Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

New iPhone is hacked: Anonymous researchers win $1 million challenge [trunc]
UK Daily Mail ^ | 03/11/2015 | Sarah Griffith

Posted on 11/03/2015 8:40:20 AM PST by Moltke

Apple products are commonly considered to be relatively secure, but researchers claim to have found a way of remotely controlling a new iPhone running the latest operating system.

Before you panic that your handset may be infiltrated, however, the hack was part of a challenge set to demonstrate it is possible to remotely jailbreak an iPhone or iPad running iOS 9.1, rather than a criminal activity.

An anonymous hacker or team of hackers, has been rewarded with $1 million by security start-up Zerodium for their efforts.

(Excerpt) Read more at dailymail.co.uk ...


TOPICS: Business/Economy; Computers/Internet
KEYWORDS: apple
I thought this was supposed to take trillions and trillions of years, not 4 weeks.
1 posted on 11/03/2015 8:40:20 AM PST by Moltke
[ Post Reply | Private Reply | View Replies]

To: Moltke; Swordmaker

Apple iPhone superiority PING ;n)


2 posted on 11/03/2015 8:41:58 AM PST by MarchonDC09122009 (When is our next march on DC? When have we had enough?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Moltke

It appears, the Sony PS3 has been the longest hack hold-out, in my recollection. That took ~2 yrs. before being broken.

I’m sure, with the NSA back-door, the iPhone was child’s play compared /s


3 posted on 11/03/2015 8:45:02 AM PST by i_robot73 ("A man chooses. A slave obeys." - Andrew Ryan)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Moltke

Gay phone has Back door.


4 posted on 11/03/2015 9:07:21 AM PST by PA-RIVER
[ Post Reply | Private Reply | To 1 | View Replies]

To: PA-RIVER

Now, now. Tolerance, remember.


5 posted on 11/03/2015 9:11:35 AM PST by Scrambler Bob (Using 4th keyboard due to wearing out the "/" and "s" on the previous 3)
[ Post Reply | Private Reply | To 4 | View Replies]

To: Moltke
42 paragraphs into the article...

Bekrar said Zerodium is testing the vulnerabilities to make sure the exploit meets the competition rules, meaning the prize money has yet to be paid.

So it's a million dollar prize, but it's not been paid, and likely never will.

6 posted on 11/03/2015 9:16:39 AM PST by Flick Lives (One should not attend even the end of the world without a good breakfast. -- Heinlein)
[ Post Reply | Private Reply | To 1 | View Replies]

To: MarchonDC09122009

Imagine that. Came in through the browser or text message. What a surprise /s.


7 posted on 11/03/2015 9:30:04 AM PST by Paco
[ Post Reply | Private Reply | To 2 | View Replies]

To: Flick Lives

Well, you might expect that a 7-digit reward would be subject to appropriate validation of the submission.
Considering the effort that likely went into the attempt, and the motivation to ensure it’s paid, I expect it will be paid. (If YOU worked hard to win a million-dollar prize, I’m sure you’d see to it you were paid.) Kneecaps come to mind as a motivational subject.


8 posted on 11/03/2015 10:24:24 AM PST by ctdonath2 (Trump/Cruz - Because you gotta win, first.)
[ Post Reply | Private Reply | To 6 | View Replies]

To: Moltke; ~Kim4VRWC's~; 1234; Abundy; Action-America; acoulterfan; AFreeBird; Airwinger; Aliska; ...
Someone is claiming to have found a way to remotely jailbreak an iOS 9.1 device. . . however, since this exploit requires browsing to a specific website, downloading a specific file, or triggering a specific WEB BASED event, it still requires user involvement. At most, this is merely a means of jailbreaking iOS 9.

What this is NOT, is that it is NOT a way of breaking into an iOS device without cooperation of the user or socially engineering the user into navigating to a malicious website.

It does NOT break into an iPhone or iPad without the cooperation of the user, nor can a person without the passcode get into the iPhone or iPad get into someone's data by stealing their device and somehow using this exploit to break into it after the theft. It does NOT get around the encryption of the device. That would not work.

This reward from Zerodium is NOT the reward that is still being offered by The Hacker Team, which is the professional organization that sells tools to law enforcement organizations including the NSA, CIA, FBI, etc, to allow them to break into mobile devices, to also allow them to break into an iOS device in hand to access a locked iOS device, which is something they currently do not have the capability to accomplish. — PING!


