Category: Iphone

How to Set Up a VPN On iPhone

If you value your security and privacy, then a VPN is an absolute necessity. A VPN, or virtual private network, stops others (even your internet service provider) from snooping on your online activity by routing all your internet traffic through a secure, encrypted tunnel. VPNs work especially well for guaranteeing that you’re protected even when using unsecured public Wi-Fi networks, too.

And nowadays, with all of us using our mobile devices more than ever before to get online, it is essential that our cell phones are equipped with a VPN so we can be fully protected on the go.

How can I set up a VPN on my iPhone?

There are two ways to accomplish this. The first method — and the one that will be most suitable for the majority of people — is to choose a VPN provider and then download and install its app from the Apple App Store. In general, the process will be super easy and the installer will guide you through any settings that you may need to configure.

Take VPN Proxy One Pro for example. The setup process simply couldn’t be any easier. Within minutes of downloading the app from the App Store (click here to do this, by the way), your iPhone will be protected by world-leading encryption and you’ll be free to connect to the internet safely, even on public Wi-Fi networks.

Button_Get VPN Proxy One Pro

The second method, which is outlined below, is only recommended for those who are a little more tech-savvy. This option is perfect for people who want more control over their VPN experience and don’t mind putting in the extra time and effort to get it. This method allows you to choose which protocol you use as well as customize other settings, but it does require some additional knowledge.

But before we explain the second method, we need to quickly talk about VPN protocols…

What are the VPN protocols natively supported by iOS?

Before you can manually set up a VPN on your iPhone, you’ll need to select which VPN protocol you wish to use. Here are the ones that natively work with iOS:

L2TP

L2TP (Layer 2 Tunneling Protocol) is a type of tunneling protocol. Because L2TP does not offer any encryption on its own, it is normally paired with IPSec (see below). The two technologies form an excellent partnership and together provide great security. It is not as fast as some other options, however.

IKEv2

Just like L2TP, IKEv2 (Internet Key Exchange version 2) also doesn’t offer any encryption of its own, so must also be paired with IPSec. It is faster than L2TP and works particularly well with mobile devices because it can easily move between connection types (Wi-Fi to a cellular network, for example). Although it was jointly developed by Microsoft and Cisco, it is still natively supported by iOS.

IPSec

IPSec (Internet Protocol Security) is also natively supported by iOS and can be used on its own as a VPN protocol.

How to manually set up a VPN on iPhone

Once you’ve decided on which protocol to use, to manually configure a VPN on iOS, go to Settings > General > VPN > Add VPN Configuration > Type. From here, you can select either IKEv2, IPSec, or L2TP (which actually comes with IPSec, even though it isn’t made clear).

After selecting the VPN protocol type, you will need to fill out the other details. Most of the additional information should be available on the VPN provider’s website, either in your account settings or in the online documentation, but if you are unsure of where to find anything, it is best to contact them directly.

Once you’ve filled in all the required information, click Done in the right-hand corner and you’re good to go!

Stay connected, stay secure

If you, like most of us, rely on your mobile device to stay connected, then the value that a VPN offers simply cannot be understated. With everyone using their mobile devices for so much these days — email, social media, online shopping, etc. —when it comes to protecting our sensitive data and safeguarding our privacy, VPNs are effectively essential.

Regardless of how you go about setting up your VPN on your iPhone — whether you choose to just quickly download and install the app or configure each of the settings individually, VPN Proxy One Pro is a truly excellent choice. Click the button below to read more about it.

Button_Get VPN Proxy One Pro

Source : https://news.trendmicro.com/2021/11/04/how-to-set-up-a-vpn-on-iphone/

First Malware Designed for Apple M1 Chip Discovered in the Wild

One of the first malware samples tailored to run natively on Apple’s M1 chips has been discovered, suggesting a new development that indicates that bad actors have begun adapting malicious software to target the company’s latest generation of Macs powered by its own processors.

While the transition to Apple silicon has necessitated developers to build new versions of their apps to ensure better performance and compatibility, malware authors are now undertaking similar steps to build malware that are capable of executing natively on Apple’s new M1 systems, according to macOS Security researcher Patrick Wardle.

