Black Hat Conf Las Vegas Aug 2019 Reveals iPhone Text Hack | Aug 24 2019

Google researcher details iOS exploit that can take over an iPhone with a text message || BGR

 

As a general rule, if you avoid clicking on suspicious links that might pop on your phone — whether they’re sent via text message or appear as an in-browser pop-up ad — the odds of your device becoming infected with malware is slim to none.

That notwithstanding, security researchers from Google’s Project Zero team recently divulged a sophisticated exploit that would allow a malicious actor to take control of a targeted device with no interaction required from the device owner at all. As Google researcher Natalie Silvanovich detailed during a presentation at the Black Hat security conference this week, there are a handful of iOS 12 exploits — which have since been patched by Apple with iOS 12.4 — that can let a third-party gain full control of a device simply by sending over a text message.”

….read more at: BGR

 

 

Hackers Can Break Into Your iPhone Just By Sending a Text || Wired

 

“WHEN YOU THINK about how hackers could break into your smartphone, you probably imagine it would start with clicking a malicious link in a text, downloading a fraudulent app, or some other way you accidentally let them in. It turns out that’s not necessarily so—not even on the iPhone, where simply receiving an iMessage could be enough to get yourself hacked.At the Black Hat security conference in Las Vegas on Wednesday, Google Project Zero researcher Natalie Silvanovich is presenting multiple so-called “interaction-less” bugs in Apple’s iOS iMessage client that could be exploited to gain control of a user’s device. And while Apple has already patched six of them, a few have yet to be patched.

“These can be turned into the sort of bugs that will execute code and be able to eventually be used for weaponized things like accessing your data,” Silvanovich says. “So the worst-case scenario is that these bugs are used to harm users.”

Silvanovich, who worked on the research with fellow Project Zero member Samuel Groß, got interested in interaction-less bugs because of a recent, dramatic WhatsApp vulnerability that allowed nation-state spies to compromise a phone just by calling it—even if the recipient didn’t answer the call.

But when she looked for similar issues in SMS, MMS, and visual voicemail, she came up empty. Silvanovich had assumed that iMessage would be a more scrutinized and locked-down target, but when she started reverse engineering and looking for flaws, she quickly found multiple exploitable bugs.

This may be because iMessage is such a complex platform that offers an array of communication options and features. It encompasses Animojis, rendering files like photos and videos, and integration with other apps—everything from Apple Pay and iTunes to Fandango and Airbnb. All of these extensions and interconnections increase the likelihood of mistakes and weaknesses.

One of the most interesting interaction-less bugs Silvanovich found was a fundamental logic issue that could have allowed a hacker to easily extract data from a user’s messages. An attacker could send a specially crafted text message to a target, and the iMessage server would send specific user data back, like the content of their SMS messages or images.

The victim wouldn’t even have to open their iMessage app for the attack to work. iOS has protections in place that would usually block an attack like this, but because it takes advantage of the system’s underlying logic, iOS’ defenses interpret it as legitimate and intended.

Other bugs Silvanovich found could lead to malicious code being placed on a victim’s device, again from just an incoming text.

Interaction-less iOS bugs are highly coveted by exploit vendors and nation-state hackers, because they make it so easy to compromise a target’s device without requiring any buy-in from the victim. The six vulnerabilities Silvanovich found—with more yet to be announced—would potentially be worth millions or even tens of millions of dollars on the exploit market.

“Bugs like this haven’t been made public for a long time,” Silvanovich says. “There’s a lot of additional attack surface in programs like iMessage. The individual bugs are reasonably easy to patch, but you can never find all the bugs in software, and every library you use will become an attack surface. So that design problem is relatively difficult to fix.”

Silvanovich emphasizes that the security of iMessage is strong overall, and that Apple is far from the only developer that sometimes make mistakes in grappling with this conceptual issue. Apple did not return a request from WIRED for comment.”

….read more at: Wired

 

So Much for the ‘myth’ Illegals commit less crime than citizens | Aug 23 2019

DOJ: 64% Of Federal Arrests In 2018 Were Of NON-U.S. Citizens | TGP

 

“In fiscal 2018, 64% of all the arrests made by the federal government were of non-U.S. citizens, according to a report released Thursday by the Justice Department’s Bureau of Justice Statistics.

For comparison, In 1998, 63% of all federal arrests were of U.S. citizens.

“The country of citizenship of persons arrested by federal law enforcement changed notably over time. From 1998 to 2018, Mexican citizens’ share of federal arrests rose from 28% to 40%. Citizens of Central American countries’ share of federal arrests rose from 1% to 20% during the same period, while U.S. citizens’ share of federal arrests fell from 63% to 36%. Federal arrests of Central Americans rose more than 30-fold over two decades, from 1,171 in 1998 to 39,858 in 2018. The number of federal arrests of Mexican citizens (78,062) exceeded the number of federal arrests of U.S. citizens (70,542) in 2018,” said the Department.

Immigrant crime has also soared.”

…Read more at: The Gateway Pundit

 

Marianne Williamson Says What Nobody Else Will || Jul 30 2019

Marianne Makes Fundamentally Different Case For Change, Gets Cut Off During Debate

||  CNN