Nevertheless, researchers at Jamf Threat Labs have recently uncovered and successfully demonstrated an exploit approach that allows an attacker to retain persistence on their victim’s device even when the user thinks they are offline. This technique was developed in response to a vulnerability that was revealed in a previous exploit. The approach, which has not been seen being used in the wild, relies on the successful development of a fake airplane mode “experience” by a hypothetical threat actor. This “experience” causes the device to give the appearance of being offline while in reality it is still functioning normally.

The exploit chain that was put together by Jamf ultimately results in a scenario in which processes that are controlled by an attacker are able to operate in the background undetected and unseen, while the owner of the device is blissfully oblivious that anything is wrong.

SpringBoard, which handles visible changes to the user interface (UI), and CommCentre, which controls the underlying network interface and maintains a feature that enables users to limit mobile data access for certain applications, are the two daemons that are assigned with the process of converting iOS devices to airplane mode. SpringBoard handles visible changes to the UI, while CommCentre manages the functionality. When airplane mode is activated under typical circumstances, the mobile data interface will no longer show IPv4 or 6 IP addresses. Additionally, the mobile network will become disconnected and inaccessible to the user at the level of the user space.

The Jamf team, on the other hand, was able to pinpoint the pertinent area of the target device’s console log and, from that point on, utilize a certain string—”#N User airplane mode preference changing from kFalse to KTrue”—to locate the code that was referencing it. From there, they were able to successfully access the code of the device, at which point they hooked into the function and replaced it with an empty or inactive function. They were able to do this in order to construct a bogus airplane mode, in which the device does not truly get disconnected from the internet and they still have access to it.

After that, they went after the user interface by hooking two unique Objective-C methods to inject a tiny bit of code that changed the mobile connection indicator to make it seem dark, leading the user to believe that it is switched off, and highlighting the airplane mode icon, which is represented by a picture of an airplane.If the hypothetical victim were to open Safari at this point, they would have a good reason to believe that they would be prompted to disable airplane mode or connect to a Wi-Fi network in order to access data. This would be a reasonable assumption given that it seems that aircraft mode is enabled on their device.

They would receive a separate message asking them to authorize Safari to utilize wireless data through WLAN or mobile, or WLAN alone, which would be a hint that something was wrong. However, since they are really still connected to the internet, they would see this prompt.The Jamf team was aware that this problem needed to be fixed in order for the exploit chain to be successful. As a result, they devised a strategy that enabled them to give the impression to the user that they had been disconnected from mobile data services. This was accomplished by exploiting the CommCenter feature, which blocks mobile data access for specific applications, and then disguising this action as airplane mode by hooking yet another function.

They accomplished this by creating an environment in which the user was presented a prompt to switch off airplane mode, rather than the prompt that they should have seen.The team made use of a feature of SpringBoard that prompts the “turn off airplane mode” notification after being notified to do so by CommCenter. CommCenter, in turn, receives this notification from the device kernel via a registered observer/callback function. This allowed the team to disable Safari’s internet connection without actually turning on airplane mode.

The group then discovered that CommCenter also handles a SQL database file that records the mobile data access status of each program. If an application is prevented from accessing mobile data, that application is marked with a particular flag. They would then be able to selectively prohibit or enable an application’s access to mobile data or Wi-Fi by reading a list of application bundle IDs and obtaining their default settings from this information.

Chain of exploitation

 After putting all of this information together, the team had basically developed an attack chain in which their fake airplane mode seems to the victim to be running exactly as the genuine one does, with the exception that non-application programs are allowed to access mobile data.”This hack of the user interface disguises the attacker’s movement by placing the device into a state that is counterintuitive to what the user expects,” he added. “The user expects one thing, but the device behaves in a way that betrays their expectations.” “An adversary could use this to surveil the user and their surroundings at a time when no one would suspect video recording or a live microphone capturing audio,” says one researcher. “This could give an adversary an advantage in a fight.” This is feasible because to the fact that the mobile device in question is still connected to the internet, regardless of what the user interface is trying to convey to them.

According to Covington, the discovery does not fall under the normal responsible disclosure process because the exploit chain does not constitute a vulnerability in the traditional sense. Rather, it is a technique that enables an attacker to maintain connectivity once they have control of the device through another series of exploits. Researchers Did Notify Apple of the Research but no one has responded to request for comment.”

