By Jeff Benjamin on Mar 23, 2015
Well-known iOS jailbreak developer and hacker Majd Alfhaily was intrigued when read about MDSec’s black box hardware brute force for iOS devices. The tool, which runs over a USB connection, tries every possible passcode combination in an attempt to unlock an iPhone secured with a simple passcode.
The downside of such a tool, is that each PIN entry takes approximately 40 seconds, so it could take more than 110 hours to brute force an iPhone. Majd, being the curious person that he is, devised a way to do it in a fraction of the time using only software. The only caveat, if you even want to call it that given what it does, is that the device must be able to run unsigned code, i.e., the device must be jailbroken. Read More
By Cody Lee on Mar 18, 2015
A new device is causing commotion around the interwebs today, that has the ability to unlock PIN-protected iOS devices. The tool, first spotlighted by security firm MDSec, is being used in the phone repair markets to brute-force iPhone and iPad Lock screens.
According to MDSec, these ‘IP Boxes’ are about the size of an Apple TV, and you can acquire one for around $300. It works by simulating the PIN entry on a device over a USB connection, and is able to sequentially bruteforce every possible PIN combination. Read More
By Cody Lee on Sep 1, 2014
After nearly 24 hours of silence, Apple has finally commented on the alleged iCloud hack that led to a massive leak yesterday of nude celebrity photos. The Cupertino-based company says that it is aware of the reports and is “actively investigating” the claim.
“We take user privacy very seriously and are actively investigating this report,” Apple spokeswoman Natalie Kerris told Recode in a statement. She did not, however, provide any additional details on the attack, or if iCloud was even the source of the photos. Read More
By Cody Lee on Aug 31, 2014
Twitter, Reddit and several other social networks are blowing up this evening with talk of a major nude celebrity photo leak. The trove first appeared on 4chan’s /b/ thread earlier today, and it includes Academy Award winner Jennifer Lawrence and several others.
The pictures were allegedly retrieved through a vulnerability in Apple’s iCloud service, which allowed the celebrities’ phones to be hacked. Thus far, no one has confirmed that iCloud was actually breached, and few details are known about the attack, or the attacker. Read More
By Sébastien Page on Jul 18, 2014
BigBoss, one of the default repositories for jailbreak tweaks in Cydia, has allegedly been hacked by an individual or a group of individuals whose identity is still unknown.
The attackers were apparently able to gain access to all packages (paid and free) that are available in the BigBoss repo, and made the deb index and database available for download. The assailants went as far as creating a new repo which can be added to Cydia to download all BigBoss-hosted tweaks.
As is always the case when this type of security breach happens, jailbreak users should be cautious and stay away from this. Read More
By Christian Zibreg on Jun 20, 2014
Yesterday, I told you about Yo, a ridiculous new messaging app which lets people exchange two-character “Yo” messages. Some like Stephen Colbert have eviscerated Yo for being utterly useless and plain dumb while others point out the fact that it’s received more than $1 million in VC-backed funding as a proof that the mobile messaging space is booming with innovation.
Be that as it may, turns out the controversial software poses something of a security risk as a pair of college students have found a vulnerability allowing them to compromise any Yo user’s phone number, spam them with unsolicited messages and more.
Yo founder Or Arbel has confirmed that the app was “having security issues” and has promised to deliver a fix “in next few hours”… Read More
By Cody Lee on May 28, 2014
On Monday, a number of iOS and Mac users came forward with complaints that their devices had been remotely locked by hackers. In most of the cases, a message appeared via Find My iPhone on the locked devices, demanding payment for the hack to be reversed.
As far as we can tell, the attacks have been concentrated on Mac and iOS products in Australia. And among the various theories of how the hackers were able to set a remote lock has been the fear that iCloud was breached. But Apple says it hasn’t been compromised… Read More
By Joe Rossignol on May 27, 2014
A growing number of iPhone, iPad and Mac users in Australia are turning to the Apple Support Communities and Twitter to report incidents of their device being remotely locked through iCloud. In some cases, a fraudulent message appears through the Find my iPhone service demanding payment between $50 and $100 to someone named Oleg Pliss for the device to be unlocked… Read More
By Cody Lee on May 21, 2014
Two hackers have created a tool that they claim can bypass Apple’s ‘Activation Lock.’ It’s called ‘doulCi, and it uses a man-in-the-middle attack to intercept users’ Apple ID credentials as well as unlock devices disabled by the highly-lauded security feature.
The hack utilizes a vulnerability in iTunes for Windows that has to do with verifying security certificates. And apparently, all you have to do to get it to work is plug in the device to a computer, and alter a file, directing it to an alternate server instead of iCloud… Read More
By Cody Lee on Mar 26, 2014
Folks who updated to iOS 7.1 earlier this month may be interested in this newly-discovered glitch that allows you to hide stock iOS apps. It’s very similar to last year’s Newsstand glitch, in that it involves a multi-step process and doesn’t [obviously] require a jailbreak.
