A new jailbreak has just been released that works across all iPhones, according to reports from Motherboard and TechCrunch.
- The jailbreak was reportedly made possible by a new vulnerability in Apple’s software that the company has not discovered yet.
- A jailbreak is a hack that makes it possible to overcome the iPhone’s security restrictions so that users can load apps and features that aren’t approved by Apple.
- Installing jailbreaks can pose security risks since doing so lifts Apple’s safeguards.
A vulnerability in Apple’s mobile software has made it possible for hackers to release a new iPhone jailbreak that supposedly works across all iPhones, according to Motherboard.
It’s the first time such a jailbreak that works so broadly at launch has surfaced since Apple launched its iOS 10 operating system in 2016, the report says. The jailbreak, known as unc0ver, should work on all iPhones that support iOS 11 and above, according to TechCrunch .
Apple did not immediately respond to Business Insider’s request for comment.
A jailbreak is a hack that makes it possible to overcome Apple’s security protocols so users can load onto their iPhones apps and software that the company hasn’t authorized. Jailbreaks were once very popular among iPhone owners that wanted to customize their devices, but they also pose serious security risks since they discard Apple’s built-in safety measures.
Apple has cracked down on jailbreaking in more recent iOS software updates, making them far less common.
The new jailbreak is the result of a zero-day vulnerability found in Apple’s iOS software, Motherboard reported. The term “zero-day” refers to a security flaw that has not yet been discovered.
Although jailbreaks are usually considered a security risk, the researcher who discovered the iOS vulnerability that makes the new jailbreak possible told Motherboard that Apple’s security mechanisms remained intact.
While the new jailbreak is said to be the first in years to work across all models right away, it’s not the first time jailbreaking has returned to the iPhone. Last August, Apple re-introduced a security vulnerability that would make jailbreaking possible , as Motherboard reported at the time. But that jailbreak worked on current and up-to-date iPhones, according to the report, while the new one is said to work across all models.
The news also comes as Apple has been investing more heavily in sourcing help from external cybersecurity experts and researchers through its bug-bounty program, which the company introduced in 2016.
For example, Apple updated its bug-bounty program in August to include a new million-dollar reward for researchers who can pull off a specific type of iPhone hack. The type of attack, known as a “zero-click full chain kernel execution attack with persistence,” gets to the core of Apple’s operating system and enables control of an iPhone without requiring any user interaction.
Domestic 5G development at core of US communications security plan
In late March, during the first phase of the coronavirus lockdown, the White House issued a little-noticed document entitled The National Strategy to Secure 5G of the United States, which articulates a “vision for America to lead the development, deployment, and management of secure and reliable 5G communications infrastructure worldwide, arm-in-arm with our closest partners and allies.” The document was the White House’s effort to comply with the Secure 5G and Beyond Act, which required the president to” develop a strategy to ensure the security of next generation mobile telecommunications systems and infrastructure in the United States.”[ Keep up with 8 hot cyber security trends (and 4 going cold). Give your career a boost with top security certifications: Who they’re for, what they cost, and which you need. | Sign up for CSO newsletters. ]
The Act also required the president to submit within 180 days an implementation plan developed in consultation with a host of government departments and agencies. In May, the Commerce Department’s National Telecommunications and Information Administration (NTIA) began a proceeding to receive comments on how it might implement the vision of the White House Strategy, with the comment period ending on June 25. Early this week, NTIA posted the comments it received from 80 organizations, corporations and interested individuals.
Key 5G security objectives
The seven-page White House document is a bare bones overview of strategic objectives, painting only broad-brush strokes on how to achieve the 5G security objectives it outlines. The goals of the strategy are to:
- Facilitate domestic 5G rollout: Pointing to an FCC strategy to facilitate American superiority in 5G technology, the National Strategy also aims to work with the private sector on more R&D to facilitate domestic 5G rollout.
- Assess the risks and identify core security principles for 5G infrastructure: The strategy says that in partnership with state, local and tribal governments as well as private sector partners, the government will “seek to continuously identify and characterize economic, national security, and other risks posed by cyber threats to and vulnerabilities in 5G.”