Wardle detailed a Safari adware extension called GoSearch22 that was originally written to run on Intel x86 chips but has since been ported to run on ARM-based M1 chips. The rogue extension, which is a variant of the Pirrit advertising malware, was first seen in the wild on November 23, 2020, according to a sample uploaded to VirusTotal on December 27.

“Today we confirmed that malicious adversaries are indeed crafting multi-architecture applications, so that their code will natively run on M1 systems,” said Wardle in a write-up published yesterday. “The malicious GoSearch22 application may be the first example of such natively M1 compatible code.”

While M1 Macs can run x86 software with the help of a dynamic binary translator called Rosetta, the benefits of native support mean not only efficiency improvements but also the increased likelihood of staying under the radar without attracting any unwanted attention.

mac0s-malware

First documented in 2016, Pirrit is a persistent Mac adware family notorious for pushing intrusive and deceptive advertisements to users that, when clicked, downloads and installs unwanted apps that come with information gathering features.

For its part, the heavily obfuscated GoSearch22 adware disguises itself as a legitimate Safari browser extension when in fact, it collects browsing data and serves a large number of ads such as banners and popups, including some that link to dubious websites to distribute additional malware.

Wardle said the extension was signed with an Apple Developer ID “hongsheng_yan” in November to further conceal its malicious content, but it has since been revoked, meaning the application will no longer run on macOS unless attackers re-sign it with another certificate.

Although the development highlights how malware continues to evolve in direct response to both hardware changes, Wardle warned that “(static) analysis tools or antivirus engines may struggle with arm64 binaries,” with detections from industry-leading security software dropping by 15% when compared to the Intel x86_64 version.

GoSearch22’s malware capabilities may not be entirely new or dangerous, but that’s beside the point. If anything, the emergence of new M1-compatible malware signals this is just a start, and more variants are likely to crop up in the future.

Source :
https://thehackernews.com/2021/02/first-malware-designed-for-apple-m1.html

New Bluetooth Vulnerability Exposes Billions of Devices to Hackers

hacking bluetooth devices

Academics from École Polytechnique Fédérale de Lausanne (EPFL) disclosed a security vulnerability in Bluetooth that could potentially allow an attacker to spoof a remotely paired device, exposing over a billion of modern devices to hackers.

The attacks, dubbed Bluetooth Impersonation AttackS or BIAS, concern Bluetooth Classic, which supports Basic Rate (BR) and Enhanced Data Rate (EDR) for wireless data transfer between devices.

“The Bluetooth specification contains vulnerabilities enabling to perform impersonation attacks during secure connection establishment,” the researchers outlined in the paper. “Such vulnerabilities include the lack of mandatory mutual authentication, overly permissive role switching, and an authentication procedure downgrade.”

Given the widespread impact of the vulnerability, the researchers said they responsibly disclosed the findings to the Bluetooth Special Interest Group (SIG), the organization that oversees the development of Bluetooth standards, in December 2019.

The Bluetooth SIG acknowledged the flaw, adding it has made changes to resolve the vulnerability. “These changes will be introduced into a future specification revision,” the SIG said.

The BIAS Attack

For BIAS to be successful, an attacking device would need to be within the wireless range of a vulnerable Bluetooth device that has previously established a BR/EDR connection with another Bluetooth device whose address is known to the attacker.

The flaw stems from how two previously paired devices handle the long term key, also known as link key, that’s used to mutually authenticate the devices and activate a secure connection between them.

The link key also ensures that users don’t have to pair their devices every time a data transfer occurs between, say, a wireless headset and a phone, or between two laptops.

The attacker, then, can exploit the bug to request a connection to a vulnerable device by forging the other end’s Bluetooth address, and vice versa, thus spoofing the identity and gaining full access to another device without actually possessing the long term pairing key that was used to establish a connection.

Put differently, the attack allows a bad actor to impersonate the address of a device previously paired with the target device.

What’s more, BIAS can be combined with other attacks, including the KNOB (Key Negotiation of Bluetooth) attack, which occurs when a third party forces two or more victims to agree on an encryption key with reduced entropy, thus allowing the attacker to brute-force the encryption key and use it to decrypt communications.

Devices Not Updated Since December 2019 Affected

With most standard-compliant Bluetooth devices impacted by the vulnerability, the researchers said they tested the attack against as many as 30 devices, including smartphones, tablets, laptops, headphones, and single-board computers such as Raspberry Pi. All the devices were found to be vulnerable to BIAS attacks.

The Bluetooth SIG said it’s updating the Bluetooth Core Specification to “avoid a downgrade of secure connections to legacy encryption,” which lets the attacker initiate “a master-slave role switch to place itself into the master role and become the authentication initiator.”

In addition to urging companies to apply the necessary patches, the organization is recommending Bluetooth users to install the latest updates from device and operating system manufacturers.

“The BIAS attacks are the first uncovering issues related to Bluetooth’s secure connection establishment authentication procedures, adversarial role switches, and Secure Connections downgrades,” the research team concluded. “The BIAS attacks are stealthy, as Bluetooth secure connection establishment does not require user interaction.”

Source :

https://thehackernews.com/2020/05/hacking-bluetooth-vulnerability.html

Zero-Day Warning: It’s Possible to Hack iPhones Just by Sending Emails

Watch out Apple users!

The default mailing app pre-installed on millions of iPhones and iPads has been found vulnerable to two critical flaws that attackers are exploiting in the wild, at least, from the last two years to spy on high-profile victims.

The flaws could eventually let remote hackers secretly take complete control over Apple devices just by sending an email to any targeted individual with his email account logged-in to the vulnerable app.

According to cybersecurity researchers at ZecOps, the bugs in question are remote code execution flaws that reside in the MIME library of Apple’s mail app—first, due to an out-of-bounds write bug and second, is a heap overflow issue.

Though both flaws get triggered while processing the content of an email, the second flaw is more dangerous because it can be exploited with ‘zero-click,’ where no interaction is required from the targeted recipients.

8-Years-Old Apple Zero-Days Exploited in the Wild

According to the researchers, both flaws existed in various models of iPhone and iPad for the last 8 years since the release of iOS 6 and, unfortunately, also affect the current iOS 13.4.1 with no patch yet update available for the regular versions.

What’s more worrisome is that multiple groups of attackers are already exploiting these flaws—for at least 2 years as zero-days in the wild—to target individuals from various industries and organizations, MSSPs from Saudi Arabia and Israel, and journalists in Europe.

“With very limited data, we were able to see that at least six organizations were impacted by this vulnerability – and the full scope of abuse of this vulnerability is enormous,” the researchers said.

“While ZecOps refrain from attributing these attacks to a specific threat actor, we are aware that at least one ‘hackers-for-hire’ organization is selling exploits using vulnerabilities that leverage email addresses as the main identifier.”

iphone hacking zero-day exploit

According to the researchers, it could be tough for Apple users to know if they were targeted as part of these cyber-attacks because it turns out that attackers delete the malicious email immediately after gaining remote access to the victims’ device.

“Noteworthy, although the data confirms that the exploit emails were received and processed by victims’ iOS devices, corresponding emails that should have been received and stored on the mail-server were missing. Therefore, we infer that these emails were deleted intentionally as part of an attack’s operational security cleanup measures,” the researchers said.

“Besides a temporary slowdown of a mobile mail application, users should not observe any other anomalous behavior.”

To be noted, on successful exploitation, the vulnerability runs malicious code in the context of the MobileMail or maild application, allowing attackers “to leak, modify, and delete emails.”

However, to remotely take full control over the device, attackers need to chain it together with a separate kernel vulnerability.

Though ZecOps hasn’t mentioned any detail on what kind of malware attackers have been using to target users, it did believe that attackers are exploiting the flaws in combination with other kernel issues to successfully spy on their victims.

Beware! No Patch Yet Available

Researchers spotted in-the-wild-attacks and discovered the related flaws almost two months ago and reported it to the Apple security team.

At the time of writing, only the beta 13.4.5 version of iOS, released just last week, contains security patches for both zero-day vulnerabilities.

For millions of iPhone and iPad users, a public software patch will soon be available with the release of the upcoming iOS update.

Meanwhile, Apple users are strongly advised to do not to use their smartphones’ built-in mail application; instead, temporarily switch to Outlook or Gmail apps.

In a piece of separate news, we today reported about another in-the-wild iPhone hacking campaign where Chinese hackers have been caught targeting Uyghur Muslims with exploit iOS chains and spyware apps.

 

Source :
https://thehackernews.com/2020/04/zero-day-warning-its-possible-to-hack.html
Exit mobile version