Operation Triangulation – 0-click iMessage Attacks to Hack iPhones

0
[ad_1]

Hackers exploit Zero-Days because these vulnerabilities are unknown to software developers, making them valuable for launching attacks before developing patches. 

Zero-day exploits provide an opportunity to:-

  • Compromise systems
  • Gain unauthorized access
  • Cause significant damage
  • Steal sensitive information

Cybersecurity researchers at Securelist recently discovered a malicious operation dubbed “Triangulation,” in which threat actors exploit the 0-click iMessage attack using four zero-days to hack iPhones.

Zero-days discovered

Here below, we have mentioned all the four zero-days that were discovered:-

Attack chain

Attackers send a harmful iMessage attachment that exploits a code execution vulnerability (CVE-2023-41990) in Apple’s ADJUST TrueType font.

It employs return/jump-oriented programming and multiple stages in NSExpression/NSPredicate language. It patches JavaScriptCore to run a privilege escalation exploit in obfuscated JavaScript, totaling around 11,000 lines.

The exploit leverages DollarVM to control JavaScriptCore’s memory and execute native API functions.

It was designed for both old and new iPhones, and for the recent models, it bypasses the PAC.

Meanwhile, the CVE-2023-32434 is exploited to gain read/write access via XNU’s syscalls. However, to bypass the Page Protection Layer, it uses the MMIO registers, which CVE-2023-38606 mitigated.

Attack chain
Attack chain (Source – Securelist)

Technical analysis

SoC peripheral devices have MMIO registers mapped via DeviceTree. Operation Triangulation exploit targets unknown MMIOs in Apple A12–A16 Bionic SoCs at:-

  • 0x206040000
  • 0x206140000
  • 0x206150000

Despite extensive searches, no references were found in device tree files, source code, firmware, or kernel images. SoC has MMIO ranges at:-

  • 0x206400000–0x20646C000
  • 0x206050000–0x206050008

Exploit uses the following unknown addresses mainly within gfx-asc regions, hinting at GPU coprocessor:-

  • 0x206040000
  • 0x206140008
  • 0x206140108
  • 0x206150020
  • 0x206150040
  • 0x206150048
Correlation of the gfx-asc MMIO ranges
Correlation of the gfx-asc MMIO ranges (Source – Securelist)

Here, the device tree and pmgr utility was used to find the GFX register in the power manager MMIO range. Through the SERROR Exception, the GPU coprocessor involvement was confirmed. 

The 0x206040000 register was explored during the exploit stages, and it’s been identified CoreSight MMIO debug registers for the GPU coprocessor.

The ml_dbgwrap_halt_cpu function was discovered in the XNU source code and recognized the purpose of unknown registers, like 0x206150020 for A15/A16 Bionic SoCs. 

For page table patching, the PPL bypass hardware feature was revealed and exploited for kernel debugging on iPhones.

Moreover, the m1n1 tool used to trace MMIO registers on M1 found no usage by macOS and shared similarity with 37C3 presentation on Blu-ray drive vulnerability

The iOS 16.6 fix was mitigated by adding MMIO ranges to the device tree and the Pmap-io-ranges in the device tree used by XNU to control physical address mapping.

Unusual vulnerability puzzles the researchers, as the origin and purpose of unknown hardware features confuse the experts; however, it’s unclear if Apple or a third party designed it. 

This flaw exposes the uselessness of the advanced hardware protections against smart attackers. Besides this, hardware security leans on “security through obscurity,” which is a flawed approach.


[ad_2]
Source link

The OnePlus Buds 3 will launch in China alongside the OnePlus 12R

0
[ad_1]

OnePlus is gearing up to kick off 2024 with a bang. The China-based company will enter the year with at least three product launches. These are the OnePlus 12, OnePlus 12R (OnePlus Ace 3 in China), and OnePlus Buds 3. Those tracking the news already know that the OnePlus 12 has already debuted in the homeland on December 5th. However, the global variant will hit the shelves on January 23rd.

