i2 Security Blog

Keeping you upto date on the world of IT Security

i2 Security Blog - Keeping you upto date on the world of IT Security

App Store expels iOS hacker

Charlie Miller, a well known Apple hacker who has exposed a large number of vulnerabilities in Apples software has been ousted from the iOS Developer Programme by Apple.  This happened after he published an app that exposes a serious bug in new iPhones and iPads.

 

InstaStock app, which had been accepted and approved by the App Store back in September, is a program that tracks stock prices in real time.  However there is also a secret hack that bypassed protections built into iOS devices that prevent code from running on them unless it has been signed by Apple’s official cryptographic seal.  As a result the app is capable of other things including downloading pictures and contact details from iPhone’s and iPad’s.

Apparently a few hours after Miller revealed the ‘extra’ functionality of his app he received an email stating that Apple was terminating him from the iOS Developer Program for violation of a clause in the program’s license in which he agreed he wouldn’t “hide, misrepresent or obscure any features, content, services or functionality” of applications he submitted.

 

Miller’s code-signing bypass exploits a change introduced in iOS 4.3 that for the first time created a small region in iPhones and iPads where unsigned code downloaded from the internet could be executed. The exception was designed to improve the performance of Safari by allowing it to do just-in-time compiling. To prevent the exception from being abused, Apple tightly restricted it to Safari, and even then only in certain cases.  Miller discovered a flaw in the way the checks are run though.

 

Miller said he’s concerned that his excommunication will hinder his ability to find security bugs in Apple software until it has become publicly available. A case in point is iOS version 5.01, which is currently in beta testing.  Now no longer part of the developer program Miller no longer has access to beta code and therefore will have to wait until the code is publicly available before he can check for vulnerabilities.  By which time it will probably be too late.

MAC Attack using Tsunami Trojan

A new attack against Apple MAC’s has been discovered and is being termed the “Tsunami Trojan”.

 

The newly discovered Tsunami Trojan is derived from an earlier Linux-infecting backdoor Trojan, called Kaiten, which connected back from infected machines to an IRC channel for further instructions. It appears Security firms are still in the process of analysing Tsunami but early speculation suggests it may be a DDoS attack tool.

 

“Mac users are reminded that even though there is far less malware in existence for Mac OS X than for Windows, that doesn’t mean the problem is non-existent,” says Graham Cluley security firm Sophos.

“We fully expect to see cybercriminals continuing to target poorly protected Mac computers in the future. If the bad guys think they can make money out of infecting and compromising Macs, they will keep trying. My advice to Mac users is simple: don’t be a soft target, protect yourself.”

 

I would fully agree with what Graham Cluley says, many people think there are no Trojans or Virus’ for MAC’s but they are mistaken, and this article proves it once again.  No matter what operating system you are running, be it Windows, Linux or Mac OSX you should still look to secure it and keep patches up to date and run security software.

 

Don’t be one of the poorly protected computers spoken of above!

 

If you are a Mac user concerned by security Sophos currently offer a free antivirus solution available from their site for download.

iPad2 iOS5 Lock Screen Vulnerability

ipad2 imageAs soon as iOS5 was released people were already looking for issues with it.  One of the first discovered on the iPad2 was an issue with the screen lock functionality.

Marc Gurman has discovered a vulnerability on the iPad that allows for a limited bypass of the device’s locked screen. Anyone with a Smart Cover on their iPad can gain access to the previously-open app (or the home screen if no app was open).

Simply hold the power button to bring up the ‘Power Off’ screen, close the smart cover, re-open it, and click cancel, the attacker will be dropped into the screen that was open before the iPad was locked. If the attacker gets dropped into the home screen, then they’ll be able to see the installed apps, but won’t be able to open anything. If Safari or Address Book (or any other app) was the open when the device was locked, then the attacker would have access to that app.

From a locked iPad 2:

1) Lock a password protected iPad 2
2) Hold down power button until iPad 2 reaches turn off slider
3) Close Smart Cover
4) Open Smart Cover
5) Click cancel on the bottom of the screen

Obviously with more and more iPad’s being used in the business world and also in education you can probably imagine the issues this type of vulnerability could cause.  Just imagine if your email was the last app open, or your address book with all of your customers 🙂

For now the only way to stop this happening is to disable the “Smart Cover Unlocking” feature, which can be found in Settings>General.

Although I’m sure Apple will be working on a fix for this already.

MAC Webcams Hijacked via a bug in Flash

It has emerged that a bug in Adobe’s Flash player can allow webcam’s and microphone’s on Apple Mac’s to be hijacked by website owners allowing them to eavesdrop without permission.

All that’s required is to visit a malicious website and to click on a few buttons on that page.  Without warning, the visitor’s camera and microphone will be activated and the video and audio intercepted.  On Wednesday Adobe said they were planning on fixing the vulnerability, which is caused by flaws in the Flash Player Settings Manager.  The panel, which is used to designate which sites may access feeds from a user’s camera and mic, is delivered in the SWF format used by Flash.  A computer science student at Stanford University, Feross Aboukhadijeh, discovered he could embed the SWF file as an invisible iframe and superimpose misleading graphics on top that tricked visitors into making changes to the underlying privacy settings.

Settings Manager is actually hosted on Adobe’s servers and therefore a fix should be able to be implemented without having to release an update to users machines.  A spokesperson for Adobe has said an update should be in place by he end of he week.

The Stanford student said so far only Mac’s running Safari or Firefox were vulnerable, however he indicated that further research may lead to this attack becoming more universal.

Sick Facebook scammers try to exploit the death of a genius

As always in the world we live in it hasn’t taken long for the scammers to try to exploit a sad world event, the passing away of Steve Jobs.

The scammers are telling people that an unnamed company are giving away 50 iPad’s in memory of the Apple genius.  Victims are asked to follow a link and complete a survey to qualify for the prize.

The offer is obviously a fake one and so far over 15000 users have followed the link, according to reports from the security company Sophos.
The scammers are aiming to make money from affiliate links, basically they make more money the more people they drive to certain websites such as gambling, contests and survey sites.  Obviously they could just as easily point you to sites hosting malicious content, but in this particular scam all pages that you redirect to are the types mentioned above.

I think we can expect a few more of this type of scam over the coming days, as always these scams seem to surface after an event like this.
Just be careful of the links you click on, never give away your personal details, logins, bank details etc and try to keep all your anti virus and other software up to date.

Apple OSX Lion Password Security

Recently the long awaited update to Apple’s OSX was released in the form of ‘LION’. However Apple seem to have gone back in time with their implementation of password security on Lion.

Directory Services in OSX used to require authentication when requesting a password change, but this is no longer the case in Lion.

In order to change the password of the currently logged in user all you need to type is:

$ dscl localhost -passwd /Search/Users/Jon
(where Jon is the current user)

Now although this requires a machine to be left unlocked, how many times do you you see a Mac left unlocked on someones desk???