Over the years, Apple has made it prohibitively difficult to install unapproved software on its locked-down devices. But on Saturday, a hacker group called Unc0ver released a tool that will "jailbreak" all versions of iOS from 11 to 13.5. It's been years since a jailbreak has been available for a current version of iOS for more than a few days—making this yet another knock on Apple's falteringsecurity image.
Unc0ver says that its jailbreak, which you can install using the longtime jailbreaking platforms AltStore and Cydia (but maybe don't unless you're absolutely sure you know what you're doing), is stable and doesn't drain battery life or prevent use of Apple services like iCloud, Apple Pay, or iMessage. And the group claims that it preserves Apple's user data protections and doesn't undermine iOS' sandbox security, which keeps programs running separately so they can't access data they shouldn't.
"This jailbreak basically just adds exceptions to the existing rules," Unc0ver's lead developer, who goes by Pwn20wnd, told WIRED. "It only enables reading new jailbreak files and parts of the file system that contain no user data."
Philippe J DEWOST's insight:
Impressive exploit given Apple's increased fortress walls thickness. Yet (why) should you jailbreak ?
Audio device maker Sennheiser has issued a fix for a monumental software blunder that makes it easy for hackers to carry out man-in-the-middle attacks that cryptographically impersonate any big-name website on the Internet. Anyone who has ever used the company’s HeadSetup for Windows or macOS should take action immediately, even if users later uninstalled the app. To allow Sennheiser headphones and speaker phones to work seamlessly with computers, HeadSetup establishes an encrypted Websocket with a browser. It does this by installing a self-signed TLS certificate in the central place an operating system reserves for storing browser-trusted certificate authority roots. In Windows, this location is called the Trusted Root CA certificate store. On Macs, it’s known as the macOS Trust Store. A few minutes to find, years to exploit The critical HeadSetup vulnerability stems from a self-signed root certificate installed by version 7.3 of the app that kept the private cryptographic key in a format that could be easily extracted. Because the key was identical for all installations of the software, hackers could use the root certificate to generate forged TLS certificates that impersonated any HTTPS website on the Internet. Although the self-signed certificates were blatant forgeries, they will be accepted as authentic on computers that store the poorly secured certificate root. Even worse, a forgery defense known as certificate pinning would do nothing to detect the hack. According to an advisory published by security firm Secorvo, the sensitive key was encrypted with the passphrase “SennheiserCC” (minus the quotation marks). That passphrase-protected key was then encrypted by a separate AES key and then base64 encoded. The passphrase was stored in plaintext in a configuration file. The encryption key was found by reverse-engineering the software binary.
The company told Reuters it was aiming to protect all customers, especially in countries where phones are readily obtained by police or by criminals with extensive resources, and to head off further spread of the attack technique.
The privacy standard-bearer of the tech industry said it will change default settings in the iPhone operating system to cut off communication through the USB port when the phone has not been unlocked in the past hour.
That port is how machines made by forensic companies GrayShift, Cellebrite and others connect and get around the security provisions that limit how many password guesses can be made before the device freezes them out or erases data. Now they will be unable to run code on the devices after the hour is up.
These companies have marketed their machines to law enforcement in multiple countries this year, offering the machines themselves for thousands of dollars but also per-phone pricing as low as $50.
Apple representatives said the change in settings will protect customers in countries where law enforcement seizes and tries to crack phones with fewer legal restrictions than under U.S. law. They also noted that criminals, spies and unscrupulous people often use the same techniques. Even some of the methods most prized by intelligence agencies have been leaked on the internet.
“We’re constantly strengthening the security protections in every Apple product to help customers defend against hackers, identity thieves and intrusions into their personal data,” Apple said in a prepared statement. “We have the greatest respect for law enforcement, and we don’t design our security improvements to frustrate their efforts to do their jobs.”
Apple began working on the USB issue before learning it was a favorite of law enforcement.
