Recently NBC News ran a hysterical hacking story suggesting that you'll be hacked within minutes when you step off the plane in Russia. Now a security researcher involved in the story, Kyle Wilhoit, is disputing how it was presented. Trend Micro:
NBC News would have you believe that the life expectancy of a MacBook Air or Android phone at the Winter Olympic Games is roughly zero, at least when it comes to it being hacked and your financial and other personal information stolen. Anyone with a base level of technical knowledge at all would recognize it as complete and utter bullshit the minute they saw it. Sadly, as many of us who got contacted by concerned family members know, it's far too easy to scare everyone else. Robert Graham of Errata Security calls the report "100% fraudulent":
Evernote, the popular cross-platform note-taking service, has issued a global password reset for all users following the discovery of suspicious activity described as a coordinated attempt to gain access to their system. In an email sent out by the company, Evernote said:
Sweden-based Micro Systemation recently demonstrated on video just how easily their desktop software for military and law enforcement can crack into an iPhone. With a few quick reboots, XRY can not only dig out the phone's unlock code, but can also personal data, GPS locations, messages, and a log of keystrokes.
Iconic iPhone hacker George Hotz was hired at Facebook a while back. That didn't seem to work out very long as he's no longer there. What's he up to these days? It appears he's back to hacking and coding. This time he's with a brand new startup as well.
So if you've jailbroken your iPhone, installed SSH, and still haven't changed your password from the default despite our previous warnings about Dutch Ransomers and Australian Rickrollers? Maybe you thought those were just funny (as seen in this video from iPhoneMVP)? Well now things have gotten more serious -- there's a new attack making the rounds that just plain steals your data.
For iPhone Jailbreakers using SSH to access their devices, but who haven't changed their password from the default, getting Rickrolled by a worm may be annoying, no worse than getting held for ransom by a hacker, but it's a sign that far more insidious and malicious attacks are possible -- so change those passwords now!
Pwn2Own is a hacking contest which in previous years demanded OS exploits on day one, allowed browser vectors on day two (how OS X was compromised last year -- thanks Safari!), and opened the floodgates with 3rd party bugware on day three. First person to successfully hack a machine won it as a prize, along with a nice cash bounty for their troubles.
This year, Ars Technica says Pwn2Own is doing something a little different: they're bringing in the mobiles!
We had sort of been expecting that the iPhone 3G would be more difficult to unlock because it would be impossible to walk out of a store without signing a contract and activating the iPhone. We all know how that worked out on launch day -- iPhones were flying about unactivated anyway. Honestly, given that the 2.0 software has already been fully pwned (read: opened up, jailbroken, made to serve the whims of hackers everywhere), the early unlocking really should be no surprise.