The OnePlus Buds 3 confirmed to launch along with the OnePlus Ace 3 / OnePlus 12R

The OnePlus 12R (known as OnePlus Ace 3 in China) will debut alongside the OnePlus Buds 3, the company confirmed on Weibo (via Gizmochina). The teaser posted on Weibo suggests that the upcoming TWS earbuds will be available in two colors: Space Gray and Clear Blue Sea. We previously reported when we heard that OnePlus was inching closer to release the Buds 3. The reports were true and they’re coming in about a week or so.

OnePlus Nord Buds 3 CAD image 1

Meanwhile, the OnePlus Ace 3 may feature a 6.78-inch OLED display with support for up to 4,500nits peak brightness and up to 120Hz adaptive refresh rate. Under the hood, it may pack a Qualcomm Snapdragon 8 Gen 2 chipset. In terms of the camera, we expect a triple camera setup on the rear consisting of a 50MP OIS primary lens, an 8MP ultrawide lens, and a 2MP macro module. There’ll also be a 16MP front shooter for selfies and video chats. It will, most likely, launch in two colors globally: Star Black and Moon Sea Blue. There’s also a Sand Gold variant, but that’ll be a China exclusive.

Specifications of the OnePlus Buds 3

OnePlus claims that the upcoming Buds 3 earbuds aim to deliver “flagship sound quality” to a broader audience. When they launch, the OnePlus Buds Pro 3 are anticipated to pack features like true (48dB) wireless noise cancellation, Google Fast Pair, and dual connection capabilities. There’s speculation that these earbuds will offer 3D spatial audio and boast a battery life of up to 44 hours. The pair may also feature an IP55 water and dust resistance rating. Meanwhile, interested buyers in China can already place pre-orders through Tmall, JD, and OPPO Mall.


[ad_2]
Source link

Researchers revealed a 0-click iMessage attack using four zero-day vulnerabilities

0
[ad_1]

Security researchers at Kaspersky have recently revealed a highly advanced iMessage vulnerability, dubbing it “Operation Triangulation.” Researchers found that this exploit was active between 2019 and December 2022 by its complexity. It utilizes a series of zero-day vulnerabilities to create what they describe as the “most sophisticated attack chain” ever known.

The presentation at the Chaos Communication Congress marks the first time that the researchers publicly revealed the details of the exploits and vulnerabilities used in this advanced iMessage attack.

Operation Triangulation employed a 0-click iMessage attack, using four zero-day vulnerabilities to target iOS versions up to iOS 16.2. Researchers started the attack with a malicious iMessage attachment that isn’t noticeable by users. The attachment exploited a remote code execution vulnerability in the Apple-only ADJUST TrueType font instruction, present since the early 90s.

Intricacies of the most sophisticated iMessage exploit: Operation Triangulation

iMessage 0 click vulnerability
Credit: Securelist

This complex attack involved multiple stages, including JavaScript exploits, intricately coded with around 11,000 lines, and the manipulation of JavaScriptCore‘s memory. The exploit aimed to gain control over the entire physical memory of the device, using techniques such as Pointer Authentication Code bypass and hardware memory-mapped I/O registers.

One notable aspect of the attack was the use of an unknown hardware feature in Apple-designed SoCs, which allowed attackers to write data to a specific physical address, bypassing hardware-based memory protection. This feature, seemingly unused by the firmware, raised questions about its origin and purpose, with Kaspersky guessing it might have been intended for debugging or testing purposes.

The researchers accordingly revealed their intent to share these technical details to encourage collaboration among iOS security researchers, seeking confirmation of their findings and potential explanations for how attackers might have discovered and utilized this mysterious hardware feature.

The Operation Triangulation attack chain stands out not only for its technical sophistication but also for the collaboration between security researchers to shed light on its intricacies. Smartphone security remains a critical concern and understanding and addressing such advanced exploits are essential to safeguarding your data and privacy.


[ad_2]
Source link

Chinese Hackers Exploit New Zero-Day in Barracuda’s ESG

0
[ad_1]

Barracuda Email Security Gateway (ESG) Appliance has been discovered with an Arbitrary code Execution vulnerability exploited by a China Nexus threat actor tracked as UNC4841.

Additionally, the vulnerability targeted only a limited number of ESG devices. 

However, Barracuda has deployed a security update to all the active ESGs to address this vulnerability, and has been automatically applied to all the devices, which does not require any action from the user.

