Advertisements

Exclusive: A ‘Magic’ iPhone Hacking Startup Bites Back At Apple Lawyers — And Demands $300,000

In mid-August, Amanda Gorton and Chris Wade sat dumbfounded in their Boynton Beach, Florida, offices. They had just been sent a lawsuit that might yet kill their startup.

Within Gorton’s inbox was an email sent by a reporter containing a complaint filed by tech titan Apple against the married couple’s company, Corellium. The suit’s unceremonious appearance belied the gravity of the allegations they were facing: that they’d illegally copied the world’s most famous tech device, the iPhone.

Dubbed “magic” by some users, Corellium “virtualizes” iPhones, turning Apple phones into something you can play with on a PC. For Corellium customers, it lets them tinker with the iOS operating system to find functional problems or security vulnerabilities, all without risking breaking the iPhone, a famously locked-down device that doesn’t welcome anything not approved Apple. Unlike testing with the real thing, if the phone suddenly dies, you can just load up another one, making it useful for security researchers, developers and hobbyists, known as jailbreakers, who want to wrest back control of their iPhone. For Apple, though, this amounted to a copyright infringement of its product by “replicating” it without permission.

Today In: Innovation

To Wade, a curly-haired, bespectacled Australian with the wide, intense eyes of a wired tech guy, and the more composed Yale-educated partner Gorton, the news that Apple was suing landed like a “gut punch.” Via exclusive interviews with the founders and documents they provided ahead of their legal response to Apple filed late Monday night, Forbes has learned the iPhone maker was considering buying Gorton and Wade’s first startup, a Corellium predecessor called Virtual. And it appears subsequent years-long relations between the parties were ostensibly amicable before the big bust up in August.

When Wade first heard about the suit he thought it was a joke. It’s no joke. Onlookers who spy a Goliath flexing its muscles against a plucky David are hoping, for the sake of iPhone security, an agreement is found. “As I understand it, many security researchers have used Corellium and submitted bugs to Apple,” said Kurt Opsahl, deputy executive director and general counsel of the Electronic Frontier Foundation.

Apple declined to comment on the claims made in this article. It pointed Forbes to the original complaint against Corellium, in which it said the suit was not trying to “encumber good-faith security research, but to bring an end to Corellium’s unlawful commercialization of Apple’s valuable copyrighted works.” Summing up Apple’s withering opinion of Corellium, the Cupertino company wrote: “Corellium’s true goal is profiting off its blatant infringement. Far from assisting in fixing vulnerabilities, Corellium encourages its users to sell any discovered information on the open market to the highest bidder.”

Cutting to the Apple core

Gorton and Wade’s long relationship with Apple can be dated back to at least the early 2010s. At the time the couple were working at OpenPeak, an enterprise mobile management company that had caught the attention of Mark Templeton, then Citrix CEO, who was considering an acquisition. Not long after Templeton met Wade, saying he was impressed by the Australian’s ability to do things considered “impossible,” Citrix bought Virtual, a startup founded by the married couple in 2014.

But in selling to Templeton, Virtual had to snub another suitor: Apple. A document outlining an agreement between Apple and Virtual, seen by Forbes, prevented the latter from talking to any other company about an acquisition for 45 days as the Cupertino company considered whether it wanted to splurge.

Did that upset the Apple cart? Is this a revenge story? Wade and Gorton aren’t sure. Gorton says she and her husband were excited such a formidable company was interested in their embryonic business.

The pair paints a picture of friendly Apple relations. Wade says he’s consistently handed details of security weaknesses to Apple. In 2016, after Apple announced it was launching a so-called Bug Bounty, where researchers are given monetary reward for disclosing vulnerabilities in iOS (now up to $1.5 million), Wade planned on partly funding Corellium with those bounties. He wanted to do it transparently, he says, and in one email dated September 27 2017, Wade explicitly told Apple’s manager for security and privacy programs, Jason Shirk, that he would start submitting bugs to fund his iPhone virtualizing startup.

The filing also suggests Apple encouraged Corellium’s early business. Emails provided to Forbes indicate Apple was at least impressed. Just as Corellium was getting started, in August 2017, Apple hosted a dinner in China for the Tencent Security Conference. Wade and Shirk dined together on Apple’s dime and later exchanged messages, according to the email threads. In one Wade boasted that he could virtualize the latest iPhone. Shirk’s response? “Wow! You got iOS 10.3 running virtually?” Wade cheekily messaged back: “Actually, we’re running iOS 11 :).”

