Hackers Selling Unpatched Microsoft Windows Zero-Day Exploit for $90,000

screenshot-2016-09-27-21-44-15

 

How much a Windows zero-day exploit that affects all versions of Windows operating system costs on the black market?

It’s $95,000, at least, for the one recently spotted by security researchers.

Researchers from Trustwave’s SpiderLabs team have uncovered a zero-day exploit on Russian underground malware forum exploit.in, affecting all versions of Microsoft Windows OS from Windows 2000 all the way up to a fully patched version of Windows 10.

The zero-day exploit for the previously unknown vulnerability in “every version” of Windows is openly sold for $90,000 (over £62,000).The security team originally discovered the zero-day exploit last month when the firm saw its ad on a Russian hacking forum for $95,000. However, the price has now been dropped to $90,000.

The zero-day vulnerability in question claims to be a Local Privilege Escalation (LPE) bug in Windows that offers admin access to run malicious code on a victim’s PC and is less dangerous than Remote Code Execution flaws that allow attackers to compromise systems remotely.

In other words, the zero-day exploit by itself will not be able to compromise a system, but as Trustwave explained, would nonetheless be used in almost any scenario as “a very much needed puzzle piece in the overall infection process.”

The seller, who goes by the name “BuggiCorp,” claims the flaw is located in the win32k.sys kernel driver, and exists through the way Windows handles objects “with certain properties,” saying:

“The exploit successfully escapes from ILL/appcontainer (LOW), bypassing (more precisely: doesn’t get affected at all [by]) all existing protection mechanisms such as ASLR, DEP, SMEP, etc. [The zero-day exploit] relies solely on the KERNEL32 and USER32 libraries [DLLs].”

Additional zero-day exploit capabilities include the installation of a rootkit, use on a POS systems and steal credit card data, limited control over a web server and installation of malware on systems, according to Trustwave.

The author went to prove the authenticity of his claims by providing two videos of the exploit on YouTube, from which one can be viewed below.

Trustwave alerted Microsoft of the potential Windows exploit.

“Windows is the only platform with a customer commitment to investigate reported security issues, and proactively update impacted devices as soon as possible,” Microsoft said in a statement. “We recommend customers use Windows 10 and the Microsoft Edge browser for the best protection. Our standard policy is to provide solutions via our current Update Tuesday schedule.”

Warning Over 900 Million Android Phones Vulnerable to New ‘QuadRooter’ Attack

screenshot-2016-09-27-14-22-57

Android has Fallen! Yet another set of Android security vulnerabilities has been discovered in Qualcomm chipsets that affect more than 900 Million Android smartphones and tablets worldwide.
What’s even worse: Most of those affected Android devices will probably never be patched.
Dubbed “Quadrooter,” the set of four vulnerabilities discovered in devices running Android Marshmallow and earlier that ship with Qualcomm chip could allow an attacker to gain root-level access to any Qualcomm device.
The chip, according to the latest statistics, is found in more than 900 Million Android tablets and smartphones.That’s a very big number.
The vulnerabilities have been disclosed by a team of Check Point researchers at the DEF CON 24 security conference in Las Vegas.

Critical Quadrooter Vulnerabilities:

The four security vulnerabilities are:
CVE-2016-2503 discovered in Qualcomm’s GPU driver and fixed in Google’s Android Security Bulletin for July 2016.
CVE-2016-2504 found in Qualcomm GPU driver and fixed in Google’s Android Security Bulletin for August 2016.
CVE-2016-2059 found in Qualcomm kernel module and fixed in April, though patch status is unknown.
CVE-2016-5340 presented in Qualcomm GPU driver and fixed, but patch status unknown.
Qualcomm is the world’s leading designer of LTE (Long Term Evolution) chipsets with a 65% share of the LTE modem baseband market. If any one of the four flaws is exploited, an attacker can trigger privilege escalations for gaining root access to an affected device.
All an attacker needs is to write a piece of malware and send it to the victim. When installed, the malware offers the attacker privilege escalation on the affected devices.
According to the researchers, the attack can also be conducted through a malicious app. An attacker needs to trick a user into installing a malicious app that, unlike other malware, would execute without requiring any special permission checks.
“Such an app would require no special permissions to take advantage of these vulnerabilities, alleviating any suspicion users may have when installing,” Check Point researchers write in a blog post.
If any of the four vulnerabilities are successfully exploited, an attacker could gain root access to an affected device, giving the attacker full access to the device, including its data, camera and microphone.
List of Affected Devices (Popular)
android-vulnerability-scanner
More than 900 Million Android devices that ship with Qualcomm chip are vulnerable to the flaws.