Philippe J DEWOST's insight:
The race is not over between customer protection, law enforcement, and spying inbetween.
Google has long struggled with how best to get dozens of Android smartphone manufacturers—and hundreds of carriers—to regularly push out security-focused software updates. But when one German security firm looked under the hood of hundreds of Android phones, it found a troubling new wrinkle: Not only do many Android phone vendors fail to make patches available to their users, or delay their release for months; they sometimes also tell users their phone's firmware is fully up to date, even while they've secretly skipped patches.
On Friday at the Hack in the Box security conference in Amsterdam, researchers Karsten Nohl and Jakob Lell of the firm Security Research Labs plan to present the results of two years of reverse-engineering hundreds of Android phones' operating system code, painstakingly checking if each device actually contained the security patches indicated in its settings. They found what they call a "patch gap": In many cases, certain vendors' phones would tell users that they had all of Android's security patches up to a certain date, while in reality missing as many as a dozen patches from that period—leaving phones vulnerable to a broad collection of known hacking techniques.
"We find that there's a gap between patching claims and the actual patches installed on a device. It’s small for some devices and pretty significant for others," says Nohl, a well-known security researcher and SRL's founder. In the worst cases, Nohl says, Android phone manufacturers intentionally misrepresented when the device had last been patched. "Sometimes these guys just change the date without installing any patches. Probably for marketing reasons, they just set the patch level to almost an arbitrary date, whatever looks best."
Philippe J DEWOST's insight:
Telling people "you are safe" without actually deploying any measures is probably not the best way to maintain one's reputation.
With each new release of macOS, Apple introduces new 'built-in' security enhancements...and macOS High Sierra (10.13) is no exception. In this blog post we'll take a brief look at High Sierra's somewhat controversial "Secure Kernel Extension Loading" (SKEL) feature. Unfortunately while wrapped in good intentions, in it's current implementation, SKEL merely hampers the efforts of the 'good guys' (i.e. 3rd-party macOS developers such as those that design security products). Due to flaws in its implementation, the bad guys (hackers/malware) will likely remain unaffected. While many respected security researchers, system administrators, and macOS developers have voiced this concern, here we'll prove this by demonstrating a 0day vulnerability in SKEL's implementation that decisively bypasses it fully:$ kextstatIndex Refs Size Wired Name 1 90 0x9e30 0x9e30 com.apple.kpi.bsd2 8 0x3960 0x3960 com.apple.kpi.dsep...130 0 0x4b00 0x4b000 com.un.approved.kext Documented in Apple's Technical Note TN2459, Secure Kernel Extension Loading, is "a new feature that requires user approval before loading new third-party kernel extensions." Other good overviews of SKEL include:"Kextpocalypse - High Sierra and Kexts in the Enterprise""Kernel extensions and macOS High Sierra"While we might initially assume that that the main attack vector SKEL attempts to thwart is the (direct) loading of malicious kernel extensions (i.e. rootkits), I believe this is not the case. First, observe that (AFAIK), we have yet to see any signed kernel-mode macOS malware! Since OS X Yosemite, any kexts have to be signed with a kernel code-signing certificate. And unlike user-mode Developer IDs, Apple is incredibly 'protective' of such kernel code-signing certificates - only giving out a handful to legitimate 3rd-party companies that have justifiable reasons to create kernel code. As security features are often costly to implement, they are generally introduced to reactively address widespread issues. (Unless they are introduced as a control mechanism, under the guise of a 'security feature' (*cough cough*)).
Human being is the only species with trust. We trust hundreds of strangers without even thinking about it.
How do we enable trust?
How does security enable trust. How do we induce trust?
Trusting friends is about who they are as persons.
Trusting strangers is about their actions
Trust: confidence, consistence, compliancy. It's about cooperation.
We trust people, companies and systems
We trust systems to produce expected behaviors
All complex ecosystems require cooperation. In any cooperative system, there is a way to subvert the system for personal interests.
