Connect with us

World

Apple iPhones can be hacked even if the user never clicks a link, Amnesty International says

Published

on

iPhone 12 Mini and iPhone 12 Pro Max.

Todd Haselton | CNBC

Apple iPhones can be compromised and their sensitive data stolen through hacking software that doesn’t require the phone’s owner to click on a link, according to a report by Amnesty International published on Sunday.

Amnesty International said it discovered iPhones belonging to journalists and human rights lawyers had been infected with NSO Group’s Pegasus malware that can provide the attacker access to messages, emails and the phone’s microphone and camera.

The revelation suggests governments using NSO Group software have been able to successfully hack iPhones to spy on user data using methods unknown to Apple, and that even keeping an iPhone up-to-date cannot stop a dedicated attacker who’s using expensive and secretive spy software.

The nature of the attacks also suggests changing user behavior, such as avoiding clicking on unknown or phishing links in messages, may not protect iPhone users against NSO’s software. Past versions of Pegasus required the user to click a malicious link in a message, Amnesty International said.

NSO Group is an Israeli firm that says it sells to vetted government agencies and law enforcement to prevent terrorism, car explosions and to break up sex and drug trafficking rings.

Amnesty International found evidence of a hack in an iPhone 12, the newest iPhone model, running iOS 14.6, which was the most current software before Monday. Apple updated its software to iOS 14.7 on Monday but has not yet released security details that could indicate whether it has fixed the exploits identified by Amnesty International.

Amnesty International obtained a leaked list of 50,000 phone numbers that may have been targeted by spy software made by NSO Group. It found evidence that Android devices were also targeted by NSO Group software, but wasn’t able to examine those devices in the same way as the iPhones.

“Apple unequivocally condemns cyberattacks against journalists, human rights activists, and others seeking to make the world a better place. For over a decade, Apple has led the industry in security innovation and, as a result, security researchers agree iPhone is the safest, most secure consumer mobile device on the market,” Apple’s head of security engineering and architecture Ivan Kristic said in a statement.

An iPhone software update from Apple could fix the exploit

Security experts say the most effective way to stop malware is to keep devices patched with the latest software, but that requires the device maker to be aware of the bugs the attackers are using. If they are “0days,” as NSO Group is accused of using, that means that Apple has not yet been able to fix the exploits.

Once Apple fixes the exploit, it’s no longer a 0day and users can protect themselves by updating to the latest version of the operating system.

That suggests that NSO Group’s software could stop working or lose the capability to target up-to-date phones as soon as Apple fixes the exploits — which it starts doing as soon as it learns of the attacks, Apple said.

“Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals. While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data,” Kristic said.

iPhone privacy has been a key marketing strategy

Apple has made security and privacy one of its key marketing strategies, arguing its control of the operating system, and the hardware that powers it, allows Apple to deliver a higher level of security and privacy than devices made by rivals.

Apple said its security team is four times larger than it was five years ago and employees work to improve device security as soon as it finds new threats. Apple publishes security fixes for each software update on its website, cataloging them with industry-standard “CVE” numbers and crediting security researchers who find them.

Amnesty International’s report said NSO Group’s software doesn’t stay on an iPhone when it’s rebooted, making it harder to confirm that a device has been infected. It also suggests users who are worried about being targeted may want to regularly reboot their devices.

Amnesty International said it worked with international media groups to publish details about a handful of the phone numbers it found on the leaked list and the specific circumstances that led them to have been targeted by NSO software. Some American phone numbers were on the list but it’s unclear if they were hacked, the Washington Post reported.

An NSO Group spokesperson said the company will investigate all claims of misuse.

“We would like to emphasize that NSO sells its technologies solely to law enforcement and intelligence agencies of vetted governments for the sole purpose of saving lives through preventing crime and terror acts. NSO does not operate the system and has no visibility to the data,” the NSO spokesperson said.

Other technology companies consider NSO Group’s business unacceptable and a threat to their users’ security. Last year, Facebook subsidiary WhatsApp sued NSO Group over an alleged WhatsApp hack. In a court filing from December as part of that case, third parties including Microsoft, Google, Cisco and others said NSO Group had violated U.S. laws and doesn’t deserve immunity because it sells to foreign governments.

