Newly discovered malware dubbed 'Unflod Baby Panda' infects jailbroken iDevices in an attempt to steal your Apple ID and password.
Stefan Esser, a hacker known as i0n1c, details the malware that was discovered by reddit users.
On 17th April 2014 a malware campaign targetting users of jailbroken iPhones has been discovered and discussed by reddit users. This malware appears to have Chinese origin and comes as a library called Unflod.dylib that hooks into all running processes of jailbroken iDevices and listens to outgoing SSL connections. From these connections it tries to steal the device's Apple-ID and corresponding password and sends them in plaintext to servers with IP addresses in control of US hosting companies for apparently Chinese customers.
Unfortunately, the origin of the malware is not known. It's believed that it may end on up jailbroken phones when a user installs pirated apps from unofficial Chinese repositories. Of course, we suggest that you never do this.
The malware is located at /Library/MobileSubstrate/DynamicLibraries/Unflod.dylib on your iDevice. The threat is digitally signed with an iPhone developer certificate registered to a person called WANG XIN. It's unclear if this is a real person, a fake persona, or a victim of certificate theft.
Here's how it works:
"The malware basically hooks into SSLWrite of the Security.framework and scans the buffer for certain strings that indicate the presence of the Apple-ID and the password for it. If those are found the code attempts to connect to the IPs 184.108.40.206 and 220.127.116.11 on port 7878 to send out the stolen data in plaintext."
i0n1c notes that Dr. Web is the first one to identify Unflod.dylib as malicious.
Deleting the Unfold.dylib and changing your Apple ID password appears to be enough to recover from the attack; however, since the origin of the malware cannot be located, we don't know if any other malware was bundled with it. Thus, to be sure any threat is completely removed, you will need to do a full restore. Unfortunately, this means losing your jailbreak.
You can use iFile to easily check for the existence of Unflod.dylib; however, a it's like that a tweak or an update to Cydia will be released to address the malware shortly.
The death of WIndows XP. Sources all around the world cite: "Roughly, over 500,000,000 devices; Yes, that's right: 500 (Five Hundred) Million Devices; Still Run Windows XP.
This includes: ATM Machines, Large Amounts of Government Used Devices, Satellites including GPS Systems, Train & Rail Systems, Flight Navigation Systems, Musical Production Studios, Factories that are used to Manufacture the "Over 500,000,000 devices still run Windows XP), Medical & Health Care Systems, Banks, Internet Service Providers, Schools.
The list goes on, for over five hundred million device examples.
What does this mean for the Crypto-Currency community? Instant death. Math time:
500,000,000 = Devices that Run Windows XP
6,00,000,000 = Current Highest Difficulty
13,000,000 = Remaining Bitcoins
5,200,000 = Remaining Blocks
25 = Number of BitCoins in a Block
2,700,000,000,000,000 = Number of Hashes it takes to Mine 1 (One) Block, which again a Block is worth 25 (Twenty-Five) BitCoins
5,400,000 = Number of Hashes left after ALL WIndows XP Devices hash one time
That literally means in SECONDS, we can mine ALL possible BItCoins and all other CryptoCurrencies.
It's very possible this could happen, only time will tell.
Requirements: - Jailbreak - Perk TV app (available only in the US AppStore but you can download it from here) - FastForward - VPN One Click/Onavo or any other US VPN.
Hack Features: - Earn points even faster and use them to redeem Gift Cards!
Instructions: 1. Create a new account for Perk using this link: This is the link. Click me! It is very important for you to use this link otherwise it will not work. Yeah, that was a lie but you'd help me out a lot if you do so.
2. Click the "Sign Up" button on their webpage and register using your email or Facebook. (You might need to validate your email afterwards)
3. If it wants to download their browser then just cancel it or you can try it out but that's not what this is about.
4. Download Perk TV app and install it on your device through the AppStore or from here.
5. Open the Perk TV app on your SpringBoard and log in using the account you created on the link above.
6. After logging in, close the app from multitask and download FastForward and it's dependency AppList.
Note: You can also download them from the BigBoss repo.
7. Respring after installing.
Note: AppList caused some issues on my 4s like getting stuck on the Boot Logo. If that happens to you, boot into Safe Mode and remove AppList. Reboot back into normal mode and install FastForward but don't respring and use the tweak.
