Apple iBoot Code Leaked, Equifax Hack Was Worse than Reported, NSA Secret Communications over Twitter

12 views

Skip to first unread message

Infosec News

unread,

Feb 13, 2018, 11:51:50 AM2/13/18

to Infosec News

INFORMATION SECURITY NEWS

For The Week of 2/6-2/13 2018

The Information Security News Service is a project of LARS (Laboratory for Advanced Research in Systems) in the CS Department at the University of Minnesota Duluth. We send out top stories in information security every Tuesday (except during some academic breaks). If you have stories you’d like to see featured, please email them to infosec...@d.umn.edu.

CURRENT NEWS

Low-Level Apple Employee Leaks Sensitive iOS Code

Last week, someone published the code for iBoot, the iOS component responsible for booting a trusted operating system. The code was initially shared with a small group of people by an employee, but ended up spreading to the internet, eventually getting posted on github. Apple promptly issued a DMCA notice to Github, and the code has now been taken down. The code was for iOS 9 (the current version is iOS 11), but there is likely a lot of code reuse between the versions.

https://motherboard.vice.com/en_us/article/xw5yd7/how-iphone-iboot-source-code-leaked-on-github

Equifax - Hackers Stole More Data Than Initially Reported

Last September, credit bureau Equifax reported that 145 million names, social security numbers, birth dates, addresses, and driver's license numbers had been stolen. A letter published by Senator Elizabeth Warren, a member of the Senate Banking Committee, suggests additional data was not reported stolen by the company. In the letter, senator Warren accuses the information Equifax provided congress as “misleading, incomplete, or contradictory”. The expanded list of breached data includes tax identification numbers, email addresses, and additional drivers license information were also exposed.

http://www.zdnet.com/article/hackers-stole-more-equifax-data-than-first-thought/

NSA Using Twitter to Send Coded Messages

Throughout 2017, the NSA used its public twitter account to communicate with a Russian contact who claimed to have data stolen by the “Shadow Brokers”. Communicating in public mediums has been around for a long time; both numbers stations (see link below) and classified ads with secret meanings have long been used for communicating with agents. However, it is interesting to see twitter being used this way, especially by an agency like the NSA.

https://www.engadget.com/2018/02/10/nsa-sent-coded-messages-through-twitter/

https://en.wikipedia.org/wiki/Numbers_station

Reply all

Reply to author

Forward

0 new messages