The new attack approach poses a danger, but if it were to be used in anger, it would more likely be used in a targeted attack scenario by a threat actor with very particular aims in mind than in a mass-exploitation event targeting the general public. If it were to be used in anger, however, it would be more likely to be used in anger by a threat actor with very specific goals in mind.As an example, exploitation for the purposes of espionage or surveillance by adversarial actors supported by the government against persons of interest is a scenario that is more likely than exploitation by financially driven cyber thieves.

Despite the fact that the technique is most likely to be used in a targeted attack, it is still important to raise awareness on how device user interfaces, particularly those built by trusted suppliers such as Apple, can be turned against their users. This is because of the inherent trust that people place in their mobile devices.The most crucial thing, according to him, is for consumers and security teams to better understand contemporary attack methods like those shown by the fake airplane mode study. In a sense, this is the next generation of social engineering, and it’s not too unlike to how artificial intelligence is being used to produce bogus testimonials that look to be from well-known celebrities.

The post Fake airplane mode attack allows to spy and hack iPhone users appeared first on Information Security Newspaper | Hacking News.

The United States targeted iOS devices using malware that had not been seen before, according to a statement that was released by the FSB on Thursday. The Russian cybersecurity firm Kaspersky published a report on iOS malware that originated from an unknown source on Thursday as well. Initially, a spokesperson for Kaspersky indicated that the business was unable to verify whether or not the two attacks were related. However, an hour later, she gave an amended reply in which she noted that Russia’s computer security agency has previously officially acknowledged that the signs of breach in both reports are the same.

According to allegations from Russian media, in March the administration of the Russian president reportedly gave its personnel the instruction to dispose of any Apple devices they may have. There will be no more iPhones. According to the article, one of the administration’s staffers advised the individuals to “either throw them away or give them to your kids.” The Federal Bureau of Investigation did not disclose any specific information on the suspected victims or the malware’s technical aspects.

“due to the absence of technical details reported by them,” the representative for Kaspersky said, the company was unable to validate all of the FSB’s conclusions. According to the FSB, the virus did not just affect users located inside Russia; it also targeted international numbers and wireless customers located outside of the country who use SIM cards registered with diplomatic missions and embassies located within Russia. On the list were nations from both the post-Soviet area and the NATO alliance, in addition to China, Israel, and Syria.

According to reports from Russian intelligence, the inquiry allegedly uncovered evidence that Apple is working along with the National Security Agency (NSA) of the United States. The Financial Services Board (FSB) noted that this demonstrates that Apple’s declared commitment to preserving the privacy of user data is, in reality, dishonest.

The NSA did not want to comment on the matter. Reporters have received an email from Apple with a declaration to the effect that the company does not collaborate with governments in order to include backdoors into its devices. The Federal Bureau of Investigation did not disclose any specific information on the suspected victims or the malware’s technical aspects.

The post Throw away your iPhones Says Putin to Russians & claims NSA has a backdoor in iPhones appeared first on Information Security Newspaper | Hacking News.

You will be notified of this
If you have an iPhone and you are being tracked by an AirTag, your phone may send you a notification that says “AirTag discovered moving with you.” This will occur if all of the following conditions are met:

The AirTag has been detached from its rightful owner.
iPhone of yours is awake.
When you move the AirTag, it will make a sound.
This may also occur with other accessories that are compatible with Find My Network, such as AirPods, AirPods Pro, or AirPods Max. When you move any of these goods when they are not being handled by their owners, each of them will make a sound.

Verify that the Tracking Notifications feature is turned on.
In the event that you do not get an alert, it is possible that you will need to complete the following procedures in order to guarantee that your tracking alerts are activated:

Go to the Settings menu, and then pick Privacy.
To activate Location Services, choose Location Services from the menu.
Go to the System Services menu.
Put your iPhone in find mode and activate the Notable Places feature.
Return to the Settings menu, and then choose Bluetooth.
Bluetooth must be on.
Last but not least, open the Locate My app and choose yourself.
Activate the Tracking Alerts on your browser.

Try out the app called “Find My.”
When AirTags get separated from their owners, they will produce a sound whenever they are moved in order to assist others in locating them. After confirming that Step 2 has finished, you may open the Locate My app and check to see if the AirTag is located if you think you may have heard an AirTag or another sound that you are unable to identify and suspect it may be an AirTag.

Make AirTag produce a sound.
If you have been notified that an AirTag was traveling with you and are checking the Find My app, you have the option to play a sound on the device in order to locate it more quickly. You can monitor other people’s AirTags by using the Find My app, which you may access by touching on the alert, selecting continue, and then tapping Locate Nearby.

