Main article: Apple iPhone
Cracking of iPhone through vulnerabilities in SQLite
On August 16, 2019 it became known that specialists of Check Point company showed how it is possible to crack iPhone through a database core which uses iOS — SQLite. In this case hackers will be able to acquire the administrator's rights over the device. Read more here.
Apple will pay $1 million to everyone who will crack iPhone
In August, 2019 Apple announced readiness to pay $1 million to everyone who will crack iPhone. It is the record amount for the technology companies using the bug bounty programs (search of vulnerabilities for remuneration) to correct errors in the developments.
As specifies Reuters, hackers who got remote access to iPhone core without any actions from device user side will be able to expect an award in $1 million.
The award of $500 thousand will be offered those who will be able to make "the network attack which is not requiring user interaction". Apple also provided a bonus for hackers who will be able to find weak points in the new software before its exit.
Before the program of Apple provided an award for identification of errors in mobile to the operating system iOS only to the invited researchers. Now the company decided to distribute the program to one and all specialists and systems iCloud, tvOS iPadOS, watchOS and macOS.
The expert in security of macOS Patrick Wardle approved the solution of Apple to expand the program of search of vulnerabilities. Earlier this specialist repeatedly found weak points in platforms of Apple. As earlier the award for the found errors was not offered, Wardle published data on vulnerabilities at once, without transferring information of the company for correction of bugs.
Not only Apple increases remunerations for the found critical errors in the products. In July, 2019 Google raised the minimum remuneration for vulnerabilities in Chrome three times — to $15 thousand. And the maximum level increased up to $30 thousand.
In a case with Chrome OS, the chain of vulnerabilities which will lead to a complete compromise of chromebooks or Chromebox devices can bring to specialists to $150 thousand instead of former $100 thousand now]
The method is shown to learn the phone number through the AirDrop function on iPhone
At the end of July, 2019 the team of experts on information security of Hexway told about a data acquisition method with iPhone by means of the built-in function of wireless transmission of files of AirDrop.
Experts found out that after activation of AirDrop with iPhone the packets with the phone number of the owner ciphered by algorithm SHA-256 are sent. It allows potential receivers to define whether the sender enters their contact list.
For use of vulnerability it is necessary to create the SHA256 (phone_number) database: phone_number for a certain region and to start a simple script, for example, on the notebook, being in the public place. When someone from users nearby decided to transfer the file on AirDrop, the malefactor can intercept a hash of the phone number of the sender and recover from it number.
Then it is possible to try to find a user name by the room in different services, like TrueCaller, or to contact it through iMessage or in a different way.
The hacker can get and other confidential data. For example, if the victim starts the Share the Password Wi-fi function, in addition to the ciphered phone number it will turn out to intercept the login Apple ID and the e-mail address. But it is much less widespread case as the most part of users extremely seldom share the password from the Internet, researchers note.
These vulnerabilities in Hexway found in to the operating system iOS, starting with version 10.3.1. They remained in the beta of a firmware of IOS 13. The Apple company does not give comments about this problem.
According to experts, the arisen problem is not vulnerability, and it is rather an a result of functions which ensure functioning of an ecosystem of Apple.
Listened to users of iPhone through a hole in Apple Watch
On July 10, 2019 Apple blocked function of the radio set in Apple Watch through which as it became clear, it was possible to wiretap someone else's iPhones without the knowledge of users. Read more here.
Criminals learned to bypass blocking of iCloud in stolen iPhones
On February 7, 2019 it became known that criminals use several methods of an unblocking of the stolen iPhones blocked through iCloud
Apple implemented the safety feature designed to make the device unattractive for thieves in iPhone. As iPhone can be connected only with one account of iCloud in order that the criminal could sell it, it should be completely deleted, and it is impossible to make it without the password iCloud. Without password it is also impossible to roll away iPhone before factory defaults.
While the account of iCloud works, this owner of the device can block far off it and define location by the Find My iPhone function. Then the stolen iPhone tied to iCloud of the this owner for thieves is useless.
