn't that also mean that all of Apple's OSes are at risk if they use XNU since they've all been synced to the same versions for many years now?
This hack is complex that I wonder if was discovered by a gov't. and how long it's been in the wild.
Other sources said it had been in use for at least two years.
It wouldn't surprise me if it's considerably longer. Like with goto fail, I wonder how long these issues are in the wild being used for good and bad without the public ever being aware that they exist. I even have doubts that goto fail was an accident.
At least when it's brought to light—at least within the media—it can get patched on most current Apple devices right away. Do you know what percentage of Android devices can be protected against Stagefright by updating? I've not seen a number, but I assume it's both low and will take time from many vendors and carriers, providing they do it all.
From what I've read, and could be wrong, the kernel is encrypted, but once it's loaded and running, that's no longer the case. If the exploit found a way to get access to the kernel wouldn't that also mean that all of Apple's OSes are at risk if they use XNU since they've all been synced to the same versions for many years now?
This hack is complex that I wonder if was discovered by a gov't. and how long it's been in the wild.
Other sources said it had been in use for at least two years.
It wouldn't surprise me if it's considerably longer. Like with goto fail, I wonder how long these issues are in the wild being used for good and bad without the public ever being aware that they exist. I even have doubts that goto fail was an accident.
At least when it's brought to light—at least within the media—it can get patched on most current Apple devices right away. Do you know what percentage of Android devices can be protected against Stagefright by updating? I've not seen a number, but I assume it's both low and will take time from many vendors and carriers, providing they do it all.
Somewhere between 70% and 90% of active Google Android devices have been patched for those two original rounds of "Stagefright" exploits reported last year according to security researchers. Because of certain steps that Google began a couple years back there's now ways of mitigating and/or completely closing some of those security holes without cooperation of carriers and OEM's. But as there's seemingly a constant barrage of newly discovered ways for bad guys to attack our smart devices there's certainly a number of others that leave Android users potentially exposed to malware, and there will be more in the future. A 3rd version of the "Stagefright" type of malware reported earlier this year still applies to nearly half of current Android devices. There's no doubt models out there that can't or won't be patched when security issues are identified. Everyone knows that. No OS is without flaws and as widespread as Android is, driving upwards of 85% of all smartphones IIRC, you can bet it's the biggest target. Heck, I'd imagine there's probably a couple of dozen exploitable holes that security guys know about. Who knows how many haven't yet been discovered.
With that said reports of actual "in the wild" use of those exploits targeting our mobile devices is exceedingly sparse so far. In fact sparse is an understatement IMHO. Most of these require a perfect storm of several exploits chained together and then needing users to actually allow malicious code to run thru social engineered trickery. The "potential" of even the supposedly worst of them just hasn't been realized. Apparently it's a lot harder for evil-doers to access our smartphones than the fear-filled media articles imply. Lots of sizzle, not much meat.
If you read the article, it seems that a phone that has already been attacked isn't cured by a software update. So, first you have to determine if you've already been hacked and then what ? You throw the phone out and buy a new one?
How about wiping your phone and restoring from a backup. I doubt your device will backup executable code and App Store apps should be pulled from Apple's servers.
we have no way of knowing if that will work without advise from Apple. My phone backs up daily. Which backup do I use? How do I know which one is "clean"?
Comments
And Apple's TouchID tech comes from an Israeli company they acquired.
It may be the reason that NSO was able find 3 major zero day exploits in iOS.
I still have an old Wallstreet PowerBook that runs Mac OS 9.2.2 that I can pull out of the closet. I may have to do just that if these kinds of attacks become common.
The Verge is wrong. It isn't the first web-actuated Jailbreak, as you pointed out. It wasn't impossible for JailbreakMe to steal data, it just wasn't a "one stop shop" to do so, like this attack is.
The most worrisome aspect is this here:
"Successive updates to the devices afflicted by the malware appear to have no effect on existing malware installations."
If I don't read that the wrong way: once infected, OS updates won't fix anything.
In other words, you might have installed thus backdoor ages ago when devices were easier to exploit, and thus such software wasn't targeted only at high value targets, and you've been happily updating your iOS ever since, but you're still hacked?!?!
These things are why root level access for users must be possible: you can't run diagnostic software or monitor network traffic for suspicious activity without it. If iOS is breached, or if Apple is forced to compromise the system, or if an Apple employee manages to get a hidden backdoor in there which he sells on the black market: you have no way of knowing or checking.
http://www.bbc.com/news/technology-37192670
And look what else is located in Herzliya:
All your secrets are belong to us, to paraphrase an old game.I love this bit:
http://www.timesofisrael.com/apples-herzliya-rd-center-now-second-largest-in-world/
That's Ok then, for a minute there it looked awfully like racism. Funny how someone could manage to get a degree in electrical engineering, which isn't exactly the easiest one to get, but just be mentally incapable of managing a job interview.
Time to review your investment, Tim.
PS: Is it possible to write a custom iOS kernel without having access to the source code for iOS?
Can you alter the kernel within iOS? No.
Do you have access to an encrypted version of the kernel used in iOS? Yes.
Is the kernel open source? Yes.
The kernel in macOS, iOS, tvOS, and preseumably watchOS are all Darwin Kernel Version 15.6.0, which is another way of stating it's Apple's XNU. For 9.3.5 it appears it was upgraded from build 3248.60.9 in 9.3.4 to 3248.61.1.
I forget if you're required to open source your code if you use BSD.
According to an article I read about the hack, one tool 'located the kernel' and another replaces the iOS kernel with a modified version so I was wondering how one would be able to do that. Furthermore, given you say the kernel is encrypted, how would you replace it without having Apple's signing keys?
https://www.theguardian.com/technology/2016/aug/25/apple-ios-update-arab-activists-iphone-spyware
This hack is complex that I wonder if was discovered by a gov't. and how long it's been in the wild. Hopefully someone with programming and computer forensic knowledge will be able to post something more succinct and more clear on the topic.
Speaking of hacks, NOVA did a great episode that covered Stux Net in detail.
At least when it's brought to light—at least within the media—it can get patched on most current Apple devices right away. Do you know what percentage of Android devices can be protected against Stagefright by updating? I've not seen a number, but I assume it's both low and will take time from many vendors and carriers, providing they do it all.
With that said reports of actual "in the wild" use of those exploits targeting our mobile devices is exceedingly sparse so far. In fact sparse is an understatement IMHO. Most of these require a perfect storm of several exploits chained together and then needing users to actually allow malicious code to run thru social engineered trickery. The "potential" of even the supposedly worst of them just hasn't been realized. Apparently it's a lot harder for evil-doers to access our smartphones than the fear-filled media articles imply. Lots of sizzle, not much meat.