These are called defectors in game theory. They are parasites. They can survive if they are contained. If too many parasites the body dies and the parasites die too.
Society doesn't work if everybody steals. Security can be defined as a tax on the honests.
Social species: individual competition plus group competition.
Security is to keep defection level at an acceptable minimum that is not zero.
NSA defector Edward Snowden raises moral debates but the point is that he is a defector. How group enforce the norm. Even mafia groups.
It is about societal pressure.
4 types of societal pressure
moral: we don't steal because we know stealing is wrong.
reputation: also in our heads but link to other's reactions. Humans are the only species to transmit reputation. Experiment: coffee machine + honesty box. Putting a photograph of a pair of eyes in the box bottom decreased the cheat rate dramatically
laws: formalizing reputation, and focusing only on penalties (because of the cost implied by rewarding the majority of honest people). With exceptions in the shape of tax breaks
technology: security systems. Door locks, alarms, ... Some of them extending globally. ATM cards are protected globally.
Example: eBay feedback mechanism is a reputational security system that worked remarkably for years as the main security system.
How does technology affects us?
Technology is what allows society to scale. It is neutral.
Filesharing: social pressure vs technology
Attackers have a first mover advantage and are more adaptive.
Mid 90's Internet going commercial: hackers used it immediately while it took 10 years to the police to figure out how to address it
Such delay is the main security gap
Our society is at a point where technology is faster than social changes which means that the security gap widens.
Before: buy this and you'll be safe
Now: when you've been attacked, please talk to us and we'll help
It's the antivirus history
Smart paradigm: detect unknown viruses including false positives
Stupid paradigm: check for signatures and update once or twice a day
The stupid paradigm seems to have won.
So technology will always favor defectors? True, but large organizations can now use technology in a much more effective manner.
Our society has the most technology and the largest institutions.
The battle is amplifying between agile defectors and slower yet more effective institutions. Losers are those of us in the middle.
To him it is not even clear how there is a balance nor how it will evolve.
As a conclusion
there will always be defectors
ourselves are not 100% cooperative, we all defect some time in a way
law of diminishing returns
there are good and bad defectors and history decided afterwards. That will be the case for Edward Snowden
society need defectors. This is how we evolve. Defectors are at the forefront of social change: freeing the slaves, giving women voting rights
Philippe J DEWOST's insight:
Digiworld Summit 2016 is on "The Digital Trust Economy" - Time to remember Bruce Schneier's remarkable words of wisdom at USI 3 years ago - I have added my on the fly notes to the video link for those who prefer reading.
Digiworld Summit 2016 is on "The Digital Trust Economy" - Time to remember Bruce Schneier's remarkable words of wisdom at USI 3 years ago - I have added my on the fly notes to the video link for those who prefer reading.
Scientists at the Ruhr-Universitaet in Bochum, Germany, have discovered a way to hide inaudible commands in audio files–commands that, while imperceptible to our ears, can take control over voice assistants. According to the researchers behind the technology, the flaw is in the very way AI is designed.
It’s part of a growing area of research known as “adversarial attacks,” which are designed to confuse deep neural networks–usually visually, as Co.Designhas covered in the past–leaving them potentially vulnerable to attacks by bad-faith actors on the technology and infrastructure in our world that depends on AI to function.
In this case, the system being “attacked” by researchers at the Ruhr-Universität Bochum are personal assistants, like Alexa, Siri, or Cortana. According to Professor Thorsten Holz from the Horst Görtz Institute for IT Security, their method, called “psychoacoustic hiding,” shows how hackers could manipulate any type of audio wave–from songs and speech to even bird chirping–to include words that only the machine can hear, allowing them to give commands without nearby people noticing. The attack will sound just like a bird’s call to our ears, but a voice assistant would “hear” something very different.
