HolidayBlogging

Tag: worked

  • Apple's latest iPhone security feature just made life more difficult for spyware makers

    Apple's latest iPhone security feature just made life more difficult for spyware makers

    Buried in an ocean of flashy novelties announced by Apple this week, the tech giant also revealed new security technology for its latest iPhone 17 and iPhone Air devices. This new security technology was made specifically to fight against surveillance vendors and the types of vulnerabilities they rely on the most, according to Apple.

    The feature is called Memory Integrity Enforcement (MIE) and is designed to help stop memory corruption bugs, which are some of the most common vulnerabilities exploited by spyware developers and makers of phone forensic devices used by law enforcement. 

    “Known mercenary spyware chains used against iOS share a common denominator with those targeting Windows and Android: they exploit memory safety vulnerabilities, which are interchangeable, powerful, and exist throughout the industry,” Apple wrote in its blog post. 

    Cybersecurity experts, including people who make hacking tools and exploits for iPhones, tell TechCrunch that this new security technology could make Apple’s newest iPhones some of the most secure devices on the planet. The result is likely to make life harder for the companies that make spyware and zero-day exploits for planting spyware on a target’s phone or extracting data from them. 

    “The iPhone 17 is probably now the most secure computing environment on the planet that is still connected to the internet,” a security researcher, who has worked on developing and selling zero-days and other cyber capabilities to the U.S. government for years, told TechCrunch.

    The researcher told TechCrunch that MIE will raise the cost and time to develop their exploits for the latest iPhones, and consequently up their prices for paying customers.

    “This is a huge deal,” said the researcher, who asked to remain anonymous to discuss sensitive matters. “It’s not hack proof. But it’s the closest thing we have to hack proof. None of this will ever be 100% perfect. But it raises the stakes the most.”

    Contact Us

    Do you develop spyware or zero-day exploits and are studying studying the potential effects of Apple’s MIE? We would love to learn how this affects you. From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email. You also can contact TechCrunch via SecureDrop.

    Jiska Classen, a professor and researcher who studies iOS at the Hasso Plattner Institute in Germany, agreed that MIE will raise the cost of developing surveillance technologies.

    Classen said this is because some of the bugs and exploits that spyware companies and researchers have that currently work will stop working once the new iPhones are out and MIE is implemented. 

    “I could also imagine that for a certain time window some mercenary spyware vendors don’t have working exploits for the iPhone 17,” said Classen. 

    “This will make their life arguably infinitely more difficult,” said Patrick Wardle, a researcher who runs a startup that makes cybersecurity products specifically for Apple devices. “Of course that is said with the caveat that it’s always a cat-and-mouse game.”

    Wardle said people who are worried about getting hacked with spyware should upgrade to the new iPhones. 

    The experts TechCrunch spoke to said MIE will reduce the efficacy of both remote hacks, such as those launched with spyware like NSO Group’s Pegasus and Paragon’s Graphite. It will also help to protect against physical device hacks, such as those performed with phone unlocking hardware like Cellebrite or Graykey. 

    Taking on the “majority of exploits”

    Most modern devices, including the majority of iPhones today, run software written in programming languages that are prone to memory-related bugs, often called memory overflow or corruption bugs. When triggered, a memory bug can cause the contents of memory from one app to spill into other areas of a user’s device where it shouldn’t go.

    Memory-related bugs can allow malicious hackers to access and control parts of a device’s memory that they shouldn’t be permitted to. The access can be used to plant malicious code that’s capable of gaining broader access to a person’s data stored in the phone’s memory, and exfiltrating it over the phone’s internet connection.

    MIE aims to defend against these kinds of broad memory attacks by vastly reducing the attack surface in which memory vulnerabilities can be exploited.

    According to Halvar Flake, an expert in offensive cybersecurity, memory corruptions “are the vast majority of exploits.” 

    MIE is built on a technology called Memory Tagging Extension (MTE), originally developed by chipmaker Arm. In its blog post, Apple said over the past five years it worked with Arm to expand and improve the memory safety features into a product called Enhanced Memory Tagging Extension (EMTE).  

    MIE is Apple’s implementation of this new security technology, which takes advantage of Apple having complete control of its technology stack, from software to hardware, unlike many of its phone-making competitors.

    Google offers MTE for some Android devices; the security-focused GrapheneOS, a custom version of Android, also offers MTE. 

    But other experts say Apple’s MIE goes a step further. Flake said the Pixel 8 and GrapheneOS are “almost comparable,” but the new iPhones will be “the most secure mainstream” devices.

    MIE works by allocating each piece of a newer iPhone’s memory with a secret tag, effectively its own unique password. This means only apps with that secret tag can access the physical memory in the future. If the secret doesn’t match, the security protections kick in and block the request, the app will crash, and the event is logged.

    That crash and log is particularly significant since it’s more likely for spyware and zero-days to trigger a crash, making it easier for Apple and security researchers investigating attacks to spot them. 

    “A wrong step would lead to a crash and a potentially recoverable artifact for a defender,” said Matthias Frielingsdorf, the vice president of research at iVerify, a company that makes an app to protect smartphones from spyware. “Attackers already had an incentive to avoid memory corruption.”

    Apple did not respond to a request for comment.

    MIE will be on by default system wide, which means it will protect apps like Safari and iMessage, which can be entry points for spyware. But third-party apps will have to implement MIE on their own to improve protections for their users. Apple released a version of EMTE for developers to do that. 

    In other words, MIE is a huge step in the right direction, but it will take some time to see its impact, depending on how many developers implement it and how many people buy new iPhones. 

    Some attackers will inevitably still find a way.

    “MIE is a good thing and it might even be a big deal. It could significantly raise the cost for attackers and even force some of them out of the market,” said Frielingsdorf. “But there are going to be plenty of bad actors that can still find success and sustain their business.”

