https://www.forbes.com/sites/gordon...s-max-xr-problem-ipad-expensive-cost-upgrade/
Full 100% unencrypted data dumps. Yikes.
Full 100% unencrypted data dumps. Yikes.
Major iOS12 data vulnerability found
- Thread starter TI92
- Start date
OP
OP
Oh I'm sure they will. But the company hoarding te vulnerability are nothing but twats though.
Wonder if Apple would pay them to disclose the vuln
edit:
If they can't figure it out themselves obvs.
OP
OP
Apple usually pays in the 100s of thousands for these things so they must think they can make even more
The company claims it can recover data "from any iPhone". So their exploits are not limited to 12.
Couldn't agree more. Unfortunately sitting on this update. So the sooner the better.
I'm going to need more than Forbes blog signal-boosting PR to care about this. If they can actually do full backups of any iOS device, we'll see proof of that soon enough.
OP
OP
They should cash out while they can imo, won't take Apple long to find and patch this vuln I'd imagine.
We've had these discussions enough times in enough threads for me to understand you cannot fathom what a reliable source is. Witness you posting a Forbes contributor blog as the OP.
No. That was simple social engineering and bad passwords.
not even close. The fappening was all social engineering. There was no actual vulnerability.
OP
OP
It's been posted multiple times over the last week, I just posted this one since it was the newest one I saw :p
You are confusing security with privacy. Unless Google also needs access to your device and an exploit to mine all your data, of course, but I am doubtful that is how they work.
their post was disingenuous or ignorant.. but, that is apple's reasoning behind not allowing repairs.. i.e. that data stored on the SecureEnclave chip, internal private keys, etc become vulnerable by allowing 3rd party repairs. Now this doesn't necessarily invalidate that, AND may very possibly in fact validate that. We simply don't know, and DriverSavers likely isn't telling.
Shady governments pay millions for those.
This is a new approach but the principle is the same. iOS vulnerabilities have a lot of value.
Harsh reality is that bugs can and will continue to happen. No matter who, or with what end goal, makes the hard- and software. The fact that you need access to the device for most of these hacks to work is because of all the security build into handsets these days, that is the good news.
I definitely agree. I was just saying... we don't know where this falls in line with apple's stance on repairs and the reasoning for it.
but yes I agree. That they need your physical device, and that to our knowledge there still has never been an iCloud breach, is a very good thing. Also that this is being called (even by them) a data dump, and not a phone unlock is pretty interesting.
What about that takeaway is ignorant? The hardware lockouts were the cost of higher security. The way I'm reading it, DriveSavers found a way around that lockout. If data can still be retrieved from bricked devices aren't customers getting screwed in the tradeoff?
it's ignorant because this statement is 100% baseless and unfounded. No one knows what data is available, how it is dumped, or the manner at which it's done. Do they have access to biometrics and NFC payment data? Do they have access to phone-stored private keys? Or are they simply able to decrypt and access the NVRAM file system?
There are many different areas that are secured, and multiple mechanisms to work to secure. Without knowing what is vulnerable it's impossible to say that the steps apple takes to secure the device from 3rd party repair shops is the vulnerability being exploited or not. Thus it's either ignorant or intended to stir up phone war bullshit.
OP
OP
Well, because the phone unlock itself is crazy but the 100% usable data dump and recovery of that dump is the crazier thing imo
Forbes: Creepy New Android Malware Can Secretly Record Your Conversations.
Forbes: 500,000 Duped Into Downloading Android Malware Posing as Driving Games on Google Play
Forbes: Dangerous Banking Malware Discovered Lurking on Brand-New Android Phones
DriveSavers "can recover data from any Android device"
Yikes.
Forbes: 500,000 Duped Into Downloading Android Malware Posing as Driving Games on Google Play
Forbes: Dangerous Banking Malware Discovered Lurking on Brand-New Android Phones
DriveSavers "can recover data from any Android device"
Yikes.
OP
OP
Do not turn this post into a platform war or try to derail. This is specifically about an iOS vulnerability.
You know exactly what you're doing with these threads. It's fucking exhausting.
there is no phone unlock from this that has been mentioned... stop. as far as has been released, supposedly this is just a data dump. aka they've likely either gained access to the key used to encrypt the APFS on the device, or they found a vulnerability in APFS, or they're able to intercept the IO.. etc.. nothing mentioned indicates they can actually unlock a device.
OP
OP
https://www.macrumors.com/2018/11/27/drivesavers-ios-passcode-recovery-service/
it's an unlock, backup and restore "service".
Despite this, is there anything to suggest it's not an unlock? Could just be a faceID exploit.
It has nothing to do with phone wars. The conversation has nothing to do with comparison to Android, Windows, or whatever. Even in a situation where Apple's security chip could be seen as a huge positive like police trying to force your phone unlocked to incriminate you, if it's possible to have it done then what am I getting out of the war on 3rd party repairs? Datasavers didn't offer the scope of what can be recovered but if they are confident enough to charge almost $4000 for the service I'd assume it's something worthwhile. They are a reputable data recovery company. Not some sort of scene group.
usually when they start selling services... it's safe to assume it's legit. Granted most of the time there are asterisks a mile long as to what device/OS/version they can do shit on. In this case being they are saying any device and specifically stating extracting data.. my guess is it's a vulnerability present in APFS on iOS devices.. but that is just a guess.
and I agree with everything here. so let's not bring the "looks like apple stopping 3rd party blah blah blah" into this. It's 100% unnecessary and for all we know 100% unrelated.
Based on what I know about security. They could have found an exploit within the central commands of the device that regardless of unlocking the phone, they could have away to expose the developer mode or along these lines which grant access to modify permissions without access the device. Could be a brute force sort of attempt.
Just a though it all.
I know how to break into the developer mode with my phone unlocked only due to security courses I took. However I wonder if there is a way they were able to break this within a handshake attempt
OP
OP
Yeah that's what makes it weird, Datasavers has been the recommended Apple service by Apple themselves. Not sure what soured their relationship that they wouldn't disclose the vulnerability for cash payout.Looks like Apple has some leverage.
because when companies can offer unlocks, the advertise/announce/etc them as such.
data dumps are useful just for recovering data. unlocks essentially make a brick usable. that's a world of difference (And price).
I guess Apple just need to install a logging app on an iPhone and have them crack it. Reverse engineer that exploit
Whats even worse about this, is the company has been working with them for years. So for them to not work with apple makes me believe they have found a code at the root of the code, something at the base of ios12. Hopefully an update or patch can correct but when asking for that kind of money. Makes you wonder.