The above described safety feature really helped to reduce number of thefts, however enterprising criminals nevertheless learned to bypass it. Thieves, programmers and hackers combined efforts to find methods of a bypass of blocking iCloud and successfully to sell stolen iPhones.
The scheme which received the name iCloud unlock assumes use of counterfeit receipts and accounts to convince Apple as if the thief is a legal owner of iCloud, databases with information on smartphones and social engineering in Apple Store shops.
For removal of iCloud criminals or receive the password from the victim (using a phishing), or deception force the employee of Apple Store to unblock the stolen device. The third option meets seldom and consists in withdrawal of the central processor of the device from the motherboard and reprogramming. In certain cases thieves even force to delete the victims the accounts with iCloud, threatening them with physical violence.
In messengers there are even specialized communities of the hackers who are engaged in iPhone unblocking for the purpose of their further sale. They exchange experience and publish screenshots of successful cracking. Some hackers work on tens of devices at the same time.
iPhone allows to hear the interlocutor to the answer to a video call
At the end of January, 2019 Apple officially recognized existence in iPhone of fault which allows to hear the interlocutor to the answer to a video call. The company promises to release the update fixing a problem for iOS, and the decision to turn off service was up to this point made.
When carrying out a call to FaceTime to the user rather repeatedly to add the contact to a group call with the subscriber. Because of it the device of the receiver of a call transmits a sound in a group conversation.
One more feature of vulnerability is that if after that the accepting person clicks volume or switching off to reject a call, service instead will begin to broadcast to the calling video in addition to audio.
At the same time to the user who receives a call, it is not announced that the image and a sound from its smartphone is already transmitted to calling.
| ||We know about this problem and already defined the solution which is later this week will appear in a software update — the representative of Apple reported Reuters agency on Monday, January 28.|| |
The Apple company to eliminate a possibility of espionage for users, switched-off the servers which were responsible for group calls. On the page of services of the company in the section of FaceTime the status "malfunction" is specified. The producer recommends to users to turn off temporarily video conference function until developers correct an error.
Function of group video calls to FaceTime was announced in the summer of 2018, and in devices of Apple it appeared in October of the same year.
Replacement of 11 million accumulators in iPhone: users do not buy new smartphones, and replace batteries in old
In January, 2019 it became known of sharp increase in replacement of accumulators in iPhone. The basic reason of such trend is in what consumers do not want to buy expensive smartphones Apple and continue to use old models, having replaced in them batteries.
The famous journalist John Gruber having the blog Daring Fireball learned about the meeting of staff of Apple which took place in January, 2019 at which the CEO of Apple company Tim Cook stated replacement of 11 million batteries in iPhone at the end of 2018. And usually in a year from 1 to 2 million accumulators change.
At the end of 2017 Apple was recognized in purposely deceleration of work of old phone models by means of updates for operating system iOS. After that the company started the program of preferential replacement of accumulators — for $29 instead of normal $79. The discount is available only to owners of iPhone 6 or more of late model and had to work only until the end of 2018.
However Apple saved the program, but limited it. Since January 1, 2019 users will be able to use not warranty replacement of the accumulator for $29 not bezlimitno but only once.
Restriction for the number of preferential requests for service of the battery is explained by lack of need to change it more often than once a year. Apple says that the battery of each iPhone is expected passing by the smartphone of at least 500 cycles of charging.
According to John Gruber, the program of discount replacement of accumulators significantly did not influence sales of Apple to a release of the iPhone XR and XS models. Many consumers refused acquisition of these smartphones and just decided to replace batteries in old devices to increase their performance.
Tim Cook told employees that, in addition to the program of replacement of batteries, the negative impact on revenues of Apple was made by macroeconomic problems, decrease in operator subsidies in some countries and strengthening of dollar exchange rate.
Mass failure in operation of iPhone because of helium leak
On October 8, 2018 in private medical clinic Morris Hospital from the State of Illinois, the USA, after testing of the new device MRT mass failure in operation of iPhone and Apple Watch of personnel of medical institution occurred. Initially the reason of breakdown considered the electromagnetic radiation proceeding from the device MRT. However, as it appeared, neither gadgets of other producers, nor other electronic devices in the building ceased to work. As a result of the made investigation it became clear that liquid helium which is actively applied to cooling of components of the device MRT became the reason of "death" of smartphones and smartwatch. Read more here.