8. Open FastForward from your SpringBoard and turn it on for the Perk TV app or just turn it on for all apps if you do not see Perk TV on the list.
8. Then go to the "Settings" tab and select your Playback rate. Set the playback rate depending on your internet connection. If you set the playback rate too much then the video will just keep freezing if you have a slow internet. If you have a fast internet then you can set the playback speed to anything you want.
NOTE: If you do not live in the US then you need to use a VPN otherwise you will not win any points. Use VPN One Click from the "Requirements" above.
10. Close FastForward and open the Perk TV app.
11. Click the "Watch & Earn" button on one of the trailers and you're done.
When you play the videos, they will play at at least 6 times the speed and they will automatically cycle through all the videos and then start over. The amount of time you leave it running, will determine how much money you make. You get 4 points for every 2 videos you watch. You can also use Background Manager and Insomnia to leave the app running even when the screen is locked.
With "pre-show" festivities of the annual Consumer Electronics Show's 2014 edition in the books, AppleInsider takes a look at some of Monday's less-popular — but still interesting — stories from the show floor.
LG resurrected fallen iOS competitor WebOS in the South Korean giant's new range of "Smart TV" connected televisions. The platform — which LG says will power 70 percent of its connected sets in 2014 — sports a slick user interface and has been bestowed with several useful touches, like the ability to recognize when a user connects an external device and present contextually-relevant menu options.
The new sets come bundled with apps for popular services including YouTube, Facebook, Skype, and Twitter, and users will be able to download new apps and content from the LG Store. LG has not yet released pricing or availability information.
Meanwhile, streaming content company Roku announced partnerships with Chinese manufacturers TCL and Hisense for their own connected television platform, Roku TV. Under the agreements, the same software that powers Roku's popular streaming boxes will be adapted and pre-loaded on sets from the two TV makers.
Roku says the content available on Roku TV will be identical to the options present on the company's streamers, and the sets will come with a new 20-button remote control, which the company touts as being half the number of remote controlled buttons as traditional televisions. Pricing is not yet available, but Roku TV units are scheduled to hit retail outlets in the fall.
Not content to stop at televisions, LG also unveiled two new wearable fitness devices on Monday. The Lifeband Touch is a wrist-worn activity tracker similar to a Nike Fuelband, while LG's Heart Rate Earphones are Bluetooth-enabled in-ear headphones that measure biometric data like heart rate and maximum oxygen consumption from the external portion of the ear.
Lifeband Touch sports an OLED display that, in addition to the time and standard biometric data, can be configured to relay notifications from a connected smartphone. The Heart Rate Earphones can also be configured to send data to the Lifeband Touch for display. Both devices are slated for release in the first half of 2014 with pricing yet to be determined.
The wearable parade continued with the Polar V800, a combination fitness tracker and GPS wristwatch. Polar's entry provides more granular detail than most other activity trackers, collating data from individual training sessions to forecast recovery time and help users get adequate rest between sessions.
Polar's V800 also brings other unique features like integrated GPS, a built-in barometric pressure sensor for more sensitive altitude tracking, and the ability to monitor heart rate while swimming under water. The tracker comes in black and blue and will be available for purchase in April for $449.95, or $499.95 with heart rate monitor.
French technology company Parrot announced two new iOS-controlled robotic devices, a small jumping robot dubbed the Jumping Sumo and a miniature flying drone the firm is calling the MiniDrone. Both products were first outed by The Verge.
The Jumping Sumo is a two-wheeled, floor-bound bot that the publication says can make near-instant 180-degree turns and spring-assisted jumps up to three feet, while the MiniDrone is a palm-sized quadrocopter. Both devices are controlled with iOS apps and feature built-in cameras.
Parrot's MiniDrone connects with Bluetooth 4.0, while the Jumping Sumo takes advantage of 802.11ac Wi-Fi. Parrot has not yet released availability and pricing information.
At the same time, Orbotix unveiled a second-generation remote-controlled device of its own, showing off the new, tubular Sphero 2B. The Sphero 2B is a ruggedized version of the iOS-controlled toy sold in Apple Stores around the world, featuring knobby, replaceable tires and new multiplayer games.
Sphero's latest entry is also fully programmable, and the company urges users to "embrace your inner hacker." Sphero 2B will go on sale this fall for "$99 or less."
