How the FBI Managed To Get Into the San Bernardino Shooter’s iPhone

A new report from The Washington Post reveals how the FBI gained access to an iPhone linked to the 2015 San Bernardino shooting. Apple refused to build a backdoor into the phone, citing the potential to undermine the security of hundreds of millions of Apple users, which kicked off a legal battle that only ended after the FBI successfully hacked the phone. Thanks to the Washington Post’s report, we now know the methods the FBI used to get into the iPhone. Mitchell Clark summarizes the key findings via The Verge: The phone at the center of the fight was seized after its owner, Syed Rizwan Farook, perpetrated an attack that killed 14 people. The FBI attempted to get into the phone but was unable to due to the iOS 9 feature that would erase the phone after a certain number of failed password attempts. Apple attempted to help the FBI in other ways but refused to build a passcode bypass system for the bureau, saying that such a backdoor would permanently decrease the security of its phones. After the FBI announced that it had gained access to the phone, there were concerns that Apple’s security could have been deeply compromised. But according to The Washington Post, the exploit was simple: [An Australian security firm called Azimuth Security] basically found a way to guess the passcode as many times as it wanted without erasing the phone, allowing the bureau to get into the phone in a matter of hours.

The technical details of how the auto-erase feature was bypassed are fascinating. The actual hacking was reportedly done by two Azimuth employees who gained access to the phone by exploiting a vulnerability in an upstream software module written by Mozilla. That code was reportedly used by Apple in iPhones to enable the use of accessories with the Lightning port. Once the hackers gained initial access, they were able to chain together two more exploits, which gave them full control over the main processor, allowing them to run their own code. After they had this power, they were able to write and test software that guessed every passcode combination, ignoring any other systems that would lock out or erase the phone. The exploit chain, from Lightning port to processor control, was named Condor. As with many exploits, though, it didn’t last long. Mozilla reportedly fixed the Lightning port exploit a month or two later as part of a standard update, which was then adopted by the companies using the code, including Apple.

Israel May Have Destroyed Iranian Centrifuges Simply by Cutting Power

An anonymous reader shares a report: The explosion and blackout at the Natanz nuclear facility in Iran over the weekend raised the specter of past sabotage — including the Stuxnet cyberattack that took out some of Natanz’s centrifuges between 2007 and 2010 as well as an explosion and fire that occurred there last July — destroying about three-fourths of a newly opened plant for the assembly of centrifuges. Government officials and news reports gave conflicting accounts of what caused the latest blasts, the extent of damage, and Iran’s capacity to quickly recover. Initial reports said there was no harm to the Natanz facility, but Iranian officials later acknowledged damage to its centrifuges.

And while media accounts have suggested saboteurs focused on taking out the facility’s electric supply, David Albright, founder and president of the Institute for Science and International Security in Washington, D.C., believes the aim was to destroy centrifuges. Power is easy to restore even when electrical equipment is damaged, allowing enrichment work to quickly resume. But an abrupt blackout that also takes out backup power would have destroyed some centrifuges, Albright says, since they need to be powered down slowly. Failure to do so leads to vibrations that can cause centrifuge rotors and bellows to become damaged and in some cases disintegrate, which is what Albright suspects occurred.

EDR functionality in a small business solution

Most security solutions for small and medium-size businesses exist simply to prevent malware from running on a workstation or server — and for years, that was enough. As long as an organization could detect cyberthreats on end devices, it could arrest the spread of infection over its network and thus protect the corporate infrastructure.

How Continuous Control Automation is Leapfrogging Continuous Control Monitoring

In a world where automation is taking over fast food, driving, package delivery, and practically every other industry, why isn’t it more prevalent in the cybersecurity realm? For a sector inundated with cutting-edge technology in almost every other aspect, somehow risk and compliance management has fallen to the wayside. Employees and chief information security officers (CISO’s) are still spending hours poring in spreadsheets and doing manual control monitoring and in 2021, with digital transformation everywhere in the world, it’s frankly unacceptable.