The new vulnerability has been assigned to CVE-2023-7102, and the severity is yet to be categorized.

Chinese Hackers Exploit New Zero-Day

This vulnerability exists due to using a third-party library, “Spreadsheet::ParseExcel,” in the Barracuda ESG appliances.

This open-source third-party library is vulnerable to arbitrary code execution that can be exploited by sending a specially crafted Excel email attachment to the affected device.

The Chinese Nexus threat actors have been using this vulnerability to deploy new variants of SEASPY and SALTWATER malware to the affected devices.

However, Barracuda has patched these vulnerabilities accordingly. Moreover, Barracuda stated, “Barracuda has filed CVE-2023-7102 about Barracuda’s use of Spreadsheet::ParseExcel which has been patched”.

Another vulnerability, CVE-2023-7101, affected the same spreadsheet: ParseExcel, and no patches or updates were available.

Nevertheless, both of these vulnerabilities were associated with a previously discovered vulnerability, CVE-2023-2868, that was exploited by the same threat group in May and June 2023.

Furthermore, a complete report about these vulnerabilities, along with additional information, has been published, which provides detailed information about this vulnerability and the previously discovered vulnerabilities.

Indicators of Compromise

MalwareMD5 HashSHA256File Name(s)File Type
CVE-2023-7102 XLS Document2b172fe3329260611a9022e71acdebca803cb5a7de1fe0067a9eeb220dfc24ca56f3f571a986180e146b6cf387855bddads2.xlsxls
CVE-2023-7102 XLS Documente7842edc7868c8c5cf0480dd98bcfe76952c5f45d203d8f1a7532e5b59af8e330 6b5c1c53a30624b6733e0176d8d1acddon.xlsxls
CVE-2023-7102 XLS Documente7842edc7868c8c5cf0480dd98bcfe76952c5f45d203d8f1a7532e5b59af8e330 6b5c1c53a30624b6733e0176d8d1acdpersonalbudget.xlsxls
SEASPY7b83e4bd880bb9d7904e8f553c2736e3118fad9e1f03b8b1abe00529c61dc3edf da043b787c9084180d83535b4d177b7wifi-servicex-executable
SALTWATERd493aab1319f10c633f6d223da232a2734494ecb02a1cccadda1c7693c45666e1 fe3928cc83576f8f07380801b07d8bamod_tll.sox-sharedlib

Network IOCs

IP AddressASNLocation
23.224.99.24240065US
23.224.99.24340065US
23.224.99.24440065US
23.224.99.24540065US
23.224.99.24640065US
23.225.35.23440065US
23.225.35.23540065US
23.225.35.23640065US
23.225.35.23740065US
23.225.35.23840065US
107.148.41.146398823US

[ad_2]
Source link

Samsung is readying Galaxy M15 with a huge battery

0
[ad_1]

Earlier this month, Samsung launched the Galaxy A15 as its latest affordable 5G smartphone. The company is now readying an M series equivalent of the device, aptly called the Galaxy M15. Like its predecessors, it should mostly be a rebadged Galaxy A15 with a few changes. As expected, the most notable change will be a bigger battery than the A series model.

Samsung’s Galaxy M15 will pack a huge battery

Samsung launches budget and mid-range Android smartphones under three different lineups—A, M, and F series. Some models are mostly rebadged versions of the same device, while others share fewer similarities. For example, this year’s Galaxy A14 and Galaxy M14 have the same design and pack pretty much the same specs. On the other hand, the Galaxy A54 and Galaxy M54 have a lot of dissimilarities, including the display and cameras.

However, despite varying strategies across different price points, Samsung has always packed bigger batteries inside M series phones. The Galaxy A14, Galaxy A34, and Galaxy M54 all have 6,000mAh batteries. Their A series equivalents feature 5,000mAh units. It appears that won’t change with the next-gen models. SamMobile reports that the Galaxy M15 will feature a 6,000mAh battery, 1,000 mAh more than the newly launched Galaxy A15.

The publication doesn’t have any other information about the upcoming M series phone. However, since it is expected to be a rebadged Galaxy A15, we may already have a fair idea about its spec sheet. The latter device sports a 6.5-inch Super AMOLED display with a 90Hz refresh rate and 800 nits brightness. It is available in 4G/LTE and 5G connectivity options, powered by MediaTek’s Helio G99 and Dimensity 6100+ chipsets, respectively.

