Tag Archives: apple

iMessage gets hacked.

Is iMessages really secured? This question has been in mind of the many people who uses iMessages , after the NSA PRISM incident. Well sometime back Apple published a statement on their website that iMessages are protected by end to end encryption and there could not be any man in the middle attack , and even Apple could not decrypt the iMessages. You can view the statement by Apple here.

But this is not the case, iMessages can be intercepted by man in the middle attack and even Apple can decrypt the iMessages.

Here is a video that show a security researcher group doing a man in the middle attack on iMessage.

 

 

 

DoS attack on iOS and OSX for WebKit engine.

A new exploit in Apple iOS and OSX has been found which crashes any application which contains certain characters of Arabic text.It crashes applications running on iOS and OSX that uses WebKit engine. But I have seen that same character set does not crash WebKit application on different platform. So we can be assured that the bug is of Apple not WebKit engine as a whole. (I tested Google Chrome on Linux)

Versions effected are, iOS 6 , 7 beta and iOS< 6 ,Mac OS X 10.8

Version not effected Mac OSX 10.9 beta and OSX<10.8

This fatal error can be reproduced if

  • You send text message to your iPhone with the set of characters.
  • You sen iMessage to Mac of iPhone.
  • Those set of characters are displayed on applications like browser.
    On Mac,I tested on Safari which crashed the whole Safari browser, but while on Google Chrome it only crashed the tab where the link was opened. In case you were wondering Firefox did not crash.If you are feeling adventurous and want to test which applications will crash the you can head to this link. Note this may crash your browser, if it does not then you will see the set of arabic characters.

Google Chrome crash

Exploit Link: http://zhovner.com/tmp/killwebkit.html (Warning it may crash your WebKit browser) , copy paste the link I have deliberately not hyperlinked as to stop people from accidentally clicking it.

 

My thoughts on WWDC 2013 Keynotes.

iOS 7, is it really Designed by Apple?

Apple showed off their latest iOS version on WWDC 2013. Well while I love the functionality of the new OS, I am not happy with the design process.

I mean the icons looks as if its designed by a kid with a box by crayons. It has too much of colour and it no way looks like its made by Apple. It seems that someone has installed a Cydia Theme in iOS.

I am sharing some pictures of the new iOS7 do comment your thoughts about it. Do you like it or hate it?

 

iOS7

 

iOS7

 

iOS7

 

Mac OS X Mavericks uses Windows file sharing by default. Why?

OS X Mavericks

As you already know that Apple OS X uses AFP (Apple Filing Protocol) and Windows uses SMB (Server Message Block), the new Mac OS X uses SMB2 over AFP !

Ok, I know you will say that how does it matter? or You would say it would be easier to share with Windows based computers. Well yes, but one of the most like feature of the Mac OS X, Time Machine over LAN relies on AFP. Third party Time Machine manufacturers have to reverse-engineer AFP to keep it working with the new version of OS X. What more bothering me is that who selected SMB2 ? OS X prior to OS X 10.7 uses open source implementation of SMB , called Samba. (used in popular Linux distro too) With OS X 10.7 , Apple replaced it with their own implementation SMBX.

 

Really Apple needs Steve Jobs.

 

Source: Apple Core Technologies Overviews. (PDF link)

iOS 6.1 bug enables attacker to bypass Passcode Lock to access your phonebook.

If you have an iPhone I would ask you not to update to iOS 6.1 if you haven”t done it already. And if you have already updated it, the I would suggest don”t let your iPhone out of your sight as a new bug has been found that helps attacker to bypass the Passcode Lock and access your Contacts.

iphone5-black

Here is how to bypass the iPhone lock screen and access the Contacts on iOS 6.1

1. Lock device
2. Slide to unlock
3. Tap emergency call
4. Hold sleep button until the power down prompt shows. Click cancel, you will notice the status bar turn blue. Type in 911 casino online or your emergency number and click call then cancel it asap so the call dosen’t go through.
5. Lock your device with the sleep button then turn it on using the home button.
6. Slide to unlock then hold the sleep button and in 3 seconds tap emergency call. This will spazz out the phone and cause it to open.

[Make sure to continuously hold the sleep button until you are done looking in the phone]

 

 Update 1:

This bug only works with “simple passcode” option is enabled. It does not work if you disable “simple passcode” option. Thanx to  @andrewbway for sharing this info

Apple updates its KB article, adds info about Jailbreaking.

If you have been a power user of Apple products you know that Apple has a KB article  or KnowledgeBase for all its products and features,etc on a site http://support.apple.com/kb/. Recently there has been a new addition to the KnowledgeBase, its Jailbreaking. No if you are thinking that you will find article on how to Jailbreak you are wrong. The KB article says what negative issue you will have if you Jailbreak your iPhone, iPad or iPod Touch.

iphone5-black

 

You can read it here.

TIME magazine names iPhone 5 as Gadget Of The Year.

Recently The TIME magazine named iPhone 5 as “The Gadget Of The Year”

 

iphone5-black

 

Here is the list of online casino Top 10 Gadgets of the year.

The Top 10 Gadgets:
● iPhone 5
● Nintendo Wii U
● Sony Cyber-shot RX100
● Raspberry Pi Model B
● Lytro
● Apple 15” MacBook Pro with Retina Display
● Microsoft Surface with Windows RT
● Samsung Galaxy Note II
● Nest
● Simple.TV

Source: TIME

Man illegally access AT&T servers by impersonating as iPad.

A 27 year old man, named Andrew Auernheimer, known online as “Weev” has been convicted on Tuesday ( 11/20/2012) for accessing AT&T  server by impersonating as iPad to steal 114,000 email addresses which includes emails of some of the celebrities.He faces 10 year of imprisonment.

 

 

The data breach was originally from the first 3G enabled iPad launched in April, 2010. Andrew Auernheimer and Daniel Spitler, aka “JacksonBrowne” discovered a flaw that prefilled in a user’s email address when the site was loaded from the iPad , from AT&T’s server. The iPad encoded with a unique cellular ID number (ICC ID) that appeared in the URL when accessing the AT&T website. Andrew and Daniel said to be part of a group called Goatse Security, who discovered if someone altered the ICC ID numbers in the URL, other email addresses were generated on the AT&T site. Daniel wrote a script that automatically guessed the different ICC ID and harvested the 114,000 email addresses.

It’s still unknown if the flaw has been fixed yet by the authorities.

Remembering Steve Jobs.

Today 5th October 2012 , marks one year death anniversary of Steve Jobs. I would like to share a few rare photos and quote from the man himself, to remember the man who made a dent in the universe.

 

 

 

I am sure you all have seen the photo on the left but not the one in the right.

 

 

All of you have seen casino online Steve Jobs with Apple product in his hand. But you have never seen him with a bottle of beer in his hand, so here it is.

 



Young Steve Jobs