'Hacking Team' Data Breach Confirms Firm's Ability to Infiltrate Jailbroken iPhones

Discussion in 'Politics, Religion, Social Issues' started by MacRumors, Jul 6, 2015.

  1. MacRumors macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    Cybersecurity firm Hacking Team experienced a data breach earlier today, resulting in 400 GB of its documents being leaked onto the Internet, reports The Guardian. The documents confirm Hacking Team's ability to infiltrate and monitor jailbroken iPhones on behalf of government law enforcement agencies like the NSA, as noted by Macworld.

    [​IMG]
    Hacking Team's software would need to be installed on a jailbroken iPhone, but the firm has the ability to jailbreak and infect a phone with its software via a malware-infected trusted computer the phone is connected to. In the firm's pricing list [PDF, requires Chrome], it's revealed hacking an iOS device costs EUR50,000 ($55,242) and includes "features" like Skype, WhatsApp and Viber chats, location, contacts and lists of calls. However, this service also includes a prerequisite of a jailbroken iPhone.

    Hacking Team uses a legitimate Apple enterprise signing certificate, which is used by corporations to create software that can easily be installed on employee devices, combined with jailbroken iOS devices to bypass iOS app installation protections. Additionally, Hacking Team developed the ability to create a malicious Newsstand app that could capture keystrokes and install monitoring software.

    Last year, researchers working independently of each other at Kaspersky Lab and Citizen Lab discovered components of Hacking Team's tools and how they were used by government agencies to steal data from mobile devices, but the full extent of the software hadn't been confirmed until now.

    Data breaching software and Apple devices have been in the news before, most famously in last year's celebrity iCloud data breach, where it was discovered that hackers were using ElcomSoft Phone Password Breaker, software intended for government and law agencies, to steal usernames and passwords to access iCloud backups.

    While much of the discussion around government agencies and citizen data has revolved around mass collection, Hacking Team's software is designed to attack individual devices rather than a vast network. It's likely that the exploits detailed in Hacking Team's documents will be addressed and patched up in future iOS and Mac software updates.

    Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

    Article Link: 'Hacking Team' Data Breach Confirms Firm's Ability to Infiltrate Jailbroken iPhones
     
  2. Shadow Runner macrumors regular

    Joined:
    Jun 14, 2010
    #2
    It's a good thing Apple keeps making iOS more capable. I have less and less reason to jailbreak as they keep updating it.
     
  3. jmh600cbr macrumors 6502a

    jmh600cbr

    Joined:
    Feb 14, 2012
    #3
    That all sounds awful until you realize that you need an infected computer to make it happen
     
  4. furi0usbee macrumors 68000

    furi0usbee

    Joined:
    Jul 11, 2008
    Location:
    MA
  5. AngerDanger, Jul 6, 2015
    Last edited: Jul 6, 2015

    AngerDanger macrumors 68030

    AngerDanger

    Joined:
    Dec 9, 2008
    #5
    hqdefault.jpg

    Get back into your folder and just be glad I can't delete you… without a jailbreak.
     
  6. hfletcher macrumors 6502

    hfletcher

    Joined:
    Oct 10, 2008
    Location:
    UK
    #6
    So.... you're only actually vulnerable if you happen to have a Jailbroken iPhone and a computer that is also infected with their malware.

    Pretty unlikely scenario?
     
  7. furi0usbee macrumors 68000

    furi0usbee

    Joined:
    Jul 11, 2008
    Location:
    MA
    #7
    LOL @ Newstand. I want to know the one guy who uses that on a daily basis.
     
  8. Benjamin Frost Suspended

    Benjamin Frost

    Joined:
    May 9, 2015
    Location:
    London, England
    #8
    Yes.

    MacFormat magazine.
     
  9. OldSchoolMacGuy Suspended

    OldSchoolMacGuy

    Joined:
    Jul 10, 2008
    #9
    I've been saying we've been selling this to the government for years and no one seemed to care. Why is this news now? Been making tons off of this since 2008.
     
  10. Even Longer macrumors 6502

    Even Longer

    Joined:
    Dec 12, 2012
    Location:
    Head of a pin
    #10
    Aren't these guys got hacked themselves yesterday?
    'Hacking team' went to 'Hacked team' and now they still claim some ability?!