The system administrator of clinic Erik Wooldridge visually showed vozdeytvy helium on iPhone. It placed gadzhdt in an air-tight transparent plastic packet with the lightning and inflated it with helium. On video it is possible to see that in eight minutes to the smartphone there is the same the Sami that happened during start of the tomograph in clinic to other devices of Apple: it "hangs up". Perhaps iPhones of other users worked too after "hangup", but as their screen was switched off, users considered that their smartphones are switched off, the system administrator assumed.
Attacks of cryptominers on Apple iPhone devices increased four times
On October 17, 2018 the Check Point Software Technologies Ltd. company, solution provider of cyber security, issued the report of Global Threat Index for September, 2018. Researchers note that the number of the attacks of miners of cryptocurrency on Apple iPhone devices increased almost by 400%. The attacks are carried out by means of the malware Coinhive which holds an upper place in the rating of Global Threat Index since December, 2017.
The Coinhive miner remains to the most widespread malware — it attacks 19% of the organizations worldwide. Specialists of Check Point also detected significant increase in number of the attacks of Coinhive on PC, tablets and smartphones with set browser Safari which is usually used in devices Apple. The Cryptoloot miner rose by the third line in the rating of threats of Global Threat Index. This the second in scope malware for the hidden production of cryptocurrencies. The main competitive difference of Cryptoloot from Coinhive — lower commission charges for owners of the websites.
| ||Illegal cryptocurrency mining remains the main threat for the organizations worldwide. In two last weeks of September, 2018 we recorded fourfold increase in the attacks on iPhone and other devices with the Safari browser. What is interesting, these attacks do not involve functionality of the malware therefore we continue to investigate the possible reasons of such splash. At the same time, this situation reminds that mobile devices — that element of a corporate system of security which often is overlooked therefore it is very important to protect these "weak links" using the complete solution on prevention of threats.|| |
In September, 2018 Dorkbot, a trojan which main objective — to steal confidential information and to start DDoS attack, saved the second place in the rating of the most active threats. 7% of the organizations faced it.
The most active malwares in September, 2018 in Russia:
- ↑ Dorkbot (32%) — the IRC worm intended for remote accomplishment of the code by the operator and also for loading of the additional malware in the infected system. It is a bank trojan which main objective is theft of confidential information and start of the attacks like "failure in service".
- ↓ Cryptoloot (17%) is the cryptominer using the power of the CPU or video card of the victim and other resources for cryptocurrency mining, the malware adds transaction to a blockchain and releases other currency.
Researchers of Check Point also analyzed the most operated vulnerabilities. The first place was saved by the vulnerability of CVE-2017-7269 which affected 48% of the organizations worldwide. On the second place — problem CVE-2017-5638 with a global scope in 43%, on the third, with small lag — a possibility of an injection of the code because of the incorrect PHPMyAdmin configuration on the Web server (Web servers PHPMyAdmin Misconfiguration Code Injection). This vulnerability is revealed at 42% of the companies.
Top-3 the most operated vulnerabilities of September, 2018:
- ↔ Buffer overflow Microsoft of IIS WebDAV ScStoragePathFromUrl Buffer Overflow (CVE-2017-7269). Sending specially created request on network for Microsoft Windows Server 2003 the R2 server through services Microsoft Internet Information Services 6.0, the malefactor can execute far off any code or cause failure in service on the target server. The main reason of vulnerability — the buffer overflow caused by inadequate check of long heading in HTTP- a request.
- ↑ Use of OpenSSL tls_get_message_body Function init_msg Structure Use After Free (CVE-2016-6309) given after release of memory. Vulnerability is detected in OpenSSL as tls_get_message_body. Not authorized malefactor can use far off this hole, having sent specially made message on the vulnerable server. The successful attack will allow to execute any code in a system.
