Ondrej Holzman Inattentive thiab careless cov neeg siv iOS ntsib teeb meem ntxiv. Tsuas yog ib lub lim tiam tom qab kev tshawb pom WireLurker malware Lub tuam txhab kev ruaj ntseg FireEye tau tshaj tawm tias nws tau pom lwm qhov kev ruaj ntseg hauv iPhones thiab iPads uas tuaj yeem tawm tsam siv cov txheej txheem hu ua "Masque Attack". Nws tuaj yeem ua raws lossis hloov cov ntawv thov uas twb muaj lawm los ntawm cov ntawv thov thib peb cuav thiab tom qab tau txais cov ntaub ntawv siv.
Cov neeg uas rub tawm daim ntawv thov rau iOS no tshwj xeeb ntawm App Store yuav tsum tsis txhob ntshai ntawm Masque Attack, vim tias cov malware tshiab ua haujlwm zoo li tus neeg siv rub tawm daim ntawv thov sab nraud ntawm lub khw muag khoom software, uas yog email lossis lus dag. (piv txwv li, muaj qhov txuas txuas tshiab ntawm qhov kev ua si nrov Flappy Bird, saib video hauv qab).
Thaum tus neeg siv nyem rau ntawm qhov txuas tsis ncaj ncees lawm, lawv yuav raug coj mus rau nplooj ntawv web thov kom lawv rub tawm ib qho app uas zoo li Flappy Bird, tab sis qhov tseeb yog qhov cuav ntawm Gmail uas rov nruab cov thawj app raug rub tawm los ntawm App Store. Daim ntawv thov txuas ntxiv coj tus cwj pwm tib yam, nws tsuas yog uploads Trojan nees rau hauv nws tus kheej, uas tau txais tag nrho cov ntaub ntawv tus kheej los ntawm nws. Qhov kev tawm tsam yuav tsis tsuas yog cuam tshuam Gmail, tab sis kuj, piv txwv li, kev siv nyiaj hauv tuam txhab nyiaj. Tsis tas li ntawd, qhov malware no tseem tuaj yeem nkag mus rau cov ntaub ntawv hauv zos thawj ntawm cov ntawv thov uas twb tau muab tshem tawm, thiab tau txais, piv txwv li, tsawg kawg tau txais kev lees paub nkag nkag.
[youtube id=”76ogdpbBlsU” width=”620″ height=”360″]
Cov ntawv cuav tuaj yeem hloov pauv tus thawj app vim lawv muaj tib tus lej cim tshwj xeeb uas Apple muab rau cov apps, thiab nws nyuaj heev rau cov neeg siv kom paub qhov txawv ntawm lwm tus. Cov ntawv cuav zais zais tom qab ntawd sau cov email, SMS, hu xov tooj thiab lwm yam ntaub ntawv, vim tias iOS tsis cuam tshuam rau daim ntawv thov nrog cov ntaub ntawv qhia tus kheej.
Masque Attack tsis tuaj yeem hloov lub neej ntawd iOS apps zoo li Safari lossis Mail, tab sis nws tuaj yeem tawm tsam feem ntau cov apps rub tawm los ntawm App Store thiab muaj peev xwm ua rau muaj kev hem thawj loj dua li WireLurker nrhiav pom lub lim tiam dhau los. Apple tau hnov mob sai sai rau WireLurker thiab thaiv cov tuam txhab daim ntawv pov thawj los ntawm cov ntawv thov raug teeb tsa, tab sis Masque Attack siv cov lej cim tshwj xeeb txhawm rau nkag mus rau cov ntawv thov uas twb muaj lawm.
Lub tuam txhab ruaj ntseg FireEye pom tias Masque Attack ua haujlwm ntawm iOS 7.1.1, 7.1.2, 8.0, 8.1 thiab 8.1.1 beta, thiab Apple tau hais tias tau tshaj tawm qhov teeb meem thaum lub Xya Hli xyoo no. Txawm li cas los xij, cov neeg siv lawv tus kheej tuaj yeem tiv thaiv lawv tus kheej los ntawm qhov muaj peev xwm txaus ntshai tau yooj yim - tsuas yog tsis txhob nruab ib qho kev thov sab nraud App Store thiab tsis txhob qhib cov kev sib txuas tsis txaus ntseeg hauv e-mails thiab cov ntawv xov xwm. Apple tseem tsis tau hais txog qhov tsis txaus ntseeg kev nyab xeeb.
Apple muaj lub xyoo tsis zoo. Cov xov tooj hloov tau yooj yim, tsis tuaj yeem hu xov tooj los ntawm lub xov tooj, qhov chaw ruaj ntseg zoo li tus npua, ib nrab ua haujlwm wifi hauv Yosemite (uas yog txhua qhov tsim cov xim). Hnub twg Apple ua tej yam zoo? Kuv paub, nws yog ua ntej S. Jobs tuag ...