Check all the details about AirTag 
When you have the AirTag in your line of sight, you may access the information it contains on your iPhone or any other smartphone that supports NFC. You will need to bring the top of your iPhone close to the white side of the AirTag that you have located and wait for it to identify it. A notice displays beside a webpage that contains the owner’s last four digits of their phone number in addition to the AirTag’s serial number. If this is a lost AirTag, the owner may have included their contact information so that the person who found it may get in touch with them.

Inactivate the AirTag.
If the owner of an AirTag disables it, they will no longer be able to see its current position or get updates about it. Just removing the battery is all that is required to deactivate the AirTag. You may do this by first opening the AirTag by depressing the button on top and then removing the battery by turning the lid counterclockwise.

You will be able to determine the position of another person’s iPhone so long as your AirTag is in close proximity to that device. And with Apple’s recent release of an official app for monitoring AirTags on Android devices, you don’t even need an iDevice to accomplish that anymore! Yet, there is one very significant exception to this rule.

With Apple Music, the Beats app, and an application for transitioning to iOS, Tracker Detect is one of the few Apple applications that can be downloaded and used on Android devices. If you wish to zero in on a specific rogue AirTag, you can use the app to play a sound on it, and you can also use the app to monitor neighboring rogue AirTags using it. From that point on, you have the option of scanning the AirTag using an NFC reader or turning it off by removing its battery. The functionality is really fundamental, despite the fact that it is rather cool looking. Since it does not have an auto-scan feature, you will not get alerts about nearby missing AirTags as you would on an iPhone. This means that in order to look for a tag, you will need to manually launch the application first. One may argue that this renders the Tracker Detect app rather worthless since a large number of individuals in the reviews part of the app believe that it ought to be able to auto-scan. Spending your day manually searching your immediate environment for AirTags every five minutes is not the most effective use of your time.

It’s not even like there are roadblocks in the way of making that happen on Android phones; all you need is Bluetooth Low Energy (BLE). And enabling auto-scanning for AirTags on non-Apple devices and having those devices participate to Apple’s Find My network would also considerably increase the success of finding AirTags in general. Download the application from the Google Play Store right now if you have an Android device and want to be able to scan AirTags with it.

The post I think someone is spying me using AirTag, what should I do? appeared first on Information Security Newspaper | Hacking News.

In addition, the lawsuit asserts that Apple is able to monitor user behavior across all of its applications by virtue of the fact that the data analytics it gathers have user ID numbers in common. In addition to this, it describes a scenario in which the personal information of a user is disclosed, stating that the Apple Stocks app, for instance, “discloses confidential information about a user’s investing activities or preferences to other users of the service. It communicates with Apple about the stocks that the user is seeing or following. Apple even keeps a record of the timestamps for when a user is seeing certain stocks or interacting with the Stocks app on their device.” The case continues with the following statement: “Furthermore, Apple gathers the news items that consumers read inside their mobile device.”

The allegations in the lawsuit refer to work that was completed by two separate app developers at the software business Mysk. Mysk was co-founded in November of last year by Germany-based iOS developer and “occasional security researcher” Tommy Mysk. The test allegedly “revealed that even when consumers actively change their ‘privacy settings’ and take Apple’s instructions to protect their privacy, Apple still records, tracks, collects, and monetizes consumers’ analytics data, including browsing history and activity information,” as stated in the lawsuit filed by the two individuals.

In a tweet sent out late yesterday night, the developers of the collaborative sketching software Canvas said, “Here we go, Apple is facing another lawsuit for gathering detailed statistics on the App Store, the only location to download and install programs on the iPhone.”

The post “What happens on your iPhone, never stays on your iPhone”. New privacy lawsuit against Apple for monitoring iPhone users appeared first on Information Security Newspaper | Hacking News.

Hackers may be able to unlock a smart phone by guessing the security PIN using data obtained from the many physical sensors included inside the device.

According to researchers from Nanyang Technological University, Singapore (NTU Singapore), instruments found in smart phones such as the accelerometer, gyroscope, and proximity sensors represent a potential security vulnerability. Their findings were published on December 6 in the open-access Cryptology ePrint Archive.

The researchers were able to unlock Android smart phones with a success rate of 99.5% after only three attempts when working with a phone that had one of the 50 most common PIN numbers. This was accomplished by using information gathered from six different sensors found in smart phones in conjunction with cutting-edge machine learning and deep learning algorithms.

