{"id":125960,"date":"2020-12-04T06:42:13","date_gmt":"2020-12-04T03:42:13","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/pardon-the-intrusion-32-when-an-exploit-becomes-a-work-of-art\/"},"modified":"2020-12-04T06:42:13","modified_gmt":"2020-12-04T03:42:13","slug":"pardon-the-intrusion-32-when-an-exploit-becomes-a-work-of-art","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/pardon-the-intrusion-32-when-an-exploit-becomes-a-work-of-art\/","title":{"rendered":"#Pardon the Intrusion #32: When an exploit becomes a work of art"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a264abccc87e\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a264abccc87e\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/pardon-the-intrusion-32-when-an-exploit-becomes-a-work-of-art\/#Whats_trending_in_security\" >What\u2019s trending in security?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/pardon-the-intrusion-32-when-an-exploit-becomes-a-work-of-art\/#Data_Point\" >Data Point<\/a><\/li><\/ul><\/nav><\/div>\n<p>&#8220;<strong>#Pardon the Intrusion #32: When an exploit becomes a work of art<\/strong>&#8221;<\/p>\n<div>\n                            <strong><em>Subscribe to this bi-weekly <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">news<\/a>letter <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/tnw.to\/newsletter\">here<\/a>!<\/em><\/strong><\/p>\n<p><span>Welcome to the latest edition of Pardon The Intrusion, TNW\u2019s <\/span><a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/thenextweb.us1.list-manage.com\/track\/click?u=22ec88eb9b9d8bc3bcf660787&amp;id=37136e54f1&amp;e=0e200ae170\">bi-weekly newsletter<\/a> in which we explore the wild world of security.<\/p>\n<p><span>Google <\/span><a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Project_Zero\">Project Zero<\/a><span>\u2018s elite team of bug hunters needs no introduction.<\/span><\/p>\n<p><span>The white-hat hackers have been adept at finding <\/span>flaws in Android and iOS<span>, but this impressive <\/span><a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/googleprojectzero.blogspot.com\/2020\/12\/an-ios-zero-click-radio-proximity.html\">new disclosure<\/a><span> from Ian Beer beats everything that came before it.<\/span><\/p>\n<p><span>Beer spent six months of his lockdown single-handedly devising a method to remotely hijack iPhones, showing that with just a Raspberry Pi, off-the-shelf Wi-Fi adaptors that cost a total of $100, and a few lines of code, it\u2019s possible for a remote attacker to <\/span><a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/twitter.com\/i41nbeer\/status\/1333885229086412801\">gain complete control<\/a><span> of any iPhone in the vicinity.<\/span><\/p>\n<figure class=\"post-image post-mediaBleed aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter lazy\" width=\"480\" height=\"320\" data-file-id=\"59698\" src=\"https:\/\/mcusercontent.com\/22ec88eb9b9d8bc3bcf660787\/images\/5cea1bdc-4717-45e2-8293-60bec12bb494.gif\" data-lazy=\"true\"\/><\/figure>\n<p><span>What\u2019s more impressive is that it doesn\u2019t involve chaining multiple vulnerabilities together to fully control an iPhone, Beer <\/span><a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/thehackernews.com\/2020\/12\/google-hacker-details-zero-click.html\">explained<\/a><span> in a 30,000 word magnum opus.<\/span><\/p>\n<p><span>Rather, the exploit \u201cuses just a single memory corruption vulnerability to compromise the flagship iPhone 11 Pro device,\u201d permitting a baddie to \u201cview all the photos, read all the email, copy all the private messages, and monitor everything which h<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>ens on [the device] in real-time.\u201d<\/span><\/p>\n<p><span>The bugs that Beer found to develop this exploit chain have all been patched before the release of iOS 13.5 earlier this year.<\/span><\/p>\n<p><span>But as Beer wrote in his post, the takeaway here should be that \u201cone person, working alone in their bedroom, was able to build a capability which would allow them to seriously compromise iPhone users they\u2019d come into close contact with.\u201d<\/span><\/p>\n<p><span>Patrick Wardle, a senior security researcher at Jamf, called Beer\u2019s lockdown project a \u201c<\/span><a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/twitter.com\/patrickwardle\/status\/1333945335861768193\">work of art<\/a><span>.\u201d<\/span><\/p>\n<h3 class=\"h2 mso-font\"><span class=\"ez-toc-section\" id=\"Whats_trending_in_security\"><\/span><span>What\u2019s trending in security?<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Google\u00a0<span>Messages app for Android, <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">Facebook<\/a> patched a <\/span><a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/thehackernews.com\/2020\/11\/facebook-messenger-bug-lets-hackers.html\">critical issue<\/a><span> in its Messenger app for Android that could allow an attacker to eavesdrop on callers, and Twitter rolled out <\/span><a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/twitter.com\/TwitterSupport\/status\/1334229117978497024\">support for two-factor authentication<\/a><span> using physical security keys.