Leaderboard

joac-o p'asta

*intreb pentru un prieten stomatolog

iOS Privacy: watch.user - Access both iPhone cameras any time your app is running Oct 25, 2017 | Fork on GitHub Facts Once you grant an app access to your camera, it can access both the front and the back camera record you at any time the app is in the foreground take pictures and videos without telling you upload the pictures/videos it takes immediately run real-time face recognition to detect facial features or expressions Have you ever used a social media app while using the bathroom? ? All without indicating that your phone is recording you and your surrounding, no LEDs, no light or any other kind of indication. Disclaimer This project is a proof of concept and should not be used in production. The goal is to highlight a privacy loophole that can be abused by iOS apps. What can an iOS app do? iOS users often grant camera access to an app soon after they download it (e.g., to add an avatar or send a photo). These apps, like a messaging app or any news-feed-based app, can easily track the users face, take pictures, or live stream the front and back camera, without the user’s consent. Get full access to the front and back camera of an iPhone/iPad any time your app is running in the foreground Use the front and the back camera to know what your user is doing right now and where the user is located based on image data Upload random frames of the video stream to your web service, and run a proper face recognition software, which enables you to Find existing photos of the person on the internet Learn how the user looks like and create a 3d model of the user’s face Live stream their camera onto the internet (e.g. while they sit on the toilet), with the recent innovation around faster internet connections, faster processors and more efficient video codecs it’s hard to detect for the average user Estimate the mood of the user based on what you show in your app (e.g. news feed of your app) Detect if the user is on their phone alone, or watching together with a second person Recording stunning video material from bathrooms around the world, using both the front and the back camera, while the user scrolls through a social feed or plays a game Using the new built-in iOS 11 Vision framework, every developer can very easily parse facial features in real-time like the eyes, mouth, and the face frame How can I protect myself as a user? There are only a few things you can do: The only real safe way to protect yourself is using camera covers: There is many different covers available, find one that looks nice for you, or use a sticky note (for example). You can revoke camera access for all apps, always use the built-in camera app, and use the image picker of each app to select the photo (which will cause you to run into a problem I described with detect.location). To avoid this as well, the best way is to use Copy & Paste to paste the screenshot into your messaging application. If an app has no copy & paste support, you’ll have to either expose your image library, or your camera. It’s interesting that many people cover their camera, including Mark Zuckerberg. Proposal How can the root of the problem be fixed, so we don’t have to use camera covers? Offer a way to grant temporary access to the camera (e.g. to take and share one picture with a friend on a messaging app), related to detect.location. Show an icon in the status bar that the camera is active, and force the status bar to be visible whenever an app accesses the camera Add an LED to the iPhone’s camera (both sides) that can’t be worked around by sandboxed apps, which is the elegant solution that the MacBook uses I reported the issue to Apple with rdar://35116272. About the demo I didn’t submit the demo to the App Store; however, you can very easily clone the repo and run it on your own device. You first have to take a picture that gets “posted” on the fake “social network” in the app At this point, you’ve granted full access to both of your cameras every time the app is running You browse through a news feed After a bit of scrolling, you’ll suddenly see pictures of yourself, taken a few seconds ago while you scrolled through the feed You realize you’ve been recorded the whole time, and with it, the app ran a face recognition algorithm to detect facial features. You might say Oh, obviously, I never grant camera permissions! However, if you’re using a messaging service, like Messenger, WhatsApp, Telegram or anything else, chances are high you already granted permission to access both your image library (see detect.location) and your camera. You can check which apps have access to your cameras and photo library by going to Settings > Privacy. The full source code is available on GitHub. How does the demo app get access to the camera? Once you take and post one picture or video via a social network app, you grant full access to the camera, and any time the app is running, the app can use the camera. What’s the screenshot on the right As part of iOS 11, there is now an easy to use Vision framework, that allows developers to easily track faces. The screenshot shows that it’s possible to get some basic emotions right, so I wrote a very basic mapping of a user’s face to the corresponding emoji as a proof of concept. You can see the highlighted facial features, and the detected emoji at the bottom. Similar projects I’ve worked on what’s the user doing: Raising awareness of what you can do with a smartphones gyro sensors in web browsers detect.location: An easy way to access the user’s iOS location data without actually having access steal.password: Easily get the user’s Apple ID password, just by asking Special thanks to Soroush, who came up with the initial idea for this write-up. Open on GitHub This project is in no way affiliated with my work and employer, it's a hobby of mine I work on during weekends Sursa: https://krausefx.com/blog/ios-privacy-watchuser-access-both-iphone-cameras-any-time-your-app-is-running

‘Ghost Telephonist’ Attack Exploits 4G LTE Flaw to Hijack Phone Numbers By Waqas on July 31, 2017 Email @hackread According to UnicornTeam, a group of Chinese researchers from country’s leading security firm 360 Technology, there is a dangerous vulnerability in 4G LTE network’s Circuit Switched Fallback (CSFB) which allows hackers to hijack cell phone numbers. Unicorn Team demonstrated the findings (PDF) on Sunday at the Black Hat USA 2017 hacker summit. As per the team of researchers, CSFB’s authentication step is missing from its procedure, which can allow easy access to hackers to the phone. At the summit, Unicorn Team created a situation where a hacker could use a stolen mobile number to reset the password of a Google account. Once the phone was hijacked, all that was required to be done was to sign in to the Google Email account and click on “Forget the Password.” Huang Lin, a wireless security researcher of the team, told Chinese news site Xinhua that this particular flaw could be exploited to carry out different kinds of hack attacks. “Several exploitations can be made based on this vulnerability – We have reported this vulnerability to the Global System for Mobile Communications Alliance(GSMA),” said Lin. We do know that Google sends a verification code to the mobile before allowing password reset. If hackers have hijacked the mobile, they could easily intercept the message and get the code to reset the account’s password. All this would take place without the knowledge of the victim, and the phone will remain online in 4G network. Since a majority of internet app accounts also use the same method for resetting the password, therefore, an attacker can easily initiate the password reset process using the phone number. Moreover, attackers can perform other actions too like starting a call or sending an SMS on behalf of the victim. Using the victim’s phone number, attackers can launch advanced attacks as well. The victim will remain clueless because neither 2G nor 4G fake base station is utilized and cell re-selection is also not conducted. Attackers sometimes target a selected victim, or they may launch an attack against a randomly chosen victim. To counter the Ghost Telephonist attack, also dubbed as the Evil Attack, various measures were proposed by the team. The team is also collaborating with operators, internet service providers and terminal manufacturers for eliminating the vulnerability. They already notified the Global System for Mobile Communications Alliance (GSMA) about this flaw. WATCH THE DEMO VIDEO BELOW Sursa: https://www.hackread.com/ghost-telephonist-attack-exploits-4g-lte-flaw-to-hijack-phone-numbers/