Decrypted: iOS 13.5 jailbreak, FBI slams Apple, VCs talk cybersecurity

Decrypted: Google finds a devastating iPhone security flaw, FireEye hack sends alarm bells ringing

In case you missed it: A ransomware assault noticed affected person knowledge stolen from one of many largest U.S. fertility networks; the Supreme Court started listening to a case which will change how tens of millions of Americans use computer systems and the web; and lawmakers in Massachusetts have voted to ban police from utilizing facial recognition throughout the state.

In this week’s Decrypted, we’re deep-diving into two tales past the headlines, together with why the breach at cybersecurity big FireEye has the cybersecurity trade in shock.


Google researcher finds a significant iPhone safety bug, now mounted

What occurs while you go away probably the greatest safety researchers alone for six months? You get one of the devastating vulnerabilities ever present in an iPhone — a bug so damaging that it may be exploited over-the-air and requires no interplay on the person’s half.

The AWDL bug beneath assault utilizing a proof-of-concept exploit developed by a Google researcher. Image Credits: Ian Beer/Google Project Zero

Read More:  How Moovit went from opportunity to a $900M exit in 8 years

The vulnerability was present in Apple Wireless Direct Link (AWDL), an essential a part of the iPhone’s software program that amongst different issues permits customers to share information and photographs over Wi-Fi via Apple’s AirDrop characteristic.

“AWDL is enabled by default, exposing a big and complicated assault floor to everybody in radio proximity,” wrote Google’s Ian Beer in a tweet, who discovered the vulnerability in November and disclosed it to Apple, which pushed out a repair for iPhones and Macs in January.

But exploiting the bug allowed Beer to realize entry to the underlying iPhone software program utilizing Wi-Fi to realize management of a susceptible gadget — together with the messages, emails and photographs — in addition to the digital camera and microphone — with out alerting the person. Beer stated that the bug could possibly be exploited over “a whole lot of meters or extra,” relying on the {hardware} used to hold out the assault. But the excellent news is that there’s no proof that malicious hackers have actively tried to use the bug.

Read More:  Lime adds shared electric mopeds to the mix

News of the bug drew fast consideration, although Apple didn’t remark. NSA’s Rob Joyce stated the bug discover is “fairly an accomplishment,” given that the majority iOS bugs require chaining a number of vulnerabilities collectively with a purpose to get entry to the underlying software program.

Wow. An iOS exploit that doesn’t contain chaining a number of vulnerabilities collectively is sort of an accomplishment.

— Rob Joyce (@RGB_Lights) December 2, 2020

FireEye hacked by a nation-state, however the aftermath is unclear


Add comment