'Hacking Team' Data Breach Confirms Firm's Ability to Infiltrate Jailbroken iPhones

[foobarbaz]

Guys, you're reading this wrong …

This does not mean that you're at more risk if your phone is jailbroken.
It also does not mean that you're safe if your phone isn't jailbroken.

It means that as long as jailbreaks are possible (i.e. Apple hasn't fixed all the holes), targeted attacks like this are also possible. Even if your phone isn't jailbroken, they can just come do that while you're in the shower. Someone willing to pay 50.000€ for the exploit would certainly be willing to break into your house, after all. But chances are, your secrets aren't worth that much, so you can relax.

Better worry about mass surveillance and communicate with encryption only. That's how your privacy is actually being invaded. And that's the part you can easily fix.

 

[Tech198]

"it's revealed hacking an iOS device costs €50,000"

no wonder why people do this

It's a gold mine in itself.

Just re-iterates the point, while JB devices open it up to free do what the hell u like , its not only giving u total access too...

 

[mazz0]

Data breaching software and Apple devices have been in the news before, most famously in last year's celebrity iCloud data breach, where it was discovered that hackers were using ElcomSoft Phone Password Breaker, software intended for government and law agencies, to steal usernames and passwords to access iCloud backups.

Hang on - are you saying the NSA were behind The Fappening?

 

[mazz0]

Guys, you're reading this wrong …

This does not mean that you're at more risk if your phone is jailbroken.
It also does not mean that you're safe if your phone isn't jailbroken.

It means that as long as jailbreaks are possible (i.e. Apple hasn't fixed all the holes), targeted attacks like this are also possible. Even if your phone isn't jailbroken, they can just come do that while you're in the shower. Someone willing to pay 50.000€ for the exploit would certainly be willing to break into your house, after all. But chances are, your secrets aren't worth that much, so you can relax.

Better worry about mass surveillance and communicate with encryption only. That's how your privacy is actually being invaded. And that's the part you can easily fix.

Certainly, they could break into your house and jailbreak your phone, but it's not just the cost that makes that a lot less unlikely than a purely digital attack, is it?

Anyway, you haven't actually explained why you're not more at risk if your phone is already jailbroken, making it cheaper, safer and much much easier for them to hack it.

 

[Jess13]

If you have been paying attention to this story on Twitter since it was first announced, these hacking team bastards should be locked away. The story is far worse than just iOS jailbreak security. For example, Hacking Team also plant kiddy porn on targets' computers/devices. Who is Hacking Team's #1 clients? Law enforcement. Plant kiddy porn on targets computers/devices for "law" enforcement. They also violate UN embargoes, selling to embargoed countries/governments. Selling also to sanctioned groups/individuals. They lied to UN's investigation about Hacking Team and Sudan. There is so much more than just iOS information. Hacking Team: Literal Bastards.

 

[MH01]

Depends which version of iOS. It would be a big challenge to jailbreak a version that doesn't have a known full-auto exploit. I know you have to put your device in DFU mode or do something else manually for some versions, which would be a no-go for them.

It IS a bit suspicious how Apple never seems to figure out how to really lock down iOS. I don't see how it could be so difficult to secure that someone finds a new exploit every time the old one is patched.

Good point about apple never closing these exploits. Your average has nothing to worry about, though concerned if these hacks get hijacked and your script hacker junkies get their hands on them.

 

[MH01]

Certainly, they could break into your house and jailbreak your phone, but it's not just the cost that makes that a lot less unlikely than a purely digital attack, is it?

Anyway, you haven't actually explained why you're not more at risk if your phone is already jailbroken, making it cheaper, safer and much much easier for them to hack it.

The Cost is what the company charges. get your hands on the software and its free......

cause people who store information that the government to wants to access are not stupid enough to jailbreak. Also a user who knows they have jailbroken is more likely to be more cautious. A user who has no idea they have been jailbroken will carry on thinking they are safe

Secret of spying is not letting the suspect know you have tapped thier device

 

[subsonix]

Good point about apple never closing these exploits.

Um, they always close these exploits.

 

[MH01]

Um, they always close these exploits.

really? Cause I remember being able to jailbreak every version of iphone i have ever owned..... every ios update...

 

[subsonix]

really? Cause I remember being able to jailbreak every version of iphone i have ever owned..... every ios update...