Apple iOS Security
Ping!

The Latest Apple/Mac/iOS Pings can be found by searching Keyword “ApplePingList” on Freerepublic’s Search.

If you want on or off the Mac Ping List, Freepmail me.

9 posted on 11/03/2015 10:49:30 AM PST by Swordmaker ( This tag line is a Microsoft insult free zone... but if the insults to Mac users continue...)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Moltke
I thought this was supposed to take trillions and trillions of years, not 4 weeks.

This is not the same thing at all, Moltke. This does not crack the encryption of iOS devices or iCloud files. This is merely a jailbreaking of iOS devices that still requires the cooperation of a user who already has access to the device to either do it deliberately, or to be tricked into navigating to a malicious website which includes malicious code which will be executed in the browser. This will be blocked fairly quickly from working. It does NOT, in any way, decrypt the 256 bit AES encrypted files, because it cannot. If the user either deliberately or through trickery allows the bad guys access, does not mean they've broken the encryption.

10 posted on 11/03/2015 10:53:51 AM PST by Swordmaker ( This tag line is a Microsoft insult free zone... but if the insults to Mac users continue...)
[ Post Reply | Private Reply | To 1 | View Replies]

To: i_robot73
I’m sure, with the NSA back-door, the iPhone was child’s play compared /s

There is no back door. . . even this requires cooperation of the user, either deliberately or through social engineering. At best it will be a Trojan. . . and the vulnerability in both Chrome and Safari will be closed quickly.

11 posted on 11/03/2015 10:55:54 AM PST by Swordmaker ( This tag line is a Microsoft insult free zone... but if the insults to Mac users continue...)
[ Post Reply | Private Reply | To 3 | View Replies]

To: Swordmaker

Duly noted!


12 posted on 11/03/2015 11:07:55 AM PST by Moltke
[ Post Reply | Private Reply | To 10 | View Replies]

To: Paco
Imagine that. Came in through the browser or text message. What a surprise /s.

No, it is ONLY a browser exploit in Chrome and/or Safari. There was nothing said about any "text message" in the article. Sorry, please try to be accurate, Paco. This is also not an actual security hole that allows someone to break into the iOS device without some cooperation or involvement by the user, whether voluntarily or involuntarily. In other words, no one could walk up, pick up someone's iPhone or iPad and use this vulnerability to break into it from scratch. They would STILL need to know the user's passcode to first get into the device. . . which is the first line of defense and the most difficult to overcome.

That being said, if the attacker could somehow influence the user to navigate to a malicious website with this exploit on it, the attacker can remotely jailbreak the iOS device using either Chrome or Safari browsers, at which point The Hacker Team DOES sell the a tool to the NSA, CIA, FBI, and other professional law enforcement agencies, that WILL break into a jailbroken iOS device. However, Paco, it will NOT decrypt any files on that device, because it still will not have the key to do so. That still requires the user's passcode. . . and that is not kept on the device at all. All that gets them is into the iPhone or iPad with the ability to use the apps, but no access to data. Whoop-de-do.

13 posted on 11/03/2015 11:10:58 AM PST by Swordmaker ( This tag line is a Microsoft insult free zone... but if the insults to Mac users continue...)
[ Post Reply | Private Reply | To 7 | View Replies]

To: Swordmaker
Ah, Swordmaker, Swordmaker...

It's not about FACTS, those silly, pesky TRUE things....

It's about WEB PAGE HITS and the HEADLINES with "APPLE" and "IPHONE" and "HACK" in them.

What is pale, thin TRUTH compared to a HEADLINE that brings in PAGE HITS???

I applaud your brave efforts to bring understanding and truth to this fray.

14 posted on 11/03/2015 2:34:10 PM PST by dayglored ("Listen. Strange women lying in ponds distributing swords is no basis for a system of government.")
[ Post Reply | Private Reply | To 13 | View Replies]

To: dayglored
What is pale, thin TRUTH compared to a HEADLINE that brings in PAGE HITS???

I applaud your brave efforts to bring understanding and truth to this fray.

So true. Thanks for the applause in what is more and more seeming like an empty auditorium. . .

15 posted on 11/03/2015 4:26:25 PM PST by Swordmaker ( This tag line is a Microsoft insult free zone... but if the insults to Mac users continue...)
[ Post Reply | Private Reply | To 14 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson