NYSee Radar

Tag: hacking

  • Hundreds of Millions of iPhones Can Be Hacked With a New Tool Found in the Wild

    Andy Greenberg · WIRED

    Researchers at Google and cybersecurity firms iVerify and Lookout on Wednesday jointly revealed the discovery of a sophisticated iPhone hacking technique known as DarkSword that they’ve seen in use on infected websites, capable of instantly and silently hacking iOS devices that visit those sites. While the technique doesn’t affect the latest, updated versions of iOS, it does work against iOS devices running versions of Apple’s previous operating system release, iOS 18
    · · ·
    the hackers who carried out that espionage campaign left the full, unobscured DarkSword code—complete with explanatory comments in English that describe each component and include the “DarkSword” name for the tool—available on those sites for anyone to access and reuse. That carelessness, he says, practically invites other hacker groups to adopt it and target other iPhone users. “Anyone who manually grabbed all the different parts of the exploit could put them onto their own web server and start infecting phones. It’s as simple as that,” says Frielingsdorf. “It’s all nicely documented, also. It’s really too easy.”
    · · ·
    “Instead of using a spyware payload to brute force your way through the file system—which leaves tons of artifacts of exploitation that are pretty easy to detect—this just uses system processes the way they’re meant to be used,” iVerify’s Cole says. “And it leaves far fewer traces.”
    · · ·
    “People assumed that it was just going to be journalists or activists or maybe an opposition politician that was targeted, and that this wasn’t a concern for a normal citizen,” says Justin Albrecht, who leads mobile threat intelligence at Lookout. “Now that we see iOS exploits being delivered through an unscrupulous broker, there’s a whole market here for this to get to cybercriminals” who will use it with far less discretion.
    · · ·
    “If this one gets burned, I’ll just go get another one,” Cole says, describing the hackers’ apparent thinking. “They know there’s more where this came from.”

    Quoted at length because paywall. WIRED’s reporting has been good as of late, and my subscription was absurdly inexpensive. Consider it if this is your kinda thing.

  • Inside the plan to kill Ali Khamenei

    Inside the plan to kill Ali Khamenei

    FT · Mehul Srivastava · James Shotter · Neri Zilber · Steff Chávez

    This is mostly an article about the assassination of Ayatollah Ali Khamenei, but I was drawn to the intelligence operation, namely the construction of “patterns of life” through hacked traffic cameras.

    Nearly all the traffic cameras in Tehran had been hacked for years, their images encrypted and transmitted to servers in Tel Aviv and southern Israel, according to two people familiar with the matter.

    One camera had an angle that proved particularly useful, said one of the people, allowing them to determine where the men liked to park their personal cars and providing a window into the workings of a mundane part of the closely guarded compound.

    Complex algorithms added details to dossiers on members of these security guards that included their addresses, hours of duty, routes they took to work and, most importantly, who they were usually assigned to protect and transport — building what intelligence officers call a “pattern of life”.

  • China hacked email systems of US congressional committee staff

    FT

    The MSS has been operating Salt Typhoon for several years. It allows China to access the unencrypted phone calls, texts and voicemails of almost every American, and in some cases enables access to email accounts.

    Senator Mark Warner still seems to be the only person concerned with this.