Tag Archives: ipad

A charger that can install malware on your iOS device,including non-Jailbroken devices.

iphone5-black

 

Yes, you read it correct. A modified charger that can install malwares onto your iOS devices like iPhones and iPads, even though its not jailbroken, it does not even needs your interaction. And it takes less than a minutes of charging to get it infected.

Recently researchers will show a prototype of this charger in BlackHat Security Conference in late July. The prototype of the charge is named “Mactans” which is build on open-source single-board computer called the BeagleBoard,availavle at $45 from Texas Instruments.

Brief description by the researchers Billy Lau,Yeongjin Jang,Chengyu Song.

Apple iOS devices are considered by many to be more secure than other mobile offerings. In evaluating this belief, we investigated the extent to which security threats were considered when performing everyday activities such as charging a device. The results were alarming: despite the plethora of defense mechanisms in iOS, we successfully injected arbitrary software into current-generation Apple devices running the latest operating system (OS) software. All users are affected, as our approach requires neither a jailbroken device nor user interaction.

In this presentation, we demonstrate how an iOS device can be compromised within one minute of being plugged into a malicious charger. We first examine Apple’s existing security mechanisms to protect against arbitrary software installation, then describe how USB capabilities can be leveraged to bypass these defense mechanisms. To ensure persistence of the resulting infection, we show how an attacker can hide their software in the same way Apple hides its own built-in applications.

To demonstrate practical application of these vulnerabilities, we built a proof of concept malicious charger, called Mactans, using a BeagleBoard. This hardware was selected to demonstrate the ease with which innocent-looking, malicious USB chargers can be constructed. While Mactans was built with limited amount of time and a small budget, we also briefly consider what more motivated, well-funded adversaries could accomplish. Finally, we recommend ways in which users can protect themselves and suggest security features Apple could implement to make the attacks we describe substantially more difficult to pull off.

 

 

Apple updates its KB article, adds info about Jailbreaking.

If you have been a power user of Apple products you know that Apple has a KB article  or KnowledgeBase for all its products and features,etc on a site http://support.apple.com/kb/. Recently there has been a new addition to the KnowledgeBase, its Jailbreaking. No if you are thinking that you will find article on how to Jailbreak you are wrong. The KB article says what negative issue you will have if you Jailbreak your iPhone, iPad or iPod Touch.

iphone5-black

 

You can read it here.

Man illegally access AT&T servers by impersonating as iPad.

A 27 year old man, named Andrew Auernheimer, known online as “Weev” has been convicted on Tuesday ( 11/20/2012) for accessing AT&T  server by impersonating as iPad to steal 114,000 email addresses which includes emails of some of the celebrities.He faces 10 year of imprisonment.

 

 

The data breach was originally from the first 3G enabled iPad launched in April, 2010. Andrew Auernheimer and Daniel Spitler, aka “JacksonBrowne” discovered a flaw that prefilled in a user’s email address when the site was loaded from the iPad , from AT&T’s server. The iPad encoded with a unique cellular ID number (ICC ID) that appeared in the URL when accessing the AT&T website. Andrew and Daniel said to be part of a group called Goatse Security, who discovered if someone altered the ICC ID numbers in the URL, other email addresses were generated on the AT&T site. Daniel wrote a script that automatically guessed the different ICC ID and harvested the 114,000 email addresses.

It’s still unknown if the flaw has been fixed yet by the authorities.

Google Chrome comes to iOS

The popular browser on desktop on Windows, Mac and Linux, has made its way to iOS. And its supported on iPhone, iPad ad iPod Touch. After Safari Chrome is no doubt the best browser on iOS devices, although we had many other browsers for iOS but Chrome is undoubtedly the best one.

Some of the features of Chrome for iOS

Sync (yes you can sync it with the Chrome on your desktop)

Super Fast Page Load

You can send pages from your Chrome on computer to your iOS device and you can even read those pages when your are offline.

What I liked the best is the over all UI, opening multiple tabs (more than Safari) and managing them can be done very swiftly.

 

 

 

You can download Google Chrome for iOS from the App Store for free. click here

Apple releases iOS 5.1.1 Software Update and fixes some security vulnerabilities.

Apple releases its latest iOS update the iOS 5.1.1 with some fixe and patches. The iOS 5.1.1 is supported in the following devices

  • iPhone 4S
  • iPhone 4
  • iPhone 3GS
  • iPad 2
  • iPad
  • iPod touch (4th generation)
  • iPod touch (3rd generation)

The updates include.

  • Improves reliability of using HDR option for photos taken using the Lock Screen shortcut
  • Addresses bugs that could prevent the new iPad from switching between 2G and 3G networks
  • Fixes bugs that affected AirPlay video playback in some circumstances
  • Improved reliability for syncing Safari bookmarks and Reading List
  • Fixes an issue where ‘Unable to purchase’ alert could be displayed after successful purchase

The security issues that were fixed in this release are :

  • Address bar spoofing.
  • Cross site scripting
  • Remote code execution.