At some point in the last year, something soured. In its filing on Monday, Corellium said that it hasn’t been paid for any of the vulnerabilities it submitted. In a counterclaim, the startup said that rather than it owing Apple anything, the Cupertino company owed it more than $300,000. And Corellium claimed Apple had launched a rival product in handing out custom iPhones for security researchers, letting them dive deeper into iOS.

Right now, Gorton says the bootstrapped Corellium is profitable, with a handful of customers across government and private industry paying thousands for its products: up to $62,500 for an on-site appliance and $575 a month for a cloud-based, single-user license for a month. But with legal fees mounting and the threat of being forced to kill the killer feature of its product, that profit could dwindle and leave Corellium facing collapse.

Apple, meanwhile, might be facing a backlash from the cybersecurity community. It’s already faced criticism this year. When Google released research in September regarding attacks on iPhone users from the persecuted Uighur community in China, Apple’s response was controversial. In a rare public post, it sought to downplay what happened. To some onlookers, including former Facebook chief security officer Alex Stamos, Apple was suggesting that attacks on Uighurs weren’t “as big a deal as Google makes it out to be.” “Apple’s response to the worst known iOS attack in history should be graded somewhere between ‘disappointing’ and disgusting,’” Stamos tweeted.

There’s the sense that after having opened up in the post-Steve Jobs years—with its industry-leading bug bounty and Tim Cook’s ostensibly aggressive stance on protecting user privacy—Apple is taking a few steps back. And one of those steps might squish one of the more intriguing startups to enter the often mundane cybersecurity market.

Follow me on Twitter. Check out my website. Send me a secure tip.

I’m associate editor for Forbes, covering security, surveillance and privacy. I’ve been breaking news and writing features on these topics for major publications since 2010. As a freelancer, I worked for The Guardian, Vice Motherboard, Wired and BBC.com, amongst many others. I was named BT Security Journalist of the year in 2012 and 2013 for a range of exclusive articles, and in 2014 was handed Best News Story for a feature on US government harassment of security professionals. I like to hear from hackers who are breaking things for either fun or profit and researchers who’ve uncovered nasty things on the web. Tip me on Signal at 447837496820. I use WhatsApp and Treema too. Or you can email me at TBrewster@forbes.com, or tbthomasbrewster@gmail.com

Source: Exclusive: A ‘Magic’ iPhone Hacking Startup Bites Back At Apple Lawyers — And Demands $300,000

500K subscribers
A 16-year-old hacked Apple and stole 90GB of data over the period of one year. You know the best part is that he stored it all in a folder called “hacky hack hack.” It would make my day if you could also follow me on: Instagram: https://www.instagram.com/mrtechtalktv/ Twitter: https://twitter.com/Mr_TechTalkTV Music used: ‘beatsbyNeVs-Ridin’ https://youtu.be/bbtzvwKwql8 Thanks for watching and have a blessed day. Be sure to like, comment, share, and subscribe! Subscribe to TechTalkTV: https://goo.gl/9j4P1c IMPORTANT: Don’t forget to click the “bell” next to the subscribe button and select “Send me all notifications for this channel”. Otherwise, you may not receive notification when I upload.

Advertisements

Crypto Scammers – Lions Wealth Company The Most Victim Grabber

1.png

Lions Wealth…A risky company who deceives so many people around the world but nobody could touch its president or ever meet him or her directly…Who is behind the doors of this fancy blockchain company..The master mind behind this curtain is a man called Alexander Erber who has so many profiles in Instagram and social media and mostly make pleasure in DUBAI…

Last year reports have taken records around 57 individuals who has given their investments to him to pay back profit but nothing gained until now. Who is supporting him really.

As bitcoin has become more popular, more people have sought to acquire it. Unfortunately, nefarious people have taken advantage of this and have been known to set up fake bitcoin exchanges. These fake exchanges may trick users by offering extremely competitive market prices that lull them into thinking they’re getting a steal, with quick and easy access to some cheap bitcoin. Be sure to use a reputable exchange when buying or selling bitcoin.

His project for dupping people is called CLASSIC CAR COIN. In contrast to most other crypto currencies, the Classic Car Coin is underpinned by a genuine, real equivalent in the form of old- and youngtimers. All profits from the project will be reinvested immediately. This increases the countervalue per token over time, which triggers a positive price development. A strong increase in the value of the tokens on the Exchange and thus the realisation of massive price gains is the aim of the project. At the same time, token holders gain access to an exclusive old- and youngtimer market as well as to exclusive services.

2.png

Due to the viral nature of how information spreads across on the internet, scammers seek to take advantage of people by offering free giveaways of bitcoin or other digital currencies in exchange for sending a small amount to register, or by providing some personal information. When you see this on a website or social network, it’s best to immediately report the content as fraudulent, so that others don’t fall victim.

