Your iPhone Is Vulnerable to a Malware Attack Even When It’s Off

README.md

@@ -4,7 +4,11 @@ To moja stale aktualizowana lista artykułów na temat przewinień wielkich korp
 
 - 2022.05.17 [Total Commander forced to stop letting you install APKs](google/total-commander-forced-to-stop-letting-you-install-apks.md) | [tłumaczenie](google/pl/total-commander-forced-to-stop-letting-you-install-apks.md)
 - 2022.05.07 [Your Google Account has been disabled because of a python code!](google/your-google-account-has-been-disabled-because-of-a-python-code.md) | [tłumaczenie](google/pl/your-google-account-has-been-disabled-because-of-a-python-code.md)
-- **2022.05.02 [Dark Pattern: How Youtube Makes Sure You Don’t Always “Skip Ad”](google/dark-pattern-how-youtube-makes-sure-you-don_t-always-skip-ad.md)**
+- 2022.05.02 [Dark Pattern: How Youtube Makes Sure You Don’t Always “Skip Ad”](google/dark-pattern-how-youtube-makes-sure-you-don_t-always-skip-ad.md)
+
+## Apple
+
+- **2022.05.17 [Your iPhone Is Vulnerable to a Malware Attack Even When It’s Off](apple/your-iphone-is-vulnerable-to-a-malware-attack-even-when-it_s-off.md)**
 
 ---
 

apple/your-iphone-is-vulnerable-to-a-malware-attack-even-when-it_s-off.md

@@ -0,0 +1,41 @@
+## Your iPhone Is Vulnerable to a Malware Attack Even When It’s Off
+
+**Researchers found a way to exploit the tech that enables Apple’s Find My feature, which could allow attackers to track location when a device is powered down.**
+
+---
+
+![Closeup view of person using iPhone](images/Ars-iPhone-Ransomware.png)
+
+When you turn off an iPhone, it doesn’t fully power down. Chips inside the device continue to run in a low-power mode that makes it possible to locate lost or stolen devices using the Find My feature or use credit cards and car keys after the battery dies. Now researchers have devised a way to abuse this always-on mechanism to run malware that remains active even when an iPhone appears to be powered down.
+
+It turns out that the iPhone’s Bluetooth chip — which is key to making features like Find My work — has no mechanism for digitally signing or even encrypting the firmware it runs. Academics at Germany’s Technical University of Darmstadt figured out how to exploit this lack of hardening to run malicious firmware that allows the attacker to track the phone’s location or run new features when the device is turned off.
+
+This [video](https://vid.puffyan.us/watch?v=KrqTHd5oqVw) provides a high overview of some of the ways an attack can work.
+
+The research is the first — or at least among the first — to study the risk posed by chips running in low-power mode. Not to be confused with iOS’s low-power mode for conserving battery life, the low-power mode (LPM) in this research allows chips responsible for near-field communication, ultra wideband, and Bluetooth to run in a special mode that can remain on for 24 hours after a device is turned off.
+
+“The current LPM implementation on Apple iPhones is opaque and adds new threats,” the researchers wrote in a [paper](https://arxiv.org/pdf/2205.06114.pdf) published last week. “Since LPM support is based on the iPhone’s hardware, it cannot be removed with system updates. Thus, it has a long-lasting effect on the overall iOS security model. To the best of our knowledge, we are the first who looked into undocumented LPM features introduced in iOS 15 and uncover various issues.”
+
+They added: “Design of LPM features seems to be mostly driven by functionality, without considering threats outside of the intended applications. Find My after power off turns shutdown iPhones into tracking devices by design, and the implementation within the Bluetooth firmware is not secured against manipulation.”
+
+The findings have limited real-world value, since infections required first jailbreaking an iPhone, which in itself is a difficult task, particularly in an adversarial setting. Still, targeting the always-on feature in iOS could prove handy in post-exploit scenarios by malware such as [Pegasus](https://arstechnica.com/information-technology/2021/12/iphones-of-us-diplomats-hacked-using-0-click-exploits-from-embattled-nso) ![google](../google/icon.png) ![amazon](../amazon/icon.png), the sophisticated smartphone exploit tool from Israel-based NSO Group, which governments worldwide routinely employ to spy on adversaries.
+
+It may also be possible to infect the chips in the event hackers discover security flaws that are susceptible to over-the-air exploits similar to [this one](https://arstechnica.com/information-technology/2019/08/new-attack-exploiting-serious-bluetooth-weakness-can-intercept-sensitive-data) ![google](../google/icon.png) ![amazon](../amazon/icon.png) that worked against Android devices.
+
+Besides allowing malware to run while the iPhone is turned off, exploits targeting LPM could also allow malware to operate with much more stealth since LPM allows firmware to conserve battery power. And, of course, firmware infections are extremely difficult to detect since it requires significant expertise and expensive equipment.
+
+The researchers said Apple engineers reviewed their paper before it was published, but company representatives never provided any feedback on its contents. Apple representatives didn’t respond to an email seeking comment for this story.
+
+Ultimately, Find My and other features enabled by LPM help provide added security, because they allow users to locate lost or stolen devices and lock or unlock car doors even when batteries are depleted. But the research exposes a double-edged sword that, until now, has gone largely unnoticed.
+
+“Hardware and software attacks similar to the ones described have been proven practical in a real-world setting, so the topics covered in this paper are timely and practical,” said John Loucaides, senior vice president of strategy at firmware security firm Eclypsium. “This is typical for every device. Manufacturers are adding features all the time, and with every new feature comes a new attack surface.”
+
+This story originally appeared on [Ars Technica](https://arstechnica.com/information-technology/2022/05/researchers-devise-iphone-malware-that-runs-even-when-device-is-turned-off) ![google](../google/icon.png) ![amazon](../amazon/icon.png).
+
+---
+
+źródło: <https://www.wired.com/story/iphone-find-my-malware-attack-vulnerability> ![google](../google/icon.png) ![amazon](../amazon/icon.png)
+
+użytkownik: Dan Goodin
+
+opublikowano: 2022.05.17

