Apple iPhone Exploit Potential Warning
Ping!
The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.
If you want on or off the Mac Ping List, Freepmail me
Posted on 03/06/2017 1:01:17 PM PST by Swordmaker
We reported back in October on an iOS exploit that caused iPhones to repeatedly dial 911 without user intervention. It was said then that the volume of calls meant one 911 center was in ‘immediate danger’ of losing service, while two other centers had been at risk – but a full investigation has now concluded that the incident was much more serious than it appeared at the time.
It was initially thought that a few hundred calls were generated in a short time, but investigators now believe that one tweeted link that activated the exploit was clicked on 117,502 times, each click triggering a 911 call. The WSJ reports that law-enforcement officials and 911 experts fear that a targeted attack using the same technique could prove devastating …
“If this was a nation-state actor that wanted to damage or disable 911 systems during an attack, they could have succeeded spectacularly,” says Trey Forgety, director of government affairs at the National Emergency Number Association, a 911 trade group.
Of the 6,500 911 call centers nationwide, just 420 are believed to have implemented a cybersecurity program designed to protect them from this kind of attack.
“I don’t want to be alarmist, but it’s an emerging crisis,” says retired Rear Adm. David Simpson, who oversaw emergency management and cybersecurity at the FCC for about three years during the Obama administration […]
Last year, researchers at Ben-Gurion University in Israel concluded that fewer than 6,000 smartphones infected with malicious software could cripple the 911 systems in an entire state for days.
Meetkumar Desai, the student who created the code as a proof of concept in an attempt to claim a bug bounty from Apple, claims that he accidentally posted the version that called 911, and had actually meant to post a version that would generate a pop-up and freeze phones. Desai has been charged with four felony counts of computer tampering, and hasn’t yet entered a plea.
Apple told the WSJ that a fix is on the way.
Apple says a forthcoming system update to the iPhone will plug the loophole that made the attack possible. The update will cause a “cancel” or “call” pop-up to appear on the iPhone screen, and users will be required to press “call” before the iPhone will dial, according to Apple.
“The ability to dial and reach a 911 operator quickly is critical to public safety,” the company said. “The dialing feature in this instance was intentionally misused by some people with no regard for public safety. To prevent further abuse, we’re putting safeguards in place and have also worked with third-party app developers to prevent this behavior in their apps.”
And programmers are going to be trusted to write software to control airplanes in flight, trucks on the highway, drones, and robots.
The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.
If you want on or off the Mac Ping List, Freepmail me
Meetkumar Desai.
For God’s sake.
Good to see Apple is Johnny-in-the-spot and getting a correction out. /s
it's already out.
Guess what. In a real emergency 911 is overloaded and useless any way. How many idiots call to say they just felt an earthquake? More than a few.
It was initially thought that a few hundred calls were generated in a short time, but investigators now believe that one tweeted link that activated the exploit was clicked on 117,502 times, each click triggering a 911 call. The WSJ reports that law-enforcement officials and 911 experts fear that a targeted attack using the same technique could prove devastating …
The above quotation from the article is, on its face, false to fact. Why? Because there is zero evidence that all 117,502 clicks ever caused 911 calls because there is zero evidence of how many of those 117,502 clicks on the tweet were made by iPhone users, the only ones that would result in a 911 call or the loop. Secondly, the tweet was posted in the Middle East. . . and would have also been read in Europe where the emergency number is 999, not 911, so the triggered script would have resulted in a null response.
In my opinion, the original numbers reported back in October are most likely accurate instead of these new assumed number which illogically are based on the total number of clicks on the Tweet.
The fact is that total number of devices which received the Tweet would normally include Android, Windows, Macs, iPhone and other iOS devices where only the minority iPhone devices would or could generate the 911 calls. The other devices would and could not generate the calls because at this point in time, the other devices did not have this vulnerability combined with a phone capability. These other devices would still have been capable of receiving the Tweet and clicking the link. Receiving the Tweet was NOT specific for iPhones.
Several years ago, I witness and elderly man fall and hit his head on the curb. He started bleeding profusely. I called 911 from my cell phone and got put immediately on hold. I could NOT believe that the were playing commercial advertising while I was on 911 hold for jobs with the California Highway Patrol, Corrections, and various Non-Profit PSAs. . . SHEESH! I could just image some little old lady's husband is having a heart attack and she calls 911 and gets put on hold and is forced to listen to "You too can become a California Highway Patrolman or a State of California Correctional Officer! Work providing your fellow citizens excellent services. . . " or "Donate your old, working or non-working vehicle to. . . " while watching your spouse of over fifty years die before your eyes while waiting to get emergency vehicles on their way to you listening to ads. . . yeah, right!
This is one of the reasons Apple does a code review on apps posted on itunes.
Cell phones...even iPhones are the biggest security problem on the internet.
The exploits using iPhones in 10 years you can count on the fingers of one hand. . . compared to several million for Android. So including iPhones in your citation claiming cell phones being the "biggest security problem on the internet" is a huge stretch. iPhones simple are not part of the problem.
Wow! Crazy stuff.
iPhones also turn on your wifi connection on your laptop.
It is called instant hotspot. Very annoying as it causes connection issues with Outlook and our database as Windows is switching back and forth between wifi and a wired connection causing disconnects for our database. We turn off the wifi and the iPhone turns it back on in a few minutes.
That's on you. . . and Windows ineffective ability to prioritize a wired connection over a wired connection. A Mac has no difficulty with that or having both connected at once. Simple solution, turn off your iPhone's hotspot when you don't need it: Settings/Hotspot —> off. When you need it next reverse that setting change. The default is OFF.
For your computer to have ever connected to the iPhone's Hotspot, you had to have entered the complex iPhone's Hotspot WIFI password. So this is entirely ON YOU!
You can also tell your Windows PC to forget that WIFI connection.
“And programmers are going to be trusted to write software to control airplanes in flight, trucks on the highway, drones, and robots.”
Programmers have already been trusted to write software to control a myriad of weapon systems including nuclear missiles, spacecraft control systems, aircraft control systems, nuclear reactor control systems, life-critical medical equipment software and many other critical functions.
Formal processes are used to ensure that the software performs as expected and has no malicious elements.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.