- ↑ Injection of the Web servers PHPMyAdmin Misconfiguration Code Injection code. This vulnerability is revealed in PHPMyAdmin. Its source — an incorrect configuration of the web application. For operation of a system through this vulnerability the malefactor can send to subject to the attack specially made HTTP request.
Global Threat Impact Index and ThreatCloud Map are developed by ThreatCloud intelligence, the biggest joint network on fight against cyber crime which provides data on threats and trends of the attacks from a global network of sensors of threats. The ThreatCloud database containing more than 250 million addresses analyzed for detection of bots, more than 11 million signatures of malware and more than 5.5 million infected websites continues to identify millions of malware daily.
Apple warned about defects in iPhone 8
Faulty was a motherboard because of which phones can suddenly reboot, hang up and not join even.
The producer claims that the problem concerned "small percent the" of devices sold during the period from September, 2017 to March of the 2018th in the USA, Australia, China, India, Japan, New Zealand and some other countries. Apple says that the defect did not mention iPhone 8 Plus and other models of the company.
As notes Forbes, Apple uses a formulation with "small percent" of defects constantly when it withdraws faulty products.
Users of iPhone 8 can independently learn whether their smartphones are subject to repair. For this purpose it is necessary to come into the special section on the website of Apple, to specify the region of purchase and serial number of the device.
Apple is ready to eliminate free of charge a manufacturing defect in mobile devices. At the same time the service campaign which will continue within three years from the moment of the first sales of iPhone 8, does not assume elimination of other potential damages of devices which do not belong to the specified defect.
Earlier mass problems were already diagnosed for iPhone 8 which was for the first time provided to general public in September, 2017. For example, a week later after the gadget presentation users began to complain of extraneous noise and a crash in dynamics. The problem appeared program character so advised to return to all victims factory defaults of phone.
Besides, at some iPhones 8 almost right after purchase the screen began to fall off literally. It was reported that sudden swelling of the accumulator could become the reason for that.
iPhone exploded in the machine
Video begins with the fact that being on the central iPhone 6 console in the car unexpectedly smoked, and then lit up. The scared girl cried, but continued the movement to avoid creation of a dangerous situation on the high-speed highway.
However 20 seconds later the device lit up again, and then the driver hastily stopped the vehicle and left it. When one of motorists approached the girl, she cried that her phone exploded. Fortunately, it was without injuries.
Then in a conversation with journalists the husband of the victim by the name of Chiang said that iPhone exploded without any bases on that.
| ||It went one. Nobody touched its phone. It just suddenly exploded. It did not even charge it and did not use — he told.|| |
However he added that shortly before the incident in the smartphone was the accumulator is replaced. The service center which repaired the device, agreed to install the new battery, however did not undertake "further responsibility" — refused to recover all phone or the meter panel damaged by fire in the company. The married couple decided to have legal proceedings with a workshop.
Social networks saw fault of the girl in what occurred. One of users noted that it in hot day left phone in the sun, and that as a result of overheating exploded.
It is not the first case of ignition of iPhone. There were situations when the device exploded before the buyer opened packaging and also in trouser pockets of the owners. It resulted because of deformation of accumulators from mechanical damages of the body, long and frequent sessions of charging and to other reasons.
15% of test iPhones have problems
Apple punished for blocking of iPhone after unofficial repair
A claim to Apple was submitted by the Australian commission on questions of the competition and consumer protection (ACCC), having accused the company of program shutdown of hundreds of smartphones and tablets repair of the display or fingerprint scanner in not authorized center.
The company explained the actions with the fact that the original Touch ID test was created for check of correct operation of the scanner before the device leaves factory.
Earlier Apple released update for iOS, the eliminating error of blocking of gadgets after repair, apologized to users and agreed to pay compensations by the victim. However not all managed to receive indemnification.