You get up to 8GB of RAM, 256GB of storage, a triple rear camera setup headed by a 50MP primary shooter, a 13MP front camera, a 3.5mm headphone jack, a side-mounted capacitive fingerprint scanner, 25W wired charging, Wi-Fi 5, and Bluetooth 5.3. It remains to be seen whether the Galaxy M15 keeps everything unchanged or if Samsung decides to tweak a few things. The Galaxy A15 runs Android 14 out of the box and will get four major Android OS updates.

The new phone might debut after the Galaxy S24 flagships

Samsung debuted the Galaxy M14 about two months after the Galaxy A14. Based on this, we might not see the Galaxy M15 go official anytime soon. The company may unveil it sometime in February next year. Ahead of that, Samsung has a big launch event coming up for the Galaxy S24 series. The new flagships are expected to break cover on January 17, 2024. We should get to know more about the upcoming budget phone soon.


[ad_2]
Source link

Google might anger a lot of Google Maps users with rumored upcoming change

0
[ad_1]

Google may take away the Google Maps Driving Mode, come 2024, per a new report.

Code tinkerers at 9to5Google decompiled the latest version of the Google app and discovered some code snippets that indicate Google will kill off the Driving Mode in February 2024.

When using Google Maps for navigation, a black bar appears at the bottom when you start driving, with an option for summoning the Assistant on the left and a dashboard on the right that lets you listen to podcasts, make calls, and send messages.

In short, it’s a quick way of doing other stuff while your driving. A string in the new version of the Google app says “This view is going away in February,” and “To call, message, or play media while navigating, tap the mic to use Assistant.” The changes are not live yet.
Previously, Google had shut down the Assistant Driving Mode in 2022, claiming that most people preferred using the Maps Driving Mode. That was a dashboard powered by the Assistant and provided quick access to navigation, audio controls, and calling and texting shortcuts. 

Now that the Maps Driving Mode is apparently being taken away, it’s possible that Google Maps users will be encouraged to use the Google Maps navigation mode. It’s a relatively new and faster voice input method with visual feedback.

In short, it appears that Google wants people to use their voice for issuing commands when they are driving, probably because the company thinks it’s safer to keep your eyes on the road at all times when you are driving instead of flicking your gaze to your phone’s screen.

Users who are more comfortable using the good old touch controls might not be happy with this change though.


[ad_2]
Source link

Apple’s iPhone Hack Attack Warnings Spark Political Firestorm in India

0
[ad_1]

Apple warned Indian opposition figures and journalists of possible state-backed hacking last year, causing tension with the government questioning the claims and pressuring Apple to soften them.

In October 2023, Apple sent notifications to some Indian opposition politicians and journalists warning them that their iPhones might be targeted by state-sponsored attackers. This triggered a strong reaction from the Indian government, which accused Apple of interfering in the country’s internal affairs and questioned the accuracy of its warnings.

Now, Indian officials, as reported by the Washington Post, pressured Apple to soften the language of the notifications and even summoned a company security expert for a meeting in New Delhi. Apple, on the other hand, has maintained that its notifications are based on credible evidence and that it does not attribute hacking attempts to specific governments.

The individuals who received Apple’s hacking warnings and subsequently posted about them on social media shared a common characteristic: they were critical of Prime Minister Modi’s government.

An investigation into the phone of journalist Anand Mangnale, who was examining Modi ally Gautam Adani, revealed the presence of Pegasus spyware, developed by the Israeli company NSO Group. While Apple did not explicitly attribute the attacks to the Indian government, Pegasus is typically sold to governments and government agencies.

The report further reveals that India’s ruling political party has neither confirmed nor denied the use of Pegasus to spy on journalists and political opponents. However, instances of critics being infected with Pegasus spyware have been previously reported, with a 2021 investigation revealing the presence of the spyware on the phones of individuals with a history of opposing and criticizing Modi’s government.

It is worth noting that if and when Apple suspects a user’s iPhone is being targeted by malicious threat actors or by a state-backed cyber attack, the company has a multi-pronged approach to warn the user. This includes threat notifications, security recommendations, email and iMessage alerts.

