Security iPhone Malware Attackers can Install Malware on iPhone When it is Powered Off.

 

 

The iOS Find My feature has a safety loophole that can lead to infecting the iPhone even if the phone is off.

Academic researchers from the Secure Mobile Networking Lab (SEEMOO) at the Technical University of Darmstadt have identified a unique way of infecting an iPhone by loading malware while the phone is off.

Researchers will present their findings at the ACM Conference on Security and Privacy in Wireless Mobile Networks/ WiseSec 2022.

How does the Attack work?

The attack occurs after tampering with the iOS firmware and loading the malicious software onto a wireless Bluetooth chip with Near-field Communication and Ultra-Wideband. The attacker needs to execute the chip to infect the phone when it is off. The chip continues to operate when the system is off, and the Low Power Mode (LPM) is activated.

While the three wireless chips can facilitate Find My and Express Card transaction features, these can directly access the secure element. Basically, the ultra-wideband (UWB) (supported by iPhone 11, 12, and 13) and the Bluetooth chips are hardwired to the NFC chip’s Secure Element and can easily access confidential data.

“Since LPM support is implemented in hardware, it cannot be removed by changing software components. As a result, on modern iPhones, wireless chips can no longer be trusted to be turned off after shutdown,” researchers wrote in the paper titled “Evil Never Sleeps: When Wireless Malware Stays On After Turning Off iPhones.”

Researchers regarded the LPM feature as Opaque and highlighted that it sometimes fails to initialize Find My ads when the phone is off. Moreover, the Bluetooth firmware is not encrypted or signed.

An attacker can exploit this flaw to execute the malware on an iPhone Bluetooth chip. However, the adversary must possess privileged access. Furthermore, the attacker must communicate to the firmware via the OS, modify its image or obtain code execution on an LPM-activated chip by exploiting another flaw such as BrakTooth to exploit the loophole successfully.

What is LPM?

This feature was introduced in 2021 with iOS 15. It helps the user track lost devices using the Find My network and stays available even when the phone is out of battery power or is off. Before the phone shuts down, a message states the device will remain findable despite being off, and the Find My feature will locate it in case it is lost or stolen. The phone will be accessible when powered off or is in power reserve mode.

Facebook plans the year’s most extensive bulk data deletion, including wiping out users’ location histories.

  

Last year, Facebook decided to shut down its infamous facial recognition system and delete billions of records it collected over the years. Now, the social media giant will stop offering some of its location tracking features by the end of May 2022.

It is worth noting that the features that will be deleted include Time Alerts, Weather Alerts, Nearby Friends, Podcasts, Background Location, and Location History. 

Apparently, these services are being terminated due to ‘low usage’, and users of these services will receive a notification about their imminent shutdown.

Data to be Wiped Out before 31 May

These features will no longer be available from 31 May 2022, and the platform will also stop collecting data for these functions, The Verge has confirmed. The company claims that data associated with all these location tracking tools will be wiped out from its servers.

However, users can still access, delete, or download location data the social network saved prior to 1st August. For accessing the data, users should go to Settings>Privacy tab. All the data collected before this date for these soon-to-be-defunct features would be erased automatically.

Meta’s Statement

According to an email from Facebook owner Meta, the social network has been using poor location-based functions. Hence, they decided to stop offering such functions. The company notified users through in-app prompts and emails and didn’t make public announcements.

The notification received by Facebook users revealed that the social network would shut down features relying on background location tracking, including Nearby Friends, Podcasts, and Weather Alerts.

It is worth noting that Facebook Podcasts were launched just a year before. Yet, Facebook decided to discontinue them and develop additional services. The company will stop offering short-form audio products Soundbites and central audio hub.

This is welcome news for Facebook users. However, it doesn’t mean that Facebook will stop collecting users’ location data because, as per the company’s policy, it will collect the information for ‘other experiences,’ like location check-ins.

 

Bi-Weekly Counter-Terrorism Intelligence Brief for East and Central Africa (Somalia, Mozambique, DR-Congo, Tanzania, Uganda): Tracking Islamic State Terrorists In 1st May- 15th May 2022

INCIDENT REPORT

Mozambique

• 1^st May- a bus ferrying passengers was attacked by militants outside Litingina, 10 km south of Chibau in Nangade. The militants open fired at the bus injuring 3 people.
• 1^st May- 1 person was killed and another injured after the same militants attacked Litingina town.
• 3^rd May- several people were beheaded after insurgents attacked Muhia village located 10 km north of Nangade town, near the Tanzanian border.
• 6^th May- Insurgents attacked Olumbe village, Palma where they threatened the residents to leave and looted food and other supplies.
• 7^th May- insurgents attacked 3 de Fevereiro, just east of Nangade town where they attempted to kidnap a woman and her child.
• 8^th May- insurgents struck the Rovuma village lowlands, capturing several people in fields around Nankuka, and the Nangade district.
• 9^th May- 3 Mozambican soldiers were killed and two others injured and their barracks were torched in Quiterajo in the Macomia district.

