Aug 27, 2019:
Apple has finally released an emergency fix for the iPhone after the tech-giant accidentally reopened a vulnerability.
Apple had accidentally let out an OS 12.4 release that enabled a current-generation iPhone to be jailbroken and therefore hacked.
Around 1.4 billion iPhone and iPad devices around the world are still operating on iOS 12.4.
I hope people are aware that with a public jailbreak being available for the latest iOS 12.4 people must be very careful what Apps they download from the Apple AppStore. Any such app could have a copy of the jailbreak in it.
— Stefan Esser (@i0n1c) August 19, 2019
Aug 21, 2019: Apple’s bad luck streak seems to be just going on and on as things have taken a turn for the worst.
It started with user-hostile iPhone batteries, to Face ID being hacked and iOS Code being exploited- twice! Not to forget iPhone 11 secrets revealed.
Now, researchers have bright forth the ‘KNOB Attack‘, which has impacted 1.4 billion iPhones and iPads all across the globe.
While the attack also took place on Android platforms, Google was quick enough to patch the problem and has already started the rollout out to devices. Whereas Apple users are not so lucky.
What Does Knob Stand For?
‘Key Negotiation of Bluetooth’ aka KNOB.
What is KNOB and How has it Impacted iOS Devices?
Bluetooth has an encryption key negotiation protocol that allows negotiating encryption keys with 1 Byte of entropy without protecting the integrity of the negotiation process.
However, remote attackers can manipulate the entropy negotiation to let any standard-compliant Bluetooth device negotiate encryption keys with 1 byte of entropy and then brute force the low entropy keys in real-time, reads the blog.
The researchers further explain:
We found and exploited a severe vulnerability in the Bluetooth specification that allows an attacker to break the security mechanisms of Bluetooth for any standard-compliant device.
As a result, an attacker is able to listen, or change the content of, nearby Bluetooth communication, even between devices that have previously been successfully paired.
this attack affects basically all devices that “speak Bluetooth”, we decided to coordinate public disclosure with industry to try to make sure that workarounds could be put in place.
Furthermore, the researchers have added:
We conducted KNOB attacks on more than 17 unique Bluetooth chips (by attacking 24 different devices).
At the time of writing, we were able to test chips from Broadcom, Qualcomm, Apple, Intel, and Chicony manufacturers. All devices that we tested were vulnerable to the KNOB attack.
“After we disclosed our attack to the industry in late 2018, some vendors might have implemented workarounds for the vulnerability on their devices. So the short answer is: if your device was not updated after late 2018, it is likely vulnerable. Devices updated afterward might be fixed.”
Unfortunately, Apple confirmed the “iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later”. Which means that every iOS 11 and iOS 12 compatible device dating back to 2013 are now vulnerable to it.
A patch was issued in iOS 12.4 (bug code CVE-2019-9506). However, iOS 12.4 contains a staggering exploit which allows hackers to remotely jailbreak your iPhones and install malicious code.
Stay tuned to Brandsynario for more news and updates.