Under Armour announced on Thursday that its popular diet tracking app MyFitnessPal has been hacked. The company said that the data breach occurred in February, and involved the usernames, email addresses and [hashed] passwords of some 150 million user accounts.
Hacking
Apple’s developer site was not hacked
Contrary to some previous reports that suggested Wednesday that the Apple Developer website had been hacked, Apple said in a statement to The Loop on Thursday that there was no security breach and that the issue was caused by a bug.
New iOS vulnerability enables brute-force passcode attacks on iPhone 7
We've seen devices for brute-forcing phone passcodes before. This $500 box, demonstrated on video by YouTuber “EverythingApplePro”, uses an exploit in iOS 10.3.3 and iOS 11 beta to brute-force hack and bypass the Lock screen passcode of up to three iPhone 7/Plus handsets at a time—but it could take days to work, depending on the complexity of the passcode.
Apple won’t release a fix for Secure Enclave’s exposed decryption key
Following the exposure of the decryption key protecting the firmware software running on the iPhone 5s's Secure Enclave coprocessor that was posted on GitHub yesterday, an Apple source has reportedly said that any customer data securely stored in the cryptography coprocessor remains protected and that the company does not intend to roll out a fix at this time.
Decryption key for iPhone 5s’s Touch ID Secure Enclave coprocessor has been exposed
Ahead of this year’s Hack in the Box (HITB) conference in Singapore, security researcher who goes by the Twitter handle “xerub” has managed to expose the fully grown decryption key for the iPhone 5s's cryptographic coprocessor that handles Touch ID, called Secure Enclave.
KeenLab demos a jailbreak for iOS 10.3.2 and iOS 11 beta
Security research team KeenLab has demoed working jailbreaks for both iOS 10.3.2 and iOS 11 beta on some of Apple's latest handsets to date while presenting at MOSEC 2017.
The photographs from the jailbreak demo were originally shared Friday morning on Twitter by security engineer Min Zheng.
Full schedule for the JailbreakersUnite 2017 conference materializes
At the beginning of June, we shared the news of a new conference called JailbreakersUnite, which will allow avid jailbreakers to meet up with one another and have an opportunity to listen to prominent community members speak about their projects.
The event, which is taking place at the Fat Cat Fab Lab Maker Space in Greenwich Village in New York City, will be like a slimmed-down WWJC and will allow participants to mingle with those with similar interests and grab selfies with famous jailbreak hackers and developers.
JailbreakersUnite: a new conference that aims to bring jailbreak community members together
Unfortunately, WWJC won’t be happening in 2017, and there’s no word about whether it will ever happen again, but a new event startup aims to bring jailbreakers together in a similar way.
Dubbed JailbreakersUnite, it’s essentially a conference and meetup in which avid jailbreakers and prominent members of the community can get together and discuss the topic together.
FBI paid $900,000 for the tool to break into San Bernardino shooter’s iPhone 5c
Just how much did the tool to break into the San Bernardino gunman's locked iPhone 5c cost US taxpayers? According to senator Dianne Feinstein, the Federal Bureau of Investigation coughed up a cool $900,000 to purchase the tool from a third-party.
The Associated Press said Monday that the classified information was revealed during a Senate Judiciary Committee oversight hearing, where senator Feinstein was questioning FBI director James Comey.
“I was so struck when San Bernardino happened and you made overtures to allow that device to be opened, and then the FBI had to spend $900,000 to hack it open,” said Feinstein, D-Calif. “And as I subsequently learned of some of the reason for it, there were good reasons to get into that device.”
While the tool's vendor wasn't named, it's been speculated that the FBI bought the software from Israeli digital forensics firm Cellebrite.
Comey called the sum “worth it” even though the FBI itself said it found “nothing of real significance” after gaining access to the device.
https://www.youtube.com/watch?v=PM7X-EUTowY
Subscribe to iDownloadBlog on YouTube
The FBI sought to protect the identity of the vendor it paid to do the work.
The organization considers the exact sum paid for the tool to be classified information, prompting The Associated Press and a few other news organizations to file a public records lawsuit seeking to force the government to publicly reveal both pieces of information.
Apple responds to ransom threat: iCloud, Apple ID and other systems have not been breached
Yesterday, a hacker group known as “Turkish Crime Family” told Motherboard it had obtained access to hundreds of millions iCloud and Apple ID accounts. They've threatened to reset passwords and remotely wipe Apple devices of all their data, including photos, videos and messages, unless the company pays a ransom of either $75,000 in the Bitcoin/Ethereum cryptocurrencies or $100,000 in iTunes Gift Cards, by April 7. Today, Apple denied the hacking claims, telling Forbes that iCloud, Apple ID and other systems haven't been hacked into directly.
Hackers tying to extort Apple over dubious claims, threatening to remotely wipe iOS devices
As reported Tuesday by Motherboard, hackers that go under the code-name “Turkish Crime Family” have allegedly obtained, through unknown means, access to hundreds of millions of Apple email accounts, including iCloud inboxes with email addresses on @icloud and @me domains.
They're threatening to remotely wipe iOS devices unless Apple pays a laughable ransom. It's notable that iCloud has never been hacked into directly and other reasons make this story hard to swallow.
Nintendo Switch vulnerable to iOS 9.3 WebKit exploit
A little over a week after the release of Nintendo's new console, the Switch, reputed iOS hacker Luca Todesco has posted an image of an adapted version of his WebKit exploit running on the device.
As explained in a detailed proof-of-concept created by LiveOverflow, It seems that the Switch shipped with a somewhat antiquated browser, one whose version of WebKit was still vulnerable to the same exploit utilised by Todesco's browser-based jailbreak for iOS 9.3.x.