But instead all of these ends up to something dreaming and fancy style..What shall we do right now??Is it a time to stop these financial criminals and help those victims whom loose their assets which hardly managed to get it after hours and weeks of troublesome efforts?Do not ever try to register or trust to this company and never try to put your investment in danger in any circumstances.

Do not trust people who entice you or others to invest because they claim that they know what the bitcoin price is going to be. In a pump and dump scheme, a person (or persons) try to artificially drive up or pump the price so that they can dump their holdings for a profit.

 

$3.2 Million From Cryptopia Hack Liquidated on Major Crypto Exchanges

The infamous Cryptopia hack of January 14, which led to over $16 million in stolen Ethereum (ETH) and ERC20 tokens, has been under close investigation by New Zealand police and specialists worldwide.Thanks to the open nature of cryptocurrencies on the blockchain, analysts and investigators have been successful in tracking the stolen crypto funds, leading major cryptocurrency exchanges to liquidate $3.2 million in stolen tokens on February 4…………

Source: $3.2 Million From Cryptopia Hack Liquidated on Major Crypto Exchanges

Blockchain Security Experts Claims That $2.5 Million is Stolen From Crypto Exchanges Daily

https://www.pivot.one/share/post/5c496d72016de70bb6160d37?uid=5bd49f297d5fe7538e6111b6&invite_code=JTOJYV

Malware Found on a Movie Downloaded via Torrent Steals your Crypto and Poisons your Search Results – Ethereum World News

The plans of the security researcher under with the twitter username 0xffff0800 to spend a relaxing movie night at home did not turn out as he expected since after downloading a movie from a torrent uploaded to The Pirate Bay, he found a new (and interesting) type of malware that almost infects his computer………

Source: Malware Found on a Movie Downloaded via Torrent Steals your Crypto and Poisons your Search Results – Ethereum World News

How Hackers Bypass Gmail 2FA at Scale – Joseph Cox

1.jpeg

If you’re an at risk user, that extra two-factor security code sent to your phone may not be enough to protect your email account. Hackers can bypass these protections, as we’ve seen with leaked NSA documents on how Russian hackers targeted US voting infrastructure companies. But a new Amnesty International report gives more insight into how some hackers break into Gmail and Yahoo accounts at scale, even those with two-factor authentication (2FA) enabled.

They do this by automating the entire process, with a phishing page not only asking a victim for their password, but triggering a 2FA code that is sent to the target’s phone. That code is also phished, and then entered into the legitimate site so the hacker can login and steal the account. The news acts as a reminder that although 2FA is generally a good idea, hackers can still phish certain forms of 2FA, such as those that send a code or token over text message, with some users likely needing to switch to a more robust method.

“Virtually in that way they can bypass any token-based 2FA if no additional mitigations are implemented” Claudio Guarnieri, a technologist at Amnesty, told Motherboard in an online chat. 2FA is adding another layer of authentication onto your account. With token-based 2FA, you may have an app that generates a code for you to enter when logging in from an unknown device, or, perhaps most commonly, the service will send a text message containing a short code that you then type into your browser.

 

 

Donate us if you like

 

 

Here’s how to protect your bitcoin and ethereum from hacking

https://www.pivot.one/share/post/5c1f94ab016de74b6531f993?uid=5bd49f297d5fe7538e6111b6&invite_code=JTOJYV

This Kid Has Been Begging For A Bitcoin For Over 15,000 Tweets

1.jpg

Begging in the Bitcoin world is nothing new. Go to any gambling site or even some exchange troll boxes, and you will find people asking for Bitcoin. Look at any Tweet by a major Bitcoin personality, and you will find people asking for Bitcoin. Go to any forum, Reddit related to cryptocurrency, or anything else of that nature, and you will find the same. This reporter has occasionally seen such people who consistently beg for cryptos referred to as “begshits” or “trolls.” The negative connotation is not without merit. After all, there are plenty of ways to get crypto without buying it or even really working for it. This Twitter account, which is likely powered by a script of some sort, has spammed “BeastGangPaulers” for crypto consistently..Read more…

 

 

Donate us if you like

 

 

 

Hackers steal an estimated $59m from Japanese crypto exchange Zaif – The Block

https://www.pivot.one/share/post/5c1ca8911d57e743859729c2?uid=5bd49f297d5fe7538e6111b6&invite_code=JTOJYV

Darknet Vendors Charge $1 per Stolen Personal Data “Account”

https://www.pivot.one/share/post/5c1a00911d57e77c7943f561?uid=5bd49f297d5fe7538e6111b6&invite_code=JTOJYV

%d bloggers like this:
Skip to toolbar