The Australian federal court decided that Apple broke the law on consumer protection when it notified 275 clients on impossibility to expect compensation if devices are repaired unofficial.
| ||The fact that iPhones or iPad were repaired by someone another, except Apple did not bring and cannot lead to the fact that consumers lose a guarantee — the commissioner of ACCC Sarah Court said.|| |
The judge supported ACCC and specified that the global companies should conform to the rules of return of products according to the Australian legislation in the field of consumer protection.
Apple refrained from informative comments at the request of Reuters and only noted that the company held "very productive negotiations with ACCC on this matter".
By June, 2018 Apple communicated approximately from 5 thousand clients concerning payment of compensation for the blocked devices after repair at unofficial dealers.
The police use fingers of corpses for iPhone unblocking
In March, 2018 it became known that the American police practice use of fingers of dead persons for an unblocking of smartphones.
In a conversation with Forbes the court expert of the Federal Bureau of Investigation (FBI) Bob Moledor told that obtaining information with the suspect's iPhone before phone requests the password became a common problem for all law enforcement agencies. With emergence in smartphones of fingerprint scanners police officers had an opportunity to get data access in the device by its unblocking a finger of the dead or the killed person which possessed the gadget.
The first attempt of an unblocking of the smartphone of the dead person on the fingerprint scanner was officially registered in 2016 during criminal case about the suicide bomber Adbul Razak of Ali Artane (Abdul Razak Ali Artan) who brought down the car of people and opened fire at civilians of the State of Ohio. Then at intelligence agencies it did not turn out "open" iPhone 5s of the malefactor, but after that the unblocking of the device of the died owner using his finger became customary practice for the American law enforcement agencies, told the edition the sources close to local and federal police investigations in New York and Ohio which wished to remain anonymous.
According to interlocutors, in 2018 the New York City Police Department could unblock thus the smartphone of the addict who died of overdose and get access to contacts of the dealer.
As for legality of such actions, police officers claim that for access to contents of smartphones they do not need the order unless there can be some ethical obstacles. An exception are cases when the smartphone is shared property.
In 2017 Apple began to sell phones with the system of face recognition. It is possible to bypass also this biometric protection: it is enough to bring to the camera the person with opened by eyes, the security researcher of Cloudfare Marc Rogers reported. According to him, by March, 2018 cases when police officers unblocked iPhone were not registered, using the scanner of the person of a corpse.
Evacuation of Apple shop because of iPhone battery smoke
On January 9, 2017 the Apple Store shop in Switzerland was evacuated because of smoke which happened because of iPhone. Details the Reuters news agency reports, referring to the statement of local police.
Incident occurred in the Apple shop which is near the central railway station of Zurich. Smoke arose when the employee of the service center took the superheated battery from the iPhone body.
Even before arrival of emergency services the staff of shop took necessary measures: they powdered the overheated accumulator with quartz sand that interfered with further distribution of smoke. To the scene there arrived police, ambulance and fire service.
About 50 visitors of shop and also all personnel hastily left outlet. Seven needed medical care, but they refused hospitalization. The employee of repair shop at Apple Store who tried to take that overheated accumulator got slight burn.
Specialists of institute of forensic medical examination of Zurich withdrew the device and the accumulator in vitro to establish that led to overheating. The Apple company so far did not comment on the event in any way.
Incident in Switzerland occurred several weeks later after Apple was recognized in decline in production of iPhone with old accumulators. Later the company apologized to users.
For problem solving with accumulators of Apple almost three times reduced the cost of their replacement: from 79 to 29 dollars. The discount is available only to owners of iPhone 6 or more of late model, she will act from January to December, 2018. Most likely, users began to address in large quantities on warranty replacement of problem batteries therefore risk of incidents as in Apple Store in Zurich, increases.
Apple underestimates the speed of operation of old iPhones
In December, 2017 the Apple company was recognized in intended deceleration of operation of the old iPhone models. It becomes for increase in duration of independent operation of devices.
