A critical bug that has lurked in iPhones and iPads for eight years appears to be under active attack by sophisticated hackers to hack the devices of high-profile targets, a security firm reported on Wednesday.
The exploit is triggered by sending booby-trapped emails that, in some cases, require no interaction at all and, in other cases, require only that a user open the message, researchers from ZecOps said in a post. The malicious emails allow attackers to run code in the context of the default mail apps, which make it possible to read, modify, or delete messages. The researchers suspect the attackers are combining the zero-day with a separate exploit that gives full control over the device. The vulnerability dates back to iOS 6 released in 2012. Attackers have been exploiting the bug since 2018 and possibly earlier.
“With very limited data we were able to see that at least six organizations were impacted by this vulnerability— and the full scope of abuse of this vulnerability is enormous,” ZecOps researchers wrote. “We are confident that a patch must be provided for such issues with public triggers ASAP.”
Targets from the six organizations include:
- Individuals from a Fortune 500 organization in North America
- An executive from a carrier in Japan
- A VIP from Germany
- Managed security services providers in Saudi Arabia and Israel
- A journalist in Europe
- Suspected: An executive from a Swiss enterprise
Zerodays, or vulnerabilities that are known to attackers but not the manufacturer or the general public, are rarely exploited in the wild against against users of iPhones and iPads. Some of the only known incidents a 2016 attack that installed spyware on the phone of a dissident in the United Arab Emirates, a WhatsApp exploit in May of last year that was transmitted with a simple phone call, and attacks that Google disclosed last August.
Apple has currently patched the flaw in the beta for iOS 13.4.5. At the time this post went live, a fix in the general release had not yet been released.
Malicious mails that trigger the flaw work by consuming device memory and then exploiting a heap overflow, which is a type of buffer overflow that exploits an allocation flaw in memory reserved for dynamic operations. By filling the heap with junk data, the exploit is able to inject malicious code that then gets executed. The code triggers strings that include 4141…41, which are commonly used by exploit developers. The researchers believe the exploit then deletes the mail.
A protection known as address space layout randomization prevents attackers from knowing the memory location of this code and thus executing in a way that takes control of the device. As a result, the device or application merely crashes. To overcome this security measure, attackers must exploit a separate bug that reveals the hidden memory location.
Little or no sign of attack
The malicious mails need not be prohibitively large. Normal-size emails can consume enough RAM using rich text format documents, multi-part content, or other methods. Other than a temporary device slowdown, targets running iOS 13 aren’t likely to notice any signs that they’re under attack. In the event that the exploit fails on a device running iOS 12, meanwhile, the device will show a message that says “This message has no content.”
ZecOps said the attacks are narrowly targeted but provided only limited clues about the hackers carrying them out or targets who were on the receiving end.
“We believe that these attacks are correlative with at least one nation-state threat operator or a nation-state that purchased the exploit from a third-party researcher in a Proof of Concept (POC) grade and used ‘as-is’ or with minor modifications (hence the 4141..41 strings),” ZecOps researchers wrote. “While ZecOps refrain from attributing these attacks to a specific threat actor, we are aware that at least one ‘hackers-for-hire’ organization is selling exploits using vulnerabilities that leverage email addresses as a main identifier.”
The most visible third-party organization selling advanced smartphone exploits is Israel-based NSO Group, whose iOS and Android exploits over the past year have been found being used against activists, Facebook users, and undisclosed targets. NSO Group has come under sharp criticism for selling its wares in countries with poor human-rights records. In recent months, the company has vowed to serve only organizations with better track records.
It’s generally against security community norms to disclose vulnerabilities without giving manufacturers time to release security patches. ZecOps said it released its research ahead of a general release fix because the zeroday alone isn’t enough to infect phones, the bugs had already been mentioned in the beta release, and the urgency created by the six organizations the firm believes are under active attack
To prevent attacks until Apple releases a general-availability patch, users can either install the beta 13.4.5 or use an alternate email app such as Gmail or Outlook. Apple representatives didn’t respond to an email seeking comment for this post.