<\/span><\/p>\n<ul>\n<li>\n<span>In a huge win for privacy and security, Google said it will add end-to-end encryption to its Messages app for Android, starting with one-on-one conversations between people using the app. [<\/span><a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/blog.google\/products\/messages\/helping-you-connect-around-world-messages\/\">Google<\/a><span>]<\/span>\n<\/li>\n<li>\n<span>Swiss lawmakers raised concerns following reports that an encryption company based in the country called Omnisec was allegedly used as a Trojan horse by the US and German intelligence agencies to spy on governments worldwide. [<\/span><a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/www.barrons.com\/news\/report-claims-cia-controlled-second-swiss-encryption-firm-01606477205\">AFP<\/a><span>]<\/span>\n<\/li>\n<li>\n<span>Facebook patched a <\/span><a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/thehackernews.com\/2020\/11\/facebook-messenger-bug-lets-hackers.html\">critical issue in its Messenger app<\/a><span> for Android that could have allowed a hacker to call you and start listening before you picked up the call. It\u2019s similar to a security flaw in FaceTime that Apple rushed to fix last year. [<\/span><a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/bugs.chromium.org\/p\/project-zero\/issues\/detail?id=2098\">Google Project Zero<\/a><span>]<\/span>\n<\/li>\n<li>\n<span>Researchers at the University of Leuven in Belgium found flaws in the keyless entry system of the Tesla Model X that would have allowed attackers to steal the car within just a few minutes. This is the third such attack demonstrated on Tesla\u2019s key fob. [<\/span><a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/www.imec-int.com\/en\/press\/belgian-security-researchers-ku-leuven-and-imec-demonstrate-serious-flaws-tesla-model-x\">IMEC<\/a><span>]<\/span>\n<\/li>\n<li>\n<span>Symantec researchers implicated Chinese threat actor APT10 (aka Stone Panda and Cicada) in a year-long effort to steal sensitive data from numerous Japanese companies and their subsidiaries. [<\/span><a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/symantec-enterprise-blogs.security.com\/blogs\/threat-intelligence\/cicada-apt10-japan-espionage\">Symantec<\/a><span>]<\/span>\n<\/li>\n<li>T<span>he hacking group known as APT32 or OceanLotus has unleashed a new macOS backdoor that provides the attackers with a window into the compromised machine, enabling them to snoop on and steal confidential information and sensitive business documents. [<\/span><a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/www.trendmicro.com\/en_us\/research\/20\/k\/new-macos-backdoor-connected-to-oceanlotus-surfaces.html\">Trend Micro<\/a><span>]<\/span>\n<\/li>\n<li>\n<span>Security engineer and bug hunter Ashar Javed is on a journey to find 365 security bugs in Microsoft Office 365. [<\/span><a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/www.vice.com\/en\/article\/akdene\/a-security-engineers-quest-to-find-365-bugs-in-microsoft-office-365\">Vice<\/a><span>]<\/span>\n<\/li>\n<li>\n<span>North Korean hackers tried to break British drug maker AstraZeneca\u2019s systems using LinkedIn and WhatsApp to send spoofed job offers laced with malware, as nation-state threat actors continue to target healthcare organizations working on COVID-19 vaccine research. [<\/span><a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/www.reuters.com\/article\/us-healthcare-coronavirus-astrazeneca-no\/exclusive-suspected-north-korean-hackers-targeted-covid-vaccine-maker-astrazeneca-sources-idUSKBN2871A2\">Reuters<\/a><span>]<\/span>\n<\/li>\n<li>\n<span>Just as the <\/span><a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/www.wired.com\/story\/covid-19-ios-apps-privacy\/\">privacy pitfalls<\/a><span> associated with Covid-related apps are coming to sharp focus, Australia\u2019s Inspector-<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/general\/\" data-internallinksmanager029f6b8e52c=\"3\" title=\"General\" target=\"_blank\" rel=\"noopener\">General<\/a> of Intelligence and Security (IGIS) found that the nation\u2019s spy agencies \u201cincidentally\u201d collected data from the country\u2019s COVIDSafe contact tracing app in its first six months of operation. But the data was not decrypted, accessed or used. [<\/span><a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/www.itnews.com.au\/news\/covidsafe-data-incidentally-collected-by-intelligence-agencies-in-first-six-months-558129\">iTnews<\/a><span>]<\/span>\n<\/li>\n<li>\n<span>Academics from Israel\u2019s Ben-Gurion University of the Negev described a new form of \u201ccyberbiological attack\u201d that could allow a malicious actor to compromise a biologist\u2019s computer to inject pathogenic sub-strings in DNA sequences and develop dangerous viruses and