The previous greatest success rate for hacking a phone was 74% for the 50 most frequent pin numbers; however, the method developed by NTU may be used to guess all 10,000 potential permutations of four-digit PINs.

Researchers at Temasek Laboratories @ NTU, led by Dr. Shivam Bhasin, NTU Senior Research Scientist, used sensors in a smart phone to model which number had been pressed by its users. The researchers based their model on the angle at which the phone was held as well as the amount of light that was blocked by the thumb or fingers.

The researchers feel that their study shows a serious vulnerability in the security of smart phones. This is due to the fact that accessing the sensors included inside the phones does not need the user to provide any rights, and they are readily accessible for any software to use.

The manner in which the studies were carried out

The team of researchers used Android phones and installed a unique program on each one. This application gathered data from six different sensors, including the accelerometer, gyroscope, magnetometer, proximity sensor, and barometer.

“When you hold your phone and type in the PIN, the phone moves in a totally different manner depending on whether you touch the number one, five, or nine. Additionally, hitting 1 with your right thumb will obstruct more light than pushing 9 would “Dr. Bhasin, who worked on the project with his colleagues Mr. David Berend and Dr. Bernhard Jungk, reveals that they worked on it for a total of ten months.

The classification system was trained using data acquired from three persons, each of whom input a random set of 70 four-digit pin numbers on a phone. These numbers were used to train the algorithm. Additionally, it was recording the pertinent sensor responses at the same time.

The classification system, which utilizes a technique known as deep learning, was able to assign varying degrees of significance to each of the sensors, based on how sensitive each sensor was to the various numbers that were pushed. This helps reduce aspects that it determines to be of less importance, which in turn raises the percentage of successful PIN retrievals.

Despite the fact that each person enters the security PIN on their phone in a manner that is unique to them, the researchers demonstrated that over time, success rates increased as the algorithm was given data from an increasing number of users.

Therefore, even while a malicious app would not be able to properly guess a PIN right away after installation, it might utilize machine learning to gather data over time from thousands of users’ phones to learn their PIN input pattern and then launch an attack later when the success rate is considerably greater.

According to Professor Gan Chee Lip, Director of the Temasek Laboratories at NTU, this study demonstrates how devices with seemingly strong security can be attacked using a side-channel. Professor Gan Chee Lip explained that sensor data could be diverted by malicious applications to spy on user behavior and help access PIN and password information, as well as other sensitive information.

“In addition to the risk of passwords falling into the wrong hands, our primary fear is that access to the information stored on a user’s phone sensors might expose much too much about the user’s behavior. This has enormous consequences for privacy, and businesses and people alike should give it the urgent attention it requires “added Prof Gan.

According to Dr. Bhasin, it would be beneficial for mobile operating systems to limit access to these six sensors in the future. This would allow users to actively select to provide rights to only reliable applications that have a need for them.

Dr. Bhasin recommends that users of mobile devices have PINs that include more than four digits, in addition to other authentication techniques such as one-time passwords, two-factor authentications, and fingerprint or face recognition. This will help users keep their mobile devices safe.

The post New technique of hacking Android Pin & iPhone Passcode exploits phone sensor data appeared first on Information Security Newspaper | Hacking News.

These features have access to Secure Element, which stores sensitive device information and remains active on the latest iPhone models even with the phone turned off. According to specialists at the Technical University of Darmstadt, Germany, this would allow malware to be loaded onto a Bluetooth chip running on an inactive device.

The compromise of these features would allow threat actors to access protected information, including payment card details, banking information and other sensitive data. While this risk is considered real and active, the researchers acknowledge that exploiting these flaws is complex, as hackers would require loading malware onto a target iPhone when it’s turned on, which mandatory requires a remote code execution (RCE) tool.

According to the report, the bug exists because of the way Low Power Mode (LPM) is implemented on Apple’s wireless chips: “The LPM setting is triggered when the user turns off their phone or when the iOS system automatically shuts down due to lack of battery.”

Experts believe that, in addition to its obvious advantages, the current implementation of LPM created new attack vectors. LPM support is based on iPhone hardware, so bugs like this can’t be fixed with software updates.