And after a jailbreak is available, Apple don't issue a patch? It's obviously not the same from version to version..

 

[mazz0]

The Cost is what the company charges. get your hands on the software and its free......

cause people who store information that the government to wants to access are not stupid enough to jailbreak. Also a user who knows they have jailbroken is more likely to be more cautious. A user who has no idea they have been jailbroken will carry on thinking they are safe

Secret of spying is not letting the suspect know you have tapped thier device

I don't think "if you're in that situation you're obviously clever, which makes up for the added vulnerabilities now in your software" really justifies the assertion that jailbreaking does not make you more vulnerable.

 

[MonkeySee....]

<slow clap>

 

[JeffyTheQuik]

Pretty much... I tried to like it once, didn't. Tried again a bit later, still couldn't stand it.

Sounds like my experience with the U2 album... :O

 

[PBG4 Dude]

I'm going to download as much as I can.

Hacking Team tools source code --> https://github.com/hackedteam

Edit: GitHub repo has been removed.

All files --> http://ht.transparencytoolkit.org

 

[Menneisyys2]

It's a good thing Apple keeps making iOS more capable. I have less and less reason to jailbreak as they keep updating it.

Too bad a lot of essential functionality is still missing; for example, f.lux or full Bluetooth support.

 

[gnasher729]

So.... you're only actually vulnerable if you happen to have a Jailbroken iPhone and a computer that is also infected with their malware.

Pretty unlikely scenario?

I wouldn't say unlikely, but absolutely self inflicted. I would always say the best way for the NSA to hack into iPhones is create a jailbreak and publish it, or find someone who created a jailbreak and make them an offer they can't refuse.

Of course if the jailbreak itself is under your control, then it can do anything you want.

Which is *exactly* why I stopped jailbreaking when I put my credit cards on the phone.

That should actually be (mostly) safe. What happens when you use ApplePay: A terminal sends information to your phone. Your phone mostly doesn't understand it, just enough to display "sure you want to pay $12.84 to MacDonalds?". It sends the rest of the data to the secure chip that cannot be hacked, and sends a reply from the secure chip back to the terminal. No way to modify what is being sent.

With a totally hacked iPhone, obviously this could be prevented from working. No risk of anyone stealing money from your card, just making you unable to pay. The software could be hacked to display the wrong message, say "want to pay $6.84" instead of "want to pay $12.84", but the only payment that can be made is still the one the terminal asked for. So someone would have to hack the terminal as well to detect this jailbroken phone, ask for a higher amount, the jailbroken phone displays the correct amount, and the phone pays what it is asked for (the higher amount). Or the jailbreak could cause trouble by displaying "want to pay $21.84" and you would obviously start complaining why you are overcharged and it would get unpleasant, but you'd never pay more than the correct amount.

 

[happyfrappy]

No, the article could be a little clearer, but all you need is a jailbroken device to be vulnerable to the hack. The piece about the infected PC is one method by which an unjailbroken device can be hacked, presumably by surreptitiously jailbreaking it.

So if you have an unjailbroken phone it needs the extra step of being attached to an infected host, if jailbroken already, much easier, already vulnerable.

Since it cost 50k a hack, jailbroken or not, it's hard to get too worried about it. I don't think anyone would pay 50c to hack my phone. I am enjoying watching these asshats get their comeuppance however.

You *might* not be worried, however with politicians such as David Cameron(UK PM) wants to mandate backdoors in encryption or products are banned so this just opens a door of governments(UK) trying to develop/outsource a plug-in(auto-jailbreak) at the border requirement hacking/monitoring.
If you work in the "tech" industry an old common rule is never use a jailbroken/rooted phone and don't do "work" specific tasks on a personal phone as you never know if a competitor/hacker will try to get insider info. After various companies from Apple, Microsoft, Google, etc started clamping down on security with randomized encryption keys, wouldn't be shocked if the government is now "monitoring" OS/security specialists.

Also as someone said on the 3rd page, what stops a government using HT's tools to plant false evidence or modify journalist files. Everybody is forgetting what happened to Sheryl Atkinson, she reported her laptop was hacked then the so-called investigation results was a stuck delete key on the MacBook Pro... this was a pile of crap, plenty of other journalists and IT people knew this was an outsourced remote hacking incident with a lame excuse of a cover up.