AT&T Mobility chief Ralph de la Vega announced that the carrier plans to support HD Voice on its network sometime this year, according to a report from The Verge. HD Voice uses wideband technology — including new audio codecs and an expanded audio range — to vastly improve the audio quality of mobile phone calls and reduce background noise.
With AT&T's launch, Verizon Wireless will be the only one of the big four wireless carriers not to implement HD Voice.
Elsewhere on Monday, newly-minted AT&T arch-rival T-Mobile announced a $3.3 billion deal to purchase a chunk of 700 Mhz wireless spectrum from Verizon Wireless. T-Mobile says the swap will help the carrier boost in-building signal strength and extend rural coverage, as well as coverage "at the edge of cities and in less densely populated areas."
As part of the deal, the two companies will "realign" an additional $950 million worth of spectrum in California and Georgia.
This is an exciting time for jailbreakers around the world. While you are busy updating and jailbreaking your iDevices, the insanelyi team is hard at work! Though our current app 'insanelyi App - iOS6' works on iOS7 you'll be seeing a new app being pushed to the insanelyi repo which will have new iOS 7 Specific graphics and features. Keep an eye on our app development thread here.
What features would you like to see added to the new insanelyi app ?
Apple has patched an obscure vulnerability in its iOS operating system that could have allowed a malicious hacker to install malware on an iPad or iPhone via a bogus USB charger.
Discovered by researchers at the Georgia Institute of Technology, the vulnerability can be exploited only by a custom-built USB charger outfitted with a tiny Linux computer. But it can be exploited quickly — in under 60 seconds.
“Despite the plethora of defense mechanisms in iOS, we successfully injected arbitrary software into current-generation Apple devices running the latest operating system (OS) software,” the researchers explain in their Black Hat security conference presentation summary. “All users are affected, as our approach requires neither a jailbroken device nor user interaction. … attackers can hide their software in the same way Apple hides its own built-in applications.”
Potentially nasty stuff. But Apple has already developed a fix that will bolster iOS’s defenses against it. It has programmed the operating system to ask users if they trust the computer to which they’re connecting their device. A simple and effective fix for a nascent exploit that could have evolved into a real threat, given enough time.
Saurik has announced that due to a mistake in the system used to request APTickets from Apple, all the tickets saved via Cydia are 'useless'.
Those of you who recently launched Cydia may have received a notice to "See TSS Center (below) to request iOS SHSH", and may be surprised to read the message, "No SHSH seems to be stored for this device".
At this point, I think I have described everything I need in order to explain the current situation: all of the APTickets Cydia itself requested from Apple for iOS 6 are useless. The word "useless" is important, as it is not accurate to use the word "corrupt": the data that was uploaded was not lost or damaged, and in fact all of the tickets that were stored verified per the algorithm from MuscleNerd.
Instead, the requests being made via Cydia to collect SHSH information for iOS 6 did not result in useful tickets. This is because, in order to better emulate the requests Apple had been making when I first started the service, I filter the manifests I send to Apple to only include information about files that had the partial digests I discussed earlier, as only files that have partial digests are relevant for SHSH.
However, the APTicket signs complete digests, not partial digests, and so even descriptions of files that do not have partial digests need to be sent to TSS to get a complete ticket. What really should therefore be used as a filter is "files with digest information at all", not just those that have partial digests (there is never a partial digest without a full digest), effectively finding all "real" files.
The result is that the APTickets that were downloaded and saved by Cydia itself are not sufficient to boot a device. However, tickets that were downloaded or otherwise obtained by tools such as redsn0w, iFaith, or TinyUmbrella, will work fine. If those tickets are uploaded to Cydia and then downloaded back, they also will continue to work: it is only tickets downloaded by Cydia clients themselves that were affected.
in Capp's Blog,
05 April 2013
Pod2g confirms evad3rs are not working on 6.1.3 jailbreak
It’s been nearly two weeks now since Apple released iOS 6.1.3 that effectively killed the evasi0n jailbreak. It had a good run though, lasting for nearly 6 weeks, through 2 iOS software updates, and jailbroke close to 20 million devices.
