Archive for the ‘HACKING SECURITY’ Category

Whopping $1 million offered to anyone who can hack iPhone’s iOS 9

Tuesday, September 22nd, 2015

iphone image

iOS 9 and the iPhone 6s are Apple’s most secure yet, but there are a lot of talented hackers and researchers who’d love to make a million dollars. Photo: Bloomberg

Zerodium, a company that pays hackers for software and device vulnerabilities and on-sells them to customers including government security agencies, says it has a total of $US3 million ($4.2m) on offer for any three hackers that can provide a full “jailbreak” of Apple’s brand new iOS 9 and iPhone 6s.

A jailbreak is type of attack that allows a person (including hackers) to take total control over a device, for example letting them install apps and services not sanctioned by Apple.

This won’t be an easy payday for any aspiring millionaire hackers though. A list of conditions on the Zerodium website states the exploits must be comprised of only zero-days (i.e. previously unknown vulnerabilities) and has to be as simple for the end user as visiting a web page on Safari or Google Chrome or reading a text message.

Furthermore, the attack must be persistent (i.e. its effects must remain even after a restart) and it must work on the most recent generations of Apple devices (including iPhone 6s), running the latest iOS 9.

Zerodium says the unprecedented reward ($1 million for each hacker) on offer is due to the hugely increased security in Apple’s latest software and hardware, with chief executive officer Chaouki Bekarr telling Forbes that “iOS is the most secure mobile OS as of today”.

The zero-day exploit market is big business. Many companies operate their own reward programs to compel researchers to turn in bugs and vulnerabilities so issues can be fixed, although some prefer to disclose flaws publicly so users can be warned. The biggest money is often offered by exploit merchants who keep the techniques and code to themselves and deploy them for paying customers.

Zerodium is a new program from French company Vupen, designed to focus specifically on zero-days for the most prominent operating systems and devices.

Apple has yet to respond publicly but has been known to hire those who hack their software. In 2011, for instance, Apple hired Nicholas Allegra, aka “comex”, the notorious hacker behind JailbreakMe which makes removing the restrictions on the company’s iPhone, iPod Touch and iPad devices as simple as clicking a link.


Henry Sapiecha


Tuesday, August 27th, 2013




Henry Sapiecha

black diamonds on white line


Thursday, March 1st, 2012


SAN FRANCISCO: The private photos on your phone may not be as private as you think.

Developers of applications for Apple’s mobile devices, along with Apple itself, came under scrutiny this month after reports that some apps were taking people’s address book information without their knowledge.

As it turns out, address books are not the only things up for grabs.

Photos are also vulnerable. After a user allows an application on an iPhone, iPad or iPod touch to have access to location information, the app can copy the user’s entire photo library, without any further notification or warning, according to app developers.

It is unclear whether any apps in Apple’s App Store are illicitly copying user photos.

Although Apple’s rules do not specifically forbid photo copying, Apple says it screens all apps submitted to the store, a process that should catch nefarious behaviour on the part of developers.

But copying address book data was against Apple’s rules, and the company approved many popular apps that collected that information.

Apple did not respond to a request for comment.

The first time an application wants to use location data, for mapping or any other purpose, Apple’s devices ask the user for permission, noting in a pop-up message that approval “allows access to location information in photos and videos.”

When the devices save photo and video files, they typically include the coordinates of the place they were taken — creating another potential risk.

On phones and tablets running Google’s Android software, apps must ask for approval before transmitting any photos.

On Apple devices, full access to the photo library was first permitted in 2010 when Apple released the fourth version of iOS. The change was intended to make photo apps more efficient.

The knowledge that this capability exists is not new, developers say, but it was assumed that Apple would ensure that apps that inappropriately exploited it did not make it into the App Store. Based on recent revelations, phone owners cannot be sure.

“Apple has a tremendous responsibility as the gatekeeper to the App Store and the apps people put on their phone to police the apps,” said David Jacobs, a fellow at the Electronic Privacy Information Centre.