One attack scenario, tested by the researchers, describes how the smartphone’s firmware would allow attackers to have system-level access for remote code execution using a known Bluetooth vulnerability, such as the popular Braktooth flaw. The research was shared with Apple before its publication. Although the company did not comment on it, experts proposed that Apple add a hardware-based switch to disconnect the battery, preventing functions related to the error from receiving power with the device turned off.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Researchers find new way to hack any iPhone even when it’s turned off appeared first on Information Security Newspaper | Hacking News.

For years, Apple has required apps to pass a security patch to be supported in the App Store before they can be installed on end-user devices. This process prevents malicious apps from reaching devices and can trigger risk scenarios.

Sophos researchers detailed the detection of two methods employed in this campaign, identified as CryptoRom and based in cryptocurrency fraud targeting iOS and Android users. Unlike the Android system, iOS does not allow the installation of applications from third-party platforms.

The campaign depends on the abuse of TestFlight, an Apple service for beta testing of new apps. By installing TestFlight from the App Store, any iOS user can download and test apps that have not yet completed Apple’s strict verification processes, which threat actors tried to use to their advantage to compromise the devices of unsuspecting users.

Sophos mentions that hackers contacted TestFlight users to convince them to install what appeared to be a new version of BTCBOX, a cryptocurrency exchange app. These users received a link that redirected to the fraudulent APK.

For the researchers, this attack vector allows for better evasion of App Store security measures, such as the Super Signature feature. This feature allows you to use an Apple developer account for limited delivery of some apps. The attack also abuses Developer Enterprise, a program for large enterprises to deploy applications for internal use.

CryptoRom operators also exploit the Web Clips feature, which allows you to add a link directly to an iPhone’s home screen in the form of an icon that can be mistaken for a benign app; this item appears after a user has saved or copied a link. Sophos mentions that threat actors abuse Web Clips to add legitimacy to malicious URLs that redirect to fraudulent app downloads.

In the example below, hackers use a malicious app called RobinHand, intentionally designed similarly to the Robinhood investment platform.

This campaign relies heavily on social engineering, with threat actors resorting to all sorts of tricks to build a trusting relationship with the target user. For example, hackers use social media, dating apps and WhatsApp messages to try to convince affected users to install TestFlight and the malicious app on their iPhone devices.

This is an active risk so iPhone users are advised to stay on top of any signs of attack before it’s too late.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post New method to install malware variants on iPhone devices appeared first on Information Security Newspaper | Hacking News.

Launched in April 2021, this device allows iPhone users to track their devices through the Find My service. However, it has been reported on multiple occasions that malicious users can use them to track a person without permission, stealthily hiding them in a backpack, clothing or any other similar site.

Despite Apple’s efforts to counter malicious use of these devices, this remains a severe problem, especially when the tracked user does not have a tool to detect an Apple device from the abusive behavior patterns established by the company.

In 2021 Apple launched the Tracker Detect app for Android users, which would inform users that there is an AirTag enabled in a nearby location. However, the app only informs the user if it is being tracked, so it is not really a reliable tool.

The researchers decided to reverse engineer iOS tracking detection to better understand its inner workings and then design the AirGuard app, for automatic detection of any passive tracking activity and that works with all Find My accessories in addition to the AirTag.

The app was launched at the end of 2021 through the official Google Play Store platform and already has about 120,000 users. With this tool it will be possible to detect all the devices of the Find My family, including the AirTags modified for tracking and espionage purposes.

The app will also be able to detect any AirTag placed in a car, which can prove difficult even for other tools from Apple itself. Finally, the researchers acknowledge that the main weakness during their testing is the limited scanning opportunities on the Android operating system, so the scope of the search could be limited.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post AirGuard: Free Android app allows users to detect if they are being spied on using an Apple AirTag appeared first on Information Security Newspaper | Hacking News.

According to a recent report, modified AirTags can be found online from which the built-in speakers have been removed, which would allow unsuspecting users to be spied on without even being able to identify signs of harmful activities. This “silent AirTags” is available for less than $80 USD.

While the seller of these devices, active on the e-commerce website Etsy, ensures that this modification is intended to help users find the devices without attracting the attention of potential thieves, this has undoubtedly been a cause for concern for cybersecurity experts, including director of cybersecurity at the Electronic Frontier Foundation Eva Galperin.

The specialist is concerned that these modified AirTags can be easily abused for other nefarious fines, leaving a potential victim exposed to tracking their location: “Any similar item could also be used to harass people,” Galperin says.