Philippe J DEWOST's insight:
We had the motto "Know who you speak with" ; as almost 24 percent of US households have at least one smart speaker, (Nielsen study), you now should know "Who are - and not is - speaking to your Smart Speakers"...
LAST SUMMER, A sign appeared on the door to a stuffy, windowless room at the office of Manhattan artificial-intelligence startup Clarifai. “Chamber of secrets,” it read, according to three people who saw it.
The notice was a joking reference to how the small team working inside was not permitted to discuss its work with others at Clarifai. Former and current employees say the group was working on a controversial Pentagon project using machine-learning algorithms to interpret drone-surveillance imagery—and that Clarifai’s secrets were less safe than they should have been.
A lawsuit filed by former employee Amy Liu this month alleges that Clarifai’s computer systems were compromised by one or more people in Russia, potentially exposing technology used by the US military to an adversary. The lawsuit says Clarifai learned of the breach last November, but that Clarifai’s CEO and other executives did not promptly report it to the Pentagon.
In her complaint, Liu, a former Air Force captain who worked in military intelligence, says she was unfairly terminated from her position as director of marketing for arguing that the company needed to disclose the incident. Another former employee told WIRED that his concerns over executives’ handling of the hack prompted him to leave the company.
Philippe J DEWOST's insight:
Combine AI and Hacking in a Defense context and you have a recipe for trouble
The security protocol used to protect the vast majority of wifi connections has been broken, potentially exposing wireless internet traffic to malicious eavesdroppers and attacks, according to the researcher who discovered the weakness.
“Attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted,” Vanhoef’s report said. “This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos and so on.
Vanhoef emphasised that “the attack works against all modern protected wifi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.”
The vulnerability affects a number of operating systems and devices, the report said, including Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys and others.
“If your device supports wifi, it is most likely affected,” Vanhoef wrote. “In general, any data or information that the victim transmits can be decrypted … Additionally, depending on the device being used and the network setup, it is also possible to decrypt data sent towards the victim (e.g. the content of a website).”
Vanhoef gave the weakness the codename Krack, short for Key Reinstallation AttaCK.
Britain’s National Cyber Security Centre said in a statement it was examining the vulnerability. “Research has been published today into potential global weaknesses to wifi systems. The attacker would have to be physically close to the target and the potential weaknesses would not compromise connections to secure websites, such as banking services or online shopping.
“We are examining the research and will be providing guidance if required. Internet security is a key NCSC priority and we continuously update our advice on issues such as wifi safety, device management and browser security.”
The United States Computer Emergency Readiness Team (Cert) issued a warning on Sunday in response to the vulnerability.
“The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection and others,” the alert says, detailing a number of potential attacks. It adds that, since the vulnerability is in the protocol itself, rather than any specific device or software, “most or all correct implementations of the standard will be affected”.
Philippe J DEWOST's insight:
Let's switch back to Ethernet (for those who still have a plug)
For years, automakers and hackers have known about a clever attack that spoofs the signal from a wireless car key fob to open a vehicle’s doors, and even drive it away. But even after repeated demonstrations—and real thefts—the technique still works on a number of models. Now a team of Chinese researchers has not only demonstrated the attack again, but also made it cheaper and easier than ever.
A group of researchers at the Beijing-based security firm Qihoo 360 recently pulled off the so-called relay hack with a pair of gadgets they built for just $22. That’s far cheaper than previous versions of the key-spoofing hardware. The Qihoo researchers, who recently showed their results at Amsterdam’s Hack in the Box conference, say their upgrade also significantly multiplies the radio attack’s range, allowing them to steal cars parked more than a thousand feet away from the owner’s key fob.
The attack essentially tricks both the car and real key into thinking they’re in close proximity. One hacker holds a device a few feet from the victim’s key, while a thief holds the other near the target car. The device near the car spoofs a signal from the key. That elicits a radio signal from the car’s keyless entry system, which seeks a certain signal back from the key before it will open. Rather than try to crack that radio code, the hacker’s devices instead copy it, then transmit it via radio from one of the hackers’ devices to the other, and then to the key. Then they immediately transmit the key’s response back along the chain, effectively telling the car the key is in the driver’s hand.
