Showing posts sorted by relevance for query jailbroken. Sort by date Show all posts
Showing posts sorted by relevance for query jailbroken. Sort by date Show all posts

Facebook Application For iOS & Android Have Security-Hole Which Allows Identity Theft

Posted by Avik Sarkar On 4/09/2012 12:38:00 pm

Facebook Application For iOS & Android Have Security Hole Which Allows Identity Theft 
Facebook users again under risk.  Recently a new security vulnerability found in Facbook application for iOS & Facebook application for Android. Researcher app developer Gareth Wright, who discovered the issue, said it comes down to Facebook’s native apps for the two platforms not encrypting your login credentials, meaning they can be easily swiped over a USB connection, or more likely, via malicious apps. Facebook has responded that this issue only applies to compromised or jailbroken devices. Means if you are using a jailbroken iOS device or a rooted Android device then your identity can easily be theft. Wright copied the hash and tested a few FQL queries. "Sure enough, I could pull back pretty much any information from my Facebook account. As of the 1st of May 2012 these tokens run out after 60 days but aside from that a simple .Net tool could easily snaffle this info and grab a fair whack of confirmed email addresses and marketing info.
“Not good, but then I had to wonder what the Facebook app stored. Popping into the Facebook application directory I quickly discovered a whole bunch of cached images and the com.Facebook.plist. “What was contained within was shocking. Not an access token but full oAuth key and secret in plain text. Surely though, these are encrypted or salted with the device ID. Worryingly, the expiry in the plist is set to 1 Jan 4001!" 
“Facebook’s iOS and Android applications are only intended for use with the manufacture provided operating system, and access tokens are only vulnerable if they have modified their mobile OS (i.e. jailbroken iOS or modded Android) or have granted a malicious actor access to the physical device,” a Facebook spokesperson said in a statement. “We develop and test our application on an unmodified version of mobile operating systems and rely on the native protections as a foundation for development, deployment and security, all of which is compromised on a jailbroken device. As Apple states, ‘unauthorized modification of iOS could allow hackers to steal personal information … or introduce malware or viruses.’ To protect themselves we recommend all users abstain from modifying their mobile OS to prevent any application instability or security issues.”
As for the USB connection scenario, Facebook says there’s no way to fix this problem. Note that in this case it doesn’t matter if your device is jailbroken or not, because whoever is doing the deed has physical access to your phone or tablet.




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Latest iPad Jailbroken Immediately After Release

Posted by Avik Sarkar On 3/21/2012 04:26:00 am

Latest iPad Jailbroken Immediately After Release 
The new iPad tablet was released by Apple on Friday but yet again the same history repeated. Though in this release Apple forbids installing applications it has not approved, but hackers have found ways to "jailbreak" devices, or modify the code to allow unauthorized programs from alternative application stores such as Cydia.  But  fail to stop the hacker. The much-awaited device. Reportedly, the next-generation iPad was jailbroken within three hours of its market release on March 16. "Musclenerd," a member of the iPhone Dev Team, posted a screenshot on Twitter on Mar. 16 showing how he got root access on the latest Apple tablet. Another member, Stefan Esser, or @i0nic, posted a video showing an untethered jailbreak for his third-generation iPad. Finally, Grant Paul, or @chpwn, disclosed a third method to get root on the new iPad. There are three different methods to jailbreak the latest Apple iOS 5.1 software, and videos and screenshots posted over the weekend showed the hacks, according to the Dev-Team, which developed the first jailbreak tool.
In January, the tool Absinthe A5 was released, which could jailbreak both the iPhone 4S and iPad running software versions just before iOS 5.1. It took about 10 months to develop due to the difficulty the hacking group GreenPois0n found in trying to find a way to exploit the A5 processor. On the other hand, Apple is very strict about the control it exerts over its products, and iOS device owners have no choice but to buy and use software and content through Apple’s channels without a jailbreak. So it comes down to each users’ preferences: is it better to break the control and run the risk, or stay within Apple’s relatively safe walled garden with fewer choices?