Txawm li cas los xij, cov neeg siv lawv tus kheej tuaj yeem tiv thaiv lawv tus kheej los ntawm qhov muaj peev xwm txaus ntshai tau yooj yim - tsuas yog tsis txhob nruab ib qho kev thov sab nraud App Store thiab tsis txhob qhib cov kev sib txuas tsis txaus ntseeg hauv e-mails thiab cov ntawv xov xwm.
Tab sis qhov no tseem tsis tau ua haujlwm, vim tias yog tias nws ua haujlwm, malware thiab kab mob tsuas tsis muaj nyob niaj hnub no :)
Nws tsis ua haujlwm rau "cov neeg tsis mloog lus", uas Czech koom pheej muaj tag nrho, thiab yog vim li cas cov kev cai thiab tshwj xeeb tshaj yog cov kev cai lij choj tsuas yog tso dag rau lawv, thiab tsis mloog cov lus pom zoo no txog software tsis raug cai kuj yog txoj hauv kev rau kev puas tsuaj. Yog li nws yuav ua haujlwm yog tias tsis yog rau lub siab tsis ncaj ;)
Kuv yuav tsis koom nrog txoj kev cai lij choj, hmoov tsis lawv tsis tau sau los ua kom peb txoj kev nyab xeeb dua, tab sis txhawb cov tub ceev xwm hauv nroog thiab txhawb cov nyiaj tau los yog tias nws mus rau hauv nroog coffers :((((
Tab sis qhov ntawd tsis yog kev sib tham ntawm no :)
Kuv xav paub ntau ntxiv txog kev xav ntawm tib neeg, tshwj xeeb tshaj yog los ntawm Czech koom pheej. Yog tias tsis yog 1 pob luam yeeb lawv yuav 90 daim ntawv thov rau 4 xees txhua thiab tsis rub tawm los ntawm cov chaw tsis raug cai thiab tsis tau jailbreak lawv iPhones, lawv tsis tas yuav quaj txog kev poob lawv cov khoom kim :)
Tau kawg, tag nrho cov xov no tau tsim los teb rau cov lus faj lem uas tsis muaj tseeb: "Txij li Txoj Haujlwm Kev Tuag, txhua yam mus zoo, thiab xyoo no tshwj xeeb tshaj yog"
Kuv tsuas tsis nyiam qhov kev sib piv. 2 xyoo dhau los no, ua tsaug rau cov phooj ywg, kuv tau bogged rau lub ntsiab lus no thiab kuv tsis nyiam dab tsi tshwm sim nyob rau ntawd thiab qee zaum kuj qias neeg heev :(
Kuv lees tias kuv cov lus teb tau muab tso rau hauv lub rooj sab laj tuaj yeem npau taws, tab sis qhov ntawd yog kuv, Kuv tau ncaj qha mus rau qhov tsis muaj frills thiab kuv tsis nyiam ua kom zoo siab, kuv tsuas yog sau kuv lub tswv yim. Hmoov tsis zoo, qee zaum nws tseem nyob ntawm tus nqi uas kuv xav tias kuv sau kuv lub tswv yim nkag siab, tab sis tib neeg tsis paub kuv txhais li cas :(
Kuv nkag siab qhov piv txwv ntawm kev xav ua ntej, tab sis kuv xav tias qhov kev sib piv tshiab no (txog lub thawv, tab sis tsis yog 4x daim ntawv thov) yog qhov tseeb dua.
Ntxiv Txoj Haujlwm: Kuv xav tias Apple tab tom nrhiav tam sim no. Txawm tias lawv tsis muaj tus thawj coj zoo li S.Jobs, lawv tsis yog qhov phem. Lawv muaj ntau tus neeg paub txog thiab txawj ntse uas yuav tuaj yeem tuaj nrog cov khoom nthuav, tab sis nws yuav siv sijhawm. Tus kheej, kuv xav tias nws yuav muaj peev xwm sib piv Apple hnub no thiab Apple nrog S.Jobs txog 10 xyoo tom qab nws tawm mus, txog thaum ntawd nws tsuas yog qw, tab sis qhov ntawd yog kuv lub tswv yim ...