Google facing $5bn lawsuit for tracking in ‘private’ mode – The Irish Times
Google surreptitiously amasses billions of bits of information – every day – about internet users even if they opt out of sharing their information, three consumers alleged in a proposed class action lawsuit.
“Google tracks and collects consumer browsing history and other web activity data no matter what safeguards consumers undertake to protect their data privacy,” according to the complaint filed Tuesday in federal court in San Jose, California.
Even as it scoops up information, the search-engine giant assures users – falsely – that they’re in control of what they share with the company, according to the suit, which includes claims for invasion of privacy and violations of federal wiretapping law.
The case was filed by Boies Schiller Flexner, a high-profile litigation firm that previously defended Uber when the ride-hailing company was accused three years ago by Alphabet’s self-driving unit of stealing trade secrets.
Google didn’t immediately respond to a request for comment.
According to the suit, the company collects information, including IP addresses and browsing histories, whenever users visit web pages or use an app tied to common Google services, such as Google Analytics and Google Ad Manager. This makes “Google ‘one stop shopping’ for any government, private, or criminal actor who wants to undermine individuals’ privacy, security, or freedom,” the consumers allege.
A consumer suit accusing Google of illegally tracking and storing geolocation data with its mobile apps and operating system was thrown out by a California federal judge in December. Arizona’s attorney general filed a similar complaint last month. Google disputed the claim and said it’s looking forward to setting the record straight. – Bloomberg
Remove China Apps Removed From Google Play for Violating Its Deceptive Behaviour Policy – Gadgets 360
Remove China Apps has been pulled from Google Play. According to Google’s Deceptive Behaviour rules, an app cannot encourage users to remove third party apps, and do it was suspended, as the app was designed to help users uninstall Chinese apps from their Android smartphones. It was published on Google Play on May 17, and came into the limelight last week. The Remove China Apps even emerged as the top trending app on Google Play and crossed over 50 lakh downloads.
The app notably came to its existence at a time when anti-China sentiment is at peak in the country, for reasons including the coronavirus outbreak and India-China border dispute.
This is the second high profile app to be removed from the Google Play store this week. Just a few hours before Remove China Apps was removed, the Mitron app was also removed from the store. The app was removed for violating the store policies, after surging past 50 lakh downloads fuelled by anti-China sentiments.
The Indian Express first reported about the removal of the Remove China Apps app, but since then more details about the reasons for the removal have come to light. The makers of the Remove China Apps, OneTouch AppLabs, confirmed its suspension from Google Play through a tweet posted on late Tuesday. The Jaipur-based company claims on its website that while a large number of people were using the app to remove apps made by Chinese developers, it wasn’t aimed to “promote or force people to uninstall any of the application(s)” and developed “for educational purposes only.”
Google confirmed to Gadgets 360 that it took the decision to pull the Remove China Apps for violating Google Play’s Deceptive Behaviour Policy that doesn’t allow apps that “encourage or incentivise users into removing or disabling third-party apps” and “mislead users into removing or disabling third-party apps”.
However, Google declined to provide further comment on the suspension.
Received public praise
The Remove China Apps received a large amount of positive reviews on Google Play, with an average rating of 4.9 stars. Its downloads also reached new levels shortly after getting popular on social media. The quick growth of the app suggested how a large number of smartphone users in India are looking for a solution to stay away from Chinese offerings. It’s clearly coincided with the ongoing measures by the government to cut off its ties with Beijing due to cross-border tensions.
Apps including TikTok have already faced a public outrage for being a Chinese platform. In contrast, the rise of the anti-China sentiment helped TikTok alternative Mitron that was initially believed to be an Indian app, though a recent report highlighted its link with Pakistan. The latter was, however, also recently pulled from Google Play for violating spam and repetitive content policies.
