Project Zero Security Blog

A Look at iMessage in iOS 14

https://googleprojectzero.blogspot.com/2021/01/a-look-at-imessage-in-ios-14.html

@nogoolag
#projectzero #security #iOS #spiOS #goolag

Safari blocks any website URL containing the word “asian”

On iOS, if you turn on “Limit Adult Website” under Screen Time->Content Restrictions, Safari blocks any website URL containing the word “asian”. Seriously, go try it, it’s unbelievable. I filed a Feeback a long time ago. Nothing changed.

https://nitter.nixnet.services/Stevenpotato/status/1356953980174131200

#ios #safari #asian #blocking
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

https://nitter.42l.fr/Thomasbcn/status/1356645088697454596

#Google #ios #privacy #release

Facebook and Instagram overlays in iOS stoke fears about apps being free of charge

Through grinding teeth, the social media market leader is implementing iOS 14's new privacy requirements. But it can't refrain from a warning finger in the process.

Facebook originally intended to use "educational screens" to reveal details about data usage. Now they seem to be part of a scaremongering campaign. The message: help keep Facebook and Instagram free, and give us access to your data! The hints seem to be a new way to fight back against Apple's tracking protection in iOS 14.5. Meanwhile, the company is enjoying great business, turning over $26.2 billion between January and March alone. The company had already announced that it will expect users to read page-long data protection declarations.

#facebook #DeleteFacebook #instagram #overlays #ios #ad #tracking
📡 @nogoolag 📡 @blackbox_archiv

Social credit systems are here

#apple #ios #iphone #social #credit

#iphone #ios #apple

Best advice: Sell it
Second best advice: Change your settings. Don’t give your permission to track you (it will probably iGnore you though)

Sweet QuaDreams: A First Look at Spyware Vendor QuaDream’s Exploits, Victims, and Customers - The Citizen Lab – 2023

Based on an analysis of samples shared with us by Microsoft Threat Intelligence, we developed indicators that enabled us to identify at least five civil society victims of QuaDream’s spyware and exploits in North America, Central Asia, Southeast Asia, Europe, and the Middle East. Victims include journalists, political opposition figures, and an NGO worker. We are not naming the victims at this time.
We also identify traces of a suspected iOS 14 zero-click exploit used to deploy QuaDream’s spyware.

The exploit was deployed as a zero-day against iOS versions 14.4 and 14.4.2, and possibly other versions. The suspected exploit, which we call ENDOFDAYS, appears to make use of invisible iCloud calendar invitations sent from the spyware’s operator to victims.

#Quadream #spyware #ENFOFDAYS #Ios #Calendar #Icloud

Dissecting TriangleDB, a Triangulation spyware implant | Securelist – June 2023


Over the years, there have been multiple cases when iOS devices were infected with targeted spyware such as Pegasus, Predator, Reign and others. Often, the process of infecting a device involves launching a chain of different exploits, e.g. for escaping the iMessage sandbox while processing a malicious attachment, and for getting root privileges through a vulnerability in the kernel. Due to this granularity, discovering one exploit in the chain often does not result in retrieving the rest of the chain and obtaining the final spyware payload.In 2021, analysis of iTunes backups helped to discover an attachment containing the FORCEDENTRY exploit. However, during post-exploitation, the malicious code downloaded a payload from a remote server that was not accessible at the time of analysis. Consequently, the analysts lost “the ability to follow the exploit.”