Here’s the list of some of the popular affected devices, though there are far more devices that are impacted by one or more Quadrooter vulnerabilities.

1.Samsung Galaxy S7 and Samsung S7 Edge
2.Sony Xperia Z Ultra
3.OnePlus One, OnePlus 2 and OnePlus 3
4.Google Nexus 5X, Nexus 6 and Nexus 6P
5.Blackphone 1 and Blackphone 2
6.HTC One, HTC M9 and HTC 10
7.LG G4, LG G5, and LG V10
8.New Moto X by Motorola
9.BlackBerry Priv
How to Check if Your Device is Vulnerable?
You can check if your smartphone or tablet is vulnerable to Quadrooter attack using Check Point’s free app.
Since the vulnerable software drivers, which control communication between Qualcomm chipset components, come pre-installed on these devices at the time of manufacturing, they can only be fixed by installing a patch from the devices’ distributors or carriers after receiving fixed driver packs from Qualcomm.
“This situation highlights the inherent risks in the Android security model,” the researchers say. “Critical security updates must pass through the entire supply chain before they can be made available to end users.”
Three of the four vulnerabilities have already been fixed in Google’s latest set of monthly security updates, and a patch for the remaining flaw will be rolled out in the upcoming September update.
Since Qualcomm has already released the code, the phone manufacturers could be able to issue patches to the individual devices as soon as possible.
Android Nexus devices are already patched via the over-the-air updates, but other smartphone models will need to wait until their lazy phone manufacturers integrate the fixes into their own custom Android ROMs.

Warning! Just an Image Can Hack Your Android Phone — Patch Now

screenshot-2016-09-27-14-11-47
Own an Android smartphone? Beware, as just an innocuous-looking image on social media or messaging app could compromise your smartphone.

Along with the dangerous Quadrooter vulnerabilities that affected 900 Million devices and other previously disclosed issues, Google has patched a previously-unknown critical bug that could let attackers deliver their hack hidden inside an innocent looking image via social media or chat apps.

In fact, there is no need for a victim to click on the malicious photo because as soon as the image’s data was parsed by the phone, it would quietly allow a remote attacker to take control over the device or simply crash it.

The vulnerability is similar to last year’s Stagefright bug (exploit code) that allowed hackers to hijack Android devices with just a simple text message without the owners being aware of it.

The Stagefright flaw affected more than 950 Million Android devices and resided in the core Android component Stagefright — a multimedia playback library used by Android to process, record and play multimedia files.

However, the recent vulnerability (CVE-2016-3862) resided in the way images used by certain Android applications parsed the Exif data in an image, SentinelOne’s Tim Strazzere, the researcher who uncovered the vulnerability, told Forbes.

Any app using Android’s Java object ExifInterface code is likely vulnerable to the issue.

An Image Received…? Your Game is Over

Making a victim open the image file within an affected app like Gchat or Gmail, a hacker could either cause a victim’s phone to crash or remotely execute malicious code to inject malware on the phone and take control of it without victim’s knowledge.

“Since the bug is triggered without much user interaction – an application only needs to load an image a specific way – triggering the bug is as simple as receiving a message or email from someone,” Strazzere said. “Once that application attempts to parse the image (which was done automatically), the crash is triggered.”

According to Strazzere, attackers could develop a simple exploit inside an image to target a large number of vulnerable Android devices.

Strazzere crafted exploits for the affected devices and found that it worked on Gchat, Gmail and most other messenger and social media apps, though he did not disclose the names of the other non-Google apps affected by the flaw.

When will I expect a Fix?

All versions of Google’s operating system from Android 4.4.4 to 6.0.1 are vulnerable to the image-based hack, except today’s update that fixed the vulnerability.

The researcher even successfully tested his exploits on a handful of phones running Android 4.2 and Amazon devices and found that the devices remain unpatched, leaving a large number of users of older Android devices exposed.

So, if you are not running an updated version of operating system and/or device, you probably are vulnerable to the image-based attack.

Google has delivered a patch to fix the issue, but given the shaky history of handset manufacturers and carriers rolling out security patches, it is not known how long the companies will take to update vulnerable Android devices.