1. Threat Notification:

  1. This is the most prominent method. A banner and alert appear on the user’s device when they sign in to appleid.apple.com.
  2. The alert clearly states that they “may be targeted by state-sponsored attackers trying to remotely compromise your iPhone.”
  3. It avoids specifying the attacker’s origin but offers general advice on security measures.
Apple's iPhone Hack Attack Warnings Spark Political Firestorm in India

2. Email and iMessage Notifications:

  1. Apple sends emails and iMessages to all email addresses and phone numbers associated with the user’s Apple ID.
  2. These notifications mirror the information in the web-based alert, reiterating the potential state-backed attack and suggesting security steps.

3. Security Recommendations:

  • Both the web-based and email/iMessage notifications provide general security advice, such as:
    • Updating devices to the latest software with security patches.
    • Enabling two-factor authentication for Apple ID and other critical accounts.
    • Reviewing iCloud settings and disabling access to non-essential apps.
    • Changing passwords for important accounts.

It is also important to note that Apple doesn’t share specific details about the attackers or the attack methods to protect their sources and investigations. These notifications are triggered by specific indicators observed by Apple, but not all targeted users may receive one. Receiving a notification doesn’t necessarily mean your iPhone is compromised, but it’s a cautionary flag to take serious security measures.

Hack alert vs. Apple lockdown mode

It is also important to differentiate that while threat notifications alert users of cyberattacks, Apple Lockdown mode goes one step further by providing extreme protection against sophisticated digital threats by restricting certain functionalities like FaceTime, web browsing, and message attachments.

The Lockdown mode is also Primarily for individuals facing confirmed or imminent high-level cyber threats, such as journalists, activists, or dissidents. Nevertheless, the alleged involvement of Indian authorities in pressuring Apple to downplay the political impact of its hacking warnings, particularly targeting individuals critical of the Modi government.

The use of Pegasus spyware, known for its association with governments and government agencies, also raises concerns about potential state-sponsored surveillance of journalists and political opponents in India and elsewhere.

  1. QuaDream: Israeli Cyber Mercenary Behind iPhone Hacks
  2. Android Version of Sophisticated Pegasus Spyware Discovered
  3. iPhones of 9 State Dept officials hijacked by NSO Pegasus spyware
  4. Did Saudi Crown Prince use Israeli spyware to hack Jeff Bezos’s iPhone?
  5. iPhones of 36 Al Jazeera journalists hacked with NSO’s zero-click spyware

[ad_2]
Source link

We have more leaked specs of the Nothing Phone (2a)

0
[ad_1]

We’re all following rumors and leaks of the upcoming Nothing Phone (2a). So far, it looks like this is going to be a pretty neat device. After a pretty big leak just a few days ago, we have more leaked specs on this upcoming mid-range phone.

The Nothing Phone (2a) is expected to make an appearance at MWC 2024, which is only a few months away. This phone is going to be the less powerful counterpart to the Nothing Phone (2), but it looks like it’s still going to be a pretty capable device. Previous rumors point to this phone sporting a 6.7-inch FHD+ (1084 x 2412) OLED display with a 120Hz refresh rate.

Under the hood, this phone could be using the MediaTek Dimensity 7200 SoC. That’s a mid-range SoC, but it still has some punch to it. If Nothing was able to make the Nothing Phone (1) run smoothly (it uses the Snapdragon 778G+), then you should expect good performance from the Dimensity 7200.

As for the camera package, it looks like this phone will use the same camera package found in the other Nothing Phones. So, it might have two 50MP cameras on the back with 4K video recording. As for the selfie camera, we’re looking at a 32MP shooter.

We have more leaked specs of the Nothing Phone (2a)

This next leak comes from leaker Roland Quandt, and it’s short and sweet. In a post on X, he says that the Nothing Phone (2a) will come in two RAM configurations, and those are 8GB and 12GB. That’s interesting, as there are much more expensive phones that don’t go as high as 12GB of RAM. As for the storage options, the 8GB variant could come with 128GB of storage. The 12GB version could have 256GB of storage. So, the latter will be the more premium model.

The leak also refers to the possible colors that this phone will come in, and they’re pretty boring. This phone could come in both white and black; that’s it.

