Another iPhone Change to Frustrate the Police

I recently wrote about the new ability to disable the Touch ID login on iPhones. This is important because of a weirdness in current US law that protects people's passcodes from forced disclosure in ways it does not protect actions: being forced to place a thumb on a fingerprint reader. There's...

Updating to Secure Hub 10.5.5 causes Passcode prompt to appear repeatedly

You may find that after upgrading to Secure Hub 10.5.5 on Android, the device repeatedly requests the Passcode to be entered even though the Passcodeentered is known to be valid. Upon investigation of the Secure Hub log files, you may notice an error message which states "SecretVaultProvider:Fail...

Man Jailed 6 Months for Refusing to Give Police his iPhone Passcode

Remember Ramona Fricosu? A Colorado woman was ordered to unlock her encrypted Toshiba laptop while the FBI was investigating alleged mortgage fraud in 2012, but she declined to decrypt the laptop saying that she did not remember the password. Later the United States Court ruled that Police can...

CVE-2017-2399

An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Pasteboard" component. It allows physically proximate attackers to read the pasteboard by leveraging the use of an encryption key derived only from the hardware UID rather than that UID in...

CVE-2016-4781

An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "SpringBoard" component, which allows physically proximate attackers to bypass the passcode attempt counter and unlock a device via unspecified vectors...

CVE-2016-4781

An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "SpringBoard" component, which allows physically proximate attackers to bypass the passcode attempt counter and unlock a device via unspecified vectors...

Design/Logic Flaw

An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "SpringBoard" component, which allows physically proximate attackers to bypass the passcode attempt counter and unlock a device via unspecified vectors...

CVE-2016-4781

An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "SpringBoard" component, which allows physically proximate attackers to bypass the passcode attempt counter and unlock a device via unspecified vectors...

CVE-2016-4781

CVE-2016-4781 (Apple iOS) affects iOS versions prior to 10.2, in which the SpringBoard component could allow a physically proximate attacker to bypass the passcode attempt counter and unlock the device. The issue is described as a counter handling/state management problem; no remote/vector exploi...

iOS 10 Passcode Bypass Can Access Photos, Contacts

A vulnerability in Apple’s iOS versions 8, 9, and 10 could allow an attacker to access photos and contacts on a locked iPhone, according to two sources that posted videos showing how the password bypass works. According to both sources, the vulnerability also impacts the most recent version of iO...

Apple iOS 10.1 - Multiple Access Permission Vulnerabilities

Document Title: =============== Apple iOS 10.1 - Multiple Access Permission Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2012 Apple Security ID: 648680301 Video1: https://www.youtube.com/watch?v=fY2ObtxkDg Video2:...

New Hack: How to Bypass iPhone Passcode to Access Photos and Messages

Setting a passcode on your iPhone is the first line of defense to help prevent other people from accessing your personal details. However, it's pretty much easy for anyone with access to your iPhone to bypass the passcode protection doesn't matter if you configured Touch ID or not and access your...

WhatsApp Adds​ ​2-Step Verification Passcode — Enable this Security Feature

WhatsApp has introduced a new security feature that fixes a loophole in the popular messaging platform, which if exploited, could allow an attacker to hijack victim's account with just knowing the victim's phone number and some hacking skills. The attack does not exploit any vulnerability in...

Researcher Proves Viability of NAND Mirroring to Bypass iPhone Passcode Restrictions

NAND mirroring was outright dismissed by FBI director James Comey as a means of breaking into San Bernardino terrorist Syed Farook’s iPhone 5c during the government’s spat with Apple earlier this year. “It doesn’t work,” Comey said. Well, turns out, it does. Sergei Skorobogatov of the University ...

Instead of spending $1.3 million, FBI could have Hacked iPhone in just $100

Do you remember the infamous encryption fight between the FBI and Apple for unlocking an iPhone 5C belongs to a terrorist? Yes, you got it right, the same Apple vs. FBI case where the FBI paid almost $1.3 Million to a group of hackers to unlock that iPhone. However, if the agency had shown some...

Securing a travel iPhone

These are dry notes I took in the process of setting up a burner iPhone SE as a secure travel device. They are roughly in setup order. I believe iOS to be the most secure platform one can use at this time, but there are a lot of switches and knobs. This list optimizes for security versus...

Uber: Authentication Issue for easter egg on bonjour.uber.com

This probably ok, almost definitely is just informative but thought I would throw it out here anyways. : bonjour.uber.com hosts an easter egg view source and scroll down where the passcode is insecurely stored as a javascript variable. The source for the easter egg is: html //error easter egg -...

Apple iOS 9.3.1 Passcode Bypass

Document Title: =============== Apple iOS 9.3.1 iPhone 6S & iPhone Plus - 3D Touch Passcode Bypass Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1814 Release Date: ============= 2016-04-05 Vulnerability Laboratory ID VL-ID:...

Apple iOS 9.3 S/Plus - Touch Passcode Bypass Vulnerability

Document Title: =============== Apple iOS 9.3 S/Plus - Touch Passcode Bypass Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1814 Vulnerability Magazine:...

Apple iOS 9.3 S/Plus - Touch Passcode Bypass Vulnerability

Document Title: =============== Apple iOS 9.3 S/Plus - Touch Passcode Bypass Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1814 Vulnerability Magazine:...