For over a month now, tens of thousands of Venezuelans have taken to the streets in protest.
These students were standing for basic human freedoms and engaging in the right to protest, which is a sacred right whether in Boston, Belarus, or Venezuela. The government of Venezuela responded with heavy-handed repression. Within two weeks Leopoldo Lopez, the leader of the opposition party, Voluntad Popular, called for nationwide peaceful demonstrations to address the problems facing the country. These problems include chronic food shortages, the highest inflation in the world and ongoing censorship of the media. Even the Oscars were not allowed to be broadcast – for the first time in Venezuelan history.
More than 1,400 students were arrested, there are more than 40 confirmed cases of torture and Leopoldo Lopez still sits in a Venezuelan military prison. He has urged the students to exercise their legal rights to peaceful protest and free speech and he repeatedly emphasized they must do so without violence. President Maduro has blamed Lopez for the violence that has beset the country and ordered his arrest on charges of murder, arson and terrorism. To date, the government has presented no evidence of the charges against him and their legal case is falling apart.
Amnesty International said the charges against Lopez recall “politically motivated attempts to silence dissent.” Human Rights Watch says “the Venezuelan government has openly embraced the classic tactics of an authoritarian regime: jailing its opponents, muzzling the media and intimidating civil society.”
Users on a jailbreak subreddit have discovered a new kind of malicious software on iOS phones. The malware, which comes as a library called unfold.dylib, was uncovered after a Reddit user complained of crashes in Google Hangout and Snapchat.
The threat, which has been nicknamed “unflod baby panda,” is rumored to be of Chinese origin. There are several factors that support this theory. According to German mobile security firm SektionEins, the infection is digitally signed with an iPhone developer certificate under the name Wang Xin. Also, the malware, which steals the Apple ID and password of users, sends the information in plain text to 184.108.40.206, which appears to be a Chinese website from the error message it displays. However, these could all be fake. SektionEins even raised the possibility of certificate theft. So for now, no one knows where the malware came from and how it got into iOS devices.
There is currently no tool available that allows users to jailbreak iOS 7.1. Apple has patched several vulnerabilities in iOS 7.1, which has killed the evasi0n7 jailbreak, which allowed users to jailbreak iOS 7 – iOS 7.0.6.
Though hackers have demonstrated a jailbreak for iOS 7.1 on iPhone 4S and iPhone 4, it seems unlikely that they will release a jailbreak anytime soon. evad3rs, hackers behind the evasi0n7 jailbreak have said that they don’t plan to work on a jailbreak for iOS 7.1.
Please note that any site claiming to have a jailbreak for iOS 7.1 is a scam, so stay clear from such sites. If there is a jailbreak for iOS 7.1, it will be available for free, so beware!
Collecting data at a remote site requires that we remove it somehow – if we have a continuous connection, such as a reverse shell, then we can collect the data real time. However, if we deposit our mobile device with the intention of concealing it for an extended period of time, then we need to worry about a few issues as follows:
1. Preventing discovery of our collected data while on-site
2. Providing concealment during the duration of the event
3. Extracting the data safely
If we use mobile devices to collect and transmit data, we should be selective in our choices of devices and ensure that they are capable of encrypting any data at rest or in motion. Earlier models of most mobile devices are incapable of full disk encryption, which puts the device and us at risk if discovered and forensically examined; we, therefore, need to look for devices that will allow us to keep our
activities secret or provide a mechanism for covering our tracks if discovered.
Data at Rest
The newer mobile devices claim to provide something similar to full disk encryption. Although the ability of these devices to be able to protect data against forensic analysis is questionable, the devices are getting better at addressing the security of data at rest. We can do a few additional tasks to encrypt data at rest on our mobile devices to increase our comfort level about our hacking data.
Naturally, we cannot encrypt scripts that we need to run during our collection or attack phases; however, once we have collected the data, we can encrypt the data using strong passwords. The program gpg is one method of securing a file through symmetric encryption. It is possible to encrypt a file with the GNU Privacy Guard (GNU PG) application, which can be installed on a jailbroken iPod touch.
Core utilities Darwin tools
iPhone Firmware Libnet
APT Berkeley DB
Debian packager diskdev-cmds Gawk
Link identity editor
Bourne again shell
Cydia installer Dev-Team dns2tcp gettext
GNU privacy guard
iBrowser libffi libutil Lynx
Darwin CC Tools developer-cmds Docs
GNU C Compiler GNU PG errors
inetutils libgcc libxml2 Make
Although we cannot get more robust applications loaded onto the iPod touch, such as Core IMPACT or HP WebInspect, there are still some good applications available. For example Nikto open-source (GPL) Web server scanner version information; Nikto is a Perl application available for download at http://cirt .net/nikto2.
Ranked #12 of the top 100 network security tools by Insecure.org, Nikto will scan a server for configuration files, cgi applications, outdated version information, and a multitude of other bits of data that can be useful in a penetration test. Although most of the work done by Nikto focuses on information gathering, it does a pretty good job of identifying potential vulnerabilities when found.
Unfortunately, the iPod touch’s wireless chip cannot be placed into promiscuous or monitor mode, meaning we cannot obtain wireless data necessary to conduct brute force attacks against wireless access points using encryption. There are other mobile devices that can be set for promiscuous or monitor mode, so if a brute force attack is an absolute necessity, there are options available. However, there is an application that can intercept traffic on a wireless network called “Pirni,” written by Axel Moller also available through Cydia.
The program is configured to intercept all traffic intended for the default router (192.168.1.1 in this particular network) through ARP spoofing. Based on the Berkley Packet Filter (BPF) values, the only traffic that will be collected is TCP segments leaving the network, destined for port 80. The BPF can be modified to capture whatever type of traffic we are after. The Regex Options are used to immediately capture interesting packets, such as usernames and passwords.