“The attack uses the two devices to extend the effective range of the key fob,” says Jun Li, one of the researchers in the Qihoo group, who call themselves Team Unicorn. “You’re working in your office or shopping in the supermarket, and your car is parked outside. Someone slips near you and then someone else can open up and drive your car. It’s simple.”
Watch the researchers demonstrate their attack in the video below (including a very dramatic soundtrack)
Philippe J DEWOST's insight:
Puzzling echo to the 20 M compromised VW Fobs last year : looks it may be worsening. See how in video...
A few weeks ago I was on a blockchain panel, organised by the World Economic Forum, discussing amongst many things use of blockchains as a digital identity store, when someone from the audience asked me about the implications of quantum computing on confidentiality of data stored on blockchains.
My answer was somewhat under par. Indeed, quantum computing will break many existing cryptographic algorithms - making today's secret data public, but with quantum computing comes quantum cryptography, or more precisely quantum key distribution, which is immune to quantum computing attacks.
After the panel was over, the lady who asked me that question came over, thanked me for being on the panel, and asked a follow up question - what would happen to all that data encrypted with quantum un-safe algorithms already stored on blockchain?
A big thank you to her for being so polite and not embarrassing me on the panel because I suspect the answer was obvious to her, and yet it's implications escaped me. Data already stored on blockchain with current quantum un-safe algorithms will become public, even if all data encrypted with quantum safe techniques will be kept secure going forwards.
Cryptography relies on scrambling data using a very long secret random number, and the only way to unscramble that data is by knowing that secret. There are no mathematical tricks to shortcut the working out of that number, so the only way to un-scramble the data is to guess, in a brute force fashion, the secret number - impractical using today's computers, as secret number range is so big that that it takes almost an infinite amount of time to guess it.
However, how do you safely share that secret safely over a public network? To solve this problem, public key cryptography was invented. You create two keys, public and private, which are mathematically linked - any data encrypted with a private key can only be decrypted with public key and vice versa.
If you keep the private key safe, and send out your public key, then people can send you confidential messages by encrypting data with your public key, safe in the knowledge that only you, as the sole keeper of the private key, can read that message i.e. no need to secretly pre-share a key over some private transfer method that reduces the risk of eavesdropping.
However, this link between private and public key introduces a tiny vulnerability - there is now a mathematical shortcut that allows you guess the linked private key much more quickly that when trying to guess a random secret key.
Using today's computers though it still takes almost an infinite amount of time to guess the private key, even with the shortcut. However, quantum computing relies on many different states of quantum particles to perform millions of calculations all at once, allowing you to guess the private key in short enough time compared to today, breaking confidentiality. On the hand, even with quantum computers, it is still likely to take unpractically long time to guess a shared secret key, as there is no public key to exploit.
Lucky for us, quantum key distribution, an implementation of quantum cryptography, uses the same very principles that allows super fast calculations to break today's popular public-key cryptography algorithms for a different purpose - you can do away in some cases with public and private keys and simply share quantum-safe secret keys over public networks without a possibility of interception, as it is impossible to copy quantum encoded data and any eavesdropping changes the state of data, making intrusion highly detectable. This may go some way to mitigating against quantum attacks.
Philippe J DEWOST's insight:
Are you quantum-safe ? Long yet instructive post by Alex Battlin that introduces the notion and applies it to Blockchains
To get content containing either thought or leadership enter:
To get content containing both thought and leadership enter:
To get content containing the expression thought leadership enter:
You can enter several keywords and you can refine them whenever you want. Our suggestion engine uses more signals but entering a few keywords here will rapidly give you great content to curate.
Your new post is loading...
The cat and mouse game around Apple's iOS closed garden has resumed and this time it means something again.