Pom zoo tag nrho ;)
Lawv muaj qhov ruaj ntseg ua ntej thiab tseem ceeb tshaj qhov no ... Piv txwv li, lawv ntxiv ASLR txheej hauv OSX 10.5, tab sis nws tau ua haujlwm tag nrho hauv 10.7 (yog tias kuv tsis yuam kev hauv versioning), nrhiav cov lus ntawm Tus kws tshaj lij kev ruaj ntseg Dino Dai Zovi. Raws li cov kab mob tsis ntev los no, nrhiav cov ntaub ntawv ntawm Heartbleed, Plhaub Shock…
Cov kab mob kev ruaj ntseg, puas yog thiab yuav yog, txawm tias koj siv Linux, Windows, OSX, Chrome ... Nws tsuas yog ib qho teeb meem ntawm lub sijhawm ua ntej OSX lossis Linux yuav nthuav dav dua thiab cov tshuab no tau ntxim nyiam rau cov neeg tsim malware, koj tsuas yog tsis tuaj yeem zam nws thiab yog tias koj hais tias lub kaw lus yog "tsis muaj qhov yuam kev" (zoo li kuv ib zaug hais txog Linux), ces koj tsuas yog dag rau koj lub hnab tshos ...
Los ntawm txoj kev, yog tias koj xav kom ntshai, nrhiav cov ntaub ntawv hais txog lub xyoo no Black Hat Security lub rooj sib tham thiab saib cov lus qhuab qhia ntawm USB firmware vulnerabilities, uas yog foob pob ib yam :)
tsis qhia npe : Qhov ntawd yog bullshit dua, nws ua rau kuv nco txog Sobotka. Kuv pom zoo kom hloov mus rau lwm lub platform thiab tshem tawm iOS thiab Mac OS thaum S.Jobs ploj mus. Ces koj yuav txaus siab.
Thiab ntawm cov khoom siv jailbroken feem ntau, lawv puas nruab cov ntawv thov los ntawm lwm qhov tsis yog AppStore?
Kuv kuj yuav txaus siab rau qhov ntawd. Vim kuv tsis tau pom hauv kuv lub iOS no muaj peev xwm rau nruab ib daim ntawv thov uas tsis yog los ntawm AppStore. Thaum "Nruab" tshwm rau hauv cov yeeb yaj kiab ntawd, kuv tsis pom nws.
Yog lawm, koj tsuas yog yuav tsum muaj daim ntawv thov kos npe nrog daim ntawv pov thawj Enterprise, tom qab ntawd nws tuaj yeem ntsia tau li no.
Nws tsis ua haujlwm yam tsis muaj jailbreak. Los yog xa qhov txuas thiab kuv yuav sim rau nruab daim ntawv thov ntawm kuv iPhone yam tsis muaj jailbreak li no.
Lukas Palda hais yog lawm. Nws yog qhov ua tau, tab sis muaj qee qhov kev siv thev naus laus zis lossis lawv tsis txaus siab uas koj tsis paub txog lawv, tab sis nws tuaj yeem ua tiav :)
Yog li cia li rub tawm Storu thiab qhov teeb meem dhau lawm
Nyob zoo sawv daws...raws li kuv thiab tsab xov xwm, nws yog txaus kom ua raws li cov kev cai yooj yim, raws li thaum siv lwm yam pab kiag li lawm txuas nrog lub net (tsis hais seb nws yog iOS no, Android, WIN, thiab lwm yam) = tsis txhob nias rau. Cov ntawv txuas los ntawm cov neeg xa xov tsis paub, tsis txhob ua kom yuam kev thiab ua si ib qho kev paub txog "hacker", tsis txhob rub tawm cov ntaub ntawv tsis txaus ntseeg ... Kuv nyeem ib tsab xov xwm zoo sib xws ntawm "cov lus xaiv" novinky.cz thiab yog tias ib tus neeg xav ua phem rau ib lub tuam txhab, lawv yuav nrhiav ib txoj kev...
Rau cov neeg uas xav tias nws txaus tsis muaj Jailbreak thiab nruab tshwj xeeb los ntawm AppStore:
http://www.fireeye.com/blog/technical/cyber-exploits/2014/11/masque-attack-all-your-ios-apps-belong-to-us.html
Los ntawm kab lus: "iOS cov neeg siv tuaj yeem tiv thaiv lawv tus kheej los ntawm Masque Attacks los ntawm peb kauj ruam: ..." .
Cov ntsiab lus: tom qab nyem rau ntawm qhov txuas hauv e-mail lossis sms, lub thawv sib tham nrog kev xaiv "Nruab" (lossis Trust Developer) kuj tuaj yeem tshwm sim rau koj. Qhov ntawd yog qhov tseeb ntawm qhov teeb meem no.
Tej zaum koj yuav xav tias koj tsis yog nyem rau ntawm qhov txuas, tab sis koj cov phooj ywg, tsev neeg, thiab lwm yam. lawv tsis tas yuav muaj kev paub txog IT zoo li koj, thiab yog li ntawd nws yog ib qho tsim nyog los qhia lawv kom tsis txhob nyem rau ntawm "Nruab" thiab lwm yam.
___
Kuv coj los ntawm root.cz