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Amazon Kindle Touch (Kindle OS 5) Has been JailBroken

Posted by Avik Sarkar On 12/16/2011 01:32:00 pm



Recently release Kindle Touch has been JailBroken. Yifan Lu, freelance developer found vulnerability Kindle OS 5 and he has exploited Kindle Touch of Amazon. Although it might look completely innocuous due to the e-ink display, the Kindle Touch is a relatively complex device. At the core of the device is an operating system built around HTML5 and Javascript. Unfortunately, the engineers at Amazon left some gaping holes in the system, allowing for a straight-forward XSS (cross site scripting) attack vector to be used. By embedding HTML and JS calls into an MP3, Yifan Lu was able to hook into undocumented debug functions in order to execute code at root level. Not only did Amazon leave a function that allowed any process to be spawned as root, they also didn’t bother to sanitize inputs when reading the ID3 tag for display. With root access, a simple SSH package was created and pushed, providing unfettered access to the device.
Yifan Fu is encouraging other developers to start writing plugins for the device. Open formats such as ePub or Mobi can be supported as well. While apps and games are a possibility, the e-ink display will really limit the possibilities due to the slower refresh rate, lack of color as well as lack of multitouch.



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

New Browser-based iOS 'jailbreak' (Based on PDF exploit)

Posted by Avik Sarkar On 7/07/2011 11:49:00 am


Hackers have once again released a "jailbreak" for iOS devices that can be completed through the Mobile Safari Web browser, taking advantage of an exploit found in the operating system's PDF reader.
The hack can be accomplished by visiting the website jailbreakme.com on an iPhone, iPad or iPod touch. It is compatible with all of Apple's current iOS-powered mobile devices, including the iPad 2 and iPhone 4. The hack was developed by "comex," Grant "chpwn" Paul and Jay "saurik" Freeman, and is compatible with iOS 4.3 through 4.3.3 on all iPads, the iPhone 3GS, GSM iPhone 4, and third- and fourth-generation iPod touch. It also works with iOS 4.2.6 through 4.2.8 for the CDMA iPhone 4.
The official site tells visitors they can jailbreak their iOS device to experience the software "fully customizable, themeable, and with every tweak you could possibly imagine." Jailbreaking is the term used to describe hacking iOS to allow users to install custom software and tweaks not approved by Apple.
The site also refers to jailbreaking as "safe and completely reversible," as users can restore their iPhone or iPad to the original, unaltered iOS software by restoring with iTunes. But jailbreaking is also a warranty-voiding process that Apple has warned users carries security risks. In 2009, a worm spread only on jailbroken iPhones that had enabled SSH for file transfer and did not change the default password.
Last July, the U.S. government affirmed that the process of jailbreaking is considered legal, though Apple is under no obligation to support users who have issues with hacked software.
The new "jailbreakme" site also asks users: "Please don't use this for piracy." While software can be legally downloaded or even sold through the jailbreak-only "Cydia" store, jailbreaking can also be used to pirate software that is sold on Apple's App Store.
This week's new jailbreak method is the second time hackers have exploited a PDF-related security hole in the Mobile Safari browser. The previous hack, issued last August, relied on a corrupt font to crash Safari's Compact Font Format handler.
Ironically, hackers who exploited the PDF security hole in iOS last year also delivered their own security fix to address the very same issue on jailbroken devices. The patch aimed to ensure that dishonest hackers would not be able to utilize the exploit for malicious purposes.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

iOS 5 beta hacked within 24 hours after release

Posted by Avik Sarkar On 6/08/2011 06:02:00 pm


The next major version of Apple's iOS has been exploited less than a day after its beta release to developers. A member of the iPhone Dev Team--a group of hackers that targets Apple devices and is not to be confused with Apple's group that designs the iOS software--announced through a tweet last night that the developer beta release of iOS 5 was susceptible to limera1n, an exploit that targets a vulnerability in the iOS boot software.
As a result, iPhone Dev Team member "MuscleNerd" said that it was possible to install third-party application installer Cydia, which lets users download applications not offered through Apple's App Store. The device used was a fourth-generation iPod Touch running the beta of iOS 5, software Apple offered up to developers following yesterday's WWDC keynote address and iOS 5 unveiling. For proof, MuscleNerd has posted two photos of the jailbreak, one of which includes the iPod's home screen, which prominently feature the Cydia logo. Another is a screenshot from the third-party SSH iOS application, iSSH, which shows that root level access to the iPod's file system has been obtained. As ReadWriteWeb notes, the jailbreak technique that was used results in a tethered solution, meaning users are required to go through the process each time their phone reboots. The more advanced solution--and what has been offered for previous versions of iOS--is untethered, which sticks around until the next software update from Apple is manually applied. That Apple's brand new iOS build would be jailbroken so soon should not be too surprising. The gold master version of iOS 4, which was the same version of the software to ship on the iPhone 4, as well as to be delivered to customers as an update, was jailbroken a day after its release to developers.
Apple has said it intends to release a final version of iOS 5 to customers this fall. In the meantime, it's offering registered iOS developers a crack at testing out the software and working on making sure apps are compatible with its new features and APIs. When readying iOS 4 for customers, it took Apple four separate beta builds for developers before reaching golden master status and a final release. During that time, numerous changes are made, including bug and security fixes, giving Apple time to fix vulnerabilities ahead of a public release.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