    “As long as there are buyers there will be sellers,” said Frielingsdorf.

  • Unleash Your Brainpower: Can AI Make Us Smarter?

    Unleash Your Brainpower: Can AI Make Us Smarter?

    A Slice of the AI Adventure

    Hey there, curious minds!

    When Jeffrey Tucker of The Epoch Times chats about AI, he paints a picture that’s almost like a recipe for amazement: you get a dash of wonder, a sprinkle of astonishment, and a whole lot of data zest.

    Why AI Feels Like a Party

    • Access to Data – We have way more facts in our digital hands than when we used to rely on dusty libraries.
    • Smart Tools – These machines guide our eyes to mountains of research without getting lost in the maze.
    • Instant Insight – What used to take hours now happens in seconds, and it’s bubbly enough to brag about.

    What Does This Mean for Us?

    Imagine opening a treasure chest where every jewel is a piece of knowledge. With AI, we’re hitting the jackpot without digging through piles of paperwork. The world feels a bit smaller and a lot more interconnected, all because a few clever algorithms are doing the heavy lifting.

    A Quick Takeaway

    AI isn’t just a gadget; it’s a friendly guide that makes the ocean of information easier to navigate – and yes, it’s got a sense of humor too!

    How AI Became That Unstoppable Guest in Our Lives

    Picture this: one day, you’re sitting on your couch, scrolling through a feed, and boom—AI drops a knowledge‑bomb on your screen. No warning, no polite introduction. Suddenly, the world feels thinner, the cosmos, a bit sharper. I’ve found myself chasing every new “smarter world” idea, ready to tackle whatever the next big question throws my way.

    From the “Fake Brain” to the Actual Brain—Your Digital Co‑Pilot

    • Let’s Face It: An AI isn’t perfect—half the time it’s more like a clever roommate who argues back. But that friction is gold. It forces you to lean into your own thinking.
    • Smart‑talk Alert: Ten years ago, I imagined someone whipping up a machine that’d outsmart us. Turns out, we’re living that dream now, and the experience feels downright smarter.
    • Bye‑Bye Old‑School Experts: The ivory‑tower academicians in universities, NGOs, and the corporate world are nursing a massive existential crisis. Did you know? The “repositories of knowledge” are now factional rivals of the AI clan.

    Breaking Down Knowledge Gaps: The Future is Now

    The class stretch between the “elite” and the crowds is shrinking faster than a price‑slashed iPhone sale. The ripple effects? Whole industries—think “print & distribute books and encyclopedias”—could face a ground‑breaking shakeup.

    Saint Isidore: Then & Now

    From the dusty cloisters of the 7th century to the cloud-powered age, the quest to gather every piece of knowledge has been relentless. Isidore marched around with scribes to compile an encyclopedia—an epic that spanned the monastery like a stone furnace.

    Fast‑forward to the 1890s: With cheaper printing, the first American public libraries sprouted. By 1917, World Book sparked a publication revolution—door‑to‑door sales, subscriptions, a whole data boom that kept scholars humming.

    Books, Books, Books—The Great Library Dreams

    Imagine mailboxes filled with encyclopedias, novels, presidential papers, and all the Great Books the guys from the Progressive Era wanted to fess up to. Those books became the cornerstone of learning, and even today, a bargain set can be found on eBay without breaking the bank.

    Internet: The Mulan of Knowledge (and Missteps)

    • Mom’s Skepticism: My father flagged a near‑impossibility when I showed him the web’s tools: “See? This will never replace rigorous research.” He proved him right—dedication still matters.
    • Half‑Past 25 Years: We’re now halfway to existence twenty‑five years after the Internet hit every corner. Our question: Got smarter or stuck in a digital rabbit hole?
    Data vs. Discipline

    We’ve gained access. Yet, that ease of grabbing info doesn’t compel us to remember or to think critically. Hearing “GPS has made my sense of direction worse” helped me realize: when we lean too heavily on external guides, our own brain’s navigation degrades.

    Remember those days when libraries were sacred, where I’d lose myself in cabinets full of history and philosophy? Those hours feel distant, like a lost myth.

    What Modern Learners Got Wrong
    • Professors scream at barely‑informed students who can download a 500‑page PDF in an instant.
    • They are using “tricks” (pop quizzes, zany challenges) to enforce seriousness, but it often feels futile.
    • Television’s old‑school vision: actual educators hosting interactive talks—now replaced by endless scrolling of zero-edification apps.

    Language is the New Language of Google’s Ego

    3 decades back, American discourse felt comfortably “English.” Today, it’s a muddled mix—pidgin, buzzwords, slang, and even a decline across other major languages.

    This tells us that something is happening beyond software: we’re still rotating in a fast‑forward world where culture, letters, and deep learning shift at an astonishing pace.

    AI’s Sweeping Dominance (and Danger)

    Searching online? Now AI’s large language models can do that job better and faster. Search engines will fade, or at least shrink.

    Where’s the Stylistic Reshet? While I love AI’s seamless power, I worry that using it as a silver cure might erode the very fabric of language, culture, and learning that we so cherish.

    Bottom Line: It’s a Double‑Edged Sword

    Technological marvels are fascinating—AI can replace the running in Google and generate content while saving us time. Yet, that same awesome tool invites “you’re – doing fine – here” vibes. Much like watching a fire—a flaming badge—heifer (who is actually a record-breaking deceased aide). Who’s going to see the difference? It’s quite possible that AI is not the answer for learning but a source of not-changed memory, .

    Be careful: AI powers must be be cautious. Else you may use become overly iconic, equal or worse than a widespread them. Technology sounds fucking? It is by design that AI will keep the world in a new form, and get us. Go with it or do not fear.