google/dark-pattern-how-youtube-makes-sure-you-don_t-always-skip-ad.md

@@ -8,7 +8,7 @@ We all know what design dark pattern is, click baits, misleading visuals, hidden
 
 ### The “Skip Ad” Button: The Devil You Never Expected
 
-YouTube get paid by the advertisers when they insert video ads. And they get paid even more when they let the advertisers insert *longer* video ads. On the other hand, YouTube needs to make sure their users are not too bothered by the long ads, so they created the “Skip Ad” button. However, the advertisers don’t have to pay YouTube when their ads are skipped too soon ([via](https://influencermarketinghub.com/how-much-do-youtube-ads-cost) (Cloudflare, trackery)). This means YouTube can’t just let everyone click on the “Skip Ad” button all the time. Furthermore, if skipping ads was too easy, it would hurt the sales of YouTube’s ad-free subscription as well. So while YouTube offers the “Skip Ad” button, **YouTube ultimately wants the users to stay away from clicking the “Skip Ad” button**.
+YouTube get paid by the advertisers when they insert video ads. And they get paid even more when they let the advertisers insert *longer* video ads. On the other hand, YouTube needs to make sure their users are not too bothered by the long ads, so they created the “Skip Ad” button. However, the advertisers don’t have to pay YouTube when their ads are skipped too soon ([via](https://influencermarketinghub.com/how-much-do-youtube-ads-cost) ![cloudflare](../cloudflare/icon.png) ![google](../google/icon.png) ![facebook](../facebook/icon.png) ![linkedin](../linkedin/icon.png)). This means YouTube can’t just let everyone click on the “Skip Ad” button all the time. Furthermore, if skipping ads was too easy, it would hurt the sales of YouTube’s ad-free subscription as well. So while YouTube offers the “Skip Ad” button, **YouTube ultimately wants the users to stay away from clicking the “Skip Ad” button**.
 
 ### How the Video Ads Could Have Been Implemented
 

google/pl/total-commander-forced-to-stop-letting-you-install-apks.md

@@ -10,7 +10,7 @@ Jedną z najlepszych funkcji Androida, który zostawia swoją konkurencję na ry
 
 Total Commander jest z nami od lat '90, a ponad dekadę temu jego wsparcie rozszerzyło się na Androida wkrótce po powstaniu tej platformy. Ta aplikacja ma ponad 10 milionów pobrań w Sklepie Google Play, i nadal wspiera bardzo stare wersje systemu począwszy od Androida 2.2. W najnowszej aktualizacji developer Christian Ghisler usunął z aplikacji możliwość instalacji plików APK, obwiniając za to politykę Google Play w liście zmian w tej wersji. Niezły zwrot akcji i przy okazji zły omen dla innych mobilnych menedżerów plików.
 
