NoGoolag
4.79K subscribers
23K photos
13.2K videos
852 files
22.3K links
Live free!

📡 @NoGoolag

FAQ:
http://t.me/NoGoolag/169

★Group:
https://t.me/joinchat/nMOOE4YJPDFhZjZk

📡 @Libreware

📚 @SaveAlexandria

📡 @BallMemes

FORWARDS ARE NOT ENDORSEMENTS

💯 % satire OSRET
Download Telegram
The FBI wanted to unlock the San Bernardino shooter’s iPhone. It turned to a little-known Australian firm.

Azimuth unlocked the
iPhone at the center of an epic legal battle between the FBI and Apple. Now, Apple is suing the company co-founded by one of the hackers behind the unlock.

The iPhone used by a terrorist in the San Bernardino shooting was unlocked by a small Australian hacking firm in 2016, ending a momentous standoff between the U.S. government and the tech titan Apple.

Azimuth Security, a publicity-shy company that says it sells its cyber wares only to democratic governments, secretly crafted the solution the FBI used to gain access to the device, according to several people familiar with the matter. The iPhone was used by one of two shooters whose December 2015 attack left more than a dozen people dead.

The identity of the hacking firm has remained a closely guarded secret for five years. Even Apple didn’t know which vendor the FBI used, according to company spokesman Todd Wilder. But without realizing it, Apple’s attorneys came close last year to learning of Azimuth’s role — through a different court case, one that has nothing to do with unlocking a terrorist’s device.

Five years ago, Apple and the FBI both cast the struggle over the iPhone as a moral battle. The FBI believed Apple should help it obtain information to investigate the terrorist attack. Apple believed that creating a back door into the phone would weaken security and could be used by malicious actors. The FBI sought a court order to compel Apple to help the government. Weeks later, the FBI backed down after it had found an outside group that had a solution to gain access to the phone.

http://telegra.ph/The-FBI-wanted-to-unlock-the-San-Bernardino-shooters-iPhone-It-turned-to-a-little-known-Australian-firm-04-14

via www.washingtonpost.com

#usa #fbi #apple #iphone
📡@cRyPtHoN_INFOSEC_FR
📡
@cRyPtHoN_INFOSEC_EN
📡
@cRyPtHoN_INFOSEC_DE
📡
@BlackBox_Archiv
📡
@NoGoolag
Apple’s AirDrop leaks users’ PII, and there’s not much they can do about it

Apple has known of the flaw since 2019 but has yet to acknowledge or fix it.

AirDrop, the feature that allows Mac and iPhone users to wirelessly transfer files between devices, is leaking user emails and phone numbers, and there's not much anyone can do to stop it other than to turn it off, researchers said.

AirDrop uses Wi-Fi and Bluetooth Low Energy to establish direct connections with nearby devices so they can beam pictures, documents, and other things from one iOS or macOS device to another. One mode allows only contacts to connect, a second allows anyone to connect, and the last allows no connections at all.

A matter of milliseconds

To determine if the device of a would-be sender should connect with other nearby devices, AirDrop broadcasts Bluetooth advertisements that contain a partial cryptographic hash of the sender's phone number and email address. If any of the truncated hashes matches any phone number or email address in the address book of the receiving device or the device is set to receive from everyone, the two devices will engage in a mutual authentication handshake over Wi-Fi. During the handshake, the devices exchange the full SHA-256 hashes of the owners' phone numbers and email addresses.

Hashes, of course, can't be converted back into the cleartext that generated them, but depending on the amount of entropy or randomness in the cleartext, they are often possible to figure out. Hackers do this by performing a "brute-force attack," which throws huge numbers of guesses and waits for the one that generates the sought-after hash. The less the entropy in the cleartext, the easier it is to guess or crack, since there are fewer possible candidates for an attacker to try.

The amount of entropy in a phone number is so minimal that this cracking process is trivial since it takes milliseconds to look up a hash in a precomputed database containing results for all possible phone numbers in the world. While many email addresses have more entropy, they too can be cracked using the billions of email addresses that have appeared in database breaches over the past 20 years.

https://arstechnica.com/gadgets/2021/04/apples-airdrop-leaks-users-pii-and-theres-not-much-they-can-do-about-it

#apple #mac #iphone #airdrop #vulnerability
📡 @nogoolag 📡 @blackbox_archiv