“Apple and app-makers should be making sure people understand what they are consenting to. It is pretty obvious that they aren’t doing a good enough job of that.”


Sourced & published by Henry Sapiecha


Tuesday, November 22nd, 2011

In the wrong hands, your gadgets could cost you big time

THE trend to go mobile hasn’t escaped the attention of the bad guys. They’re focusing more than ever on portable mobile devices as people shift from computers to hand-held gadgets.

We tend to leave a lot of sensitive & sometimes personal information lying around on our gadgets. Worse yet, we tend to stay logged in to many services. Imagine the havoc someone could wreak with access to your phone, email, calendar, financial records, online shopping, online banking, social networking and other services. Keep in mind that if it’s a business phone, you’re putting your organisation’s security at risk as well as your own.

Sophos head of technology for Asia Pacific, Paul Ducklin, warns it’s important to password-protect all your devices, particularly those that leave the house.

”In a recent Sophos survey, nearly one-quarter of people admitted they’d lost a device in the past year,” Ducklin says. ”But of those, close to three-quarters hadn’t even bothered to lock their device at all.

”Their excuse is often that it’s inconvenient to unlock it every time – but that’s surely not as inconvenient as trying to reclaim your digital life after someone gets their hands on your unlocked phone.”

Installing mobile security software in your gadgets can offer the ability to track, remotely lock and even wipe your devices, adds Symantec spokesman David Hall. It’s a sensible precaution to stop your data falling into the wrong hands should a gadget be stolen or lost. Regularly backing up your smartphone to a desktop computer or an online service makes it easy to transfer your data to a replacement handset, while the lost device is reverted to its factory settings.

Smartphone owners should take great care when installing applications, Hall warns, as some have been modified to snoop around in your phone & cause you grief.

”The current trend is towards ‘Trojanised’ applications, with the majority targeting the Android platform,” Hall says. ”These are legitimate apps that scamming authors have altered to include malicious code capable of harvesting data or opening a back door. In many instances, such apps still carry out their legitimate functions as a way of disguising their malicious behaviour.”

”You should always check permissions requests before installing new apps or app upgrades, to see what the app is allowed to do. It’s also important to check your phone bill regularly for unusual premium-rate calls or data charges, which can be a sign that something is wrong.”

Apple’s tight rules for vetting apps frustrate some users but it helps create a safer mobile computing environment for iGadgets.

Google’s more lax approach offers users and developers more freedom but leaves the door open for malicious applications. Google has already been forced to pull dozens of malicious mobile applications from the Android Market app store.

Android also allows users to install applications from sources other than Google’s official Android Market – presenting extra security threats. Microsoft has vowed to strike a balance between the two approaches with its Windows Phone 7 mobile operating system.

Sourced & published by Henry Sapiecha


Monday, June 20th, 2011

As hacking evolves and attacks become more sophisticated, the threat continues to escalate, writes Patrick Kingsley.

Late last month, the US media group PBS ran a strange story on its website. ”Prominent rapper Tupac has been found alive and well in a small resort in New Zealand,” it reported. ”The small town – unnamed due to security risks – allegedly housed Tupac and Biggie Smalls [another rapper] for several years.”

For two reasons, this was a surprising piece of journalism. First, Tupac died in 1996. Second, the piece wasn’t written by PBS. It had been planted on their site by a group called Lulz Security, a loose collective of anonymous hackers who wanted revenge for a recent PBS program that criticised WikiLeaks.

”Greetings, Internets,” Lulz wrote on their own website. ”We just finished watching WikiSecrets and were less than impressed. We decided to sail our Lulz Boat over to the PBS servers for further … perusing.” Above the message the tagline: ”Set sail for fail!”

Advertisement: Story continues below
A message from  Lulz Security.A message from Lulz Security.

