'Hacking Team' Data Breach Confirms Firm's Ability to Infiltrate Jailbroken iPhones

[skinned66]

I'm shaking in my boots.

 

[skinned66]

One of the arrogant members of that team was running his mouth on twitter this morning, stoking the fire even more. He was threatening the hackers who breached the data. Cool thing about all of the tools they have being released is within a few days, all the major anti-virus companies can update their software to find and remove this crap.

Somebody should remind them what Anonymous did to Aaron Barr from HBGary.

EDIT: bah, remind me to manually merge my posts next time.

 

[gotluck]

So it requires a jailbroken device, attached to an infected trusted pc? Haha

Won't keep me from jailbreaking

 

[seamer]

Apple Pay does not become less secure when jailbreaking, just like Touch ID.

Not all of us are using Apple Pay yet. I'm still on a 5s

 

[jetjaguar]

That is why I stopped jailbreaking ... because of apple pay and touch id

 

[rols]

So it requires a jailbroken device, attached to an infected trusted pc? Haha

Won't keep me from jailbreaking

No, the article could be a little clearer, but all you need is a jailbroken device to be vulnerable to the hack. The piece about the infected PC is one method by which an unjailbroken device can be hacked, presumably by surreptitiously jailbreaking it.

So if you have an unjailbroken phone it needs the extra step of being attached to an infected host, if jailbroken already, much easier, already vulnerable.

Since it cost 50k a hack, jailbroken or not, it's hard to get too worried about it. I don't think anyone would pay 50c to hack my phone. I am enjoying watching these asshats get their comeuppance however.

 

[JeffyTheQuik]

Apple Pay does not become less secure when jailbreaking, just like Touch ID.

I know that, intellectually, it is still secure. However, I'm not willing to bet my financial life on it.

If it gets hacked un-jailbroken, I have a claim with Apple, and I know that the CC card companies will limit my damage to $50, but they don't give me my time or my hassle back to me.

 

[JeffyTheQuik]

I'm sorry... I can't remember exactly, but I believe I used it twice. I'd like to meet the guy who uses it thrice.

I think it's one of those, "I wonder if the stove is still hot... OUCH!" things.

 

[duffman9000]

I'm going to download as much as I can.

 

[AlecZ]

Is this supposed to be impressive? A jailbroken phone connected to a trusted computer with USB has its root directory and all subdirectories accessible and writable. A malicious program can easily do whatever it wants without even having elevated permissions.

 

[Dargoth]

I think it's one of those, "I wonder if the stove is still hot... OUCH!" things.

Pretty much... I tried to like it once, didn't. Tried again a bit later, still couldn't stand it.

 

[MH01]

It means the average user has absolutely nothing to worry about. It means you need to be targeted specifically by a professional. Your ex-boyfriend isn’t going to be able to do this. Neither will your nerdy cousin.

Depends if the vulnerability gets patched. Does not take a genius to install software you download from the internet onto a computer and wait for you to connect your iPhone .

Most hackers are not clever masterminds , they just use tools made by clever people.

 

[MH01]

Is this supposed to be impressive? A jailbroken phone connected to a trusted computer with USB has its root directory and all subdirectories accessible and writable. A malicious program can easily do whatever it wants without even having elevated permissions.

I believe the article says, they jailbreak your phone, not that your only vulnerable if you jailbreak! You will not even know it's jailbroken.

I'd say that is impressive! I very much doubt the governments persons of interest use jailbroken devices

 

[MH01]

Lots of people are going to slam jailbroken devices. That is not the issue here! This company jailbreaks the device to gain access to it from an infected computer. You will never know.

If you get targeted by their software , does not matter if your phone is jailbroken or not.

 

[OLDCODGER]

Phew - can't hack into my two tin cans and a length of string!

 

[unlinked]

So.... you're only actually vulnerable if you happen to have a Jailbroken iPhone and a computer that is also infected with their malware.

Pretty unlikely scenario?

No. You are vulnerable if you connect your iPhone to your computer and a remote vulnurability exists for your computer. And someone actually wants to hack your phone.

 

[thekev]

Phew - can't hack into my two tin cans and a length of string!

It depends whether they can replicate the string's resonance frequency .

 

[JGRE]

Cybersecurity firm Hacking Team experienced a data breach earlier today........

Cool, the hackers being hacked!
Hackers get jail time while the government hacks all the time apparently, strange world.
Btw: "Cybersecurity firm", sound more like "Cybercriminal firm" to me.

 

[JGRE]

Apple Pay does not become less secure when jailbreaking, just like Touch ID.

Really, your doing payments over a jailbroken device?

 

[AlecZ]

Depends if the vulnerability gets patched. Does not take a genius to install software you download from the internet onto a computer and wait for you to connect your iPhone .

Most hackers are not clever masterminds , they just use tools made by clever people.

Depends which version of iOS. It would be a big challenge to jailbreak a version that doesn't have a known full-auto exploit. I know you have to put your device in DFU mode or do something else manually for some versions, which would be a no-go for them.

It IS a bit suspicious how Apple never seems to figure out how to really lock down iOS. I don't see how it could be so difficult to secure that someone finds a new exploit every time the old one is patched.

 

[AlecZ]

Not all of us are using Apple Pay yet. I'm still on a 5s

Not all of us are using Apple Pay yet. Most places around here only accept credit card or cash, often cash only, so it's not worth it. XD

 

[AlecZ]

Which is why, frankly, I don't care. Time for warrants to be given to hack the digital life of anyone for whom there is probable cause to believe is committing a crime, or terrorism. You know that police did not used to routinely get a warrant to wiretap? If you commit crimes on the Internet, and you certainly can, your privacy is not a right.

In the United States, your privacy is literally listed as a right in the Constitution. But yeah, I like that they CAN spy on someone if there is a good reason to. Oh great, I have 3 separate posts now. Should have put them together, sorry.

 

[batchtaster]

A device with its security deliberately defeated can apparently have its security defeated.
And in more news, water is wet.

 

[Shirasaki]

View attachment 566774

Get back into your folder and just be glad I can't delete you… without a jailbreak.

This is gone in iOS 9. You can delete this folder as usual.

 

[FieldingMellish]

All your data are belong to us.