 

[gotluck]

No, the article could be a little clearer, but all you need is a jailbroken device to be vulnerable to the hack. The piece about the infected PC is one method by which an unjailbroken device can be hacked, presumably by surreptitiously jailbreaking it.

So if you have an unjailbroken phone it needs the extra step of being attached to an infected host, if jailbroken already, much easier, already vulnerable.

Since it cost 50k a hack, jailbroken or not, it's hard to get too worried about it. I don't think anyone would pay 50c to hack my phone. I am enjoying watching these asshats get their comeuppance however.

I don't believe that is correct, it sounds like the PC is the avenue though which the attack takes place. This is not sounding like some kind of drive by attack or targeted directly at the iOS device, directly through wan or something. it also sounds like the user has to accept an enterprise cert, don't those require a prompt to be accepted? I suppose they could use the jailbreak to work around that, which would make the requirement of having to have the device connected to the compromised , trusted pc more likely. Afc2 or OpenSSH probably has to be installed too, changing your root / mobile password cuts OpenSSH out of the equation there.

How are you interpreting the style of the attack?

Regardless, I thought the government had access to our cellular devices through the modem anyway.

 

[MH01]

And after a jailbreak is available, Apple don't issue a patch? It's obviously not the same from version to version..

No, apple has never actively patched a jailbreak exploit (released a patch just for the jailbreak). the next version of the iOS update sometimes closed it, other times it did not.

 

[MH01]

I don't think "if you're in that situation you're obviously clever, which makes up for the added vulnerabilities now in your software" really justifies the assertion that jailbreaking does not make you more vulnerable.

Of course jailbroken has added vulnerability issues, always has.

In this situation, a jailbroken device is no more vulnerable, as they jailbreak it without your knowledge. People who will be targerted by this exploit do not use jailbroken devices..... if anything a Jailbroken device that has been patched against this exploit is more secure .

 

[whirldy]

condensed summary of avoiding HackingTeam malware:

1. always use latest iOS version
2. if you jailbreak, don’t use AFC2, set strong SSH pw

(via @Chronic)

 

[happyfrappy]

it also sounds like the user has to accept an enterprise cert, don't those require a prompt to be accepted? I suppose they could use the jailbreak to work around that, which would make the requirement of having to have the device connected to the compromised , trusted pc more likely. Afc2 or OpenSSH probably has to be installed too, changing your root / mobile password cuts OpenSSH out of the equation there.

The "certificate" hack had been around since iOS 7.0, all you needed was a poisoned ad redirect or hijacked URL and certain ways it could be "planted" without any accept/decline prompt by going to a blank page(you didn't need to be jailbroken)... that loophole was closed on iOS 7.1 but another loophole attacked BYOD provisoning(iOS 7 to 8.3) via connected to a PC/Mac which Hacking Team *may* have used to deploy a auto-jailbreak hacking solution.
Some of the tricks were known security holes and others were jailbreak specific. There are about 50 kinds of exploits on iOS(stock iOS & jailbroken)/OS X(Mavericks & Yosemite) that are still wide open, discussing specifics would likely violate forum rules.

 

[Caseynd]

Couldn't Apple sue these guys under the DMCA or something for hacking? I thought I remembered hearing that's what car companies were looking at when people wanted to mess with their cars software/firmware.

 

[nt5672]

Of all of the comments, only a couple about this being illegal without a warrant and about the hacking illegal according to the DMCA. Why aren't these hackers going to jail? Just because the NSA told them ok, does not mean it was legal.

 

[gotluck]

The "certificate" hack had been around since iOS 7.0, all you needed was a poisoned ad redirect or hijacked URL and certain ways it could be "planted" without any accept/decline prompt by going to a blank page(you didn't need to be jailbroken)... that loophole was closed on iOS 7.1 but another loophole attacked BYOD provisoning(iOS 7 to 8.3) via connected to a PC/Mac which Hacking Team *may* have used to deploy a auto-jailbreak hacking solution.
Some of the tricks were known security holes and others were jailbreak specific. There are about 50 kinds of exploits on iOS(stock iOS & jailbroken)/OS X(Mavericks & Yosemite) that are still wide open, discussing specifics would likely violate forum rules.

Good post! that's all news to me

I believe apple removed the ability to view installed enterprise certs in the settings app recently too, curious