And it looks like that’s it for jailbreaks for a while. We had an inkling there wouldn’t be a 6.1.3 jailbreak released—it doesn’t make sense to burn exploits before iOS 7— and the evad3rs‘ pod2g just confirmed our suspicion on Twitter…
Here’s the tweet :
Again, this doesn’t really come as much of a surprise. Apple is expected to unveil the next version of iOS, presumably iOS 7, at its WWDC event, and that typically happens around mid-June. So that’s what, just over two months away?
This makes it virtually pointless for the evad3rs to update the evasi0n jailbreak tool with new exploits, as Apple would certainly patch them in iOS 7. And then you’ve burned usable exploits, which seem to be getting harder to find.
It is worth noting, however, that p0sixninja recently announced that he has discovered enough exploits to produce a new jailbreak. And although it’s very unlikely, it’s possible he could release it before Apple unveils the next version of iOS.
But my money is on us not seeing a new jailbreak until late-summer, or even the fall. So [obviously] you’ll want to stay away from iOS 6.1.3, and any future iOS 6.x updates.
So have you lost the hope that you will not see an untethered jailbreak for the upcoming iOS 6 versions ? Don't worry, today we've got some great news from the popular hacker P0sixninja who has just said on his official twitter account that he has discovered some vulnerabilities that were not patched by the company’s security team in the latest iOS update, as he tweeted out earlier tonight: “Well, so far it looks like the next jailbreak might be created entirely by me.
Check out the tweet:
But don’t worry, p0sixninja says that the evad3rs haven’t gone anywhere. He’s just discovered the exploits on his own.
Think of how a cat, when dropped, can twist its body to land on its paws. Now think of your iPhone falling. Makes you cringe, just thinking of the finely-crafted case and display biting the sidewalk or floor. Enter Apple, taking a lesson from felines and wrapping it in some futuristic technology for a patent designed to protect your iDevice from falls.
In a patent application entitled “Protective Mechanism for an Electronic Device,” the iPhone and iPad maker outlines a series of inventions spanning technology now available to some concepts more Jetson-like…
Apple’s patent filing involves sensors to detect when a device (the iPhone is specifically mentioned) is falling, its speed, and orientation to the ground.
Those sensors connect to processors, which determine how long to impact and the best crash position to limit damage – corner versus a belly flop on the screen, for instance.
An electronic device including a processor, a sensor in communication with the processor and a protective mechanism. The protective mechanism is in communication with the processor and is configured to selectively alter a center of mass of the electronic device. Additionally, the electronic device also includes an enclosure configured to at least partially enclose the processor and the sensor.
That’s all relatively in reach.
But the patent goes on to describe technology to prevent a device falling or changing its position in mid-air that you’re more likely to find in a spy novel than a mobile phone.
In one scenario, a weight inside the device is shifted along the length-width axis to change the phone’s center of gravity based on previous fall data stored in memory. The remaining options seem to be so impractical as to be lifted straight from a James Bond thriller, but they illustrate the creativity put into protecting your phone.
One option suggests a method to “grip the plug” of an accessory, such as your headphones, to stop a device crashing to the ground. This sounds like the mirror opposite of Apple’s MagSafe connectors which break away from your laptop to prevent a computer being dragged off a table.
Other possibilities: Your device could sprout wings, acting as air foils to slow or alter the fall. Finally, your iPhone could be equipped with a canister of gas that acts as a “thruster” (I’m not kidding, that’s what Apple’s filing mentions). All of which begs the question: Why not just include a protective case?
RBC Capital Markets analyst Amit Daryanani has released a new research report today citing supply chain checks as the basis for predicting a June or July launch for both the iPhone 5S and a lower-cost iPhone, in line with other recent reports. Daryanani says, however, that the lower-cost iPhone appears set to omit a Retina display.
Our supply-chain checks indicate that AAPL is working to launch multiple new phones in the June/July time-frame this year. Specifically, AAPL will launch the iPhone5s and a more affordable but lower-end iPhone at the same time, in either late CYQ2 or early Q3. The low-end iPhone will have the same 4" form factor as the iPhone5 but will have plastic casing and no retina display. With a lower price-point, AAPL will be able to target a growing and important part of the Smartphone market (sub-$400 price-band).
Daryanani's claim of no Retina display for the lower-cost iPhone conflicts with reports from reliable KGI Securities analyst Ming-Chi Kuo, who has claimed several times that the cheaper iPhone's 4-inch display will carry the same 326 pixels per inch seen on all Retina iPhone displays released to date.