Google rewarded Strazzere with $4,000 as part of the company’s Android bug bounty program and another $4,000 as, Forbes reports; Strazzere had pledged to give all his reward money to Girls Garage, a program and workspace for girls aged 9-13.

Using ‘Signal’ for Encrypted Chats? You Shouldn’t Skip Its Next Update

screenshot-2016-09-27-14-06-15

Two Researchers have discovered a couple of vulnerabilities in Signal, the popular end-to-end encrypted messaging app recommended by whistleblower Edward Snowden.

One of those vulnerabilities could allow potential attackers to add random data to the attachments of encrypted messages sent by Android users, while another bug could allow hackers to remotely crash vulnerable devices.

The vulnerabilities have just been patched, but the updated version of Signal is yet available on the Github open source repository, and not on the Google’s official Play Store for Android apps, leaving millions of privacy conscious people vulnerable to attacks.

That means, if you have installed Signal messaging app via Google Play Store, like other millions of Android users, you are still vulnerable to hackers.

Developed by open source software group Open Whisper System, Signal is a free and open source messaging application specifically designed for Android and iOS users to make secure and encrypted messages and voice calls.

The flaws in Android version of Signal includes:

  • Message authentication-bypass vulnerability
  • Remote crash bug

The Message Authentication-Bypass Flaw in Signal

Researchers Jean-Philippe Aumasson and Markus Vervier have discovered the message authentication-bypass vulnerability while reviewing the Java code used by Signal for Android.

The vulnerability is not easily exploitable. Only the attackers with the ability to compromise a Signal server or monitor data passing between Signal users (Man-in-the-Middle attack) would be able to append pseudorandom data to the legitimate attachment.

The flaw is due to an integer overflow bug, which is triggered only if an extremely large file, at least 4 gigabytes in size, is attached to a Signal message. But, what does it mean?

Actually, as a part of standard encryption schemes, encrypted messaging services make use of Message Authentication Code (MAC) to authenticate a message — in other words, to confirm that the message came from the sender has not been changed in transit.

However, in the case of attachments, Signal does not verify the authenticity of the entire file; instead it just checks a small portion of it, making it possible for hackers to attach pseudorandom data to the legitimate attachment that wouldn’t be detected by the MAC.

For a successful attack, an attacker could make use of Signal’s file compression feature to reduce the size of his malicious attachment to a manageable 4 megabytes.

While talking to Ars Technica, Aumasson said he found the integer overflow bug in the following line of code:

int remainingData = (int) file.length() – mac.getMacLength();

  • The value ‘file.length()’ is a number encoded on 64 bits (of type ‘long’).
  • The receiving variable ‘remainingData’ is a number encoded on 32 bits (of type ‘int’).

“Therefore, when ‘file.length()’ is longer than what fits in a 32-bit number, the value of ‘remainingData’ (the number of bytes left to process) will be incorrect, as it will be much smaller than the real size of the file,” Aumasson explained. “Consequently, a large part of the file will be ignored when Signal will verify the cryptographic authenticity. Signal will only check the (small) beginning of the file, whereas the user will actually receive the much larger file.”

Although Signal uses end-to-end encryption to encrypt the messages on the sender’s device and decrypt it only on the receiver’s end, the encrypted messages still pass through a server, allowing attackers to carry out the message authentication bypass attack by hacking or impersonating as a server and then tampering with legitimate message attachments.

While the attack is trivial to carry out, it is not too difficult for state-sponsored attackers to impersonate as a trusted certificate authority (CA) or trick victims into installing a rogue certificate on their devices and, thereby, successfully circumvent transport-layer security (TLS) protections.

Moreover, Since Signal has been used by a large number of security professionals and privacy advocates, the app has always been on the priority list of nation-state actors. Although, it seems like they are not likely to exploit this kind of flaw.

“This was a really great bug report, but we consider its impact to be low severity at this time. It does not allow an attacker who has compromised the server to read or modify attachments, only to append a *minimum* of 4GB of unpredictable random data to the end of an attachment in transmit,” Moxie Marlinspike, Founder of Open Whisper System said.

“While that causes a denial of service, effectively corrupting a file in an unpredictable way and making it too large to open on any Android device, an attacker that has compromised the server could more easily deny service just by blocking your request for the attachment.”

The second flaw discovered by the researchers could allow attackers to remotely execute malicious code on the victim’s device, while the third one makes it possible for attackers to just carry a simple remote crash.

