Loading...

iPhones remotely compromised: iOS security is more broken than you think

75,430 views

Loading...

Loading...

Transcript

The interactive transcript could not be loaded.

Loading...

Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Sep 16, 2019

For over two years, 14 critical zero-day vulnerabilities in Apple's iOS have been weaponized into 5 privilege-escalating zero-click exploit chains that have remotely and completely taken over hundreds of thousands of iPhones. Apple's response? Not a big deal. This was just "narrow" "targeted" campaign.

Support independent content by donating Monero or Bitcoin

Monero: 84DYxU8rPzQ88SxQqBF6VBNfPU9c5sjDXfTC1wXkgzWJfVMQ9zjAULL6rd11ASRGpxD1w6jQrMtqAGkkqiid5ef7QDroTPp

Bitcoin: 1HkDxXAVDFhBHSyRjam5WW5uoY88sxn5qz

You can block scripts to prevent browser exploitation with:
NoScript Security Suite: https://www.youtube.com/watch?v=AC4AL...
uBlock Origin tutorial: https://www.youtube.com/watch?v=2lisQ...


The exploits have been in some way used from at least September 2016 and the attackers were supporting their exploit chains since at least iOS 10.0.1 until 12.1.4. Infected users would immediately have all of their data from their devices uploaded to remote servers and updates sent every 60 seconds.

The data collected would include location, device model, keychain, name and serial number, phone number, contacts, messages, attachments, notes, list of installed apps, recordings, photos, files, call history, passwords and container directories of every app on the device.

The implant had a hardcoded list of apps from which it always uploaded plain-text data to the attacker controlled servers. Among the selected apps were: Gmail, Facebook, Skype, Telegraph, WhatsApp and others.

Sources
[1] https://techcrunch.com/2019/08/29/goo...
[2] https://googleprojectzero.blogspot.co...
[3] https://googleprojectzero.blogspot.co...
[4] https://www.vice.com/en_us/article/7x...
[5] https://arstechnica.com/information-t...
[6] https://www.wired.com/story/ios-attac...
[7] https://www.apple.com/newsroom/2019/0...
[8] https://arstechnica.com/information-t...
[9] https://www.forbes.com/sites/thomasbr...
[10] https://techcrunch.com/2019/08/31/chi...
[11] https://techcrunch.com/2019/09/06/app...
[12] https://www.reuters.com/article/us-ch...
[13] https://www.britannica.com/topic/Uighur
[14] https://www.nytimes.com/2019/05/22/wo...
[15] https://www.cyberscoop.com/apt3-nsa-t...
[16] https://googleprojectzero.blogspot.co...
[17] https://googleprojectzero.blogspot.co...
[18] https://googleprojectzero.blogspot.co...
[19] https://googleprojectzero.blogspot.co...
[20] https://www.wired.com/story/imessage-...
[21] https://arstechnica.com/information-t...
[22] https://googleprojectzero.blogspot.co...
[23] https://www.wired.com/story/imessage-...
[24] https://www.wired.com/story/android-z...
[25] https://www.cyberscoop.com/zerodium-a...
[26] https://www.chicagotribune.com/nation...
[27] https://www.cyberscoop.com/pwn2own-ch...
[28] https://www.cyberscoop.com/ios-bug-bo...
[29] https://www.volexity.com/blog/2019/09...

Credits
Music by: CO.AG Music https://www.youtube.com/channel/UCcav...

Follow me:
https://twitter.com/The_HatedOne_
https://www.bitchute.com/TheHatedOne/
https://www.reddit.com/r/thehatedone/
https://www.minds.com/The_HatedOne

The footage and images featured in the video were for critical analysis, commentary and parody, which are protected under the Fair Use laws of the United States Copyright act of 1976.

Loading...

Advertisement
When autoplay is enabled, a suggested video will automatically play next.

Up next


to add this to Watch Later

Add to

Loading playlists...