The global coronavirus pandemic has distracted everyone, everywhere, but it has not deferred the emotive debate between lawmakers and the technology industry over the future of end-to-end encryption. Governments led by the U.S., U.K. and Australia are battling the industry to open up “warrant-proof” encryption to law enforcement agencies. The industry argues this will weaken security for all users around the world. The debate has polarized opinion and is intensifying.
Apple will patch a newly discovered iPhone vulnerability that security researchers say hackers have already used to steal data from their victims’ devices.
News of the vulnerability dropped Wednesday by security firm ZecOps. Zuk Avraham, the company’s chief executive, said the firm found the bug last year during a routine investigation. At least six organizations were targeted by attackers as far back as 2018, he said.
Avraham said the bug is in the iPhone’s default Mail app. By sending a specially crafted email to the victim’s device, an attacker can overrun the device’s memory, allowing the attacker to remotely run malicious code to steal data from the device, he said.
In the early days of the Internet, one of the most common attack methods was basic, simple brute force. Bots usually performed these attacks –or persons with plenty of time off– who tried zillions of combinations of usernames and passwords until they found one that would grant access to the target application.
Brute force attacks are no longer a threat, thanks to password policies, limited login attempts, and captchas. But cybercriminals love to discover new exploits and to use them to perform new types of attacks. Long ago, they discovered that text fields on applications or web pages could be exploited by entering –or injecting– unexpected text into them that would force the application to do something it was not supposed to do. In that way, the so-called injection attacks entered the scene.
Social Engineering has been on the front burner of security issues for a while. It has been discussed extensively by industry experts. Yet, not many fully realize the potential danger it poses and how very dangerous it can be.
For hackers, Social Engineering is probably the easiest most efficient way for cracking security protocols. The rise of the internet gave us very powerful capabilities by interconnecting devices without the barrier of distance. Giving us advancement in communication and interconnection, this, however, introduced loopholes leading to a breach of personal information and privacy.