Connect with us

Cybersecurity

iOS Hackers Win a Million-Dollar Bug Bounty

Published

on

Security firm Zerodium has announced that an anonymous hacker group will claim the million-dollar reward for successfully developing a remote hacking technique to compromise the latest variants of Apple’s iPhone 6 and 6S.

Apple’s iOS & MacOS software are generally considered hard nuts to crack by hackers. Tim Cook’s stance on end-user encryption on personal devices such as the wildly successful iPhone even has the Feds publicly taking on Apple, finding novel new means to corner Apple into proving a backdoor for its software. Edward Snowden has previously revealed that the CIA is looking into ways to infiltrate Apple’s security.

With this in mind, a zero-day peddler called Zerodium, a security firm that sells information about vulnerabilities to clients interested in offhand surveillance techniques, recently announced a bug bounty program to the tune of a million dollars. A million dollars, to anyone who demonstrates a successful, remote hack of an iPhone to trick the device into visiting an external website.

In a tweet, Zerodium said:

A Million Dollars to Hack iOS 9

The task, as explained in the post by the zero-day security company involved the means to remotely hack iOS 9.1 and 9.2b (the latest versions of Apple’s mobile operating system) and install an application onto the device while gaining full system privileges.

iPhone touch IDFurthermore, the rules of the bounty program dictated that the hack “should be achieved remotely, silently and without requiring any user interaction except visiting a web page or reading an SMS/MMS.”

The challenge also demanded that the means to an exploit has to occur through an SMS or a browser. Two browsers, specifically, Apple’s Safari or Google’s Chrome, predictably the two most popular browsers on the mobile platform.

Speaking to Wired, Zerodium founder Chaouki Bekrar revealed that two teams fought it out to devise an attack worthy of the company’s bounty.

“Two teams have been actively working on the challenge, but only one has made a full and remote jailbreak. The other team made a partial jailbreak, and they may qualify for a partial bounty.”

If his claims are indeed true, the newest jailbreak will be the first-known successful hack to exploit an iPhone since the days when iOS 7 was the phone’s operating system.

Bekrar doesn’t intend to report the vulnerability to Apple anytime soon, as his customers will get to see the details of the exploit first.  Describing his clientele as “major corporations in defense, technology, and finance,” Bekrar also revealed that government institutions were also among the client list, those “in need of specific and tailored cybersecurity capabilities.”

He adds that he may “later” tell engineers at Apple about the vulnerability.

Although the figure for the bug bounty is nevertheless substantial, those looking to gain insight and knowledge into iOS’ vulnerabilities will find the exploit to be a lot more valuable, whoever the customers are and whatever their requirements may be.

Bekrar adds that the iOS exploit is “likely” to be sold to US customers. In a time where encryption in personal devices and cyberspace is a much-debated topic on a global scale, someone has just sold an unknown technique to hack an everyday device to a company that sells zero-day vulnerabilities to governments and corporations looking to get around encryption.

For a million dollars, someone has sold the means to hack an everyday device that is the highest selling smartphone in the world.

Images from Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...

4 stars on average, based on 1 rated postsSamburaj is the contributing editor at Hacked and keeps tabs on science, technology and cyber security.




Feedback or Requests?

1 Comment

1 Comment

  1. fabrica64

    November 4, 2015 at 2:49 am

    Are we sure that’s true? Or is it just a way to get visibility? No winner name, no technical explanation… really seems only FUD. Time will tell

You must be logged in to post a comment Login

Leave a Reply

Altcoins

“Mass Adoption is the Direction Things Are Taking” – Lionel Wolberger, CTO and Co-Founder of Platin

Published

on

Platin is a new blockchain token-based ecosystem which powers an infrastructure platform that incorporates a proprietary programming language (‘SolidityGEO’), all in the name of accomplishing a so-called decentralized ‘Proof of Location’ protocol.

We reached out to the team to find out more about how their solution works, the current state and future vision.

The result of this outreach was a warm reception from the company’s Chief Technical Officer (CTO) and Co-Founder Lionel Wolberger, with whom we discussed such topics as well as Platin’s: objectives, company ethos, and views on the current state of the crypto space.

Who is Behind Platin?

Lionel Wolberger’s experience with cryptocurrency and blockchain spans as far back as 2011, where he “spoke about it at Cisco Secure Video where our team of cryptographers included the inventor of Public Key Cryptography himself, Prof. Adi Shamir.”.

It wasn’t until two years later before Wolberger got the opportunity to professionally re-engage with crypto technology, when he participated in an experiment on behalf of the Internet Identity Workshop “and decided to study it more closely and see what it was all about.”

In 2017, Lionel Wolberger created Platin alongside co-founder Allon Mason when they “identified the potential for a secure and lightweight Proof of Location protocol on the blockchain.”. Wolberger met mason during academia at Cornell University, having

“always admired his drive and passion for the projects he has developed over the years, particularly XPLace an online marketplace with hundreds of thousands of users and multi-million dollar annual turnover.”

Wolberger also highlights the fact that the team is working alongside secure-location advisor Professor Srdjan Capkun (Director of the Zurich Information Security and Privacy Center, ZISC), which he calls a “privilege”.

“Dr. Capkun is an ideal advisor, as he sits on the major standards committees, and has an inside track to secure GPS and other important technologies associated with secure proof of location.”

What is Platin?

Whilst participating in the “’colored coin’ experiment’” for the Internet Identity Workshop, Wolberger had a fundamental epiphone with regards to his perception of blockchain and the purpose of cryptocurrency:

“it’s not about currency, but an asset tracking system of decentralized trust that could also provide the basis for so much more than just currencies.”

As such, Platin’s purpose is to provide a utility-token based platform which they (on their website) describe as a system for the “Geo-location of digital assets (cryptocurrencies, documents, images, etc.), anywhere on the map, anywhere in the world, in real time.”.

There are a wide range of uses for geo-locational software, from marketing to emergency broadcasting regarding critical events such as national disasters. Official use-cases include:

Lionel Wolberger lists, among the key values of Platin its hardware agnosticism as well as its interoperable nature.

“Interoperable refers to Platin’s protocol, that it is cleanly defined and independent, enabling it to work with many other products or systems, at present or in the future, in many possible implementations with few restrictions. This is achieved by having a clean interface (API, SDK) and is essential as Platin is needs to inter-operate with Android, Apple, many backend systems and blockchain assets.

“Hardware agnostic refers to one aspect of Platin’s Proof of Location protocol, its ability to work with any — all, i possible — geospatially relevant signal sources. This will certainly include GPS, cll towers and wifi, but will extend to BLE, LoRA, Ultrasound, indeed any signal that has relevance for a Proof of Location. This is achieved by having a clear definition of Proof of Location and how a device’s location relates to all this other data.”

Furthermore, the team is planning to implement cross-chain compatibility in the future, including Ethereum / EOS.

A Security Focus

Security is also a key concern and this is echoed in our interview as well as across the website for Platin. The company even mentions KYC / AML with its list of use-cases for the platform.

One way which the company seeks to achieve this is through the use of hardware cold-storage systems for the safe-keeping of all tokens, with their first wallet integration being TrustWallet. They also, according to Wolberger, are anticipating a future partnership with Ledger.

Lionel Wolberger claims that

“Platin has security and privacy baked-in from the start. Some features that reflect this approach include.

  • Platin’s architecture starts with individuals storing their own data, with blinded commitments shared to the network.
  • Platin’s functionality is “opt-in” based, reflecting a deep respect for our users as sovereign digital actors. You opt-in for the sharing of data, whatever you are comfortable with. The default is no sharing.
  • One of our Platin’s hires was a full-time cryptographer, and we are open sourcing our first zero knowledge cryptographic achievement: a ZK Range proof of bounded location. This shows our cryptographic and security passion.
  • Platin’s default pattern is “send the algorithm to the user,” rather than, “have the user send their data to the network.” Our Artificial Intelligence is privacy-preserving in this way.
  • Platin’s three pillars of security are orthogonal, working together to create a secure proof of location that would not be possible with any one of those pillars”

Geolocation and Geofencing

With use cases including retail shopping and other location-based rewards initiatives, Platin incorporates (and is responsible for the effective utilization of) specific technical and methodological processes pertaining to their geo-locational solution / protocol.

This scenario is made fully possible using a technology called ‘geo-fencing’ which is essentially, according to Wolberger, “An ability to restrict and define usage within the boundaries of their regulatory and legal jurisdiction.”

“imagine that a national supermarket chain airdrops coupon for 10% off certain items to celebrate the launch of their new store However, they do not want these coupons to be redeemable at other locations as they want to drive traffic to this new store.

“With a special smart contract, the coupon will only work within the geo-fenced area around the new store.”

Attempts at geo-location are most effective with both the consent and honest participation of both direct and third-party sourced users. Considering tech scandals surrounding personal and public data privacy & security, it has become increasingly difficult to encourage people to confide their personal data sincerely.

This is where rewards-based systems such as Platin come in.

Humanitarian Aid (A Use Case)

Another key use case cited, which Wolberger doubles down on in our discussion is that of charitable coin drops…

“We think it is incredibly important to focus on use cases such as humanitarian aid airdrops.

“While our technology has broad commercial uses, our team is passionate about seeing the project bring new ways to enable ordinary people use cryptocurrency, and an ideal win/win use case is the ability to transfer crypto to people who need assistance.

“Blockchain and cryptocurrency can often seem intimidating to people, but mass adoption is the direction things are taking. Platin wants to ensure that everyone can access and utilize this technology to utilize decentralized funds in a beneficial and potentially life-saving way.”

These partnerships include IsraAID (with whom theys already signed an agreement) in addition to the Swiss Red Cross (with whom they are currently in discussions), where Platin plans to further develop and test their systems and processes with regards to how they will integrate geo-location focused / geo-fenced cryptocurrency airdrops.

Another, tangentially related use-case is:

“the Tokyo Olympics airdrops… we are currently discussing the opportunity with our Tokyo-based partners.

“The Olympics has traditionally seen technological innovation, such as instant replay, virtual video graphics and most recently 5G deployments. This is the year of blockchain, and we look forward to announcing details once we are permitted.”

Final Words

All these features, aims and objectives are tied together by the fact that they are all built upon not only a proprietary – but also a home-grown programming language which third parties can leverage for their own projects when working on the Platin blockchain.

“SolidityGEO extends Ethereum’s Solidity language, GEOS extends EOS’s C++ language. These will equip our partners for fast onboarding into location proofs on the blockchain.”

SolidityGEO is what Platin calls a “location-aware language” created to help the utilisation and implementation of geographic demarcation for token distribution, rewards and airdrops. It will additionally include ZK-Snarks and Starks zero-knowledge proof mechanisms as well as general operating standards such as ISO and W3C.

Finally, with regards to the future:

“Proximity radio technology is being deployed steadily, without any loud publicity. 5G, RTT-enabled Wi-Fi, and IEEE secure proximity radio standards promise highly accurate distance readings via radio. The average person feels this progress in the slow spread of keyless entry–just having a key, fob or smartphone in your pocket to unlock a desired resource such as your car or home. Platin has partners in this space and there are sure to be exciting announcements in the next six months (though they will be quite technical, they will promise rapid progress).”

Featured image courtesy of Shutterstock. 

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
1 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 5 (1 votes, average: 5.00 out of 5)
You need to be a registered member to rate this.
Loading...

4.5 stars on average, based on 12 rated posts




Feedback or Requests?

Continue Reading

Altcoins

Monero Price Analysis: XMR/USD Slips Below Crucial Daily Support Ahead of System Update

Published

on

  • Monero’s navitve token XMR is forced to breach a key area of support by the market bears.
  • XMR/USD was being support by an ascending trend line, running from 14th August.
  • The Monero foundation is scheduled for a routine network upgrade.

Monero Network Update

The Monero foundation is scheduled to update its network on 18th October, as a result this will be bringing a new hard fork to its token. They have been making it a routine process now, hard forking every six months. Their focus being on the likes of increased ring-size for more privacy, with large transactions and tweaking their proof of work algorithm.

In terms of this upgrade, the goal is to enhance efficiency and make some adjustments to the current proof of work algorithm. Ultimately, to make it resistant and curb the threat of ASIC mining. Developers at Monero will be implementing the new Bulletproofs protocol. This will see greater privacy, lower fees and faster verification. It will reduce transaction size by an estimated 80%.

Technical Review – Daily Chart

XMR/USD daily chart

XMR/USD slipped out to the downside from an ascending trend line. As a result, the market bears managed to push for a breach and daily close below on 7th October. The support had been running since 14th August, where the price hit a low of $76.739.  A retest has been seen and pressure is now gradually mounting on Monero’s XMR. In terms of support, the 50DMA has provided some initial comfort for now. Furthermore, the next major downside support is observed in a chunky demand area. This is seen tracking from $86 down to $76. Resistance will now be eyed at $116.550 area, underneath the breached ascending trend line. In proximity to the 100DMA, which may cause some difficulty for the bulls. Elsewhere, further to the north, resistance can be seen within the $125.000 territory. Finally, heavy supply is tracking from $140 up to $150.

Technical Review – 4-hour Chart

XMR/USD 4-hour chart

Despite the above-mentioned daily breakout from the supporting trend line, there is still some hope for XMR/USD in the near-term, because from looking at the 4-hour chart view, the price has been moving within a range-bound block. This narrowing area has been running since 26th September. Fortunately for the price, a fresh wave of selling pressure has been prevented for now.  The lower part of the mentioned range has proven to see some near-term support. Therefore, the protection has been observed from around $112 to the high $111 territory. Although, a breach of this area could see a fast fall back down to sub $100, last traded below here on 12th September. While further downside pressure could force a retreat back down to a firm demand zone. Eyes would be on $86-77 range for buying.

Disclaimer: The author owns bitcoin, Ethereum and other cryptocurrencies. He holds investment positions in the coins, but does not engage in short-term or day-trading.

Featured image courtesy of Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
2 votes, average: 3.50 out of 52 votes, average: 3.50 out of 52 votes, average: 3.50 out of 52 votes, average: 3.50 out of 52 votes, average: 3.50 out of 5 (2 votes, average: 3.50 out of 5)
You need to be a registered member to rate this.
Loading...

4.5 stars on average, based on 30 rated postsKen has over 8 years exposure to the financial markets. During a large part of his career, he worked as an analyst, covering a variety of asset classes; forex, fixed income, commodities, equities and cryptocurrencies. Ken has gone on to become a regular contributor across several large news and analysis outlets.




Feedback or Requests?

Continue Reading

Altcoins

Monero Price Analysis: XMR/USD Bulls Cooking Up Big Potential Moves

Published

on

  • XMR/USD price action surprisingly this week has been generally muted.
  • Current price behavior looks more favorable to see upside surprises, rather than any heavy selling pressure.

The Monero price this trading week has been somewhat muted. This comes as quite a surprise given the recent updates from the foundation. The foundation introduced the Maleware Workgroup, a huge step in efforts to protect the Monero community. Elsewhere, the foundation was also finally able to patch the ongoing ‘burning bug’ issue, which was proving to be a big problem. Full details of both developments posted in previous Monero article.

Near-term Analysis (60-Minute Chart)

XMR/USD 60-minute chart

Looking at the 60-minute chart for XMR/USD, it is very much clear to see how tight the trading range is. The vast majority of price action, aside from a couple of spikes here and there, has been swinging between $117 down to $111. This behavior has been observed since the bull run seen on 19th September, which was then paired after 23rd September fall.

Daily Chart View

XMR/USD daily chart

Price action is being supported by an ascending trend line on the daily chart. This has been running from 13th August, proving its strength. XMR/USD is currently stuck in between the 100DMA ($116.795), which is seen above, and the 50DMA ($110.877) below.  The price has seen a bounce on several occasions in September, off the trend line.

Next Move for Monero

The above-mentioned tracking ascending trend line is going to be vital in Monero’s recovery. Market bulls will need comfort, in case of another failed break down of above chunky supply area. This is seen tracking from $140-$150. There were several occasions in July and one in September, where the bulls failed to break this down. On each time the price has come into contact with this territory, it has been hit pretty hard by the sellers.

XMR/USD daily view

A breakout to the upside from the mentioned supply, could see a fast move towards $170, where some resistance can be seen. The price most recently found difficulty within this area at the early part of June. Enough bullish momentum should see it clear this territory, with $200 being reclaimed to the upside. XMR/USD was last trading above $200 back on 21st May.

Looking to the downside, a breach in the ascending trend line to the downside, could be catastrophic. Sellers would likely pile in with a high amount of volatility, sending the price down to sub-$100. The next chunky demand area is seen down within the $90-75 range. XMR/USD traded within this zone on 14th August, where the market managed receive a firm bounce.

Disclaimer: The author owns bitcoin, Ethereum and other cryptocurrencies. He holds investment positions in the coins, but does not engage in short-term or day-trading.

Featured image courtesy of Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...

4.5 stars on average, based on 30 rated postsKen has over 8 years exposure to the financial markets. During a large part of his career, he worked as an analyst, covering a variety of asset classes; forex, fixed income, commodities, equities and cryptocurrencies. Ken has gone on to become a regular contributor across several large news and analysis outlets.




Feedback or Requests?

Continue Reading

Recent Comments

Recent Posts

A part of CCN

Hacked.com is Neutral and Unbiased

Hacked.com and its team members have pledged to reject any form of advertisement or sponsorships from 3rd parties. We will always be neutral and we strive towards a fully unbiased view on all topics. Whenever an author has a conflicting interest, that should be clearly stated in the post itself with a disclaimer. If you suspect that one of our team members are biased, please notify me immediately at jonas.borchgrevink(at)hacked.com.

Trending