The extraordinary episode was by no means isolated. In March, hackers stole a database of email addresses from the marketing group Epsilon in what one commentator called the largest email address heist in history. Then the computer security firm RSA had their servers breached in an attack that may have led to the hacking of defence giant Lockheed Martin, an RSA client. In April, persons unknown cracked Sony’s PlayStation network and stole 77 million users’ data. And in the past month, the IMF, Citibank, the Spanish police, Google, the Turkish and Malaysian governments, the US Senate and (earlier this week) the CIA have all been hacked.

In simple terms, there are three kinds of attack taking place. Hacktivism is the most prominent: raids by amateur groups such as Lulz (who took down sites belonging to the CIA, the Senate and the Spanish police) or Anonymous (PayPal, PlayStation, MasterCard and Visa), for fun – ”for the lulz” – or, increasingly, as an act of political protest. There is the criminal kind: professionals hunting for credit card details or email address directories. Finally, there’s state-sponsored espionage, or even cyber-warfare. ”Google, RSA, Lockheed Martin, IMF – the strong suspicion is all those were state-sponsored, or state-approved,” Dave Clemente, a cyber security expert at Chatham House, the international affairs experts, said..

Are all three categories really on the rise? Well, possibly. Disclosure laws obliging companies to come clean about data breaches have been in place in many parts of the US for several years. But, when Google went public last year with the news it had been hacked by Chinese sources, ”that got the ball rolling”, Clemente said. ”It suddenly seemed more permissible to report a hack.”

If increased openness in part accounts for the apparent hike in hacking, there has still been an exponential rise in cyber threats. In 2008, security giant Symantec counted 120 million malware variants; last year, that figure was 286 million. Symantec security strategist Sian John has also noted a large increase in ”targeted attacks”. Hackers are using a new tackle called ”spear phishing”, which enables them to be more specific about who they target. ”In the past, if you got a phish attack, it would be from a Nigerian offering you lots of money,” said John. ”Now it’ll be from someone saying: ‘Oh, we saw you at that conference last week. Here’s some minutes of that conference’.” Contained within those minutes will be a virus.

This kind of targeted attack has become dangerous because of the amount of information we divulge on the internet. ”One of the first places a hacker will visit is LinkedIn,” said Rik Ferguson, director of security research at computer protection firm, Trend Micro. ”[There] you can see all my connections, see everyone I’ve worked with, everyone I know … I’m far more likely to open an attachment from your email, because it’s far more credible.”

However, the arrival of groups such as Anonymous and its offshoot LulzSec does mark a changing of the guard. ”Hacktivism is definitely on the rise,” said Ferguson. ”Anonymous were previously quite a cliquey underground community. But as the WikiLeaks thing unfolded … they have garnered a lot of coverage.”

The anarchist collective Deterritorial Support Group recently posted an essay ”Twenty Reasons Why it’s Kicking Off in Cyberspace”, which aimed to explain the rise of Anonymous and Lulz. ”Make no mistake, this is not a minor struggle between state nerds and rogue geeks,” they wrote. ”This is the battlefield of the 21st century, with the terms and conditions of war being configured before our very eyes.”

It is tempting to think of this kind of debate as irrelevant to our everyday lives. Symantec says mobile phone technologies will be hacking’s next target, and perhaps it is physical problems such as this that we should be more concerned about. But as we increasingly live more of our lives online, and as that boundary between physical and virtual is increasingly blurred, perhaps it is the conceptual questions posed by hacking that will prove more significant.

Guardian News & Media

Sourced & published by Henry Sapiecha


Monday, February 7th, 2011

Bikies’ BlackBerrys

beat law

Natalie O’Brien

February 6, 2011


Bikie gangs and organised crime groups are believed to have foiled police attempts to tap their phones by importing untraceable, encrypted BlackBerrys from Mexico.

The telecommunications black hole exploited by the Comanchero gang and drug cartels has come to light after countries around the world – worried about terrorism and national security – threatened to ban BlackBerrys unless they were given the codes to break the encryption on emails and messages.

This website understands that the Comanchero have linked up with a Mexican drug cartel importing cocaine into Australia and are sharing technology.