    Pathetic!
     
  11. jdogg836 macrumors regular

    jdogg836

    Joined:
    Jul 28, 2010
    Location:
    Oklahoma
    #11
    One of the arrogant members of that team was running his mouth on twitter this morning, stoking the fire even more. He was threatening the hackers who breached the data. Cool thing about all of the tools they have being released is within a few days, all the major anti-virus companies can update their software to find and remove this crap.
     
  12. lkrupp macrumors 6502a

    Joined:
    Jul 24, 2004
    #12
    It means the average user has absolutely nothing to worry about. It means you need to be targeted specifically by a professional. Your ex-boyfriend isn’t going to be able to do this. Neither will your nerdy cousin.
     
  13. rictus007 macrumors regular

    Joined:
    Oct 12, 2011
    #13
    I wonder if it is a Mac or a regular PC
     
  14. AngerDanger macrumors 68030

    AngerDanger

    Joined:
    Dec 9, 2008
    #14
    A team that got hacked themselves is able to hack iOS. That seems more ominous than if the team was super competent and secure themselves.
     
  15. Rigby macrumors 601

    Joined:
    Aug 5, 2008
    Location:
    San Jose, CA
    #15
    Not necessarily. There are several components:

    - Hacking Team's sniffing app can be installed on any iOS device because it is signed with a valid enterprise certificate.
    - To give the app full access to the data on the phone, the phone needs to be jailbroken.
    - Hacking Team offers malware for OS X and Windows that can jailbreak a phone that is connected to the computer, provided that the computer has pairing keys (the device has previously been connected to it). The malware could get on the computer e.g. via phishing or other means.
     
  16. JeffyTheQuik macrumors 68020

    JeffyTheQuik

    Joined:
    Aug 27, 2014
    Location:
    Charleston, SC and Everett, WA
    #16
    Which is *exactly* why I stopped jailbreaking when I put my credit cards on the phone.
     
  17. KALLT macrumors 601

    Joined:
    Sep 23, 2008
    #17
    Goes to show in what vulnerable position you are putting yourself by loading software from questionable sources with such far going access rights. Immature hackers with a unhealthy level of grandeur and flawed allegiances could ultimately be the downfall of an otherwise dedicated jailbreak community.
     
  18. JeffyTheQuik macrumors 68020

    JeffyTheQuik

    Joined:
    Aug 27, 2014
    Location:
    Charleston, SC and Everett, WA
    #18
    I'd like to meet the guy that uses it twice.

    Once is bad enough.
     
  19. Dargoth, Jul 6, 2015
    Last edited: Jul 6, 2015

    Dargoth macrumors regular

    Dargoth

    Joined:
    Oct 27, 2014
    #19
    I'm sorry... I can't remember exactly, but I believe I used it twice. :( I'd like to meet the guy who uses it thrice.
     
  20. RangerXML macrumors regular

    Joined:
    Jul 4, 2009
    #20
    Looks like someone forgot to change the root p/w...

    Step 1. Jailbreak

    Step 2. Change the root p/w.
     
  21. Swift macrumors 65816

    Swift

    Joined:
    Feb 18, 2003
    Location:
    Los Angeles
    #21
    Which is why, frankly, I don't care. Time for warrants to be given to hack the digital life of anyone for whom there is probable cause to believe is committing a crime, or terrorism. You know that police did not used to routinely get a warrant to wiretap? If you commit crimes on the Internet, and you certainly can, your privacy is not a right.
     
  22. WannaGoMac macrumors 68000

    Joined:
    Feb 11, 2007
    #22
    Is that a white macbook in the Guardian article image? Wow!
     
  23. MacMulti macrumors regular

    Joined:
    Mar 20, 2013
    #23
    With great power comes greater responsibility and even greater risk.
     
  24. cocky jeremy macrumors 68040

    cocky jeremy

    Joined:
    Jul 12, 2008
    Location:
    Columbus, OH
    #24
    "If we physically take your phone, run 10 laps around a building, all while connecting you to our single laptop, we can infect your iPhone!"
     
  25. Paradoxally macrumors 65816

    Joined:
    Feb 4, 2011
    #25
    Apple Pay does not become less secure when jailbreaking, just like Touch ID.
     

Share This Page