The glitch is present on both iPhones and iPads, and is relatively easy to exploit. All you have to do, essentially, is create a folder full of apps you wish to hide, drop it in another folder, and then remove it. Interested? Keep reading for a full step-by-step video tutorial… Read More
By Cody Lee on Mar 26, 2014
Folks with an iPhone on T-Mobile might be interested to hear that there’s a new hacked carrier update available that promises a number of enhancements. It was created by the same folks who brought us that slew of carrier update hacks for Sprint, Verizon and AT&T iPhone models last summer.
This time around, the developers say that the modded update includes a variety of things like boosted data speeds and signal reception (depending on your location). It also adds several native T-Mobile features to your iPhone like the ability to view account balance, texts sent and other usage info… Read More
By Cody Lee on Mar 25, 2014
This is pretty interesting. Hacker winocm has posted a new video of his iPad triple-booting into multiple versions of iOS. The clip shows his hacked tablet booting up and running in iOS 5.1, and then its ability to quickly switch to iOS 6.1.3 and iOS 7.0.6.
Winocm has made quite the name for himself around the jailbreak community as both a hacker and a tinkerer. Last week he posted a video of his jailbroken (untethered) iPhone 4 running iOS 7.1, and don’t forget he helped iH8sn0w create p0sixspwn… Read More
By Cody Lee on Mar 15, 2014
Google held its Pwnium 4 security competition last week at CanSecWest in Vancouver, Canada. The day-long event ended with hundreds of thousands of dollars being awarded to hackers who demonstrated exploits in Google Chrome. And believe it or not, $150,000 of that went to Geohot.
For those not familiar with the name, Geohot has picked up a number of headlines over the past 7 years. After hacking the iPhone he took his talents to the PS3, where he caused enough chaos to get sued by Sony. And he’s since been spotted at Facebook, iOSDevCamp and various other places… Read More
By Cody Lee on Dec 29, 2013
Although Apple is one of the best handset-makers around when it comes to supporting older devices, it does have a cutoff point. And for iOS 7, that cutoff point was the iPhone 4, meaning you can not install the new firmware on devices older than that.
But never fear! If you happen to be running an older device, you can still get the look and feel of iOS 7 thanks to Whited00r 7. The modded firmware includes an iOS 7-style UI with card multitasking, Control Center, push notifications, and much more… Read More
By Cody Lee on Dec 18, 2013
Hackers have long had the ability to infiltrate a person’s personal computer, and enable their webcam without their knowledge. We’ve been hearing horror stories about this for years, where users were covertly spied on through their PC’s camera.
But Mac owners have always been led to believe that this can’t happen with the iSight camera, because it’s designed to always illuminate the adjacent green light every time it’s active. Researchers have found a way, though, to get around this behavior… Read More
By Cody Lee on Nov 24, 2013
Winocm, the developer leading the work on the iOS 6.1.3/4 jailbreak, has managed to port iOS to a non-Apple device. The photo you see above is the iOS core, known as the “XNU Kernel,” running on a Nokia N900 smartphone.
The port is extremely primitive, as it doesn’t include any of iOS’s or OS X’s user-interface elements and cannot be run as a useable operating system. But it does signal a major development for the ongoing open source project… Read More
By Jeff Benjamin on Sep 27, 2013
Once again, another Lock screen vulnerability has reared its ugly head, this one right on the heels of Apple’s 7.0.2 update to fix another vulnerability.
Dany Lisiansky has posted the steps on a YouTube video he recently uploaded, and we’ve verified that the steps, albeit a bit involved, do work.
If there’s one bright spot about this latest vulnerability, it is that it doesn’t expose anything outside of the Phone app to would be snoopers, and you can nix the bug by disabling Siri access from the Lock screen. Still, Apple’s security team can’t be happy about this. Read More
By Cody Lee on Sep 24, 2013
Over the weekend, a group of hackers called the Chaos Computer Club announced that it had managed to bypass Apple’s Touch ID system using the popular ‘fake finger’ method involving a hi-res photograph, and pink latex milk.
As you’d expect, the announcement has caused quite a commotion, and has a lot of folks concerned. But according to security expert Marc Rogers, they shouldn’t be. He says the average consumer has nothing to worry about… Read More
By Cody Lee on Sep 23, 2013
A group of German hackers called the Chaos Computer Club has reportedly figured out a way to bypass Apple’s new Touch ID fingerprint sensor using a variation of the long-running ‘fake finger’ technique.
The method involves taking a high resolution photo of the original user’s fingerprint, printing it on a transparent sheet with a thick toner setting, and then filling it in with pink latex milk. Here, watch the video… Read More
By Sébastien Page on Aug 28, 2013
We have some good news following our yesterday’s report that PlexConnect, the hack that allows you to run Plex on a non jailbroken Apple TV had been disabled in the device’s recent update. As it turns out, you can still run PlexConnect on your Apple TV, although it might not be as straightforward as it once was.
Developer Paul Kehrer has written a fairly detailed tutorial explaining how to run PlexConnect on your Apple TV. The hack still poses as Apple TV’s Trailers app in order to accomplish the install… Read More