Daryanani's claims also raises suspicion because Retina displays are a long-established feature of Apple's iPhone lineup, with all the iPhone models currently offered by Apple supporting the feature. This includes the iPhone 4, which is offered for free with a two-year contract in the United States, although this new low-cost iPhone is said to be seeking to bring prices even lower to attract customers in markets where carrier subsidies are uncommon.
Just yesterday, Apple announced to developers that all apps submitted to the App Store must support both Retina resolution and the larger 4-inch screen of the iPhone 5 and fifth-generation iPod touch as of May 1. Apps can, of course, also support devices such as the iPhone 3GS using non-Retina displays.
The clock, designed by Hans Hilfiker, has become an icon of both the Swiss railway and of Switzerland itself. The trademark and copyright for the clock is owned by the Swiss Federal Railways service.
According to the article: SBB is the sole owner of the trademark and copyright of the railway clock. The railway company will now get in touch with Apple. The aim is a legal, as well as a financial solution. It is not right that one [Apple] simply copies the design. The paper notes that Apple Switzerland declined to comment and directed reporters to Apple's corporate headquarters in the United States.
Update: In the interest of fairness, we have changed our links from Tanges-Anzeiger to the Swiss daily Blick, which first reported the story. The translated quote remains one provided by a MacRumors reader from a paragraph in the Tanges-Anzeiger story.
People close to some of the Canadian carriers that are planning to sell the new device said Friday that Apple will not allow those firms to sell it in their stores without also activating the device. In effect, that means users will have a harder time reselling the phones or shipping them to other countries where the iPhone may not have launched yet, or may not normally be available. As such, the move gives Apple more control over how and where its devices are sold. According to a source, Apple had not required immediate activation as a prerequisite for sales for any of the previous iPhone models.
Essentially, when you walk into any carrier or dealer to buy the iPhone 5, you won’t be able to leave with your phone until it is activated. An ‘activation’ in Apple’s definition means getting to the Home screen. Anytime an iPhone is activated on either Rogers, Telus or Bell, Apple is automatically paid a fee by the carriers, with the latter also receiving part of usage fees from monthly plans. According to the Globe and Mail, sources close to the ‘Big 3′ carriers confirmed off the record this new rule would apply for the iPhone 5. It appears these new changes target scalpers and resellers; Apple is tightening its leash on iPhone sales. Update: Our reliable source mentions you can leave Apple Stores with a sealed carrier locked and activated iPhone 5. Also, fully unsubsidized and carrier locked iPhone 5 units will be available for purchase.
This is my blog and my first blog post.
I don't understand why this blog is required to be made. Doesn't this waste space on the server? Anyways I guess I'll post interesting stuff here that isn't about the news.
I'll post news on the icommunity blog.
The iOS slide to unlock feature is fun to use, but it's very limited and boring. It takes you to the same place you left off all the time. With a new jailbreak tweak dubbed LockSliderz by iOS developer Zmaster - the same developer that brought us AndroidLockXT, we can change the way our unlock sliders behave, look, and work.
Looking at the screenshot above, you can tell right off the bat that a few things look different about the lock screen. The most obvious is the Spotify slider, but the main slider also has a different looking icon on it - an unlocked lock instead of an arrow. The other difference you notice is that there is no 'slide to unlock' text. The design is very minimalist, however the functionality can be appreciated by anyone looking for good lock screen shortcut methods. LockSliderz comes with its own section for the Settings application which is shown below:
Shown at the top is my favorite part of any jailbreak tweak; the ability to enable it and disable it at your leisure - great for troubleshooting. Under that you see settings for both the first and second slider. These are not to be confused with the knobs. As it turns out, LockSliderz gives you up to four knobs on your lock screen which is equivalent to two sliders. This gives you the ability to put up to three applications shortcuts on your lock screen. When you enable all of the sliders on your lock screen and make them all size small from the settings, this is what results:
As shown, you can set any applications that you want to for each knob. When you go to slide a knob with an application on it, the device will unlock and launch the application that was defined by the knob you slid. You do not have to have four knobs, or even two sliders if you do not want to. You can have two sliders and three knobs, or you can have one slider and two knobs, or finally one slider and one knob. As you would expect, the knob on the left needs to be slid to the right and the knob on the right needs to be slid to the left.