- Manage the economic and national security risks from the use of 5G infrastructure: The strategy primarily relies on the federal Acquisition Supply Chain Security Act of 2018, which “creates a unified, whole-of-government approach to protecting Federal systems from supply chain risks in covered articles” as well as Executive Order (E.O.) 13873, “Securing the Information and Communications Technology and Services Supply Chain,” signed in May 2019.
- Promote responsible global development and deployment of 5G infrastructure: The White House says the US will participate in international 5G security principles through frameworks, such as the Prague 5G Security Conference, and continue working with relevant standards-setting 5G organizations with the private sector. The administration also plans to “work with the private sector, academia, and international government partners to adopt policies, standards, guidelines, and procurement strategies that reinforce 5G vendor diversity to foster market competition.”
US aims to retake lead in 5G development
“It’s critically important that the United States and, on a broader level, the West get 5G right and lead the world in this development,” Senator Mark Warner (D-VA), Vice-Chair of the Senate Intelligence Committee, said this week during a webinar on 5G security strategy hosted by US Telecom. “Unfortunately, I would argue through a variety of twists and turns in the wireless industry over the past 20 years on the equipment side, we no longer have an American provider on 5G.”
The United States was “so used to leading in wireless; we’re so used to setting the rules, the protocols, the procedures, the standards,” Warner said. “Suddenly, over the last five to seven years, more specifically the last couple of years, we’ve seen that normal western and American-specific dominance really be questioned by an emerging China.”
Warner, who is well-versed in mobile technology and business, having founded a top wireless company, Nextel, that he later sold to Sprint, is particularly concerned right now by the Chinese communist party’s control over telecom technology. He worries even more about the precedent that China’s dominance in telecom technology might establish for future innovation.
“I fear what’s playing out in 5G is the blueprint for what will be happening with China in artificial intelligence, quantum computing, and a host of other areas,” he said.” It is a preview of what may be, in a sense, the technology arms race of the future.”
Software-dependent systems seen as more secure
One idea Warner embraces to improve 5G security is to “move away from a closed, hardware-dependent system and move to a software-dependent system” that plays to the strength of American companies. In particular, Warner is promoting a bill he introduced in January, the so-called O-RAN bill, which requests $1 billion in federal funds to invest in open radio access network technology. The goal of jumpstarting the software alternative is to help American companies develop technology that is price-competitive with Chinese telecom tech companies such as industry leader Huawei.
The good news for Warner is that the O-RAN bill was added to must-pass legislation, the National Defense Authorization Act, which will pass by the end of the year. The bad news, he said, is that the Senate appropriators dramatically cut back on his request, whittling R&D funding for the initiative down from $750 million to $50 million for the first year. Funding for collaboration with international partners was likewise slashed, down from a requested $500 million to only $25 million.
Meanwhile, NTIA is plowing through the 80 sets of comments it received on the White House strategy. Commenters range from telecom giant AT&T to New York City to concerned citizens worried over the latest conspiracy theory that 5G is a technology that will be used to control the people. NTIA hopes to soon produce a summary of the comments it has received, Evelyn Remaley, Associate Administrator, Office of Policy Analysis and Development, NTIA, said during the US Telecom webinar.
Samsung Update Warning For Millions Of Galaxy And Note Users
Apple recently recognized a serious iPhone problem with some iPhones requiring replacement hardware. And now the same fault appears to be affecting multiple generations of Samsung’s Galaxy smartphones around the world.
Spotted by the always-excellent SamMobile, a large number of Galaxy smartphones are suffering from a bizarre flaw in their displays where a green tint colors everything in a swampy hue (example below). Four generations of Galaxy flagship smartphones are currently impacted as threads appear across Samsung’s US, EU, and Indian support forums and it is currently unknown whether this can be fixed with software.
06/24 Update: SamMobile reports that Samsung has now started a mass roll out of its new One UI 2.1 software “in dozens of markets”. The software is for the last two years of Galaxy flagships and brings a mass of features including new quick sharing, AR functionality, filters, emoji and more. Samsung has hidden bug fixes in these updates before (see below) so I will be keeping a close eye on whether any display fixes have been found. Samsung has also confirmed to me that it is looking into the display problem and the large increase in new cases. If you want to test your Galaxy smartphone, it is best to do so in low light with very low screen brightness – that helps to identify borderline cases.