toxins. [<\/span><a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/www.zdnet.com\/article\/this-new-cyberattack-can-dupe-scientists-into-creating-dangerous-viruses-toxins\/\">ZDNet<\/a><span> \/ <\/span><a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/www.welivesecurity.com\/2020\/12\/01\/cyberattackers-could-trick-scientists-producing-toxins\/\">ESET<\/a><span>]<\/span>\n<\/li>\n<li>\n<span>Twitter added support for two-factor authentication using hardware security keys. [<\/span><a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/twitter.com\/TwitterSupport\/status\/1334229117978497024\">Twitter<\/a><span>]<\/span>\n<\/li>\n<li>\n<span>The past fortnight in data breaches, leaks, and ransomware: <\/span><a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/threatpost.com\/conti-iot-chip-advantech-ransom-demand\/161691\/\">Advantech<\/a><span>, <\/span><a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/investor.belden.com\/news-releases\/news-details\/2020\/Belden-Responds-to-Data-Incident-Notifies-Impacted-Current-and-Former-Employees-Business-Partners\/default.aspx\">Belden<\/a><span>, <\/span><a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/www.zdnet.com\/article\/brazilian-aerospace-firm-embraer-hit-by-cyberattack\/\">Embraer<\/a><span>, <\/span><a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/www.vpnmentor.com\/blog\/report-spotify-scam\/\">Spotify<\/a><span>, <\/span><a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/techcrunch.com\/2020\/11\/26\/us-fertility-ransomware-attack\/\">U.S. Fertility<\/a><span>, and the personal data of 16 million <\/span><a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/www.zdnet.com\/article\/personal-data-of-16-million-brazilian-covid-19-patients-exposed-online\/\">Brazilian COVID-19 patients<\/a><span>.<\/span>\n<\/li>\n<\/ul>\n<h3 class=\"h2 mso-font\"><span class=\"ez-toc-section\" id=\"Data_Point\"><\/span>Data Point<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span>According to cybersecurity firm Kaspersky\u2019s <\/span><a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/securelist.com\/it-threat-evolution-q3-2020\/99382\/\">IT Threat Evolution report<\/a><span> for Q3 2020, cybercriminals are resorting to distributing malware containing the names of popular streaming platforms to trick people into downloading them.<\/span><\/p>\n<p><a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/securelist.com\/it-threat-evolution-q3-2020\/99382\/\"><\/p>\n<figure class=\"post-image post-mediaBleed aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter lazy\" width=\"600\" height=\"477\" data-file-id=\"59710\" src=\"https:\/\/mcusercontent.com\/22ec88eb9b9d8bc3bcf660787\/images\/341b3a40-0062-4a0c-af4c-1b3d90b22adf.png\" data-lazy=\"true\"\/><\/figure>\n<p><\/a><br \/><span>\u201cTypically, backdoors and other Trojans are downloaded when people attempt to gain access through unofficial means \u2013 by purchasing discounted accounts, obtaining a \u2018hack\u2019 to keep their free trial going, or attempting to access a free subscription.\u201d<\/span><\/p>\n<p><span>Trojans accounted for 47.23% of all malicious programs disguised under the names of popular streaming platforms between January 2019 and 8 April 2020.<\/span><\/p>\n<p>That\u2019s it. See you all in two weeks. Stay safe!<\/p>\n<p><em>Ravie x TNW (ravie[at]thenextweb[dot]com)<\/em><\/p>\n<\/p><\/div>\n<p><script async src=\"\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener noreferrer\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/thenextweb.com\/newsletter\/2020\/12\/04\/pardon-the-intrusion-32-when-an-exploit-becomes-a-work-of-art\/\" target=\"_blank\" rel=\"noopener noreferrer\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;#Pardon the Intrusion #32: When an exploit becomes a work of art&#8221; Subscribe to this bi-weekly newsletter here! Welcome to the latest edition of Pardon The Intrusion, TNW\u2019s bi-weekly newsletter in which we explore the wild world of security. Google Project Zero\u2018s elite team of bug hunters needs no introduction. The white-hat hackers have been&#8230;<\/p>\n","protected":false},"author":1,"featured_media":125961,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/img-cdn.tnwcdn.com\/image\/tnw?filter_last=1&fit=1280,640&url=https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2019\/09\/ptl-newsletter-hed.png&signature=c4f12fef9a1a81c9ecf46fee2ba1a103","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[82630,73239,72287,70759,82631],"class_list":["post-125960","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology","tag-exploit-computer-security","tag-newsletter","tag-security","tag-tech","tag-tesla-model-x"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/125960","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=125960"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/125960\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/125961"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=125960"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=125960"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=125960"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}