Scribd Logo
Upload

Welcome to Scribd!

  • Iphone 13 Pro Hacked: National University of Sciences & Technology

    Uploaded by

    Zaryaab Ahmed
    175 views2 pages

    Original Title

    iPhone 13 Pro Hacked

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    175 views2 pages

    Iphone 13 Pro Hacked: National University of Sciences & Technology

    Uploaded by

    Zaryaab Ahmed

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    iPhone 13 Pro Hacked

    Muhammad Zaryaab Ahmed*1


    #
    National University of Sciences & Technology
    1
    zaryaabahmed18@gmail.com

    III. Vulnerabilities
    Abstract— This document provides information about the iPhone 13 Even before the launch of the iPhone 13 pro and the new iOS
    Pro. This document provides information about the hackers that who version 15 a person participated in Apple Security bounty
    hacked the iPhone. This document also provides information about
    the vulnerabilities and how those vulnerabilities were exploited by
    program and reported four 0-day vulnerabilities between
    those hackers. March 10 and May 4. Apple was able to patch one of the
    vulnerabilities before iOS 15 but the rest of the three
    I. INTRODUCTION vulnerabilities were not patched at the time of launch of
    Apple has long emphasized privacy as one of its primary iPhone 13 and iOS 15. The vulnerability that was exploited
    selling points for its products. However, several Chinese was of Safari browser and a Phissing link was used to exploit
    white-hat hackers got into Apple's newest iPhone 13 Pro the vulnerability. The team used a “remote code execution
    running iOS 15.0.2 in under a second during a recent exploit of the mobile Safari web browser” to break through
    Hackathon competition. The recent hacking competition the iPhone 13 Pro. Remote code execution is a class of
    Tianfu Cup held in China. It is a popular cyber-security software security flaws/vulnerabilities. Any weak point in the
    competition. Not one, but two hacking teams were able to
    code can allow remote code execution. According to Apple,
    breach the iPhone 13 Pro in a couple of seconds. The two
    teams who hacked the iPhone in record time were the flaw can allow an application to “execute arbitrary code
    1. Kunlun Lab Team with kernel privileges.” That means a hacker-controlled iOS
    2. Team Pangu app could tap the vulnerability to hijack an iPhone since
    the kernel controls the core of the operating
    II. How it got hacked system. IOFrameBuffer: An application may be able to
    Team Pangu was able to jailbreak the iPhone remotely in 1 execute arbitrary code with kernel privileges.
    second. As team Pangu is the most popular in jailbreak The four vulnerabilities are
    community. However, it took generous amount of time to 1. Gamed 0-day
    prepare for them to hack the iPhone in only 1 second. As 2. Nehelper Enumerate Installed Apps 0-day
    iPhone is considered one of the most secure devices out there. 3. Nehelper Wifi Info 0-day
    The hack resulted in gaining the root access to the app which 4. Analyticsd (fixed in iOS 14.7)
    allowed them to jailbreak the new iPhone 13 Pro. On the
    secondhand Kunlun Lab exploited a vulnerability in Safari for IV. Safety Precautions
    iOS 15 to get into the new iPhone 13 pro. The CEO of Apple Security Bounty: As part of Apple’s commitment to
    Kunlun Lab, who is also the former CTO of the internet security, they reward researchers who share with them critical
    security company Qihoo 360, broke into the device live in issues and the techniques used to exploit them. They make it a
    merely 15 seconds. Participants had to get around Apple's priority to resolve confirmed issues as quickly as possible in
    Pointer Authentication Code (PAC), a security mechanism (in order to best protect customers. Security notice CVE-2021-
    practice, a cryptographic signature of pointer values) that 30883 mentions recent vulnerabilities and how they are
    Apple has introduced at the chip level. The Safari browser working on them but the full reports isn’t disclosed yet.
    was triggered when a user clicked on a carefully faked link by There are different categories of the bounties. e.g.
    the attacker. Remote code execution vulnerabilities allowed  iCloud
    attackers to remotely execute attack commands. After  Device via physical attacks etc.
    successfully bypassing the Safari browser protection
    mechanism, the hacker used multiple vulnerabilities in the V. Consequences
    iOS15 kernel and the A15 chip to launch a combined attack, After the attack on iPhone 13 pro, Apple announced multiple
    successfully bypassing multiple security protection emergency updates. The barrage of iOS updates has often
    mechanisms and gaining full control of the iPhone 13 Pro. It been for serious vulnerabilities that were being utilized by
    allowed the hacker to access photo albums, apps, and even attackers in the wild. But the huge number of iOS security
    delete data directly from the device or execute other arbitrary fixes in 2021 is leading many people to ask: is Apple’s iPhone
    commands. less secure than it used to be?
    “Part of the perception that there are more Apple
    vulnerabilities now is because we are starting from a low
    number historically,” says Sean Wright, SME security lead at
    Immersive Labs.

    VI. Recommendation
    Apple should increase the number of security bounty
    researchers. If they get any bounty from a researcher, they
    should act on that immediately.

    You might also like