Source link

World

Crew cupola window view in orbit

Published

on

The first look at the crew in orbit, from left: Jared Isaacman, Hayley Arceneaux, Chris Sembroski, Sian Proctor.

Inspiration4

Inspiration4, which launched with Elon Musk’s SpaceX on Wednesday evening, shared the first photos from day one in orbit and gave an up-close look at the expansive views of Earth from the spacecraft’s “cupola” window.

The crew spent its first day in orbit floating in zero gravity inside the capsule, taking photos from the Crew Dragon window and spoke to patients of St. Jude Children’s Research Hospital, answering questions from space.

The historic private mission — which includes commander Jared Isaacman, pilot Sian Proctor, medical officer Hayley Arceneaux and mission specialist Chris Sembroski — is orbiting the planet at an altitude of 585 kilometers (363.5 miles), which is above the International Space Station and the highest altitude humans have traveled in years.

Inspiration4, which is expected to return to Earth and splash down this weekend, was paid for by Isaacman for an undisclosed amount, with the main goal of the spaceflight to raise $200 million for St. Jude.

Hayley Arceneaux takes in the view of Earth from the Crew Dragon cupola window.

Inspiration4

SpaceX modified the top of Crew Dragon capsule Resilience to add a massive window for the astronauts, replacing the docking hatch that is under the spacecraft’s nose cone with the cupola.

Spacecraft commander Jared Isaacman speaks into a microphone as he peers out the cupola window.

Inspiration4

The cupola is the largest window by surface area ever put in space.

Mission specialist Chris Sembroski is seen taking a photo through the cupola, from an exterior camera on Crew Dragon.

Inspiration4

Isaacman is the third billionaire to fly to space this year, following Sir Richard Branson and Jeff Bezos in July. But the latter two — flying with their respective companies, Virgin Galactic and Blue Origin — spent only a couple of minutes each in space, as those companies’ rockets fly on what are known as suborbital trips. In contrast, Inspiration4 is an orbital mission, with the crew spending multiple days in space and going around the Earth as many as 15 times in day.

Musk, among those who saw them off before launch, tweeted that he spoke to the Inspiration4 crew Thursday and that “all is well.”

“Missions like Inspiration4 help advance spaceflight to enable ultimately anyone to go to orbit & beyond,” Musk wrote in another tweet.

SpaceX CEO Elon Musk poses with the crew before launch on September 15, 2021.

John Kraus / Inspiration4

The Inspiration4 crew is making history in ways beyond becoming the first group of nonprofessional astronauts in orbit: Proctor is the first Black female to pilot a spacecraft, and Arceneaux is the youngest American and first person with a prosthesis to fly in space.

Check out more photos from launch day at NASA’s Kennedy Space Center in Florida:

Medical officer Hayley Arceneaux points to the camera as she and pilot Sian Proctor board the Tesla Model X after suiting up before the launch on September 15, 2021.

John Kraus / Inspiration4

SpaceX’s Falcon 9 rocket lifts off carrying Crew Dragon spacecraft Resilience on September 15, 2021.

John Kraus / Inspiration4

The view inside the Crew Dragon spacecraft about 30 seconds after liftoff as the Falcon 9 rocket accelerated away from Earth on September 15, 2021.

SpaceX

The shimmering exhaust plume of SpaceX’s Falcon 9 rocket launching into the dusk sky above Florida on September 15, 2021.

John Kraus / Inspiration4

Become a smarter investor with CNBC Pro.
Get stock picks, analyst calls, exclusive interviews and access to CNBC TV. 
Sign up to start a free trial today.

Source link

Continue Reading

World

Tesla to reverse solar price hike for some customers: legal filing

Published

on

Smith Collection/Gado | Archive Photos | Getty Images

Tesla is trying to placate some solar customers who say they faced sudden price hikes earlier this year, according to new filings with the U.S. district court in San Jose, California.

In a Thursday filing, customers’ attorneys wrote, “Tesla informed counsel for Plaintiffs that Tesla had recently launched a program for customers who signed Solar Roof contracts before the April 2021 price changes to return those customers to their original pricing (if they were subject to a price increase in April 2021).”

As of Friday afternoon, further details of this program were not apparent on Tesla’s solar websites nor the Engage website for customers and advocates of the company. CNBC reached out to plaintiffs’ attorneys and Tesla to get further details about the program. They did not immediately respond.