PlayStation 3 Hacked Again (Jailbroken)

Posted by Avik Sarkar On 10/22/2011 02:24:00 pm


Reports suggest the PS3 has been opened up to piracy again via a new hack which takes the form of a successor to the original PSJailbreak. Dubbed JB2, Digital Foundry says the device is a USB dongle that plugs directly into the PS3 and circumvents its security measures, giving users access to a number of features only available on developer consoles and allowing for the installation of illegal or copied code.
Newer games released after the PS3 firmware 3.60 update that locked out previous piracy methods reportedly can't be played from the hard drive using JB2. Instead, they have to come in the form of burned Blu-ray discs, which the machine reads as authorised. With most of the evidence surrounding JB2 based on internet videos and unverified claims from sources, all talk of the device and its abilities remains speculative. However, the report goes on to say that JB2 is believed to have undergone a small launch in Indonesia - with a number of pirate games including PES 2012, God of War Collection Volume II and FIFA 12 made available - in preparation for a global rollout.

Video Demonstration:- 




-News Source (CVG)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

iPhone hacker Nicholas Allegra AKA Comex Hired By Apple

Posted by Avik Sarkar On 8/29/2011 05:46:00 pm


Apple just hired Nicholas Allegra, the world-famous hacker known as "Comex" who created JailbreakMe.com, the easiest way to "jailbreak" your iPhone.
Allegra posted on Twitter last night that he's starting an internship at Apple in two weeks.

Apple is no stranger to hiring members of the iPhone hacker community, but they seem to have hit the jackpot this time. Allegra is one of the most prolific and well known iPhone hackers.
JailbreakMe.com made the act of jailbreaking, which Apple hates, accessible to anyone who knows how to use the web browser on an iPhone. While Allegra has received mostly encouraging responses on Twitter, it's undoubtedly a huge blow to the iPhone hacking community at large. More than 175,000 people follow his Twitter account, which is more than many A-list celebrities can claim. In related news, in June Apple hired Peter Hajas, an iPhone hacker known for creating an elegant new notifications system for jailbroken iPhone.
If you can't beat em, hire em?

-News Source (Business Insider)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Skype Fixes Android App Vulnerability

Posted by Avik Sarkar On 4/25/2011 12:38:00 am

Skype has fixed the privacy vulnerability its Android application that allowed malicious apps to harvest user data.
The vulnerability has been addressed in the latest Skype for Android, Version 1.0.0.983, and the user data has been properly secured on the mobile device, Adrian Asher, chief information security officer at Skype, wrote on the Skype blog on April 20. The problem did not exist for Verizon customers.

Skype for Android was storing names, dates of birth, location information, account balances, phone numbers, email addresses and other biographic details in a nonencrypted and easily accessible file on the mobile device, Justin Case, an amateur Android developer, wrote on the Android Police blog on April 15. Any rogue app could have harvested the personal data as well as old instant messages from insecure database files, according to Case.

Android by default sandboxes applications so that data from one app can’t be accessed by another. In this case, Skype overwrote the default by assigning incorrect file-level permissions, Case said. The data-collecting app Case developed to demonstrate the vulnerability did not require any unusual permissions and worked on non-jailbroken Android devices.

“We have had no reported examples of any third-party malicious application misusing information from the Skype directory on Android devices,” Asher said.

Case confirmed that the updated version closed the security hole and that his sample rogue app no longer can access the information stored in the database, David Ruddock posted on the Android Police blog. Skype changed the permissions of the databases where the data was stored so that only the Skype app can access the information, Ruddock said.

Case noted that the database files were unencrypted in his original analysis. Skype did not respond to eWEEK’s requests for whether the data is encrypted in the new version.

Case originally discovered the issue in the beta version of Skype Video that had been released last week. The fix will be addressed when Skype launches the official version.

