Wi-Fi hotspots can put iPhones into ETERNAL super slow-mo A vulnerability fixed in this week's Apple patch run can easily brick iPhones, researchers say. The flaw (CVE-2015-1118) dubbed "Phantom" allows attackers who can trick users into changing their iDevice proxy settings to tap into multiple use-after-free vulnerabilities. Doing so causes constant ubiquitous app crashing …
thinking that the rm rf commands will unlock extra storage
Well, that's not entirely false. You'll certainly have lots more free space afterwards...
I don't really have much sympathy for people who fall for such tricks, anything which offers you something for nothing is bound to be a scam. No free lunch.
Well, I do. Only a small minority of people have an understanding of IT security, and expecting them to do so is as unrealistic as expecting all programmers to have an in-depth knowledge of patent or contract law.
Apple has created a brand around the idea that in exchange for extra money, non-IT people get security and IT support along with really cool gadgets. They have a problem in that the constant development of more gadget features makes the security and IT support more difficult. But with their cash pile, perhaps they need to do a Microsoft, acquire just a little humility, and spend some time living up to their reputation. (Microsoft after all eventually did abandon its everything-works-with-everything approach and take security seriously.)
Only a small minority of people have an understanding of IT security,
It has nothing to do with IT security. If someone tells you that you can get "X" just by doing "Y", and the value of "X" is much, much greater than the cost of "Y", it's a scam. That has been the case since long before the days of the snake oil sellers in the Old West.
Apple has created a brand around the idea that in exchange for extra money, non-IT people get security and IT support along with really cool gadgets.
I think that Apple, like other luxury goods suppliers, has actually created a brand where many people assume that the price has been inflated well above the actual cost by the presence of the name. As such they are more willing to believe that they're being ripped off, and more willing to assume that some simple trick will release the extra value that Apple is hiding from them.
Tell someone that there's a special command in their $500 iPhone that will release more storage, they want to believe it. They'll happily believe that Apple has hidden the storage to make more money.
Tell them the same thing thing about the $25 chinese knock-off from the local discount store and they'll laugh at you, since it's clearly way too cheap to have anything big hidden in it.
"and the value of "X" is much, much greater than the cost of "Y""
At one time the CPU power of certain IBM computers could be increased basically by setting jumpers - whereupon everything cost more. The trick, of course,was knowing what jumpers to set. Many people also know that with modern cars more power and torque can be made available simply by replacing the ECU map. When it comes to technical stuff, people are increasingly willing to believe that there are simple ways to improve things, because sometimes there are.
Telling people that rm -rf will release extra memory - why is that unbelievable? My phone has a perfectly valid bit of software that garbage collects applications to increase free memory and it works. You really cannot expect non-IT people to understand why one works and the other doesn't.
The examples of 419 scams are quite different. These are obviously illegal. But when someone reads that an OS update can increase battery life 15% or make applications run faster, and these statements come from the vendors, why would they be suspicious of other "performance enhancing" tricks?
At one time the CPU power of certain IBM computers could be increased basically by setting jumpers - whereupon everything cost more.
Funny, I just knew that would be the first response! Those systems, of course, were the ones rented by IBM (they didn't sell systems in those days) and you paid a license for the power you used. Just like today where applications are licensed according to things like the number of CPU cores. Even then it would have been obvious that by changing the jumper you were getting something you hadn't paid for.
Back in the 80s there were stories about some minicomputers (DEC? I can't remember) which had a similar trick. Due to a shortage of small memory boards, some low-end systems were shipped with larger boards which had a chip-select line cut, it was cheaper than losing the sale. If you knew which line, you could reconnect it. Hardly standard practiuce, though.
Remapping ECUs is another case where it isn't "free". The cars sold with increased power often have other systems (tyres, brakes) updated to match. Simply tweaking a map without understanding the consequences can cause many problems, not least when the insurance company won't pay out after an accident. That's why most ECU maps these days are encrypted.
why would they be suspicious of other "performance enhancing" tricks?
Because they're free. You don't get free stuff from big companies, but too many people are still too greedy to see that. If it looks too good to be true (in IT or any other domain) it almost certainly is too good to be true. Just like that nice man offering you candy to get in his car. It might be safe, but why take the risk when it almost certainly never is?
Back in the 80s there were stories about some minicomputers (DEC? I can't remember) which had a similar trick. Due to a shortage of small memory boards, some low-end systems were shipped with larger boards which had a chip-select line cut, it was cheaper than losing the sale. If you knew which line, you could reconnect it. Hardly standard practiuce, though.
With at least one of the VAX series a processor upgrade was basically sticking a new front panel badge on and moving a jumper; there was another one that required new microcode, built with fewer NOPs.
" If it looks too good to be true (in IT or any other domain) it almost certainly is too good to be true"
I like the way you can read my mind and predict responses to your posts. I feel suitably patronised, but then if we look at philosophers most of them were a really patronising bunch. However - to make a reply to this point which you obviously have already anticipated, there goes Linux. And Apache Derby, and Tomcat. Sometimes you just do get stuff for free from big companies. They may have various reasons of a technical, commercial etc. reason for doing it, but nobody compels you.
Basically you want to prove that anybody who expects to get stuff free is insufficiently suspicious. That's because you've completely bought into capitalism. Life exists on this planet because energy from the sun is, at bottom, free (as is air and water, till capitalism privatises water and makes houses in areas with clean air a lot more expensive than those in polluted places.) Hunter gatherer societies get food for free. Human beings still have tendencies to altruism, which means that charities often give people things for free. It isn't all about greed.
I thought overclocking was more to do with processors being binned at one clock speed, then sold at that clock speed or below. So if you get lucky, you get a chip that can do 1.15Ghz that was sold as a 1Ghz chip.