-W [poście na forum](https://ghisler.ch/board/viewtopic.php?t=76643) Ghisler rzuca nieco więcej światła na całą sprawę, informując, że Google wysłał mu ostrzeżenie o usunięciu aplikacji z Google Play w przeciągu tygodnia, chyba że problem zostanie rozwiązany. Automatyczna odpowiedź firmy mówi o [naruszeniu "Polityki urządzeń i sieci"](https://support.google.com/googleplay/android-developer/answer/9888379?hl=pl) (strona zawiera skrypty śledzące Google), w szczególności odnosząc się do tych dwóch sekcji:
+W [poście na forum](https://ghisler.ch/board/viewtopic.php?t=76643) Ghisler rzuca nieco więcej światła na całą sprawę, informując, że Google wysłał mu ostrzeżenie o usunięciu aplikacji z Google Play w przeciągu tygodnia, chyba że problem zostanie rozwiązany. Automatyczna odpowiedź firmy mówi o [naruszeniu "Polityki urządzeń i sieci"](https://support.google.com/googleplay/android-developer/answer/9888379?hl=pl) ![google](../../google/icon.png), w szczególności odnosząc się do tych dwóch sekcji:
 
 > Aplikacja rozpowszechniana w Google Play nie może samodzielnie się modyfikować, zastępować ani aktualizować przy użyciu metody innej niż mechanizm aktualizacji Google Play. Aplikacja nie może też pobierać kodu wykonywalnego (np. plików .dex, .jar i .so) z innego źródła niż Google Play. Nie dotyczy to kodu, który jest uruchamiany na maszynie wirtualnej czy w interpreterze z pośrednim dostępem do interfejsów API Androida (na przykład JavaScript w komponencie WebView lub przeglądarce).
 > 
@@ -22,7 +22,7 @@ W oparciu o te zasady, automatyczny system moderacji Google Play mógł zinterpr
 
 Wtedy Ghisler podjął decyzję o całkowitym usunięciu opcji instalowania plików APK, z obawy przed utratą dostępu do konta po otrzymaniu trzeciego ostrzeżenia – co spotkało już innych developerów w podobnych okolicznościach.
 
-Możliwe, że to wydarzenie w przyszłości będzie miało duży wpływ na los menedżerów plików i przeglądarek internetowych w Sklepie Google Play, chociaż użyty tutaj język – nie wspominając o [niepochlebnym dla reputacji Google fałszywym blokowaniu aplikacji](https://androidpolice.com/play-store-leafsnap-simple-keyboard-takedown) (strona zawiera skrypty śledzące Google) – wydaje się wskazywać na coś mniej podstępnego. Bazując na informacjach dostarczonych przez Ghislera, wygląda na to, że Google uważa, że Total Commander aktualizuje się od wewnątrz łącząc się z określonymi witrynami hostującymi pliki APK, albo stosuje własną metodę instalacji przed przekierowaniem użytkownika do domyślnego instalatora systemu Android. W każdym razie ta sytuacja wymaga dokładniejszego wyjaśnienia ze strony firmy. Google powinien albo sprecyzować, co Total Commander robi źle, a czego nie robią inne menedżery plików, albo pozwolić na przywrócenie aplikacji w Google Play do jej poprzedniego stanu.
+Możliwe, że to wydarzenie w przyszłości będzie miało duży wpływ na los menedżerów plików i przeglądarek internetowych w Sklepie Google Play, chociaż użyty tutaj język – nie wspominając o [niepochlebnym dla reputacji Google fałszywym blokowaniu aplikacji](https://androidpolice.com/play-store-leafsnap-simple-keyboard-takedown) ![google](../../google/icon.png) – wydaje się wskazywać na coś mniej podstępnego. Bazując na informacjach dostarczonych przez Ghislera, wygląda na to, że Google uważa, że Total Commander aktualizuje się od wewnątrz łącząc się z określonymi witrynami hostującymi pliki APK, albo stosuje własną metodę instalacji przed przekierowaniem użytkownika do domyślnego instalatora systemu Android. W każdym razie ta sytuacja wymaga dokładniejszego wyjaśnienia ze strony firmy. Google powinien albo sprecyzować, co Total Commander robi źle, a czego nie robią inne menedżery plików, albo pozwolić na przywrócenie aplikacji w Google Play do jej poprzedniego stanu.
 
 Wysłaliśmy do Google prośbę o komentarz, po otrzymaniu odpowiedzi zaktualizujemy artykuł. W tym czasie lepiej zablokuj aktualizacje Total Commandera jeżeli używasz tej aplikacji do instalacji APK-ów.
 