In addition to the security fix, Skype added the ability to make VOIP (voice over IP) calls over 3G data connections to the app, even for calls in the United States. The 3G calling feature in the app will not be supported for Android phones over the Verizon Wireless network because Verizon already allows 3G Skype calls, thanks to an exclusive partner agreement signed in 2010.

The Android app previously allowed users to only send instant messages or place calls using the phone’s existing service or over WiFi. With this new version, users can call anyone without using up any minutes on their calling plan because the calls are carried over the mobile data plan. Bypassing the mobile carrier is not entirely free, as users are still subject to Skype fees.

Major carriers have opposed the practice in the past, and only Verizon customers had Skype’s VOIP capability up until now. Even if users aren’t interested in 3G calls, they should upgrade just for the security fix.

Asher reminded users to download the app only from Skype or the official Android Market links to avoid malicious apps.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

A Tribute to The 10 Most Infamous Student Hackers of All Time

Posted by Avik Sarkar On 9/15/2012 04:01:00 pm

A Tribute to The 10 Most Infamous Student Hackers of All Time

Since last two years, we the VOGH team has been covering all the latest cyber security updates. But today lets do some thing different. One of our frequent reader and fan Katina Solomon has requested us to share a fantastic article. Everyday VOGH draws headlines of hackers around the world and their activities. While trying to maintain speed with time, we usually forgot our past. Today we will take you into the past, where we will discuss about those heroes, who are always been ill treated by the society & the system while revamping those heroes into cyber-criminals or infamous hackers. Its our question to our humanity "Did the system has done justice with them??" 
Hacking has always been inherently a young person’s game. The first usage of the word “hacker” was to describe pranksters meddling with the phones at MIT. Many hackers have cited boredom, a desire for change, or the thrill of going somewhere one is not supposed to go as their motivation for hacking, all of which could apply to scores of common activities on college campuses. While today’s hacking scene is dominated by large hacking groups like Anonymous and Masters of Deception, many of the greatest hacks ever have been pulled off by college, high school, and even middle school kids who rose to infamy armed only with a computer and the willingness to cross the bounds of legality.
  1. Sven Jaschan: In the words of one tech expert, “His name will always be associated with some of the biggest viruses in the history of the Internet.” The viruses: the Sasser and NetSky worms that infected millions of computers and have caused millions of dollars of damage since their release in 2004. The man behind the viruses proved to be not even a man at all, legally. Seventeen-year-old hacker Sven Jaschan, a student at a computer science school in Germany, claimed to have created the viruses to become a hero by developing a program that would eradicate the rampaging Mydoom and Bagle bugs. Instead he found himself the subject of a $250,000 bounty courtesy of Microsoft, for which some of his classmates turned him in.
  2. Jonathan James: In 2000, at the age of 16, James, or “C0mrade” as he was known in the hacker community, infamously became the first juvenile federally sentenced for hacking. The targets of his notorious hack jobs were a wing of the U.S. Department of Defense called the Defense Threat Reduction Agency, NASA, and the Marshall Space Flight Center in Huntsville, Ala. (By hacking the latter James gained the ability to control the A/C in the International Space Station.) All of these were pulled off “for fun” while James was still a student at Palmetto Senior High in Miami. Unfortunately, the fun ran out when James was tied into a massive identity theft investigation. Though insisting he was innocent, James took his own life, saying he had “no faith in the justice system.”
  3. Michael Calce: Yahoo. CNN. Ebay. Amazon. Dell.com. One by one in a matter of days, these huge websites crashed at the hands of 15-year-old Canadian high school student Michael Calce, aka “MafiaBoy.” Armed with a denial-of-service program he called “Rivolta” that overloaded servers he targeted, the young hacker wreaked $7.5 million in damages, according to court filings. Calce was caught when he fell victim to a common ailment of teenage boys: bragging. The cops were turned on to him when he began boasting in chat rooms about being responsible for the attacks. On Sept. 12, 2001, MafiaBoy was sentenced to a group facility for eight months on 56 counts of cybercrime.