Impacted models include the Galaxy S8, Note 8, Note 9, S9, S9 Plus, Note 10 Lite, S10 Lite, S10 Plus and all Samsung’s current flagships: the Galaxy S20, S20 Plus and S20 Ultra. Sales of these smartphones top 100M units and though the scale of the problem remains unclear it is clear from the forums that this affects Galaxy smartphones shipped all over the world.
What ties this fault to Apple’s iPhone green tint problems? Samsung makes the displays. Interestingly, Samsung did quietly acknowledge this issue in April by rolling out a fix designed to address the problem in a limited number of Galaxy S20 models. Samsung didn’t actually list the fix in the release notes, but a number of affected users reported improvements. Unfortunately, this didn’t last long and the problem now appears to be spreading.
Pressure will now increase on Samsung to come clean about what is going on here. The problem appears to be most prevalent at low brightness (just like on iPhones), and it has started to affect multiple generations – sometimes after years without issues (just like on iPhones). Given Apple approved resellers have chosen to replace displays on some affected iPhones, a software fix may not be as easy as hoped.
I have contacted Samsung about these reports and will update this post when I know more.
Los Angeles-based Open Raven raises $15 million from KPCB for its security tech to secure hybrid clouds
Open Raven, the Los Angeles-based security startup founded by a team of cybersecurity veterans from CrowdStrike and SourceClear, has closed on $15 million in new financing only four months after emerging from stealth and in the middle of a pandemic.
The company already boasted an impressive roster of investors well-versed in enterprise software and cybersecurity including Upfront Ventures; Goldman Sachs’ chief information risk officer, Phil Venables; RSA’s former chief strategy officer, Niloofar Razi Howe; and the cybersecurity company Signal Sciences, whose chief executive, Andrew Peterson, is a Los Angeles native.
Now, the company has added to its haul with new capital and the cybersecurity expertise of Kleiner Perkins’ deep knowledge in the space through investors like Ted Schlein and Bucky Moore, who will be taking a seat on the company’s board of directors.
Investors’ confidence in Open Raven’s potential stems from the simple fact that a majority of all databases will be accessed from a cloud platform within the next two years, according to data from Gartner Inc. and provided by the company.
These databases may exist on several different service providers’ cloud computing platforms making it that much more difficult to secure and track the data as it’s accessed by different users. Put simply, data security tools weren’t built to handle this kind of data fluidity across multiple services. These instances of what Open Raven calls “data sprawl” can lead to misconfigurations that have become one of the biggest security threats, according to a study by TechCrunch’s parent company, Verizon.
“Today’s data security problem bears little resemblance to the historical challenges that drove the creation of the last generation of products,” said KPCB’s Moore, in a statement.
Co-founded by CrowdStrike’s former chief product officer, Dave Cole, and the founder of the open-source code monitoring service, SourceClear, Mark Curphey, Open Raven has a tool that monitors, maps and manages how data moves through an organization.
In the cloud-based computing environments that have become standard operating practice during the work-from-home era created by the COVID-19 pandemic, data is moving to an increasingly vast number of points outside of a centralized network.
As Cole told dot.la when his company first emerged from stealth, many security breaches are just “instances where an org simply lost control of what data they had where, and it ended up on the internet. And people found it before they did.”
Open Raven offers a free version of its service to map out networks and visualize where and how data moves. The core functionality will be available for free under an Apache 2.0 license, but there’s a premium version of the product where the company will provide additional services for paying customers.
“The transition to the cloud and out of physical data centers means that data stores change more quickly than ever before — leaving numerous unanswered questions,” said Dave Cole, co-founder and CEO of Open Raven, in a statement.
Tech News3 days ago
Google Pixel 5 XL leak reveals a massive redesign
Tech News3 days ago
4 years later, and ‘Pokémon Go’ players have spent nearly $4 billion on the wildly popular smartphone game
Systems3 days ago
Samsung launched its ‘Made in India’ Galaxy Watch Active 2 4G
The Future3 days ago
Samsung may remove chargers from some smartphones starting 2021
Internet4 days ago
Android 11 lets you not automatically connect to specific Wi-Fi networks
The Motivator4 days ago
5 online tips for keeping in touch with people you care about
Research3 days ago
Where do Android apps store data?