#FORCEDENTRY #Ios #TriangleDB

Facebook approached NSO to buy Pegasus spyware capabilities to monitor certain iOS users, according to a statement filed in a court case by the NSO CEO


WhatsApp vs. NSO Group, et al.
4:19-cv-07123-PJH

https://www.documentcloud.org/documents/6824735-Declaration-of-Shalev-Hulio-in-Support-of.html

#Pegasus #NSO #Israel #Facebook #Ios #Apple

Little tool can crash an #iPhone running iOS 17

Security researchers have discovered that iPhones updated to #iOS 17 are susceptible to a Bluetooth attack using a #Flipper Zero device that can crash the phone

https://www.theverge.com/2023/11/3/23944901/apple-iphone-ios-17-flipper-zero-attack-bluetooth

Comments

Kaspersky reveals new method to detect Pegasus spyware | Kaspersky –

Kaspersky's Global Research and Analysis Team (GReAT) has developed a lightweight method to detect indicators of infection from sophisticated iOS spyware such as #Pegasus, #Reign, and #Predator through analyzing Shutdown.log, a previously unexplored #forensic artifact.

The company’s experts discovered Pegasus infections leave traces in the unexpected system log, Shutdown.log, stored within any mobile #iOS device’s sysdiagnose archive. This archive retains information from each reboot session, meaning anomalies associated with the Pegasus malware become apparent in the log if an infected user reboots their device.

Among those identified were instances of ”sticky“ processes impeding reboots, particularly those linked to Pegasus, along with infection traces discovered through cybersecurity community observations.

#Pegasus #NSO #Reign #Predador #iOS #Spyware #Malware #Kapersky #MobileForensics #CyberSec

Sweet QuaDreams or Nightmare Before Christmas? Dissecting an iOS 0-Day

Not quite nation states but not quite independent corporations, "private sector offensive actors" (#PSOAs) have become one of the latest sophisticated threats. These companies develop and sell surveillance and intrusion capabilities to governments around the world. While some governments responsibly use the tools to track criminals and terrorists, others instead opt to abuse the tools by spying on journalists, dissidents, or members of their political opposition....

By: Christine Fossaceca , Bill Marczak

Full Abstract and Presentation Materials

Initial post on Quadreams
Total post (5)

#QuaDreams #Ios #ZeroDay #PSAO

How to detect Predator spyware on Phone (iOS) | OneJailbreak - 21/03/2024

Cytrox, a prominent Macedonian cybersecurity firm, gained notoriety in 2021 for its development and dissemination of the Predator spyware targeting iPhones. This sophisticated spyware successfully infiltrated iOS 14.6, the latest OS version at the time, through the utilization of single-click links distributed via the popular messaging platform, WhatsApp. Predator persists after reboot using the iOS automation feature.

- Cytrox (10 posts)
- Predator ( 25 posts)
#Predator #Cytrox #Apple #IoS

iOS LightSpy Returns: Renewed Espionage Campaign Targets Southern Asia, Possibly India

LightSpy possesses modules designed to exfiltrate device information and saved files, including data from popular messenger applications such as QQ, WeChat, and Telegram. It also has a plugin capable of crawling the payment history of the victim from WeChat Pay (Weixin Pay in China). It can additionally access a user’s contacts, SMS messages, phone call history, GPS location, connected WiFi history, and the browser history of Safari and Chrome. This comprehensive set of features can turn a user’s infected phone into a potent spying device.

@androidMalware
#LightSpy #Spyware #India #SouthAsia #Asia #iOS

XAgent Spyware Targeting iOS Devices in Western Europe: Analysis of Capabilities – Linkedin

XAgent is a spyware targeting iOS devices, representing a mobile implant. Publicly attributed to the group APT28 (also known as Sofacy or Fancy Bear), XAgent is consistent with TTPs of targeting government entities, political organizations, and individuals of interest for cyber espionage purposes.

The XAgent iOS implant exhibits advanced functionalities for comprehensive data collection, exfiltration and potential remote control, aligning with APT28's objectives of gathering intelligence and maintaining persistent access to compromised systems.

Via @androidMalware
#iOS #XAgent #Spyware #Espionage #APT #APT28 #Sofacy #FancyBear

#Apple has been saving all your deleted files and data.
#cloud #ios

#Intellexa #Predator #Spyware #Android #iOS
Intellexa - Predator ( 26 posts)