Apple Zero-Days Mark A New Era Of Mobile Hacking

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
But....but...iPhones are invulnerable to these types of attacks. How can this be? All joking aside, three zero-days chained together to form a one-click jailbreak is just craziness. :eek:

On August 12, a week after Krstic’s announcement, Apple’s fears about an unknown vulnerability came true. Ahmed Mansoor, an activist based in the United Arab Emirates, showed strange text messages he’d received to the human rights and technology organization Citizen Lab. The text messages contained a suspicious link, and analysis by Citizen Lab and the security firm Lookout determined that the link delivered a highly sophisticated packet of three zero-days that could take total control of Mansoor’s phone and spy on his calls, emails, text messages and contact lists.
 
I wonder how much the UAE paid for that attack..only be be foiled by a user who wasn't blindly clicking on things in his e-mail.
 
Russia propaganda sites are claiming it was the Israelis attempting to hack his iPhone, and that makes sense on opposite day. Is today opposite day?
 
New headline: Apple fixes security flaw in days. Includes patches for devices that are over 5 years old in simultaneous worldwide release across all carriers.
 
Ocellaris said:
New headline: Apple fixes security flaw in days. Includes patches for devices that are over 5 years old in simultaneous worldwide release across all carriers.
Click to expand...

Exactly this. Good luck getting your 18 month old Android patched this comprehensively or quickly.
 
Ouch another tough one to handle. I mean pressing accept on the install button and then having to agree to the terms was a bit much.
 
This really is the big advantage to IOS right now... They have proven their ability to get fixes out quickly to millions of devices in a very rapid manner, even very old devices.

Keeping an android device longer than 2-3 years guarantees you won't see updates to correct similar vulnerabilities, uNess gogle is able to detect aND block know atracks (I forget what this mechanism was call ed unfortunayely bUT iTS separate from the OS path level,).

I still can't help but love my Samsung Note devices though... I really would like to read good research (and not the uneducated fan boy journalism I keep seeing) on this topic because this is most certainly be coming as relevant as security on the PC, if not more so because there is a ton of data readily available with APIs that can be called to grab it easily, plus always on data connections and power...
 
Canon said:
This really is the big advantage to IOS right now... They have proven their ability to get fixes out quickly to millions of devices in a very rapid manner, even very old devices.
Click to expand...
I agree that Apple can patch a greater percentage of devices in use than Android makers can, but Apple does drop iOS support for older devices after about 3-4 years. I'd use "old" instead of "very old" to describe devices that get fixes. Users will have to upgrade to a newer version of iOS, if possible, to continue to get updates during that period once the older version becomes unsupported. It's still kind of a mess.
 
pxc said:
I agree that Apple can patch a greater percentage of devices in use than Android makers can, but Apple does drop iOS support for older devices after about 3-4 years. I'd use "old" instead of "very old" to describe devices that get fixes. Users will have to upgrade to a newer version of iOS, if possible, to continue to get updates during that period once the older version becomes unsupported. It's still kind of a mess.
Click to expand...

iPad 2s got this update and they launched in March 2011. The most recent device to not get the update appears to be the iPhone 4 which is pretty much a stone tablet at this point.
 
Wow, my sense of time is out of whack. I should have put 5-6 years instead of 3-4 year, which is a very reasonable period to support new verions of iOS on it. I still think 2011 is closer to old than very old when describing a device's age.
 
pxc said:
Russia propaganda sites are claiming it was the Israelis attempting to hack his iPhone, and that makes sense on opposite day. Is today opposite day?
Click to expand...
2 different security research firms said it was form a specific Israeli company that specializes in getting access to devices to governments.
 
nilepez said:
2 different security research firms said it was form a specific Israeli company that specializes in getting access to devices to governments.
Click to expand...
That's a bit different. One of the exploits is sold in the Pegasus product from NSO group, which is not the same as who the propaganda sites are saying are behind the attack. It's probably more useful to look at his enemies than the government of Israel unless there's some possible reason for the government to hack him.
 
pxc said:
That's a bit different. One of the exploits is sold in the Pegasus product from NSO group, which is not the same as who the propaganda sites are saying are behind the attack. It's probably more useful to look at his enemies than the government of Israel unless there's some possible reason for the government to hack him.
Click to expand...


The man who was targeted, Ahmed Mansoor (from the original article), is an outspoken activist against his OWN government in the UAE. Very likely someone inside that govt bought the hack from the Israeli security company to target this guy. The UAE govt has deep pockets.
 
Hmm, my iphone is a year old, and I'm like maybe 6-7 updates in? Many available 24-48 hours after an article like this.

Zero days happen. Unlike my android phone for work that was vulnerable at day zero, and is STILL vulnerable at like day 1200. Because the distribution and installation of critic al security updates is and will continue to be a total shitshow in that ecosystem.
 
You must log in or register to reply here.
Back
Top