Ondrej Holzman Abasebenzisi be-iOS abanganakile nabanganaki babhekana nezingozi ezengeziwe. Ngemva kweviki nje kutholakele I-malware ye-WireLurker inkampani yonogada iFireEye imemezele ukuthi isithole enye imbobo yokuphepha kuma-iPhones nama-iPads engahlaselwa kusetshenziswa indlela ebizwa ngokuthi “Masque Attack”. Ingakwazi ukulingisa noma imiselele izinhlelo zokusebenza ezikhona ngezinhlelo zokusebenza ezingelona iqiniso zezinkampani zangaphandle bese ithola idatha yomsebenzisi.
Labo abadawuniloda izinhlelo zokusebenza kumadivayisi e-iOS kuphela nge-App Store akufanele basabe i-Masque Attack, ngoba uhlelo olungayilungele ikhompuyutha lusebenza ngendlela yokuthi umsebenzisi alande uhlelo lokusebenza ngaphandle kwesitolo sesofthiwe esisemthethweni, lapho i-imeyili noma umlayezo womgunyathi ( isibonelo, equkethe isixhumanisi sokulanda inguqulo entsha yomdlalo odumile we-Flappy Bird, bheka ividiyo ngezansi).
Uma umsebenzisi echofoza isixhumanisi esiwumgunyathi, uzoyiswa ekhasini lewebhu emcela ukuthi alande uhlelo lokusebenza olufana ne-Flappy Bird, kodwa empeleni inguqulo mbumbulu ye-Gmail efaka kabusha uhlelo lokusebenza lwangempela olulandwe ngokusemthethweni kusukela ku-App Store. . Uhlelo lokusebenza luyaqhubeka nokuziphatha ngendlela efanayo, luvele lulayishe ihhashi leThrojani kulo, elithola yonke idatha yomuntu siqu kulo. Ukuhlasela kungase kungakhathaleli i-Gmail kuphela, kodwa futhi, isibonelo, izinhlelo zokusebenza zebhange. Ngaphezu kwalokho, lolu hlelo olungayilungele ikhompuyutha lungaphinde lufinyelele kudatha yangempela yasendaweni yezinhlelo zokusebenza okungenzeka ukuthi sezisusiwe, futhi ithole, isibonelo, okungenani izifakazelo zokungena ezilondoloziwe.
[youtube id=”76ogdpbBlsU” wide=”620″ height="360″]
Izinguqulo zomgunyathi zingangena esikhundleni sohlelo lokusebenza lwangempela ngenxa yokuthi zinenombolo efanayo kamazisi eyingqayizivele i-Apple eyinikeza izinhlelo zokusebenza, futhi kunzima kakhulu kubasebenzisi ukuhlukanisa eyodwa komunye. Inguqulo mbumbulu efihliwe bese irekhoda imilayezo ye-imeyili, i-SMS, izingcingo kanye neminye imininingwane, ngoba i-iOS ayingeneleli ezinhlelweni zokusebenza ezinedatha efanayo yokuhlonza.
I-Masque Attack ayikwazi ukuthatha indawo yezinhlelo zokusebenza ezizenzakalelayo ze-iOS njengeSafari noma i-Mail, kodwa ingahlasela kalula izinhlelo zokusebenza eziningi ezilandwe ku-App Store futhi ingase ibe usongo olukhulu kune-WireLurker etholwe ngesonto eledlule. U-Apple uphendule ngokushesha ku-WireLurker futhi wavimba izitifiketi zenkampani okwafakwa ngazo izinhlelo zokusebenza, kodwa i-Masque Attack isebenzisa izinombolo zomazisi ezihlukile ukuze ingene ezinhlelweni ezikhona.
Inkampani yezokuphepha iFireEye ithole ukuthi i-Masque Attack isebenza ku-iOS 7.1.1, 7.1.2, 8.0, 8.1 kanye ne-8.1.1 beta, futhi kuthiwa i-Apple ibike inkinga ngasekupheleni kukaJulayi kulo nyaka. Kodwa-ke, abasebenzisi ngokwabo bangazivikela engozini engaba khona kalula kakhulu - bangafaki noma yiziphi izinhlelo zokusebenza ngaphandle kwe-App Store futhi bangavuli noma yiziphi izixhumanisi ezisolisayo kuma-imeyili nemilayezo yombhalo. U-Apple akakaphawuli ngephutha lezokuphepha.