The researchers privately disclosed all the vulnerabilities to Open Whisper System on September 13, and the company has already issued an update on Github, though it still has to appear on Play Store.

“The results are not catastrophic, but show that, like any piece of software, Signal is not perfect,” Aumasson said. “Signal drew the attention of many security researchers, and it’s impressive that no vulnerability was ever published until today. This pleads in favor of Signal, and we’ll keep trusting it.”

Aumasson and Vervier are now testing the same bugs in WhatsApp and Facebook Messenger that also relies on Signal code.

Cisco finds new Zero-Day Exploit linked to NSA Hackers

screenshot-2016-09-27-13-51-24

 

Network equipment vendor Cisco is finally warning its customers of another zero-day vulnerability the company discovered in the trove of NSA’s hacking exploits and implants leaked by the group calling itself “The Shadow Brokers.”

Last month, the Shadow Brokers published firewall exploits, implants, and hacking tools allegedly stolen from the NSA’s Equation Group, which was designed to target major vendors including, Cisco, Juniper, and Fortinet.

A hacking exploit, dubbed ExtraBacon, leveraged a zero-day vulnerability (CVE-2016-6366) resided in the Simple Network Management Protocol (SNMP) code of Cisco ASA software that could allow remote attackers to cause a reload of the affected system or execute malicious code.

Now Cisco has found another zero-day exploit, dubbed “Benigncertain,” which targets PIX firewalls.

Cisco analyzed the exploit and noted that it had not identified any new flaws related to this exploit in its current products.

But, further analysis of Benigncertain revealed that the exploit also affects Cisco products running IOS, IOS XE and IOS XR software.

Benigncertain leveraged the vulnerability (CVE-2016-6415) that resides in the IKEv1 packet processing code and affects several Cisco devices running IOS operating system and all Cisco PIX firewalls.

IKE (Internet Key Exchange) is a protocol used for firewalls, to provide virtual private networks (VPNs), and even manage industrial control systems.

A remote, unauthorized attacker could use this vulnerability to retrieve memory contents from traffic and disclose critical information such as RSA private keys and configuration information by sending specially crafted IKEv1 packets to affected devices.

The vulnerability is due to insufficient condition checks in the part of the code that handles IKEv1 security negotiation requests. An attacker could exploit this vulnerability by sending a crafted IKEv1 packet to an affected device configured to accept IKEv1 security negotiation requests,” Cisco said in its advisory.

Cisco’s IOS operating system XR versions 4.3.x, 5.0.x, 5.1.x and 5.2.x, as well as PIX firewalls versions 6.x and earlier, are vulnerable to this flaw, though the company has not supported PIX since 2009.

Neither Cisco has developed a patch for the flaw, nor any workarounds are available.

The company said the vulnerability is currently under exploit, advising its customers to employ intrusion detection system (IDS) and intrusion prevention systems (IPS) to help stop the attacks.

Cisco promised to release software updates to patch CVE-2016-6415 but did not specify a time frame.

iPhone 7 Jailbreak Has Already Been Achieved In Just 24 Hours.

screenshot-2016-09-27-13-34-08

It has only been a few days since the launch of Apple’s brand new iPhone 7 and iPhone 7 Plus, but it appears that the new iPhone has already been jailbroken.

That didn’t take long. Right?

Security researcher and well-known hacker Luca Tedesco shared an image of his jailbroken smartphone on his Twitter account to show off the world that the new iPhone 7 has been jailbroken.

The image posted by Tedesco on Wednesday clearly shows an iPhone 7 running both iOS 10.0.1 as well as the Cydia app store, which allows jailbreakers to install apps and other software that Apple does not officially support.

Unfortunately, Tedesco has not publically released the exploit, nor he has provided much information about it. So, right now, it is hard to say if and when he will release the iPhone 7 jailbreak to the public.

It is also not clear whether the exploit is an untethered jailbreak.

screenshot-2016-09-27-13-36-06
The untethered jailbreak is a jailbreak where your device doesn’t require any reboot every time it connects to an external device capable of executing commands on the device.

Eventually, there is no tool available yet that you can use to jailbreak your device, but the good news is that a jailbreak has already been developed, which suggests that it’s indeed possible to jailbreak iPhone 7.

So, early buyers looking to jailbreak their iPhone 7 or iPhone 7 Plus and install unauthorized Cydia tweaks have to wait until firms like Pangu or someone else come up with the same exploit.

