Malicious websites were used to secretly hack into iPhones for years, says Google

Security researchers at Google say they’ve found a number of malicious websites which, when visited, could quietly hack into a victim’s iPhone by exploiting a set of previously undisclosed software flaws.

Google’s Project Zero said in a deep-dive blog post published late on Thursday that the websites were visited thousands of times per week by unsuspecting victims, in what they described as an “indiscriminate” attack.

“Simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant,” said Ian Beer, a security researcher at Project Zero.

He said the websites had been hacking iPhones over a “period of at least two years.”

The researchers found five distinct exploit chains involving 12 separate security flaws, including seven involving Safari, the in-built web browser on iPhones. The five separate attack chains allowed an attacker to gain “root” access to the device — the highest level of access and privilege on an iPhone. In doing so, an attacker could gain access to the device’s full range of features normally off-limits to the user. That means an attacker could quietly install malicious apps to spy on an iPhone owner without their knowledge or consent.

Google said based off their analysis, the vulnerabilities were used to steal a user’s photos and messages as well as track their location in near-realtime. The “implant” could also access the user’s on-device bank of saved passwords.

The vulnerabilities affect iOS 10 through to the current iOS 12 software version.

Google privately disclosed the vulnerabilities in February, giving Apple only a week to fix the flaws and roll out updates to its users. That’s a fraction of the 90 days typically given to software developers, giving an indication of the severity of the vulnerabilities.

Apple issued a fix six days later with iOS 12.1.4 for iPhone 5s and iPad Air and later.

Beer said it’s possible other hacking campaigns are currently in action.

The iPhone and iPad maker in general has a good rap on security and privacy matters. Recently the company increased its maximum bug bounty payout to $1 million for security researchers who find flaws that can silently target an iPhone and gain root-level privileges without any user interaction. Under Apple’s new bounty rules — set to go into effect later this year — Google would’ve been eligible for several million dollars in bounties.

A spokesperson for Apple did not immediately comment.

Apple expands its bug bounty, increases maximum payout to $1M

Adult film producer Bang Bros says it has bought PornWikiLeaks.com, a forum devoted to doxxing and harassing porn performers, and is shutting it down (Samantha Cole/VICE)

Samantha Cole / VICE:
Adult film producer Bang Bros says it has bought PornWikiLeaks.com, a forum devoted to doxxing and harassing porn performers, and is shutting it down  —  PornWikiLeaks was a forum devoted to revealing the names and personal information of porn performers, including several in the Girls Do Porn trial.

Home-grown Fabindias, Urban Ladders to gain

About 112 brands have obtained government approval for single brand retail trade activities from 2006 till March 29, 2018. The single-brand retail sector has received total FDI equity of $1.6 billion so far. https://ift.tt/2ZmG0PD https://ift.tt/eA8V8J

Artificial Intelligence funding is at a record high

Intel Capital has invested in 51 AI ventures, while 500 Startups has put their money behind 45 investments. Other notable investment firms, like Y Combinator, have backed 32 AI centered startups. https://ift.tt/2Lm6arQ https://ift.tt/eA8V8J

ETtech Top 5: Flipkart's festive strategy, Apple's Rs 1,000 cr India retail plan & more

A closer look at today's biggest tech and startup news and why they matter. https://ift.tt/2HNv3vV https://ift.tt/eA8V8J

An in-depth look at five iOS exploit chains that were used in hacked websites for carrying out watering hole attacks against devices running iOS 10 through 12 (Ian Beer/Project Zero)

Ian Beer / Project Zero:
An in-depth look at five iOS exploit chains that were used in hacked websites for carrying out watering hole attacks against devices running iOS 10 through 12  —  Project Zero's mission is to make 0-day hard.  We often work with other companies to find and report security vulnerabilities …

Apple to roll out a Rs 1,000 crore retail show

The first store is likely to come up in Mumbai followed by Delhi and a third location is yet undecided,” a senior government official said. https://ift.tt/2HyOfwZ https://ift.tt/eA8V8J