@@ -30,7 +30,7 @@ Wysłaliśmy do Google prośbę o komentarz, po otrzymaniu odpowiedzi zaktualizu
 
 ---
 
-źródło: <https://androidpolice.com/total-commander-apk-installation-block> | <!> Strona zawiera skrypty śledzące Google
+źródło: <https://androidpolice.com/total-commander-apk-installation-block> ![google](../../google/icon.png)
 
 użytkownik: *Will Sattelberg*
 

google/total-commander-forced-to-stop-letting-you-install-apks.md

@@ -10,7 +10,7 @@ One of the handiest features on Android that sets it apart from the mobile compe
 
 Total Commander has been around since the 90s, eventually expanding into Android after the platform launched over a decade ago. The app has more than 10 million downloads on the Play Store, still supporting OS versions as far back as Android 2.2. With a new update, developer Christian Ghisler has removed the ability to install APK files on Android, blaming Google Play policies in the patch notes for the app. It's a shocking twist for the service and, seemingly, a bad omen of things to come for other mobile file managers.
 
-A [forum post](https://www.ghisler.ch/board/viewtopic.php?t=76643) from Ghisler sheds some more light on what's going on here, as Google sent him a notice warning of his app's removal from the Play Store within a week if the app went unmodified. The company's automated response pointed the developer to the ["Device and Network Abuse" policy](https://support.google.com/googleplay/android-developer/answer/9888379?hl=en#zippy=%2Cexamples-of-common-violations) — specifically, these two sections:
+A [forum post](https://www.ghisler.ch/board/viewtopic.php?t=76643) from Ghisler sheds some more light on what's going on here, as Google sent him a notice warning of his app's removal from the Play Store within a week if the app went unmodified. The company's automated response pointed the developer to the ["Device and Network Abuse" policy](https://support.google.com/googleplay/android-developer/answer/9888379?hl=en#zippy=%2Cexamples-of-common-violations) ![google](../google/icon.png) — specifically, these two sections:
 
 > An app distributed via Google Play may not modify, replace, or update itself using any method other than Google Play's update mechanism. Likewise, an app may not download executable code (e.g., dex, JAR, .so files) from a source other than Google Play. This restriction does not apply to code that runs in a virtual machine or an interpreter where either provides indirect access to Android APIs (such as JavaScript in a webview or browser). 
 >
@@ -22,7 +22,7 @@ Based on these rules, the Play Store's moderation system might believe Total Com
 
 According to Ghisler, he then made the decision to remove APK installations altogether, for fear of losing access to his account after a third warning — as has happened to other developers in a similar situation. 
 
-It's possible that this block could have wide-reaching ramifications on file and web browsers in the Play Store, though the language used — not to mention [Google's poor reputation on false takedowns](https://androidpolice.com/play-store-leafsnap-simple-keyboard-takedown) — seems to hint at something less insidious. Based on the information provided by Ghisler, it seems like Google either thinks Total Commander is updating itself from within, is accidentally linking to specific APK-hosting websites, or is using a custom app installation process before navigating the user to Android's default installer. Either way, this sounds like a situation that needs some clarification from the company. Google should either spell out exactly what Total Commander is doing wrong that other file browsers have avoided, or should allow the app back on the Play Store in its previous state.
+It's possible that this block could have wide-reaching ramifications on file and web browsers in the Play Store, though the language used — not to mention [Google's poor reputation on false takedowns](https://androidpolice.com/play-store-leafsnap-simple-keyboard-takedown) ![google](../google/icon.png) — seems to hint at something less insidious. Based on the information provided by Ghisler, it seems like Google either thinks Total Commander is updating itself from within, is accidentally linking to specific APK-hosting websites, or is using a custom app installation process before navigating the user to Android's default installer. Either way, this sounds like a situation that needs some clarification from the company. Google should either spell out exactly what Total Commander is doing wrong that other file browsers have avoided, or should allow the app back on the Play Store in its previous state.
 
 We've reached out for comment from Google and will update when we hear back. For now, you might want to block Total Commander updates if you rely on the app for routine APK installs.
 
@@ -30,7 +30,7 @@ We've reached out for comment from Google and will update when we hear back. For
 
 ---
 
-źródło: <https://androidpolice.com/total-commander-apk-installation-block> | <!> Strona zawiera skrypty śledzące Google
+źródło: <https://androidpolice.com/total-commander-apk-installation-block> ![google](../google/icon.png)
 
 użytkownik: *Will Sattelberg*