”There is nothing strange in organised crime having better access to technology than the authorities,” said Michael Kennedy, a former NSW detective and an academic at the University of Western Sydney. ”The bikies are becoming more entrepreneurial and, after all, organised crime is a business enterprise. Crime groups will share technology if it helps them.”

The Comanchero are thought to use the Mexican phones with global roam activated. It costs a great deal of money to constantly use the roaming facility but for criminals, communications that cannot be monitored are priceless.

What makes the BlackBerrys so hard to tap is that Mexico has no reliable register of handsets, mobile numbers or users. Vendors are unregistered and sell the phones and SIM cards for cash, no questions asked. The UN Office on Drugs and Crime reports Mexico has 83 million mobile phones and government attempts to set up an official registry are failing.

As well, the encrypted BlackBerry messaging service is routed through a server Australian authorities haven’t been able to access.

It is not known how many of the phones are in Australia and in the hands of organised crime groups. But experts agree the criminals will keep the technology among themselves as long as they can.

”The Australian Crime Commission is aware that organised crime networks will continually take opportunities, some real and some imagined, to use new technologies to try to escape the law,” said its chief executive John Lawler.

The Australian Federal Police would not say whether they had seized Mexican phones. But a spokesman said they were working with national and international authorities and industry groups to ensure it was up to speed ”on the challenges posed by criminal networks”.

Last year,  this website revealed that the feared Mexican Sinaloa drug cartel was regularly importing cocaine into Australia. It was also revealed that several men with ties to Mexico, the US and Guatemala had set up a drug distribution network in NSW, which is now understood to have included links to the Comanchero group.

Former NSW Police assistant commissioner Clive Small said the Mexican operators were trying to expand their drug markets in Australia, so would be seeking out new contacts like the bikie gangs to buy their shipments.

Just over a year ago, Clayton Roueche, head of a Canadian drug smuggling ring with Australian connections, was jailed for 30 years. The boss of the drug gang known as the ”United Nations” had been running his empire using a coded BlackBerry telephone. He was eventually caught – not by telephone surveillance but by border security officials in Mexico.

Sourced & published by Henry Sapiecha


Tuesday, January 25th, 2011

Murdoch link

to phone hacking

fallout deepens

Paola Totaro

January 25, 2011

David Cameron ... friendly dinners.
David Cameron … friendly dinners. Photo: Reuters

LONDON: The political fallout from the News of the World phone-hacking scandal has intensified amid claims of a Scotland Yard cover-up and friendly dinners between Downing Street and the Murdoch family.

Despite the resignation of Andy Coulson as Downing Street’s director of communications, the links between the British Prime Minister, David Cameron, and Rupert Murdoch’s empire have once again been thrown into the spotlight just days before the media tycoon is due to fly to London.

The Independent revealed that James Murdoch, son of Rupert and chairman of News Corporation in Europe and Asia, was a guest at a private dinner with Mr Cameron just days after the Prime Minister stripped the Liberal Democrat business secretary, Vince Cable, of responsibility for the crucial decision on whether News Corp should be allowed to buy the 61 per cent of BSkyB it does not already own.

Advertisement: Story continues below
Rupert Murdoch ... his son James reportedly had dinner with David Cameron.
Rupert Murdoch … his son James reportedly had dinner with David Cameron. Photo: Reuters

The dinner was held at the home of Rebekah Brooks, chief executive of News International, in Churchill, Oxfordshire, and both Mr Cameron and his wife, Samantha, were present.

The highly controversial decision on the takeover was handed to the Culture Secretary, Jeremy Hunt, after Mr Cable was secretly taped telling undercover reporters that he had ”declared war” on Rupert Murdoch.

Mr Coulson’s resignation at the weekend has also renewed interest in police handling of the original investigation into the hacking affair, with claims of a cover-up and calls that the new investigation, announced a few weeks ago by the Crown Prosecution Service, be handed to a different police force or to the Inspectorate of Constabulary.

