Skip to main content

A huge security flaw has been discovered in Apple devices that could allow hackers to steal your passwords and data

Image
By

tim cook

A group of security researchers have discovered an alarming vulnerability in Apple's mobile and desktop operating systems.
In a newly-released paper, the research group explained how they tested a series of attacks that were able to bypass security checks, steal passwords, and even critical app data.
The vulnerability was discovered to exist on Apple devices including the iPhone, iPad, and Mac computers.
Due to the way Apple built apps to communicate with each other, the paper writes, researchers were able to "steal such confidential information as the passwords for iCloud, email and bank, and the secret token of Evernote."
Basically, these researchers were able to build a malware that was uploaded to Apple's App Store in the form of a typical app, which was then able to steal credentials from the existing apps on the researchers' phones. These credentials include passwords and other precious app data that's supposed to be off-limits.
The lead researcher, Luyi Xing, told the Register that his team was able to "gain unauthorized access to other apps' sensitive data such as passwords and tokens from iCloud, Mail app and all web passwords stored by Google Chrome."
According to the Register, Xing and his team informed Apple, which asked for six months to deal with issue. The six months have now passed and the vulnerabilities persist, say the researchers. 
The ramifications of these findings could be huge. Very little has been written about the potential cross-app vulnerabilities in Apple's software, and this discovery shows some huge holes certainly exist.
The researchers tested this type of attack with large sample of Apple apps and found that "more than 88.6%" were completely exposed. These include extremely popular apps like password manager 1Password and Google Chrome.
"The consequences of these attacks are serious," the paper concludes, "including leak of user passwords, secrete tokens and all kinds of sensitive documents."
In short, this vulnerability could quickly become bad news for Apple if hackers or other malicious parties take advantage of the security holes, and there's no way to know if any attacks utilizing this method have already been carried out. For Apple's part, the company needs to figure out a way to patch the vulnerability across both its iOS and Mac OS X operating systems.
Business Insider has reached out to Apple, and we will update the post when we hear back.
You can watch a video showcasing how a malicious app can utilize the vulnerability to steal stored passwords from Google Chrome.

Comments

Post a Comment

Popular posts from this blog

Square’s New Apple Pay And Chip Card Reader Available To Pre-Order

By
Shortly after going public,  Square  announced that its new card reader is now available to pre-order on  its website  for $49. The new reader will ship in early 2016. It’s been a slow roll-out for the company’s new reader as Square first teased it at Apple’s WWDC in June. Compared to the good old Square reader that you put in your headphone jack, this one packs a few new features. First, it supports Apple Pay, and potentially other contactless payment systems. It has an NFC chip and a tokenization system for secure contactless payments. Second, the new bigger design comes with a new slot for chip cards in case you can’t pay with your phone. Finally, it’s a wireless reader that connects to your phone or tablet using Bluetooth. It has a small built-in battery and you can recharge it with a standard microUSB port. According to  Square’s website , 100 retailers are already using the new reader. But the company has yet to ship the new rea...
Post a Comment
Read more

Report: Amazon Is Building An App To Let Normal People Deliver Packages For Pay

By
Amazon is apparently enlisting everyday humans in its network of endless online shopping delivery. The WSJ reports that the ecommerce giant is working on an app internally that would allow the average consumer to make a little cash by picking up Amazon packages at various retail locations and dropping them off at their final destination. WSJ’s sources did not have a timeline for the release of this product, internally called ‘On My Way,’ and were unsure whether it would launch at all. Amazon has spent years not only iterating the way it tailors your online shopping experience — the mega retailer has one of the best suggestion engines in the business — but also the way that it gets you your products with speed and convenience. Besides the standard shipping (or two-day for Prime members), Amazon has fiddled with the idea of letting Uber drivers and yellow cabs deliver products same-day, as well as using bike messengers and third-party delivery services for Prime N...
Post a Comment
Read more

The EHang 184 Is A Human-Sized Drone Taking Off At CES

By
We’ve seen some pretty cool stuff on day 1 of CES 2016, but probably nothing more eye-catching than the EHang 184, a human-sized drone built by the Chinese UAV company  EHang . Yes you heard right — a giant autonomous drone that fits a human. It’s basically what you would expect to see if someone shrunk you down to the size of a LEGO and stuck you next to a DJI Inspire. Except no one was shrunk, and the giant flying machine was sitting smack in the middle of the CES drone section. EHang, which was founded in 2014 and has raised about $50M in venture fundingto date, was pretty gung-ho about telling everyone at CES that the 184 was the future of personal transport. And for the most part, people were too in awe to question them. But the reality is that the company probably was using the 184 as more of a marketing tool for their standard-sized drones like the  Ghost . Not that we’re saying that the 184 will never be a real thing, just that it probably isn’t co...
Post a Comment
Read more

Xiaomi’s 15.6” Notebook To Cost Less Due To Older CPU & GPU

By
Xiaomi is, first and foremost, a smartphone manufacturer. This company tends to dabble in pretty much anything tech-related, and they will release their first notebook soon.  Inventec  has already confirmed that they’re working on (one of) the company’s notebook, and that the device is expected to arrive in April next year. Well, Inventec is working on one of the company’s notebooks, but three different ones have been mentioned, the 12.5, 13.3 and 15.6-inch models. Inventec is working on the 12.5-inch model, while Compal is rumored to be working on the 13.3-inch variant. The  15.6-inch notebook  is the most interesting one here, read on. The specifications of the 15.6-inch Xiaomi notebook have surfaced a while back, and according to that report, the device will sport a 15.6-inch 1080p (1920 x 1080) display, 8GB of RAM and will be powered by Intel’s Core i7 4th-generation SoC. Nvidia’s GeForce GTX 760M GPU is said to be included in this package as well, and...
Post a Comment
Read more

The data center of the (near) future

By
Tight budgets and explosive data growth call for creative thinking on how and where to build data centers:   http://dell.to/1tv4FsL #datacenter     #modulardatacenter    #floatingdatacenter    http://techpageone.dell.com/technology/the-data-center-of-the-near-future/?dgc=SM&cid=75909&lid=5342172#.U_6lTvldXfJ
Post a Comment
Read more