The last setting in the settings for LockSliderz lets you choose to have an unlock knob that matches the shape of the application knob - making it square too like the image below instead of the appearance in the first image in this review:
The settings for LockSliderz are intense and exciting. It's worth the price tag of $1.49 because it can be extremely useful and because the graphical appearance looks insanely good. It's a great way to bring some life to that lock screen that we all feel could do more, but doesn't. If you have a pass code set and you are worried that people will be able to get into your iDevice with this tweak, then don't fret. The iDevice will require pass code input no matter which knob is slid and when you input your pass code, the application knob that you slid will launch the corresponding application.
I really like LockSliderz and I honestly don't think I know anyone that couldn't benefit from its features. I can recommend it for any iDevice power-users that are constantly opening applications consistently to check for updates such as Twitter, Facebook, etc. It doesn't cause any kind of graphical lag on the lock screen and it feels as fluid as Apple would have wanted it to be. It requires iOS 5 to be used and works on the iPhone, iPod touch, and iPad. It's fully compatible with AndroidLockXT and LockInfo too!
The iPhone is safter than Android, and RIMM's BlackBerry. But for how long?
(CORRECTION: The original post mistakenly reported that jailbreaking an iPhone and downloading apps through jailbroken iPhones was illegal. It is not illegal. A corrected copy is posted below with new information and quotes from Kaspersky Lab.)
In the battle between smart phone rivals iPhone and Android, the iPhone’s closed operating system makes it less open to viruses, and therefore a lot safer than the Google Android, says Sergey Golovanov, a malware researcher at Kaspersky Lab in Moscow.
Techies like Golovanov might know that Android is a malware accident waiting to happen, but most people walking around with it do not.
Especially when it comes to security breaches done through fake quick response codes, or QR codes (crossword puzzle looking bar code scan-able by some smart phones), the iPhone is a lot safer, he says.
“QR malware codes are mainly spreading through Android. We haven’t found any QR malware for the iPhone yet,” Golovanov says. “Everyone is looking for the Android users. We don’t know why. But one of the reasons is probably because iPhone has a closed operating system and Android has an open operating system so it is easier to create software for them,” he says.
QR codes have become part of the marketing strategies created by everyone from newspapers to clothing retailers trying everything they can to satisfy their wired customers. But the black matrix bar code symbols have become a harbor for malicious code writers who devise ways to steal personal data. There’s no way to know once a device is infected. People scan a QR code with their smartphone and it redirects them to a web address. Some of those addresses are malicious, usually ending with the .APK or .JAR file extension. Kaspersky Lab says QR code malware is gaining in popularity, and Android is in the cross hairs.
The company discovered the first instance of QR malware code on an Android phone in Russia in September.
It’s not that the iPhone is immune from malware.
Apple has been fighting so-called jailbreak hackers — hackers who have been able to gain access to the Apple operating system (OS) in order to install programs on the iPhone that are usually not available through the Apple store. It’s fight to make jailbreaking the iPhone illegal failed last year, when a court ruled that jailbreaking legal. A jailbroken iPhone makes the owner a permanent administrator. Anyone with an iPhone can visit Apple’s Safari web browser and find a webpage that will jailbreak their phones for them in a snap.
Hackers aren’t malware code writers, per se. Most are tech lovers looking to bypass Apple restrictions on what they can install on their phone. The problem with the jailbroken iPhones is that it just makes them more open to cyber crime than a factory iPhone.
“Jailbreaking absolutely makes the iPhone an easier target for malware,” says Tim Armstrong, a malware researcher at Kaspersky Lab in Massachusetts. “You can install an app from any website you want and never will know if you are downloading a program that contains malware.”
Last year, jailbroken iPhones were infected with an iPhone OS worm known as Ikee. People who used online banking at ING Bank in Europe were redirected to a site posing as the bank, collecting all of the user’s account details. “We only saw those problems on jailbroken iPhones,” Armstrong says.
Android has been the favorite of malicious code writers since August 2010, when the first Trojan program targeting the OS was detected.
Juniper Networks says Android malware traffic rose by 400% between June 2010 and January 2011. Lookout Mobile Security reported a 250% jump in smartphone malware from January to June 2011.