Cyber Security

GOT(IT) #19: iPhone iBoot Code leak, 36 cybercriminals who stole $530m indicted, plus air-gapped computers hacked

We hope this week’s cybercrime bust gives awareness of how big the impact scope is, and how necessary it is to educate and prevent.

apple-iphone-smartphone-technology.jpgWe hope this week’s cybercrime bust gives awareness of how big the impact scope is, and how necessary it is to educate and prevent.

GOT(IT) #19! We’ve got a busted huge criminal organization, a code leak in Apple’s iPhone boot systems, and the latest news from a security research team who managed to breach air-gapped, isolated computers.

Apple’s iPhone iBoot Code Leaked in GitHub

It’s possible that this code, even if from an older system, is still used in bits and pieces of the latest generation of iOS, and it could be exploited by attackers to breach the system’s boot system and more importantly the check that verifies Apple’s signed kernel when booting iOS.maxresdefault (1).jpgA huge oh-uh for the one company who has really closed policies regarding code distribution. Somebody posted what looks to be iPhone’s iBoot source code, from iOS 9. The catch is that this code is responsible for ensuring a trusted system boot.

Apple has already filed a DMCA notice to GitHub, demanding the removal of this repository as it is copyrighted and not public, open source code.

The greatest apparent fear Apple has? The Jailbreak comeback. The popular breach that stood strong for years, and was ultimately defeated by Apple’s Secure Enclave Processor and the boot’s changes, could find its way back with this insight about iOS’s boot system.


Thirty-Six Cybercriminals Indicted for Stealing $530M

Infraud focused in the commercialization of stolen credit cards, banking information, stolen identities, malware, plus the illicit purchase and selling of products with said stolen information. 
DepartmentOfJustice_feat.jpgU.S authorities tackled one of the biggest fraud organizations around, the cybercrime group known as the Infraud Organization. Thirty-six of its members were indicted for stealing over $530 millions of dollars in a worldwide crime scheme.

“Today’s indictment and arrests mark one of the largest cyberfraud enterprise prosecutions ever undertaken by the Department of Justice”, said Acting Assistant Attorney General Cronan.

The Infraud Organization is 8 years old and was created in 2010 by the Ukranian Svyatoslav Bondarenko, under the motto “In Fraud we Trust”. Experts estimate that they caused around $2.2 billions in intended losses, and $530 million in actual ones.

It worked as a forum-like organization, with Administrators, Moderators, and general members who conducted fraud in different platforms. The organization itself pushed all illicit traffic and potential buyers to the networks generated by almost 10,901 registered members.


Faraday Cage and Air-Gapped Computers Breached Creatively

Air-gapped and faraday-caged computers are built to be the safest, most isolated systems around. With no connections to any sort of networks, breaches are mostly a matter of creativity. Luckily, it was a group of security researches who focuses on infiltrating this systems that
managed to steal data from both air-gapped and faraday-caged devices.Faraday-Cage.jpg

Air-gapped systems are those which are not connected to any sort of network; while a farday cage is a metallic cage or enclosure that blocks electromagnetic signals like Bluetooth, Wi-Fi, or cellular signals.

Both methods have been tackled creatively by the Cybersecurity Research Center at Israel’s Ben Gurion University with the methods dubbed MAGNETO and ODINI.

These attacks begin when an attacker somehow infiltrates malware into the isolated computer, and starts collecting data like credential tokens. This data is then translated into binary and translated into Morse code, distributed by a pattern of electromagnetic field frequencies by regulating the CPU’s workload and affecting its magnetic field.

The difference between MAGNETO and ODINI is the reception of the data. The first is a short-range (12.5 cm) attack that involves an Android phone an app that utilizes the phone’s magnometer to detect and receive the data even if placed in a Faraday cage.

ODINI has a longer and more effective range of about 150 cm, but it utilizes a dedicated magnetic sensor. This also means the data is received at about 40 bits per second, versus MAGNETO’s 5 bits/s. Jamming or blocking this signals stand like some of the possible solutions to this.


Tinfoil and lead hats have been breached! (By the good-guys) Security researchers are a key component of the global cyber-protection, racing to find exploits before attackers do so.

About the author

Nicolas Poggi

Nicolas Poggi is the head of mobile research at Prey, Inc., provider of the open source Prey Anti-Theft software protecting eight million mobile devices. Nic’s work explores technology innovations within the mobile marketplace, and their impact upon security. Nic also serves as Prey’s communications manager, overseeing the company’s brand and content creation. Nic is a technology and contemporary culture journalist and author, and before joining Prey held positions as head of indie coverage at TheGameFanatics, and as FM radio host and interviewer at IndieAir.