Apple reported that function of decline in production of the device in case of wear of the accumulator was built in the operating system iOS.
| ||The speech not only about the overall performance of the device, but also about life extension of devices. Li-ion cells are not capable to provide necessary current at fall of temperature or at a low charge and wear. It can lead to unexpected shutdown of the device for protection of components … Our purpose is ensuring the best experience for clients which includes the general operation and duration of service life of devices, says Apple.|| |
Apple explains that iOS limits peak capacity — it, in fact, measure tests, forcing the device to carry out several difficult computing tasks in a row. The restriction "smoothing" peaks which was implemented by Apple probably can affect the speed of start of "heavy" programs, performance in exacting games, applications with support of augmented reality, etc. However in daily use it will be hardly noticeable
In December, 2017 the user of Reddit under the nickname TeckFire published the results of the research which showed that Apple consciously slows down the performance of the old iPhone models with low-power accumulators. The blogger paid attention to decrease in clock rate of processors and correlated these changes to deterioration in capacity of accumulators which inevitably happens to time.
Demand one trillion dollars from Apple
The inhabitant of California Violetta Mailyan filed a lawsuit against Apple corporation, having demanded from it nearly one trillion dollars. The intended statement of the old iPhone models after an exit new became the reason of the statement of claim. Along with the claim other U.S. citizen — Raisa Drantivy addressed, her requirements are more modest — "all" than $100 million. Both of them accused Apple of introduction of clients to delusion and the unfair competition.
"Regardless of whether intentionally the defendant slowed down operation of the old iPhone models using updates of IOS or otherwise, he intentionally hid information on it from consumers. Each consumer had to purchase the new iPhone model as the performance of their old smartphones slowed down because of directional effects", said in Violetta Mailjan's claim.
Withdrawal of 275 thousand covers hazardous to health
In August, 2017 it became known of a mass withdrawal of fashionable covers for iPhone because of chemical burns which can cause these accessories. The producer recognized a problem and agreed to indemnify loss in full.
The Consumer Product Safety Commission of the USA (Consumer Product Safety Commission) stated that through the whole country about 20 cases of developing of chemical burns and hypostases of legs, persons, necks, a breast and an upper body and a hand at users of covers of production of MixBin Electronics company are registered.
They represents the put-on not phones of a pad in which cavity is filled with liquid with rhinestones, floating spangles and also other jewelry.
Covers in usual conditions are harmless, but if liquid begins to flow outside, then the contact with skin can lead to the strong burning causing strong allergic reaction and irritation. The composition of liquid in covers is not specified.
The products manufactured in China were on sale under the known brands, such as Henri Bendel, Tory Burch and Victoria's Secret, in their shops. Besides, before start of a revocable campaign they could be purchased on the websites of Amazon, eBay and the producer. The cost of defective products was from 15 to 65 dollars.
Everything under a response got 275 thousand covers for iPhone 6, iPhone 6s and iPhone 7 which were sold during the period from October, 2015 to June of the 2017th. The most part of goods hazardous to health is implemented in the territory of the USA.
Users of defective accessories are recommended to stop using them and to address to MixBin Electronics behind receiving compensation, including for medical expenses if like those were required.
- ↑ [https://www.thesun.co.uk/tech/9702079/apple-tim-cook-iphone-reward-hackers/ offers Apple $1 of MILLION 'bug bounty' of to anyone who can hack an iPhone
- ↑ Bleee Apple. Everyone knows What Happens on Your iPhone
- ↑ Criminals learned to bypass function of blocking of stolen iPhones
- ↑ Disables Group FaceTime following major security flaw Apple
- ↑ IPhone batteries under 2018 repair program replaced 11M Apple, 9M more than average
- ↑ Murderer of "iPhone"
- ↑ Warns of hardware defect in some iPhone 8s Apple
- ↑ Video purportedly shows iPhone exploding in car
- ↑ Australian court fines Apple of $6.7 million over iPhone 'bricking' case
- ↑ Yes, Cops Are Now Opening iPhones With Dead People's Fingerprints
- ↑ Apple store in Zurich evacuated as phone battery overheats
- ↑ Addresses why people are saying their iPhones with older batteries are running 'slower' Apple
- ↑ demand one trillion dollars From Apple
- ↑ Nearly 275.000 iPhone cases decorated with liquid glitter recalled after causing chemical burns