Tuesday, March 9, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Apple disputes Google’s accuracy on recent iOS hacks, and they may be right

September 7, 2019
in Internet Security
Apple disputes Google’s accuracy on recent iOS hacks, and they may be right
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

What’s Apple keeping under wraps?

You might also like

Microsoft Exchange zero-day attacks: 30,000 servers hit already, says report

Ezviz C3X outdoor security camera review: Simple setup, superb features Review

Supernova malware clues link Chinese threat group Spiral to SolarWinds server hacks

Apple has published a statement today disputing some of the facts about a recent hacking campaign discovered by Google security researchers.

Apple’s rebuttal targets a series of blog posts Project Zero, Google’s elite security team, published on August 30.

The blog posts contained information about a coordinated campaign that used 14 vulnerabilities spread across five exploit chains to infect iOS users with malware when visiting specific sites.

Google said the campaign began in September 2016 and lasted until January 2018, when their staff discovered the malicious sites and reported the attacks to Apple, which then moved in to patch a zero-day abused in the hacks.

It was later reported that the campaign was the work of Chinese state-sponsored hackers, and was aimed at the Uighur Muslim population living in China and abroad. Another report also said that Android and Windows users were also targeted with malicious code planted on similar sites, also aimed at the same Uighuir minority.

But in its blog posts, Google didn’t reveal the target of these attacks, and used broad terms to describe the hacks, which Apple now disputes.

Apple’s rebuttal

“First, the sophisticated attack was narrowly focused, not a broad-based exploit of iPhones ‘en masse’ as described,” Apple said.

“The attack affected fewer than a dozen websites that focus on content related to the Uighur community.”

“Second, all evidence indicates that these website attacks were only operational for a brief period, roughly two months, not ‘two years’ as Google implies,” Apple said. “We fixed the vulnerabilities in question in February — working extremely quickly to resolve the issue just 10 days after we learned about it. When Google approached us, we were already in the process of fixing the exploited bugs.”

The Cupertino-based company said iPhone customers reached out, concerned about their safety, because of Google’s erroneous report.

And Apple isn’t standing alone on these claims. Earlier this week, Yonathan Klijnsma, Head of Threat Research at RiskIQ, told ZDNet in a private conversation that the attacks were indeed very targeted, and that Google was wrong in its initial assessment. He later shared the same thoughts in a public tweet.

One thing misunderstood slightly is the scope of the P0 & @volexity published campaign(s). This watering hole wasn’t for everyone. Injections were planted on sites visited by specific communities some with country filtering.

From Apr => Sept we only saw 166 payload requests f.e. pic.twitter.com/vSkDnQ6m27

— Yonathan Klijnsma (@ydklijnsma) September 2, 2019

In the tweet, he cited research published by cyber-security firm Volexity, which detailed a campaign similar to the one described by Apple, but that targeted Android users instead of iOS users.

Klijnsma said that telemetry data from RiskIQ’s Passive Total platform showed that the payload targeting Android users triggered only 166 times, a meager number and far from being a mass-exploitation campaign, and was in tune with the attacks aimed at iOS users.

He also told ZDNet that the malicious code planted on the sites used in these attacks also contained filters. These filters would prevent the malicious code from running unless certain conditions were met. These conditions were strict, and prevented the code from running on the devices on random users.

Google stands by its research and researchers

In a statement sent to ZDNet, Google said it stands by its original research, despite Apple’s rebuttal.

“Project Zero posts technical research that is designed to advance the understanding of security vulnerabilities, which leads to better defensive strategies,” a Google spokesperson said. “We stand by our in-depth research which was written to focus on the technical aspects of these vulnerabilities.”

Furthermore, in the past week, Google has been lambasted by the cyber-security community for only disclosing details about the coordinated campaign targeting iOS users, but not the one that targeted Android devices.

However, Tim Willis, a Google Project Zero member said that this wasn’t a sign of Google being duplicitous (and trying to sabotage a rival on the mobile OS market) but that Google researchers only saw the malicious code targeting iOS devices.

“[Google’s Threat Analysis Group] only saw iOS exploitation on these sites when TAG found them back in Jan 2019,” he said, “and yes, they looked for everything else as well.”

… TAG *only* saw iOS exploitation on these sites when TAG found them back in Jan 2019 (and yes, they looked for everything else as well).

That said, anyone out there with full chain 0day in-the-wild from Android / Windows, feel free to reach out and we’d love to take a look!

— Tim Willis (@itswillis) September 2, 2019

Willis’ assertment, made on September 2, was confirmed three hours later, when Volexity published its report about the hacking campaign targeting Android users, where the company confirmed there was no overlap between the Android and iOS campaigns.

The conclusion here is that Apple is right in calling out Google, at least on the first point — that the campaign wasn’t an en-mass hacking spree aimed at random iPhone users, but rather a very targeted operation.

Nevertheless, most of the cyber-security community also pointed out that Apple itself is pretentious because it failed to alert its users when it learned of this hacking campaign back in February.


Credit: Zdnet

Previous Post

Multiple Code Execution Flaws Found In PHP Programming Language

Next Post

How I scored in the top 1% of Kaggle’s Titanic Machine Learning Challenge

Related Posts

Microsoft Exchange zero-day attacks: 30,000 servers hit already, says report
Internet Security

Microsoft Exchange zero-day attacks: 30,000 servers hit already, says report

March 9, 2021
Ezviz C3X outdoor security camera review: Simple setup, superb features Review
Internet Security

Ezviz C3X outdoor security camera review: Simple setup, superb features Review

March 9, 2021
Supernova malware clues link Chinese threat group Spiral to SolarWinds server hacks
Internet Security

Supernova malware clues link Chinese threat group Spiral to SolarWinds server hacks

March 9, 2021
McAfee sells its enterprise business to private equity group as it focuses on consumer security
Internet Security

McAfee sells its enterprise business to private equity group as it focuses on consumer security

March 9, 2021
Everything you need to know about Microsoft Exchange Server hack
Internet Security

Everything you need to know about Microsoft Exchange Server hack

March 8, 2021
Next Post
How I scored in the top 1% of Kaggle’s Titanic Machine Learning Challenge

How I scored in the top 1% of Kaggle’s Titanic Machine Learning Challenge

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Microsoft Exchange zero-day attacks: 30,000 servers hit already, says report
Internet Security

Microsoft Exchange zero-day attacks: 30,000 servers hit already, says report

March 9, 2021
Is investing in AI the highest ROI opportunity?
Data Science

Is investing in AI the highest ROI opportunity?

March 9, 2021
Dalhousie researchers use machine learning to track COVID-related emotions on social media | Provincial | News
Machine Learning

Dalhousie researchers use machine learning to track COVID-related emotions on social media | Provincial | News

March 9, 2021
Ezviz C3X outdoor security camera review: Simple setup, superb features Review
Internet Security

Ezviz C3X outdoor security camera review: Simple setup, superb features Review

March 9, 2021
Operationalizing AI – Introduction to the ModelOps Pipeline
Data Science

Operationalizing AI – Introduction to the ModelOps Pipeline

March 9, 2021
SCA invests in Australian AI and machine learning company
Machine Learning

SCA invests in Australian AI and machine learning company

March 9, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Microsoft Exchange zero-day attacks: 30,000 servers hit already, says report March 9, 2021
  • Is investing in AI the highest ROI opportunity? March 9, 2021
  • Dalhousie researchers use machine learning to track COVID-related emotions on social media | Provincial | News March 9, 2021
  • Ezviz C3X outdoor security camera review: Simple setup, superb features Review March 9, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates