This time Apple is also difficult to prevent, hackers use TestFlight to send malicious iOS applications

When it comes to malicious apps, most people may intuitively think that Android users are easier to download from Google Play (and Android phones also allow sideloading apps), while iOS users are more likely to use Apple’s App Store censorship mechanism and do not allow sideloading of apps. Therefore, it is more difficult to be invaded by malicious programs.

But unfortunately, malicious actors have now discovered that they can use Apple’s TestFlight tool to send malware to unsuspecting users, and through TestFlight, they can also bypass Apple’s app review mechanism.

What is TestFlight? TestFlight is Apple’s tool to assist developers in sending beta software. Developers can use TestFlight to send apps to 10,000 iPhone and iPad users, and beta software does not need to be reviewed by the App Store. You can send it, Apple has no idea that hackers use this method to spread malware.

However, not all iOS users need to worry about “winning”, because if you want to receive test applications delivered by TestFlight, the premise is that TestFlight must be downloaded first, and then hackers can use TestFlight to deliver malicious applications.

However, if you have downloaded TestFlight for iPhone and iPad, you should be careful before serving as a new app tester, because through TestFlight, beta app download is very simple, and the developer even provides a public download link to let you download the app. No fishing letter is required.

The malicious activity was discovered by security firm Sophos, and a criminal group named CryptoRom has been sending fake cryptocurrency apps to iOS and Android users. The fake iOS app discovered by Sophos this time is a fake BTCBOX Japanese cryptocurrency exchange app; some people pretend to be a cryptocurrency mining company BitFury and send fake apps through TestFlight.

TestFlight is easy to send beta applications and does give hackers room to operate, but Apple will not rashly change the TestFlight workflow, because it will affect the work of real developers; Apple can only tell users not to download and install applications from unknown sources to avoid cheating .


If you have an Asustor NAS, shut it down immediately, as DeadBolt ransomware is targeting

Users who have Asustor NAS at home should pay attention. According to foreign media reports, DeadBolt ransomware has set Asustor NAS as the next target, and has even invaded unprotected devices; DeadBolt only recently attacked NAS products of QNAP Technology and asked QNAP to pay 5~50 Bitcoins to redeem user profile.

Foreign media Tom’s hardware reported that Reddit and Asustor official forum users said that Asustor NAS has become a victim of the DeadBolt ransomware attack. DeadBolt’s modus operandi has not changed much. Mostly, it sneaks into the victim’s NAS from a remote location, then encrypts user data and demands bitcoin redemption. Each victim receives a bitcoin address, and after payment is made, the hacker sends the decryption key to unlock the infected NAS system.

The attackers have not yet demanded any ransom from Asustor, but may use the same extortion method as QNAP, which is to pay 5 bitcoins to disclose the details of the attack vulnerability to Asustor for them to fix; another option is to pay 50 bitcoins , the hacker would send a set of universal unlocking passwords to the company, which could deal with all victim users’ NAS devices at once. However, it is understood that some victims received extortion messages demanding 0.03 bitcoins (about $1,154).

Asustor has yet to make a statement about the DeadBolt attack, and the best thing to do now is to shut down the NAS system without connecting to the Internet, and wait for Asustor to fix it. It is unclear if all Asustor NAS devices are affected by DeadBolt, as some users report that some models such as AS6602T, AS-6210T-4K, AS5304T, AS6102T or AS5304T are not infected; other affected models are AS5304T, AS6404T, AS5104T and AS7004T.

Times, Wall Street Journal and other media attacked by the Internet, rumors that the culprit is China

Several media outlets owned by media mogul Rupert Murdoch’s News Corporation, including The Times and The Wall Street Journal, have recently been found to be under cyber attack, with preliminary investigations by security firms suggesting a link to Chinese espionage.

The Times reported that the cyberattack had been ongoing for some time, and on Jan. 20 it was discovered that the attack had targeted emails and documents of staff and journalists.

News Corp. chief technology officer David Kline and chief information security officer Billy O’Brien warned that preliminary analysis indicated that foreign governments may have been involved in the attack and that some information had been stolen.

The U.S. cybersecurity firm Mandiant was asked by News Corp. to investigate the cyberattack. Mandiant experts concluded that the attack was linked to China and may have involved “espionage” to gather intelligence and serve Chinese interests.

Kline noted that News Corp. immediately notified U.S. law enforcement authorities after discovering signs of the attack and took the necessary measures to stop the damage, and that its customer and financial databases have not been affected and its business continues to operate normally.

Although most of the group’s emails and documents were not the target of the cyberattack, News Corp.’s internal alert emphasized that “protecting employees and sources, including journalists,” was the group’s primary concern.

The initial findings of the investigation by Madison show that the New York headquarters of News Corporation was affected, as well as a few email accounts and documents of News UK, the New York Post and Dow Jones. Dow Jones publishes financial newspapers such as The Wall Street Journal, while News UK publishes The Times and The Sun.

iPhone/iPad Permanently Dead Bug | iOS Vulnerability Can Cause Bricking! Finally there is an official solution

Products such as iPhone and iPad are popular all over the world, and its built-in iOS operating system has naturally become the target of network hackers. Recently, digital security experts discovered a vulnerability in iOS that could be exploited by a malicious person to instantly disable the activity of an iPhone or iPad.

A digital security expert named Trevor Spiniolas published an iOS vulnerability report online earlier. It means that he found a very serious bug in the iOS system in August 2021. It’s related to Apple’s smart home contract feature, HomeKit, and Trevor calls it a “doorlock” vulnerability.

According to Trevor’s test results, this vulnerability exists in all iOS 14 versions and even the latest iOS 15.2. Trevor first notified Apple after discovering the vulnerability, and Apple responded at the time that the vulnerability would be resolved “by 2022.” But on December 10, Apple sent another letter to Trevor, stating that the solution would not be available until “early 2022.” Therefore, he decided to make the details of the vulnerability public, so that the public can know the existence of the vulnerability and how to prevent it, so as not to be kept in the dark.

在 iOS 14 中,HomeKit 相關聯的裝置命名字節並沒有明顯限制,成為 Doorlock 漏洞的起點(圖 Apple)

The launch conditions for the Doorlock exploit are fairly simple. As long as a HomeKit-related device name exceeds a certain number of bytes (Trevor used more than 500,000 bytes in testing), it will cause iPhones and iPads connected to the same HomeKit network to freeze due to failure to handle it. .

The most troublesome thing about this vulnerability is that even if the user resets the phone, if they log in to the same iCloud account that was affected before, the error will reappear, making the user’s device a “half-brick” in disguise. And even if the Apple HomeKit device is never used, the user’s iPhone/iPad can still be compromised by connecting to the affected network via an invitation.

As mentioned above, the reason why Trevor Spiniolas will disclose the details of the DoorLock vulnerability online is all because Apple has “sighed slow” and failed to block the iOS vulnerability in a timely and effective manner. But after the news was exposed, it caused a great response on the Internet. Apple stepped up its action and released the iOS and iPadOS system update version 15.2.1 on January 13 for iPhone and iPad users.

The impact of the DoorLock vulnerability is quite large. If you are unfortunate, you cannot avoid resetting your phone. To completely eliminate the risk, it is best for iPhone/iPad users to update their devices to version 15.2.1 as soon as possible.