Sign up for our Technology Newsletter 
Apple Hacked
October 2, 2013 by admin
Filed under Smartphones
Comments Off on Apple Hacked
A group of German hackers claimed to have successfully breached the iPhone fingerprint scanner on Sunday, just two days after Apple Inc debuted the technology that it promises will better protect devices from criminals and snoopers seeking access.
If the claim is verified, it will be embarrassing for Apple which is betting on the scanner to set its smartphone apart from new models of Samsung Electronics Co Ltd and others running the Android operating system of Google Inc.
Two prominent iPhone security experts told Reuters that they believed the German group, known as the Chaos Computing Club, or CCC, had succeeded in defeating Apple’s Touch ID, though they had not personally replicated the work.
One of them, Charlie Miller, co-author of the iOS Hacker’s Handbook, described the work as “a complete break” of Touch ID security. “It certainly opens up a new possibility for attackers.”
Apple representatives did not respond to requests for comment.
CCC, one the world’s largest and most respected hacking groups, posted a video on its website that appeared to show somebody accessing an iPhone 5S with a fabricated print. The site described how members of its biometrics team had cracked the new fingerprint reader, one of the few major high-tech features added to the latest version of the iPhone.
The group said they targeted Touch ID to knock down reports about its “marvels,” which suggested it would be difficult to crack.
“Fingerprints should not be used to secure anything. You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints,” a hacker named Starbug was quoted as saying on the CCC’s site.
The group said it defeated Touch ID by photographing the fingerprint of an iPhone’s user, then printing it on to a transparent sheet, which it used to create a mold for a “fake finger.”
CCC said similar processes have been used to crack “the vast majority” of fingerprint sensors on the market.
“I think it’s legit,” said Dino Dai Zovi,” another co-author of the iOS Hacker’s Handbook. “The CCC doesn’t fool around or over-hype, especially when they are trying to make a political point.”
Touch ID, which was only introduced on the top-of-the-line iPhone 5S, lets users unlock their devices or make purchases on iTunes by simply pressing their finger on the home button. It uses a sapphire crystal sensor embedded in the button.
Data used for verification is encrypted and stored in a secure enclave of the phone’s A7 processor chip.
Two security experts who sponsored an impromptu competition offering cash and other prizes to the first hackers who cracked the iPhone said they had reviewed the information posted on the CCC website, but wanted more documentation.
“We are simply awaiting a full video documentation and walk through of the process that they have claimed,” said mobile security researcher Nick DePetrillo, who started the contest with another security expert, Robert Graham. “When they deliver that video we will review it.”
The two of them each put up $100 toward a prize for the contest winner, then set up a website inviting others to contribute. While the booty now includes more than $13,000 in cash, it was not clear that the CCC would receive the full payout, even if DePetrillo and Graham declared them winners.
Microsoft Gives Money To Hackers
Microsoft has given out more than $250,000 in prize money to Black Hat hackers who found ways to protect its software. Redmond’s first Blue Hat prize were unveiled at a hip club at a mobbed party complete with dancers, high-energy DJ, and explosions of shimmering confetti.
The top prize of $200,000 went to doctoral student Vasilis Pappas. Pappas came up with a method to countering “the most popular attack technique” that Redmond is seeing at the moment. This is called Return-Oriented Programming which is a hacker technique that is often used to disable or circumvent a program’s computer security controls. Pappas came up with something called kBouncer which blocks anything that looks like an ROP attack from running.
Microsoft security response center senior director Mike Reavey said that Redmond posed a challenge to the researcher community and asked them to shift their focus from solely identifying and reporting individual vulnerabilities to investing in new lines of defensive research that could mitigate entire classes of attacks.
Microsoft Delivers Massive Security Updates
Comments Off on Microsoft Delivers Massive Security Updates
Microsoft today patched a whopping 64 vulnerabilities in Windows, Office, Internet Explorer (IE), and other software, including 30 bugs in the Windows kernel device driver and one in IE that was exploited at the Pwn2Own hacking contest last month.
The company also delivered a long-discussed “backport” to Office 2003 and Office 2007 that brings one of the newer security features in Office 2010 to the older editions.
The 17 updates, which Microsoft dubs “bulletins,” tied a record set late last year, but easily beat the October 2010 mark for the total number of flaws they fixed. Altogether, today’s updates patched 64 vulnerabilities, 15 more than in October and 24 more than in the former second-place collection of December 2010.
Nine of the 17 bulletins were pegged “critical,” Microsoft’s highest threat ranking, while the remainder were marked “important,” the next-most-serious label.
Microsoft and virtually every security expert pegged several updates that users should download and install immediately.
“There are three we think are top priorities,” said Jerry Bryant, group manager with the Microsoft Security Response Center (MSRC), in an interview earlier today. Bryant tagged MS11-018, MS11-019 and MS11-020 as the ASAP updates.