Contract Resources Group’s Post

Did you put your phone in lockdown mode? Are you sure? "A new "post-exploitation tampering technique" can be abused by malicious actors to visually deceive a target into believing that their Apple iPhone is running in Lockdown Mode when it's actually not and carry out covert attacks. The novel method, detailed by Jamf Threat Labs in a report shared with The Hacker News, "shows that if a hacker has already infiltrated your device, they can cause Lockdown Mode to be 'bypassed' when you trigger its activation." In other words, the goal is to implement Fake Lockdown Mode on a device that's compromised by an attacker through other means, such as unpatched security flaws that can trigger execution of arbitrary code."

Good article, well worth a read to find out how to protect your phone from being hacked.

0-Click exploits are the holy Grail of spyware and can go for $1mil+. Pegasus by NSO was the previously well known 0-Click exploit for iPhone but was notably patched by apple in a previous iOS update. This is a newer, different exploit. These 0-Click exploits are commonly used for surveillance of 'high value targets', many times by governments that favor control over freedom of speech and/ or freedom of press. In any event, I think this article does a good job of giving an overview of the exploit. https://lnkd.in/gPmpqbeu

How to Protect Your Smartphone from Hackers;

Some great advice for smartphone users on how to protect your personal information from potential hackers: It is easy to safeguard yourself from being hacked. Turn your phone off and back on again. Read the article to find out why this is such an effective method. https://lnkd.in/d4HEV4jZ

In yet another illustration of just how devious criminals have become in their attempts to undermine security, Jamf Threat Labs has identified a potential tampering technique that puts a device into Fake Lockdown Mode.As most people know, Lockdown Mode is an extreme protection feature for iPhone designed to protect the kind of high-value targets some of the nastiestsurveillance and state-sponsored attackers aim for.To read this article in full, please click here

Dusting Off Old Fingerprints: NSO Group’s Unknown MMS Hack Enea AB "In the ever-evolving landscape of mobile network security, it’s essential to stay vigilant and informed about the latest threats. However to do so, sometimes we end up looking in places we would not normally look. Today, we delve into a previously unknown mobile network attack known as the #MMSFingerprint attack, reportedly used by #NSOGroup, a well-known actor in the realm of surveillance technologies. How we found this attack – which had essentially been hiding in plain sight – and how this attack might work, takes a bit of explaining. A starting point is the fact that #Blackberry, #Android, #iOS devices were all listed as possible meant an OS-specific hack seemed unlikely. As a result we were probably looking at something vulnerable within the #MMS flow itself. In looking at the MMS flow, I concluded that perhaps – despite its name – the attack wasn’t happening over MMS, but rather via something else. To explain this, we have to look at the overall MMS flow itself, which is somewhat ‘messy’, and that confusingly, sometimes the MMS flow is not using MMS. [...], on the device itself, subscribers are not helpless. One technique is that mobile subscribers could disable MMS auto-retrieval on their handset, to prevent the device automatically connecting as well. Typically this is configured on devices to download MMS automatically if the subscriber is home, and with a user prompt while abroad. But subscribers could set it to always require a user prompt. This same recommendation has been made for other MMS exploits like Stagefright." #CyberSecurity #MobileDevices #CyberAttack #Spyware #CyberEspionage https://lnkd.in/d6xYDH2p

Did you know that as of 2023, there are 6.93 Billion people using smartphones globally? That makes mobile threats very popular, and its success rate is high. This short video talks about the top mobile security threats and the security solutions organizations can implement to improve mobile security. #pinedacybersecurity #securityawareness https://lnkd.in/gMn_Kt6H

Why does our nation's top spy agency care how often you power down your iPhone? The tip is part of a "mobile device best practices" list from the NSA to help people identify threats to the mini computer in their pockets. And it's not new. As Neal Ziring, technical director for the NSA's Capabilities Directorate, told the AP a few years back, rebooting your phone isn't going to stop the more sophisticated schemes, but "since a lot of modern cyberattacks are [a] chain of two, three, or even more vulnerabilities in a row that have to be successfully exploited...you can reset the adversary back to the beginning of that chain and force them to go through the whole thing again" by rebooting your device. The NSA circulated these tips back in 2020. But they cropped up again this week in a Forbes report, and in an era of zero-click attacks and smishing messages, it's not a bad idea to make sure you're doing what you can to ward off scammers and hackers. 🔗: https://lnkd.in/e_2t-w9A