Pangu is the same Chinese jailbreak team that released the first untethered jailbreak for iOS 9.

Since it is not good news for Apple, the company would likely block the vulnerability used to develop iPhone 7 jailbreak in its next iOS update, of course.

Google Pixel Leaked in Press Render; Shows New UI and App Icons.

screenshot-2016-09-27-13-21-48

  • HIGHLIGHTS
    Google Pixel smartphone expected to launch on October 4
    IT is likely to launch alongside the Google Pixel XL
    Google Pixel and Pixel XL to run Android Nougat

Ahead of Google’s much-anticipated October 4 event where the company is expected to showcase new hardware products, we have been treated with an alleged press image of the Google Pixel smartphone.

Posted by Venture Beat, the Google Pixel – which is believed to be the smaller of the two new Pixel smartphones – is seen with its screen turned on. The home screen shows new home onscreen button alongside other interface tweaks. One of the starkest changes in the new UI seems to be the rounded app icons which give the handset a refreshing look. We also speculate that the new UI and rounded icons will be exclusive on Pixel products and may not be seen on other smartphones running Android 7.0 Nougat. To recall, the Google Pixel smartphones are expected to run Android 7.1 Nougat, which is said bring several new features.

Recent teardowns indicate the new icons may bring additional interface options similar to Apple’s 3D Touch, however, without the requirement of pressure sensitive displays.

All this differentiation may be part of the ‘opinionated’ changes that Google is bringing to its flagship smartphones. However, it may also arrive for other Android smartphones as part of the Pixel Launcher – thought to replace the Google Now Launcher. The new press render is also in-line with previously leaked Pixel smartphone image.

In another rumour, the new Pixel smartphone may come in “Very Silver and Quite Black” colour variants, according to Android Police’s David Ruddock.

Based on preliminary leaks, the Google Pixel smartphone, codenamed ‘Sailfish’, is said to feature a 5-inch full-HD display with 440ppi pixel density; a quad-core 64-bit quad-core processor; 4GB of RAM; 32GB storage; 12-megapixel rear camera; 8-megapixel front camera, and a 2770mAh battery. The handset is also expected to sport rear-mounted fingerprint scanner along with the USB Type-C port and bottom speaker. The handset is said to pack a headphone jack and come with Bluetooth 4.2 connectivity. The company is also expected to unveiled the Google Pixel XL smartphone, codenamed Marlin.

There is also other bunch of new details about the upcoming Pixel smartphones which are said to come with dust and water resistance rating of IP53 though will lack proper water-resistance. The Pixel smartphone are also expected to be hard to root.

Google Station Will Bring Public Wi-Fi to School, Malls, and Other Places in India

screenshot-2016-09-27-13-15-52

Google Station Will Bring Public Wi-Fi to School, Malls, and Other Places in India

Google, a unit of Alphabet Inc , said on Tuesday it launched Google Station in India, a service that aims to deepen its reach across the country, as the search giant seeks to bring more people on to its Google platform.

Under the service, Google will roll-out Wi-Fi hot spots in places frequented by a large number of people, such as malls and transit stations, and in social hangout locations such as cafes and universities, the company said on Tuesday.

The goal is to give people many hot spots within a few minutes walk from their home, university, or workplace, unified by a simple login process that works across all of them,” Caesar Sengupta, Vice-President, Next Billion Users at Google was quoted as saying in the statement.

Google currently offers free Wi-Fi access at 53 railway stations across India and plans to scale up the service to 100 by year-end, the company said.

Critical DoS Flaw found in OpenSSL — How It Works

Screenshot 2016-09-26 13.15.43.png

The OpenSSL Foundation has patched over a dozen vulnerabilities in its cryptographic code library, including a high severity bug that can be exploited for denial-of-service (DoS) attacks.

OpenSSL is a widely used open-source cryptographic library that provides encrypted Internet connections using Secure Sockets Layer (SSL) or Transport Layer Security (TLS) for the majority of websites, as well as other secure services.

The vulnerabilities exist in OpenSSL versions 1.0.1, 1.0.2 and 1.1.0 and patched in OpenSSL versions 1.1.0a, 1.0.2i and 1.0.1u.

The Critical-rated bug (CVE-2016-6304) can be exploited by sending a large OCSP Status Request extension on the targeted server during connection negotiations, which causes memory exhaustion to launch DoS attacks, the OpenSSL Project said.

What is OCSP Protocol?