India’s insurance industry using new-age tech to simplify processes

Insurers are adopting AI-powered platforms to help agents market the right policy, and setting up virtual branches and processing motor vehicle claims based on photographs. https://ift.tt/2Pmtefv https://ift.tt/eA8V8J

E-marketplaces asked to upload compliance details by Sept 30

These compliance reports have to be uploaded by September 30, and in this instance will cover only the February-March 2019 period, as the new FDI norms came into effect from February 1. https://ift.tt/348anYQ https://ift.tt/eA8V8J

This festive season, Flipkart to focus on core categories

In an email sent to select brands, Flipkart said it planned to launch special products during the flagship Big Billion Days sales, with some even packaged as Flipkart exclusives. https://ift.tt/2UeZS1c https://ift.tt/eA8V8J

Flipkart close to investing $40M in logistics startup Shadowfax

If the deal goes through, it will be Flipkart’s third investment in the logistics space after earlier backing trucking platform BlackBuck and locker provider QikPod. https://ift.tt/32hvSoy https://ift.tt/eA8V8J

Google lets David Drummond do the talking

Anyone wondering if Alphabet might reprimand its chief legal officer, David Drummond, for a long-ago extramarital, inter-office affair that continues to be a distraction to the company, the answer seems to be . . . not right now. Though a former subordinate outlined in greater detail than ever yesterday the “hell” she says she has endured in the years since her break-up with Drummond, including a custody battle for their son that she won, Google said today it is not sharing a statement on the matter.

Instead, we were pointed by Google to the personal statement that Drummond issued this afternoon, wherein he acknowledges the affair with Jennifer Blakely, a former senior contracts manager with the company during a time when Drummond was Google’s general counsel.

As BuzzFeed notes, he doesn’t apologize to Blakely, saying instead of their “difficult break-up 10 years ago” that “I am far from perfect and I regret my part in that.” He also emphasizes that there are “two sides to all of the conversations and details Jennifer recounts,” saying that he takes a “very different view about what happened.”

Drummond’s full statement:

It’s not a secret that Jennifer and I had a difficult break-up 10 years ago. I am far from perfect and I regret my part in that.

Her account raises many claims about us and other people, including our son and my former wife. As you would expect, there are two sides to all of the conversations and details Jennifer recounts, and I take a very different view about what happened. I have discussed these claims directly with Jennifer, and I addressed the details of our relationship with our employer at the time.

But I do want to address one claim that touches on professional matters. Other than Jennifer, I never started a relationship with anyone else who was working at Google or Alphabet. Any suggestion otherwise is simply untrue.

I know Jennifer feels wronged and understand that she wants to speak out about it. But I won’t be getting into a public back and forth about these personal matters.”

Drummond is presumably hoping that by acknowledging Blakely’s post, the affair will recede again into the background, and it might. Drummond has enjoyed the support of the company for the last 17 years, even while Google officially recognized the affair back in 2007.

On the other hand, other powerful people who’ve come under scrutiny for their decision-making have discovered they have less control over a situation than they imagined. While Alphabet isn’t a democracy, Google employees have shown they’re willing to flex their muscle if need be to force change on the company, and Blakely’s account has seemingly infuriated anew many who say the company’s culture has always been, and continues to be discriminatory toward women.

Dell reports Q2 revenue of $23.4B, up 2% YoY, and earnings of $4.5B, beating estimates, on strong sales at its PC unit due to enterprise demand (Larry Dignan/ZDNet)

Larry Dignan / ZDNet:
Dell reports Q2 revenue of $23.4B, up 2% YoY, and earnings of $4.5B, beating estimates, on strong sales at its PC unit due to enterprise demand  —  Dell Technologies' second quarter was ahead of estimates as its PC unit delivered strong results due to enterprise demand.

Bihar Police 2019 – Forest Guard Exam Result Relased

Bihar Police released Exam Result for the post of Forest Guard.

Read More

MPPEB 2019 – High School TET Final Result Released

Madhya Pradesh Professional Examination Board (MPPEB) has released final result for the posts of High School Teacher Eligibility Test 2018.

Read More