This spring, frustrated Tesla solar customers sued the company after experiencing surprise price increases.

Filings in three separate lawsuits alleged that Tesla solar customers had already signed contracts with Elon Musk’s electric vehicle and renewable energy venture, and even prepared to have solar photovoltaics installed at their homes, when they were surprised by sudden price hikes that required additional payments to move ahead with their installations.

The price hikes were not trivial. For example, plaintiff Matthew Amans’ solar roof price shot up from around $72,000 per his original contract to around $146,000, according to lawsuit filings.

Those lawsuits were later consolidated into Amans v Tesla, Inc.

Tesla hiked prices for its solar installations at least twice early this year, and made it a requirement for customers ordering solar panels or roof tiles to order the Powerwall home energy storage system as well. Later, CEO Elon Musk revealed that the company would not be able to make enough Powerwalls to keep up with demand this year because of the ongoing microchip shortage.

Overall, solar remains a fairly small part of Tesla’s business. Tesla reported energy generation and storage revenue of $801 million in the second quarter of 2021, with a cost of revenue of $781 million for that division. The company does not break out revenue from solar on its own — the unit includes revenue from its lithium-ion battery energy storage systems, which range from home backup batteries to giant, utility-scale systems.

By way of comparison, Tesla booked $10.2 billion in automotive sales during the quarter.

Here’s the legal filing.

Source link

Continue Reading

World

Elizabeth Holmes pushed faster Theranos Walgreens rollout: Testimony

Published

on

Elizabeth Holmes, CEO of Theranos, attends a panel discussion during the Clinton Global Initiative’s annual meeting in New York, September 29, 2015.

Brendan McDermid | Reuters

SAN JOSE, CALIF. – A former Theranos scientist testified Friday that Elizabeth Holmes pressured her to validate blood test results from the company’s Edison machine to speed up a rollout in Walgreens despite problems with the device’s accuracy.

Surekha Gangakhedkar, a senior scientist at Theranos for eight years who reported directly to Holmes, testified that she returned from a vacation in August 2013 and discovered that Theranos was about to launch its Edison blood-testing devices in Walgreens stores.

“I was very stressed and unhappy and concerned with the way the launch was going” Gangakhedkar said. “I was not comfortable with the plans that they had in place so I made a decision to resign and not continue working there.”

Gangakhedkar recalled meeting with Holmes in September 2013 about the issues that prompted her resignation.

“At that time she mentioned that she has promised to deliver to the customers and didn’t have much of a choice then to go ahead with the launch,” Gangakhedkar said becoming emotional on the stand.

“Ms. Holmes said she didn’t have much of a choice?” asked Robert Leach, an assistant U.S. attorney.

“Yes,” she replied.

Despite signing a non-disclosure agreement, Gangakhedkar said she printed some documents and took them home when she quit because she was “worried about the launch, I was actually scared that if things do not go well I would be blamed.”

Gangakhedkar was granted immunity from criminal charges in exchange for her testimony.

She testified that in August 2013 she didn’t think the Edison 3.0 and 3.5 were ready to be used for patient testing, adding “there were problems with getting consistent results.” However, Gangakhedkar recalled that Holmes was pressuring the team to validate the tests even though “in my opinion she was aware,” of the accuracy issues.

Holmes is fighting 12 charges of wire fraud and conspiracy to commit wire fraud, and has pleaded not guilty. In opening statements, her defense attorney told jurors that Holmes was an ambitious young woman who made mistakes but didn’t commit a crime.

Earlier in the day, Erika Cheung, a former lab associated turned whistleblower, concluded her testimony after three days on the stand. Cheung recalled that frequent quality control failures in the lab created substantial delays in test results for patients.

“We had people sleeping in their cars because it was just taking too long,” Cheung testified. “Every few days we were having to run samples over and over again.”

Cheung, who quit Theranos six months after joining as a college graduate, said she “became concerned probably a month in with the Vitamin D samples.”

Gangakhedkar’s testimony continues on Tuesday. Among the insiders the government plans to call to testify next is Daniel Edlin, a project manager who reported directly to Holmes and worked on the Walgreens partnership. Edlin was also friends with Holmes’ brother, Christian.

Source link

Continue Reading

Trending