OCSP(Online Certificate Status Protocol), supported by all modern web browsers, is a protocol designed to perform verification and obtain the revocation status of a digital certificate attached to a website.

OCSP divided into client and server components. When an application or a web browser attempts to verify an SSL certificate, the client component sends a request to an online responder via HTTP protocol, which in turn, returns the status of the certificate, valid or not.

Reported by Shi Lei, a researcher at Chinese security firm Qihoo 360, the vulnerability affects servers in their default configuration even if they do not support OCSP.

“An attacker could use the TLS extension “TLSEXT_TYPE_status_request” and fill the OCSP ids with continually renegotiation,” the researcher explained in a blog post.

“Theoretically, an attacker could continually renegotiation with the server thus causing unbounded memory growth on the server up to 64k each time.” 

How to Prevent OpenSSL DoS Attack


Administrators can mitigate damage by running ‘no-ocsp.’ Furthermore, servers using older versions of OpenSSL prior to 1.0.1g are not vulnerable in their default configuration.

Another moderate severity vulnerability (CVE-2016-6305) that can be exploited to launch denial of service attacks is fixed in the patch release, affecting OpenSSL 1.1.0 that was launched less than one month ago.

The team has also resolved a total of 12 low severity vulnerabilities in the latest versions of OpenSSL, but most of them do not affect the 1.1.0 branch.

It is worth noting that the OpenSSL Project will end support for OpenSSL version 1.0.1 on 31st December 2016, so users will not receive any security update from the beginning of 2017. Therefore users are advised to upgrade in order to avoid any security issues.

Apple Weakens iOS 10 Backup Encryption; Now Can Be Cracked 2,500 Times Faster

screenshot-2016-09-26-13-09-38

After the iPhone encryption battle between Apple and the FBI, Apple was inspired to work toward making an un hackable future iPhones by implementing stronger security measures even the company can’t hack.

Even at that point the company hired one of the key developers of Signal — one of the world’s most secure, encrypted messaging apps — its core security team to achieve this goal.

But it seems like Apple has taken something of a backward step.

Apple deliberately weakens Backup Encryption For iOS 10

With the latest update of its iPhone operating system, it seems the company might have made a big blunder that directly affects its users’ security and privacy.

Apple has downgraded the hashing algorithm for iOS 10 from “PBKDF2 SHA-1 with 10,000 iterations”to “plain SHA256 with a single iteration,” potentially allowing attackers to brute-force the password via a standard desktop computer processor.

PBKDF2 stands for Password-Based Key Derivation Function, is a key stretching algorithm which uses a SHA-1 hash with thousands of password iterations, which makes password cracking quite difficult.

In iOS 9 and prior versions back to iOS 4, PBKDF2 function generates the final crypto key using a pseudorandom function (PRF) 10,000 times (password iterations), which dramatically increases authentication process time and makes dictionary or brute-force attacks less effective.

Now Bruteforce 2,500 times Faster than earlier iOS Versions

Moscow-based Russian firm ElcomSoft, who discovered this weakness that is centered around local password-protected iTunes backups, pointed out that Apple has betrayed its users by deliberately downgrading its 6 years old effective encryption to SHA256 with just one iteration.

Therefore, a hacker only requires to try a single password once and brute force to find a match and crack the account login, making the entire process substantially less time consuming.

“We discovered an alternative password verification mechanism added to iOS 10 backups. We looked into it and found out that the new mechanism skips certain security checks, allowing us to try passwords approximately 2500 times faster compared to the old mechanism used in iOS 9 and older,” Oleg Afonin from Elcomsoft wrote in a blog post today.

Yes, that’s right. With iOS 10, it’s possible for an attacker to brute force the password for a user’s local backup 2,500 faster than was possible on iOS 9, using a computer with an Intel Core i5 CPU (with 6 million passwords per second).

However, an obvious limitation to this attack is that it can’t be performed remotely.

Since the weakness is specific to password-protected local backups on iOS 10, a hacker would require access to your device’s local backup, where the iPhone files are stored.

Elcomsoft is a well-known Russian forensics company that, like market leader Cellebrite, makes money by selling a kit that can hack into iPhones for the purpose of rooting around a target’s device.

The Elcomsoft’s kit was believed to have been used in The Fappening (or ‘Celebgate’) hack, where hackers exposed celebrities’ nude pictures in 2014 by hacking into the Apple iCloud and Gmail accounts of more than 300 victims.