Moving onto the price, the leak points to the phone being under $400. Previous leaks say that the Nothing Phone (2a) will start at $399.99. So, that could be the price for the 8GB/128GB variant. We don’t have information on the price for the more premium variant, but it’ll likely be between $449 and $499.


[ad_2]
Source link

Expect Bigger TVs at CES 2024, LG announces 98″ QNED Mini LED TV

0
[ad_1]

LG is pre-announcing a lot of the new products that it will show off (and re-announce) at CES 2024 next month, including its new lineup of QNED TVs. One of the TVs that caught our eye was the new 98-inch QNED Mini LED TV. And it pretty much confirms the trend that we were expecting to see at CES in January – that is, even larger TVs becoming normal.

A few other TV makers already have TVs over 100-inches, but now we’re starting to see larger TVs with more premium panels like Mini LED.

LG isn’t saying a whole lot about this TV just yet; we’d expect to see more of that at CES in January. As always, LG’s press conference is first thing in the morning on press day – that’s 8 AM PT on January 8, 2024. But we do know that the entire QNED TV series for 2024 will be powered by the alpha 8 AI processor, which will improve on its predecessor with a 1.3-fold increase in AI performance, a 2.3-fold enhancement in graphic performance, and a processing speed that is 1.6 times faster.

In addition to the eye-catching 98-inch size, LG will also be offering QNED TVs in 43, 50, 55, 65, 75, and 86-inch screen sizes.

LG is promising five years of software updates

This isn’t something we normally talk about with TVs; it’s more of a hot-button topic for smartphones. But LG is going to update your TV for the next five years. It’s the new webOS Re:New program, which will not only offer upgrades to the latest version of the webOS Smart TV platform but also make your TV feel like it’s brand new all over again.

What makes this even more impressive is that this is not just for the 2024 QNED TV models. But it is also going to be available for the QNED Mini LED 8K TV models that were launched in 2022 – that’s the QNED99 and QNED95 series. It will also be extended to additional models in the QNED TV lineup worldwide in the future.

Now you’ll be able to buy an LG TV and not worry about it feeling sluggish or out of date in a year or two.


[ad_2]
Source link

Google Pixel 8 series cameras are more expensive to replace

0
[ad_1]

As per teardown videos, the current-generation Pixel 8 and Pixel 8 Pro are quite difficult to repair. Google’s latest flagships come with seven years of Android OS updates. The search giant previously announced access to spare parts for the Pixel 8 duo for the same duration to align with the software policy commitment. Now, the pricing of the Pixel 8 and Pixel 8 Pro’s repair parts has been revealed with the camera components seeing a significant price hike.

Pixel 8 and 8 Pro cost of repair parts reveal costlier cameras than their predecessors

Google’s official repair partner iFixit has listed genuine spare parts on its official website for the Pixel 8 and Pixel 8 Pro phones. The list of parts includes the screen, back panel (in all three colors), battery, and cameras.

The Pixel 8 has 50MP wide and 12MP ultra-wide-angle cameras which is the same as last year’s model. The cost of a spare wide-angle sensor has received a significant hike of $53. Users will need to shell out $142.99 compared to $89.99 on the Pixel 7. The ultra-wide sensor costs $62.99 which is also expensive by $20.

Pixel 8 series camera repair parts prices
Pixel 8 camera repair parts prices

Meanwhile, the Pixel 8 Pro’s entire triple rear camera setup is priced at $199.99. That’s a $47 price increase from the Pixel 7’s spare camera unit which costs $152.99. The Pixel 8 Pro has a 50MP OIS-enabled wide sensor, a 48MP telephoto lens, and a 48MP ultra-wide-angle unit.

The cost of other spare parts

The price for the replacement screen on the Pixel 8 and Pixel 8 Pro has gone up by $20 and $17 respectively compared to their predecessors. It now costs $159.99 (from $139.99) on the standard variant and $229.99 ($212.99) on the pro model. The cost of spare battery remains the same on both smartphones. Additionally, the front camera is priced at $42.99 whereas the rear case on the Pixel 8 and 8 Pro retails at $142.99 and $172.99 respectively.


[ad_2]
Source link