This is not a new practice, as you can even find online tutorials in text and video on how to disable the speakers on an AirTag simply by performing a small drill under the battery of the device, although this requires some skill and experience.

The concerns are legitimate, although Apple had already taken some action on the matter before; iPhone users can receive a notification in case they find a modified AirTag, plus Apple also developed an Android app with which users of any non-iOS device can scan around them for a hidden AirTag.

At the time of writing, this item had already been removed from Etsy website.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Silent AirTags with no speakers are being used for stalking appeared first on Information Security Newspaper | Hacking News.

The update (iOS 15.2.1) is now available for all supported iPhone and iPad devices. In its report, Apple only describes these flaws as a “resource depletion bug” that causes the device to crash when processing specially crafted HomeKit accessory names.

The sudden appearance of this update a couple of weeks after Trevor Spiniolas publicly disclosed the flaw in HomeKit confused the users, as the expert warned that the bug could be exploited to launch ransomware-like attacks on the affected iPhone/iPad.

The expert found that when the name of an Apple HomeKit device is changed to too large a string of characters, any iOS device that loads the string will face an interrupt condition. To make matters worse, resetting the affected device and logging back into the iCloud account linked to the HomeKit device will re-enable the error.

Spinolas suggested that this bug could trigger a campaign of extortion attacks against iOS device users: “Apps with access to homekit device owners’ startup data can lock them out of their local copies and prevent them from logging back into their iCloud on iOS,” the researcher states.

The expert also believes that malicious hackers could use email addresses intentionally similar to those used by Apple services to trick users into handing over sensitive information. Finally, Spinolas says it first reported this security issue to Apple in early August last year, and had since pressured the company to issue an update.

Users of iOS devices are advised to install the latest version available as soon as possible.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Vulnerability in Apple devices that made them unusable finally fixed. Update immediately iOS appeared first on Information Security Newspaper | Hacking News.

In the form of the most recent edition, held this weekend in the Chinese city of Chengdu, the contestant hackers had three 5-minute attempts to demonstrate the functionality of their exploits.

During the weekend, white-hat hackers managed to successfully compromise the following devices and operating systems:

• Windows 10
• Adobe PDF Reader
• Ubuntu 20
• Parallels VM
• iOS 15
• Apple Safari
• Google Chrome
• ASUS AX56U router
• Docker CE
• VMWare ESXi
• VMWare Workstation
• qemu VM
• Microsoft Exchange

Other devices and software unsuccessfully targeted by the ethical hackers include:

• Synology DS220j NAS device
• Xiaomi MI 11
• An unnamed domestic IoT device

As mentioned above, one of the demonstrated exploits was described as a zero-click remote code execution attack against a fully updated iOS 15 executed on an iPhone 13 smartphone. This exploit gave its developers a prize of $300,000 USD.

Another experiment that caught the eye was a string of RCE attacks against Google Chrome whose exploitation would allow the total compromise of affected systems.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Zero-click remote code execution exploit for fully patched iOS 15 running on iPhone 13 demonstrated by experts appeared first on Information Security Newspaper | Hacking News.

This feature operates similarly to a VPN service in that it encrypts web browsing traffic and sends it through a relay to hide the user’s content, location, and IP address. All visited websites should only see the proxy IP address assigned by iCloud.

Just a few hours ago, a researcher discovered that it is possible to filter IP addresses through WebRTC, a browser API that allows websites to initiate direct communication between their visitors. This functionality has been the subject of multiple web security reports on previous occasions.

WebRTC communication is initiated using the Interactive Connectivity Establishment (ICE) framework, which requires collecting so-called “ICE candidates” such as IP addresses, domain name, ports, protocols, and other data. Subsequently, the web browser will return the ICE candidates to the browser applications.

On the other hand, researcher and developer Sergey Mostsevenko mentions that Safari passes ICE candidates containing real IP addresses to the JavaScript environment: “Deanonymizing this information becomes a matter of analyzing your real IP address of ICE candidates, something trivial and achievable with just a web application.”

The expert recommends switching to a real VPN service or disabling JavaScript in your Safari browser settings to disable WebRTC. Mostsevenko mentions that the vulnerability was fixed in the beta version of macOS Monterey, released this week.

Finally, the researcher mentions that a patch could also be available for Safari under iOS, in addition to the stable version is about to be released.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Zero-day vulnerability in Apple’s new iCloud Private Relay service for iOS 15 allows seeing user real IP addresses appeared first on Information Security Newspaper | Hacking News.