I-Apple inonyaka omubi. Amafoni aguqukayo, ukungenzeki kokushaya ucingo ocingweni, izimbobo zokuphepha njengengulube, i-wifi engasebenzi kancane ku-Yosemite (lokho umbala wesakhiwo ngasinye). Ziphi izinsuku lapho u-Apple enza izinto kahle? Ngiyazi, kwakungaphambi kokufa kuka S. Jobs...
Kodwa-ke, abasebenzisi ngokwabo bangazivikela engozini engaba khona kalula kakhulu - bangafaki noma yiziphi izinhlelo zokusebenza ngaphandle kwe-App Store futhi bangavuli noma yiziphi izixhumanisi ezisolisayo kuma-imeyili nemilayezo yombhalo.
Kodwa lokhu akuzange kusebenze, ngoba uma kusebenze, uhlelo olungayilungele ikhompuyutha kanye namagciwane azikho namuhla :)
Akuzange kusebenzele "abantu abangalaleli", okuyinto iCzech Republic egcwele, futhi yingakho imithetho futhi ikakhulukazi imithetho yemigwaqo imane nje ihlaya kubo, futhi ukungalaleli lesi sincomo mayelana nesofthiwe engekho emthethweni futhi kuyindlela yokuya. ukubhujiswa. Ngakho-ke kungasebenza uma kungenjalo kumqondo okhohlakele;)
Ngeke ngifake imithetho yemigwaqo, ngebhadi ayibhalelwanga ukwenza imigwaqo yethu iphephe, kodwa ukuxhasa amaphoyisa kamasipala nokuxhasa imali engenayo uma ingena esikhwameni sikamasipala :(((((
Kodwa lokho akuyona ingxoxo lapha :)
Ngithanda kakhulu ukucabanga kwabantu, ikakhulukazi baseCzech Republic. Uma esikhundleni sephakethe elingu-1 likagwayi bathenge izinhlelo zokusebenza ezi-90 ngamasenti angu-4 lilinye futhi bangazilanda emithonjeni engekho emthethweni futhi abazange baphule i-iPhone yabo ejele, bekungeke kudingeke bakhale ngokulahlekelwa yimishini yabo ebizayo :)
Yiqiniso, yonke le ntambo yadalwa ngokuphendula isiprofetho esingenangqondo: "kusukela ekufeni kukaJobs, konke kuhamba kahle, futhi kulo nyaka ikakhulukazi"
Angizange ngithande ukuqhathanisa. Kule minyaka engu-2 edlule, ngiyabonga kubangani bami, ngingene shí kulesi sihloko futhi angikuthandi okwenzeka lapho futhi ngezinye izikhathi kuyenyanyeka ngempela :(
Ngiyavuma ukuthi impendulo yami efakwe esithangamini kungenzeka ivele ithukuthele, kepha yimina lowo, ngiqonda ngqo ephuzwini ngaphandle kokuhlekisa futhi angithandi ukujabula, ngibhala umbono wami. Ngeshwa, kwesinye isikhathi kuba ngentengo lapho ngicabanga ukuthi ngibhale umbono wami ngendlela eqondakalayo, kodwa abantu abazi ukuthi ngiqonde ukuthini :(
Ngakuqonda ukufaniswa kwengqondo ngaphambili, kodwa ngicabanga ukuthi lesi sifaniso esisha (mayelana nebhokisi, kodwa hhayi izinhlelo zokusebenza ezingu-4x) sinembe kakhulu.
Engeza Imisebenzi: Ngicabanga ukuthi i-Apple iyabheka okwamanje. Yize bengenaye umholi ofana noS.Jobs kodwa ababi kangako. Banabantu abaningi abanolwazi nabahlakaniphile abazokwazi ukuqhamuka nezinto ezithakazelisayo, kodwa kuthatha isikhathi. Ngokwami, ngicabanga ukuthi kuzokwazi ukuqhathanisa i-Apple namuhla ne-Apple ne-S.Jobs kuze kufike eminyakeni eyi-10 ngemuva kokuhamba kwakhe, kuze kube yileso sikhathi kuvele kukhale, kodwa lokho kungumbono wami nje ...
