Social Icons

Friday, August 30, 2019

Tens of thousands of iPhone users hacked via web sites trapped ... for years
Google Project Zero's security researchers have detected a highly sophisticated cyber-surveillance campaign that relied on trapped websites and 0-day flaws.
It is heavy. Google has just revealed the details of a particularly sophisticated espionage campaign, which allowed to hack softly iPhone tens of thousands of people. The hacking took place through a "small number of hacked websites" that targeted users in an undifferentiated way for "at least two years". "We estimate that these sites received thousands of visitors each week," said Ian Beer, a member of Google Project Zero and one of the best iPhone hackers, in a series of blog notes that details the technical aspects of these attacks.

The author of these attacks is not a small player. Thanks to an operational error of the attacker, Google was able to recover at the beginning of the year on these websites five different operating chains, covering the iOS 10 to iOS 12 systems. They relied on a total of fourteen vulnerabilities of two of which were 0-day at the time of their discovery (CVE-2019-7287, CVE-2019-7286). Given the risk, Google has given Apple a one-week delay to fix them. The patch in question was released on February 7, 2019, under the iOS version number 12.1.4.

Theft of sensitive data and geolocation
The existence of such an arsenal, whose value exceeds several million dollars in the market for cyber weapons, shows that this is a group of hackers who has invested "heavily" in piracy iPhone users in "some communities", says Google. And this is probably only part of the iceberg. "There are certainly other [campaigns of this type] that we have not yet detected," says Ian Beer.

The various operating chains allowed hackers to escape the Safari sandbox and execute arbitrary code with root privileges, which ultimately allowed them to run a fairly complete spyware program in the background. . This allowed, among other things, to steal the databases of the main messengers (WhatsApp, Telegram, iMessage, Hangouts, Gmail), siphon sensitive data such as the address book, photos or keychain IDs. GPS location data was also transferred every minute if the terminal was connected to the Internet. However, the cookie was not persistent and disappeared when the device was restarted.

Who is behind this campaign? Hard to say at this point. Google does not provide details on the identity of hacked websites or the profile of victims. In his blog note, Ian Beer alludes to cyber-surveillance of potential dissidents, suggesting that this is an operation of authoritarian government. For his part, security researcher Lukaz Olejnik is betting that this is a surveillance operation targeting ethnic minorities in China. But it's only an hypothesis.

Source :

No comments:

Post a Comment

Learn Python For Beginners

Category Of Mobile Courses

Actualités (644) Adsense (1) Affiliation (1) Algebraic Topology (2) Algorithmic (1) all-news (30) Android (5) Android App (8) Android app without code (4) Android Apps (256) Android Development (4) Android download (2) Android OS (3) AngularJS (1) Automata theory and formal language (5) Bootstrap CSS (1) C programming (5) Category and Functor (8) CMS (3) Computer Glossary (18) Create Mobile App With Ionic Framework (2) CSS (2) CSS-Cascading-Style-Sheets (4) Developpement Java (13) Differential Geometry (1) Django-Python-Framework (15) dropshiping (26) Earn Money by Internet (4) Emplois (23) Framework php (2) Fraud (2) Github (2) HTML (9) IT News (3) Java For Beginners (10) Javascript (12) Kotlin Programming Language (8) Kotlin For Mobile Android (1) Linux Download (2) Marketing (5) Mobile (3) Mobile Courses (4) Mobile Marketing (4) MoneyGram (1) News (721) Node.js (5) Open Source (1) Photoshop (1) Protect Computer (1) Python (37) Python BeautifulSoup (1) Python For Data Science (2) Python PyQt (13) Python Reference (1) Python Source Code (10) Python-Books (6) Python-DVD-Training (1) Python-Exercises (305) Python-Framework (1) Python-IDE (1) Python-Kivy-Framework (2) Python-Modules (1) Python-pdf (2) Python-pyQt (1) python-temp (3) Référencement (2) Script PHP (2) Security (6) SEO (1) Snipping Tool: Faq (1) Social Networks (1) Source Code (4) Statistics With SPSS (2) Surveillance Software (1) Travail à domicile (6) Tutoriels php en vidéos (2) Tutoriels-MySql (6) tutoriels-php (19) Utilitaires (1) VPS (1) Web Hosting (1) Webcam (1) Webmarketing (11) Western Union (1) Windows 10 (1) Windows 7 (4) Windows 7 Faq (2) Windows 8 (1) Windows Accessories (1) Windows Download (8) Windows Drivers (1) Windows Fonts (1) Windows Power Shell (2) Windows Registry (2) Windows Security (18) Windows Software (2) Windows Spyware (2) Windows utilities (3) Windows Virus (2) Windows Vista (3) Windows Wireless (1) Windows xp (1) Wordpress (1)

Sample text

Sample Text

Blogger Templates