In 2020, will WhatsApp get the killer feature that every Indian is waiting for? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts or RSS, download the episode, or just hit the play button below.
Google takes down Indian 'Remove China' app – Nikkei Asian Review
PALO ALTO/NEW DELHI — Google has moved to cut access to an app that became hugely popular in India after it promised to help users identify and remove smartphone services linked to China, at a time of escalating tension between the Asian rivals.
The U.S. search giant took the app — called Remove China Apps — from its Google Play Store on Tuesday. Google acted over violation of its deceptive behavior policy, the Nikkei Asian Review has learned.
Remove China Apps, which claimed to be “educational,” had briefly been the most popular in India’s store, being downloaded more than 1 million times within 10 days of launch.
The app enabled users to detect where any apps on their phones were from and delete them if desired, according to its developer, Jaipur-based OneTouch AppLabs.
OneTouch AppLabs announced that the app had been suspended from the Play store on a tweet Wednesday morning but did not confirm why the app was removed.
Remove China Apps gained popularity in India amid rising anti-China sentiment after Chinese soldiers moved into what India sees its territory along the disputed Himalayan border between the two countries.
The latest tensions appear to be the worst since the 2017 standoff at the Doklam plateau, which lasted 73 days and was the longest such confrontation in decades between the two nuclear-armed countries. They share a 3,500 km border over which they fought a war in 1962.
India has also grown increasingly concerned at the prevalence of Chinese companies in the economy. In April, New Delhi moved to tighten rules that allow it to block “opportunistic” investment from its neighbor.
The hashtag #BoycottChineseProducts is trending on Twitter, with many Indians, including Bollywood celebrities, pledging to stop using Chinese goods.
On its website OneTouch AppLabs cited Indian Prime Minister Narendra Modi’s call last month for India to become “self-reliant”.
It said its app would help people to support the policy by identifying the origin country of apps installed on their phones.
Google prohibits apps that “attempt to deceive users or enable dishonest behavior,” according to the Play Store website. Google also prohibits apps from encouraging or incentivizing users into removing or disabling third-party apps unless it is part of a verifiable security service. It also bans apps in Google Play Store from making changes to a user’s device settings or features outside of the app without the user’s knowledge and consent.
According to the TechCrunch website, some users of Remove China Apps found that it flagged content with no clear China link, including U.S. videoconferencing app Zoom.
OneTouch AppLabs published a disclaimer on its website that Remove China Apps was “being developed for educational purposes only … we do not promote or force people to uninstall any of the application(s).”
Meanwhile, Google Play Store also appears to have removed another popular app, Mitron, a video sharing platform that was touted as an answer to TikTok. It became instant hit in India after being launched in April and reportedly had over 5 million downloads.
Mitron, which means friends in Hindi, is a word Modi uses often to address countrymen in his speeches.
Google in $5bn lawsuit for tracking in 'private' mode – BBC News
Tips to Help You Keep Your Dog Mentally Stimulated
Google facing $5bn lawsuit for tracking in ‘private’ mode – The Irish Times
- Tech20 hours ago
Google is sending Android 11 updates to some Pixel 4 owners early – Engadget
- Health21 hours ago
Nova Scotia reports one new case of COVID-19, bringing total to 1057 – Winnipeg Free Press
- Health7 hours ago
New Brunswick reports one new case of COVID-19 at nursing home as tests and calls to 811 spike – CTV News
- Tech18 hours ago
A new free-to-play game from Tencent is poised to be the next billion-dollar franchise – CNBC
- Tech16 hours ago
Google Pixel 3 vs. 3 XL: They've been deeply discounted, so which should you buy? – CNET
- Media16 hours ago
What is Blackout Tuesday? The social media trend and controversy around it, explained – For The Win
- News12 hours ago
Anticipating 'mass vaccinations', Canada ordering millions of syringes – CTV News
- Economy20 hours ago
'No-deal' Brexit threat looms over pandemic-ravaged UK economy – BNNBloomberg.ca