Ngivumelana ngokuphelele;)
Babenezimbobo zokuphepha ngaphambili futhi ezibaluleke kakhulu kunalokhu... Ngokwesibonelo, bengeze isendlalelo se-ASLR ku-OSX 10.5, kodwa besisebenza ngokugcwele kuphela ku-10.7 (uma ngenza iphutha ekuhumusheni), thola isitatimende sokuthi uchwepheshe wezokuphepha u-Dino Dai Zovi. Ngokuqondene nezimbungulu zakamuva, thola imininingwane nge-Heartbleed, Shell Shock…
Iziphazamisi zokuphepha, bezikhona, zikhona futhi zizoba khona, kungakhathaliseki ukuthi usebenzisa i-Linux, i-Windows, i-OSX, i-Chrome... Kusele isikhathi eside ngaphambi kokuthi i-OSX noma i-Linux yande kakhulu futhi lezi zinhlelo zithandeke kakhulu kubadali bohlelo olungayilungele ikhompuyutha, wena nje. awukwazi ukukugwema futhi uma uthi uhlelo "alunawo amaphutha" (njengoba ngake ngasho nge-Linux), lapho-ke uqamba amanga ephaketheni lakho...
Ngendlela, uma ufuna ukwesaba, thola ulwazi mayelana nenkomfa yezokuphepha ye-Black Hat yalo nyaka futhi ubuke izinkulumo ngobungozi be-USB firmware, lokho kuyibhomu futhi :)
ongaziwa : Lokho kuwubullshit futhi, kungikhumbuza uSobotka. Ngincoma ukuthi ushintshele kwenye inkundla futhi ukhiphe i-iOS ne-Mac OS uma i-S.Jobs isihambile. Khona-ke uyokwaneliswa.
Futhi kudivayisi eboshwe kakhulu ejele, ingabe bafaka izinhlelo zokusebenza kwenye indawo ngaphandle kwe-AppStore?
Nami ngingaba nentshisekelo kulokho. Ngoba angikaze ngibone ku-iOS yami ukuthi kungenzeka ukufaka uhlelo lokusebenza ngaphandle kwe-AppStore. Ngenkathi okuthi "Faka" kuvela kuleyo vidiyo, angikaze ngikubone.
Yebo, udinga nje ukuthi isicelo sisayinwe ngesitifiketi se-Enterprise, bese singafakwa ngale ndlela.
Akusebenzi ngaphandle kwe-jailbreak. Noma thumela isixhumanisi futhi ngizozama ukufaka uhlelo ku-iPhone yami ngaphandle kwe-jailbreak ngale ndlela.
U-Lukas Palda uqinisile. Kungenzeka, kodwa kunezinhlelo zokusebenza ezimbalwa ze-tech noma azithakazelisi kangangokuthi awazi ngazo, kodwa kungenzeka :)
Ngakho vele ulande i-Store futhi inkinga isiphelile
Sawubona wonke umuntu ... ngokusho kwami kanye nesihloko, kwanele ukulandela imithetho eyisisekelo, njengalapho usebenzisa amanye amadivaysi axhunywe enetheni (kungakhathaliseki ukuthi i-iOS, i-Android, i-WIN, njll.) = ungachofozi okunamathiselwe okuvela kubathumeli abangaziwa, ungadlali amaqhinga futhi udlale "i-hacker" enolwazi, ungalandi amafayela asolisayo... Ngifunde isihloko esifanayo ku-"gossip" novinky.cz futhi uma othile efuna ukulimaza noma iyiphi inkampani, bayokwenza lokho. thola indlela...
Kulabo abacabanga ukuthi kwanele ukungabi ne-Jailbreak futhi ufake kuphela kusuka ku-AppStore:
http://www.fireeye.com/blog/technical/cyber-exploits/2014/11/masque-attack-all-your-ios-apps-belong-to-us.html
Kusukela esigabeni: "abasebenzisi be-iOS bangazivikela ekuhlaselweni kweMasque ngokulandela izinyathelo ezintathu: ...".
Isifinyezo: ngemva kokuchofoza isixhumanisi ku-imeyili noma i-sms, ibhokisi lengxoxo elinenketho ethi "Faka" (noma uMthuthukisi Wokuthembela) lingavela kuwe. Yilokho empeleni umnyombo wale nkinga.
Ungase ucabange ukuthi awuchofozi izixhumanisi, kodwa abangani bakho, umndeni, njll. akudingekile ukuba babe nolwazi lwe-IT njengawe, ngakho-ke kuhle ukubayala ukuthi bangachofozi ku-"Faka" nokunye.
___
Ngithathe izintambo ku-root.cz