Hasta La Gadget!

If you’ve been wondering why Apple’s Developer portal was down for a few days, blame it on a security breach. Apple announced yesterday that their dev center was hacked into, but no personal information was accessed, thankfully. So who’s behind the intrusion? A security researcher is taking the credit.

Independent security researcher Ibrahim Balic claims that his effort to breach into the developer portal was not intended to be malicious at all, and he ended up reporting all of the vulnerabilities that he found to Apple. Balic found 13 bugs in total, and was even able to access user details, but he only accessed 73 Apple employees just to prove to the company about the vulnerability.

Balic claims he comes in peace and even contacted Apple to make sure he wasn’t putting them through any difficulty. He says that he hasn’t published or used any of the information that he was able to access, but some users have reported getting password reset notifications after a possible breach to their accounts.

Apple’s Developer portal has been down for four days now, and it’s still showing that it’s down right now. There’s no word on when we might expect it to come back to full throttle, but most likely in the next day or two. While this is certainly an inconvenience for developers, this could pose an even greater problem for beta software versions.

We could see a delay on beta releases for both iOS 7 and OS X Mavericks. It seems Apple is focusing on getting their Developer portal back up and running before anything else, which means it may take longer for beta versions to release. However, we still have plenty of time before Apple’s proposed fall release of iOS 7.

SOURCE: Ibrahim Balic (TechCrunch)

Apple Developer portal breach credited to security researcher is written by Craig Lloyd & originally posted on SlashGear.
© 2005 – 2013, SlashGear. All right reserved.

Almost every phone in existence uses a SIM card, especially GSM-based devices. It turns out, that while SIM cards are encrypted, they can easily be breached with just a couple of text messages, and it apparently takes only a couple of minutes. The hack allows someone to listen in on calls and steal mobile data from a phone.

The hack consists of cloaking a text message so that it looks like it was sent from the carrier, and about a quarter of the time, an error message is sent back containing information about the SIM card that can be used to break into it. After that, another text can be sent that officially finishes the job, allowing hackers into your phone.

Security researcher Karsten Nohl of Security Research Labs discovered the exploit and says that up to 750 million handsets could be vulnerable to the hack. However, he notes that only SIM cards using older data encryption methods are at risk, while SIM cards using the newer Triple DES encryption are safe.

Out of all the mobile phones littering the world, about half of them use SIM cards that still use the older DES encryption. However, the exploit probably won’t last for long, since Nohl reported the vulnerability to the GSM Association, and they plan to speak with all carriers about fixing the exploit.

Nohl also plans to reveal his findings during the upcoming Black Hat conference. Don’t worry too much, though, as Nohl believes cyber criminals haven’t figured out the hack, and it would most likely take around six months for someone to figure it out. By then, carriers are hoping to have already patched the vulnerability.

VIA: New York Times

SIM card hack possible with a couple of text messages is written by Craig Lloyd & originally posted on SlashGear.
© 2005 – 2013, SlashGear. All right reserved.

Apple revealed late yesterday that its Developer Center had been forced out of action by "an intruder"—but a researcher has provided evidence to confirm that the downtime was a result of his identification of a security vulnerability.

Read more…

The Oculus Rift virtual reality headset was originally developed with only gaming in mind, but since the company has been sending out units to game developers, the headset has been used for all sorts of neat things. Most recently, the Oculus Rift has given users a first-person view of RC drones thanks to a little hack.

Co-founder of Intuitive Aerial Erik Torkel Danielsson took his company’s Black Armor Drone and paired it with the Oculus Rift. Since the VR headset essentially uses two displays, two cameras were mounted on top of the drone to stream video simultaneously. The drone also has a laptop on board that encodes the video as it’s being received.

From there, the video is then sent to the computer on the ground, from which it is then transmitted to the Oculus Rift. You’re probably thinking this creates a lot of lag, and you’re almost correct, as Danielsson noticed a latency of about 120 milliseconds, which isn’t bad, but it’s ultimately not ideal.

Danielsson and company are working to make the system better, though, including using newer hardware and cutting down the weight of the electrics on board the drone, as well as upgrade the cameras and increase the range of the transmitters.

If you’re wondering what the company will do with this technology, they haven’t mentioned whether or not they plan to sell these kits to the public at some point in the future, but Oculus Rift and drone owners would undoubtedly love to get their hands on this type of technology, and frankly, it’s possible for anyone to do this with a little know-how.

VIA: Hackaday

Oculus Rift hack puts user inside Black Armor Drone with first-person view is written by Craig Lloyd & originally posted on SlashGear.
© 2005 – 2013, SlashGear. All right reserved.

Hacking into mobile phones isn’t anything new, but a recently-discovered hacking trick has gone undetected for years, and it has opened doors for hackers to expose phone conversations, text messages, and even web browser activity. Research has revealed that low-cost low-power cell base stations called femtocells have been able to hack into mobile phones for years.

Femtocells are devices that bring wireless service to low-coverage zones and hard-to-reach spots that a regular cell tower couldn’t reach to. You may not have had a need for one if you’ve been living in the a city for most of your life, but analysts predict that 50 million of them may possibly be in use by the time next year rolls around.

Security consultant for iSEC Partners Tom Ritter was able to hack into NPR host Laura Sydell’s phone to find out her phone number and when she called someone, with the ability to record and playback the entire conversation with ease. Ritter says he was able to do it all with some free software and a $250 femtocell that you can buy at Best Buy.

Ritter points out that he’s able to “see everything that your phone would send to a cell phone tower,” and this includes phone calls, text messages, picture messages, and mobile web surfing. Ritter was using a Verizon femtocell at the time, and the wireless carrier says that they have patched all of their femtocells since then, but other carriers’ models could still be left open.

How easy is it to hack into someone’s phone using a femtocell? iSEC doesn’t provide details, but Ritter notes that “you do need some level of technical skills, but people are learning those skills in college.” However, “breaking into one of these devices, or a device like this, is within the realm of people working at home.” Ritter will be presenting his femtocell findings later in August at this year’s DefCon hacking conference.

VIA: CNN Money

Femtocell Verizon hack allows exposure of phone conversations, text messages is written by Craig Lloyd & originally posted on SlashGear.
© 2005 – 2013, SlashGear. All right reserved.