The Liberal Democrat Energy Secretary, Chris Huhne, criticised the police, saying they had dismissed his calls for a full inquiry, and the former prime minister Gordon Brown has asked police if his phones had been affected when he was chancellor.

A parliamentary inquiry into the row begins to gather evidence this week, but the deputy Labour leader, Harriet Harman, has demanded a fresh inquiry.

Mr Coulson quit as editor of Mr Murdoch’s News of the World in 2007 after the paper’s royal reporter admitted hacking royal phones.

Although Mr Coulson insisted he had no knowledge of the practice, the scandal has riveted London and been the focus of continuing inquiries by Murdoch media rivals, including The Guardian and The Independent.

Sourced & published by Henry Sapiecha


Friday, January 21st, 2011

See the frog that cut off

160 telco customers


January 20, 2011 – 2:36PM
The frog that took down 160 customers.
The frog that took down 160 customers. Photo: Supplied

Due to the wet weather, the frogs in Childers, Queensland have been “breeding like crazy”, with one cutting off hundreds of telecommunications customers.

The one pictured managed to squeeze into a Telstra roadside cabinet through a failed air filter and shorted out the power tracks of the main board of a Remote Integrated Multiplexer (RIM) unit, according to Telstra spokeswoman Karina Keisler.

It resulted in over 160 customers not able to receive incoming calls and also took ISDN services (such as EFTPOS) “completely offline”, she said. 

Communication technician Alan Williams inspecting the cabinet where the frog was found.Communication technician Alan Williams inspecting the cabinet where the frog was found. Photo: Supplied

Sourced & published by Henry Sapiecha


Tuesday, December 28th, 2010

Apple sued over

iPhone and iPad apps

that snoop on users

December 28, 2010 – 9:18AM
Apple CEO Steve Jobs poses with the new iPhone 4 during the Apple Worldwide Developers Conference in San Francisco.The iPhone 4’s killer apps come at a price. Photo: Reuters

Apple is being sued sued over claims that applications for the company’s iPhone and iPad transmit users’ personal information to advertising networks without customers’ consent.

The complaint, which seeks class action, or group, status, was filed on December 23 in federal court in San Jose, California. The suit claims Cupertino, California-based Apple’s iPhones and iPads are encoded with identifying devices that allow advertising networks to track what applications users download, how frequently they’re used and for how long.

Advertisement: Story continues below

“Some apps are also selling additional information to ad networks, including users’ location, age, gender, income, ethnicity, sexual orientation and political views,” according to the suit.

The suit, filed on behalf of Jonathan Lalo of Los Angeles County, identifies applications such as Pandora, Paper Toss, the Weather Channel and, and names them as defendants along with Apple. Lalo is represented by Scott A. Kamber and Avi Kreitenberg of KamberLaw LLC in New York.

Apple iPhones and iPads are set with a Unique Device Identifier, or UDID, which can’t be blocked by users, according to the complaint. Apple claims it reviews all applications on its App Store and doesn’t allow them to transmit user data without customer permission, according to the complaint.

The lawsuit, claiming the transmission of personal information is a violation of federal computer fraud and privacy laws, seeks class-action status for Apple customers who downloaded an application on their iPhone or iPad between Dec. 1, 2008, and last week.

Amy Bessette, a spokeswoman for Apple, didn’t immediately return a phone call or email seeking comment.

Sourced & published by Henry Sapiecha


Tuesday, December 28th, 2010

Researcher demonstrates vulnerabilities of mobile phones

Hackers equipped with inexpensive radio hardware and open source software can compromise your mobile phone, listen to your conversations, intercept your data, or rack up huge bills on premium services, all without you knowing. Ralf-Philipp Weinmann, a cryptologist at the University of Luxembourg Laboratory of Cryptology and Security, has discovered a new type of over-the-air attack on mobile phones, and at the 2010 DeepSec conference in Vienna demonstrated how the exploit could be used against nearly any mobile phone. Read More

Sourced & published by Henry Sapiecha