It's a result of the slightly random results from silicon doping, and that the manufacturing process aims for the best results. So if you get 30% of your batch doing 1Ghz, 40% doing 1.05Ghz, 20% doing 1.1Ghz and 10% doing 1.15Ghz, but the market is for 80% 1Ghz, 15% 1.1Ghz and 5% 1.15Ghz then rather than throwing away perfectly good silicon you just mark some of your faster chips as slower ones.
I've had a number of video cards that you can get 20-30% more performance out of, equivalent to the ones costing 50% more, for a 1-2 degree increase in operating temperature. But it only works on some cards.
Arnaut, I totally agree with you. There are so many electronic devices where either programming, the setting of a jumper, a blob of solder in the right place or the substitution of a component that is much cheaper than the price differential between the two versions on sale can increase functionality that many people expect there to be hidden functionality built into their devices.
YouTube is full of videos giving workarounds for licensing, game hacks and similar stuff; most of which are a) free and b) genuine (if not legal/ethical!). How should a non-technical person judge between these?
(Microsoft after all eventually did abandon its everything-works-with-everything approach and take security seriously.)
You were doing great until you started talking about MS having humility, etc. I'm not sure whether to upvote or downvote you. Wish I could do both.
You can have some sympathy, but people are always attracted to something for nothing.
At one time the papers were full of people who lost money to 419 scams.
My SPAM folder was also full of these phishing emails.
I see few, if any, now in email or the news.
So I assume that the loss of the few has educated the many.
Microsoft support calls have been publicised.
Fake calls from banks claiming to be sending messengers to pick up your compromised credit cards.
Again now attracting publicity.
Presumably as one scam dies another appears.
So some sympathy for the weak who fall to the wolves but their suffering helps to strengthen and protect the rest of us. Perhaps it also educates the victim against gullibility.
Perhaps there should be more effort to target the predators (which is hard) instead of just patching the holes and sometimea compensating the victims (which is generally a lot easier).
So if you convince users to join a rogue wifi network, and then to install a profile when prompted, then they could do nasty things on your computer?
Well, duh.
Similarly if you convince Windows users to join a wifi network and then to install ak program when prompted, then they could get nasty things on their computer too.
You don't.
An unencrypted (passphrase-less) or well-known-passphrase network is inherently susceptible to SSID duplication attacks. You just set up an SSID with the same name and same passphrase and people will join it unless they happen to know the original BSSID (which nobody publishes or takes any note of).
This is why PSK is pretty insecure for such things and why ALL public wifi with well-known passphrases is just basically an open connection that should be firewalled off, VPN'd through or limited to SSL-based usage only (even there, there's the possibility of DNS-spoofing until we get DNSSEC and SSL is heavily tied into DNS being authoritative).
But that's not the point. Not only are you joining a wifi network, you are then accepting a pushed profile onto your machine. This is akin to installing a piece of software - it's like going on Starbuck's wifi and then your browser is replacing your page with a downloaded executable that you then blindly run.
1) Stop using public wifi as any type of trusted network. If you have the passphrase, so does everyone else, and they can spoof the network and/or decrypt your communication anyway. Public wifi is untrusted, hostile, Internet. That's all. No matter what else they tell you. Until they start issuing proper signed certificates etc. to prove they are the original network (which is a nightmare for client installation), they aren't secure. And the closest "security" they can have is to tell the owners (if they bother to look) that there's a identically named network with the same passphrase nearby. In very expensive Cisco Meraki networks that are deployed in such places, you get an email alert as an administrator and you can try to "contain" the network (which means blast it off the airwaves with client disassociation messages, as far as I can tell).
2) Don't install things that just pop up unexpected. Profile installation is a system-level action on Apple devices, and profiles are capable of installing any amount and severity of settings. You cannot install one "accidentally" without clicking through a lot of scary dialogues.
This isn't a "stupid-Apple" attack (and I am quite happy to jump on those normally, as I hate all Apple products with a vengeance and have NEVER owned a single one). This is a "stupid-user" attack. If you perform similar actions on any other OS, the same problem with occur, vulnerability or not. You're taking incredibly stupid and high-end actions on your system based on something random and untrusted popping up on your screen despite lots of large scary warnings.
This post has been deleted by its author
The phone in the picture is a prototype for a (relatively) secure mobile device. The "call" key has been removed, since the process of "making calls" is one of the primary security vulnerabilities for modern phones.
Unfortunately the phone is still susceptible to a number of vulnerabilities - specifically attacks from wood-decay fungus, termites, and carpenter ants.
"Well, I do. Only a small minority of people have an understanding of IT security, and expecting them to do so is as unrealistic as expecting all programmers to have an in-depth knowledge of patent or contract law."
I don't have an in-depth knowledge of patent or contract law, BUT if someone said "this simple trick will make you instantly wealthy!!!!" I would know it's bullshit. As anybody with common sense, WITHOUT having to know anything about "IT security", should know that if some simple one-liner increased storage space, it'd be the default. No comment about Apple... I'm not surprised if Apple users are more gullible^H^H^H susceptible to this.
On topic, this proxy-handling bug sounds pretty nasty!
Perhaps you aren't old enough to remember how Microsoft totally failed, in its early days, to understand that not all of the world used dollars, and someone got quite rich off a tiny program that enabled you to type a £?
Even if it stops the normal reboot process, you can force a reset by holding down the home and sleep/wake buttons together for 10 or 20 seconds. Undoing the proxy might require putting it into airplane mode first (or get away from the rogue wifi network)
Of course anyone dumb enough to fall for changing their proxy settings when iOS amply warns you about it isn't going to know any of the above. They would have similar issues with any phone, especially one that is more configurable like Android, if they're willing to change any system settings just because someone says they should...this is why dumb people shouldn't be allowed to have nice things!
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