  4. Kevin Mitnick: Before performing hacks that prompted the U.S. Department of Justice to declare him “the most wanted computer criminal in United States history,” Kevin Mitnick had already made a name for himself as a hacker in his school days, first at Monroe High School in LA and later at USC. On a dare, Mitnick connived an opening into the computer system of Digital Equipment Corporation, which some fellow hackers then used to steal proprietary source code from the company before ratting on him. While still on probation for that crime, Mitnick broke into the premises of Pacific Bell and had to go on the run from police in the aftermath, during which time he hacked dozens of systems, including those of IBM, Nokia, Motorola, and Fujitsu.
  5. Tim Berners-Lee: “Scandalous” is a synonym for “infamous,” and for this legendary computer scientist, knight of the British Empire, and inventor of the World Wide Web to have been a hacker in his school days is certainly a juicy factoid. During his time at Oxford in the mid-’70s, Sir Tim was banned from using university computers after he and a friend were caught hacking their way into restricted digital areas. Luckily by that time he already knew how to make his own computer out of a soldering iron, an old TV, and some spare parts. And also luckily for him, he will always be revered as the father of the Internet.
  6. Neal Patrick and the 414s: In the early ’80s, hacking was still a relatively foreign concept to most Americans. Few recognized the enormous power hackers could hijack with a few strokes on a keyboard, which explains why a young group of hackers known as the 414s (after a Milwaukee area code) were virtual celebrities after they hacked into the famous Los Alamos National Laboratory, the Memorial Sloan-Kettering Cancer Center, and elsewhere. While today hacking a lab where classified nuclear research is conducted could earn you a one-way ticket to Guantanamo, the 17-year-old ringleader and high school student Neal Patrick was on the cover of Newsweek. The group members got light sentences but prompted Congress to take a stronger role in cybercrime.
  7. Robert T. Morris: The first ever Internet worm, the Morris Worm derived its name from Cornell grad student Robert Tappan Morris. In 1988, Morris released the worm through MIT’s system to cover his tracks, which would seem to contradict his claims that he meant no harm with it. But that’s exactly what resulted: the worm spread out of control, infecting more than 6,000 computers connected to the ARPANET, the academic forerunner to the World Wide Web. The damages reached as high as an estimated $10 million, and Morris earned the ignominious distinction of being the first person prosecuted under the Computer Fraud and Abuse Act. Morris got community service but was apparently not considered too infamous to be offered his current job as a professor at MIT.
  8. George Hotz: To some, George Hotz (aka “geohot,” aka “million75,” aka “mil”) is a public menace, a threat to electronic businesses everywhere. To many, Hotz is a hero. The high-schooler shot to fame/infamy in 2007 at the tender age of 17 by giving the world its first hacked, or “jailbroken” iPhone. He traded it for a new sports car and three new iPhones, and the video of the hacking received millions of hits. Apple has had to grudgingly come to terms with jailbreaking, seeing as the courts have declared it legal, but Sony Corp. is definitely not OK with such tampering. When Hotz hacked his PlayStation 3 and published the how-to on the web, the company launched a vicious lawsuit against him. In turn, the hacker group Anonymous launched an attack on Sony, stealing millions of users’ personal info.
  9. Donncha O’Cearbhaill: According to the FBI, this 19-year-old freshman at Trinity College Dublin is one of the top five most wanted hackers in the world. Well, he was; now that he’s been arrested he’s not really “wanted” anymore. The Feds contend the young man is a VIP member of the Anonymous and LulzSec hacking groups that have already been mentioned and whose targets have included the FBI, the U.S. Senate, and Sony (in the Hotz backlash). It seems “Palladium” (O’Cearbhaill) took the liberty of listening in on a conference call between the FBI and several international police forces who were discussing their investigations of the hacking groups. He could be sentenced to up to 15 years in prison if convicted for that hack alone.
  10. Nicholas Allegra: Just as George Hotz moved on from the Apple hacking game, Brown University student Nicholas Allegra is also hanging up his jersey. “Comex,” as he is known to millions of rooted iPhone fans, created the simple-to-use Apple iOS jailbreaking program JailbreakMe in 2007 and has since released two newer versions of it. However, Comex seems to have gone over to the dark side, accepting an internship with the very company whose products he became famous exploiting. Still, Allegra’s hacking skills are so advanced (one author puts him five years ahead of the authors of the infamous Stuxnet worm that corrupted Iran’s nuclear facilities) and so many people availed themselves of his talents, he will forever live in hacking infamy.

We want to dedicate the above post to the legendary hacker, who left us -Jonathan James aka “C0mrade”. Also the post is a tribute to all the so called 'infamous hackers'. You are our heroes and inspiration, you will always be there in our soul. Team VOGH salutes you...... 


-Thank you Katina & Online Degrees




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search