DEMOCRATIC REPUBLIC OF CONGO

• 06^th May- a Congolese military barrack in Lomi village, Beni was attacked, the soldiers fled and the militants razed it after seizing weapons and other supplies.
• 07^th May- 1 Christian was killed, several others injured, and 3 motorbikes burned by militants who attacked them with machine guns on the road linking Bolongo and Kasindi in the Beni region.
• 8^th May- ISCAP and a Congolese patrol clashed at Kikinji village in Beni where 3 soldiers were killed and the weapons and ammo seized.
• 9^th May- ISCAP ambushed a Christian convoy and razed 9 trucks and a passenger bus, on the Komanda – Mambasa Highway in Ituri.
• 10^th May- local militia allied to the Congolese troops was attacked in Mbonji, Ituri province by ISCAP where at least 13 members were killed and several others injured.
• 10^th May- 3 people were killed and at least 9 vehicles burned following an attack by ISCAP in Kundala Kundala village located between Komanda and Mambasa, Ituri province.
• 12^th May- a joint barracks for the Congolese-Ugandan forces were attacked with automatic weapons, which led to the killing of 1 dead and several wounded. The militants then seized machine guns, RPGs, and ammunition.

SOMALIA

• 02^nd May- 1 Somali police officer was killed and 5 others injured after a hand grenade was hurled at a patrol in the Dar As-Salaam neighborhood in Mogadishu.

NOTABLES

In Mozambique, SAMIM forces have reportedly failed to respond, even when insurgents came within 2 km of their positions, especially in Nangade where cases of kidnappings and beheadings have resurged. This apparent and continued lack of action has further undermined public confidence and trust in the SAMIM operation to protect civilians. The allied forces continue to be accused of not doing enough to fight the militants as they appear to have adopted a deterrence-oriented approach other than a full-blown attack tactic against ISCAP.

Intelligence further reveals that Rwandan troops who are usually responsible for Palma and Mocímboa da Praia districts have recently expanded their area of operation to intervene in Nangade to pursue the insurgents. The arrival was marked by a reported surrender of an unspecified number of militants from different backgrounds. The RDF also reportedly killed over 10 militants who were hiding in a local businessman’s house which has put further strain on the network of the insurgency that has been wreaking havoc in the areas in the last few weeks.

The Islamic State (ISIS-Central) claimed the attack citing that it was conducted by the ‘Wilayah Mozambiq’ making it the first time the ISCAP branch in Mozambique has been referred to as such since it swore its allegiance to ISIS.

President Museveni said Uganda is providing some logistical support to Mozambique to fight the insurgents but noted if need be, UPDF would be deployed. He however said that despite that he would only send the troops to Cabo Delgado upon the resolution of the conflicts already in East Africa, especially in Somalia and DR Congo.

In DRC, human rights organizations have started pressuring the government to end the siege that has installed military rule in North Kivu and Ituri Provinces as the civilians have been experiencing numerous injustices. The siege that has been in place since last year has failed to achieve its purpose and as such partners have urged the government to explore alternative ways to end the senseless killing of civilians by the ever-evolving ISCAP.

A three-day joint UPDF-Congolese CT campaign led to the recapture of Mwenda village which is a strategic, logistical, and habitat for a huge ISCAP encampment. The operation was led by the 1st Battalion of Mountain Division that had been advancing towards Mwenda and reports indicate that at least 35 ISCAP militants were neutralized in the operations. Mwenda has been the home base for the militants since the November bombardments and the entry of the UPDF in Beni and as such the recapture is a significant achievement in the fight against the jihadists. Mwenda had become a haven for the militants and has been used to launch numerous attacks in Beni, North Kivu province, especially in the Rwenzori sector.

 

At least 40 Islamic State Central Africa (ISCAP) insurgents surrendered to a military position and turned themselves in Namiune, Nangade District. Intelligence indicates that they approached a farmer in the area handing him a handwritten letter outlining their intentions to surrender after which they marched hands up and without weapons.

The militants in the region have been suffering major losses and the latest entry of the Rwandan forces ISCAP has been feeling the pressure as they continue suffer losses and operation incapability.

Bernardino Rafael, the General Commander of the Police of the Republic of Mozambique (PRM) in his most recent in Macomia extended amnesty and reintegration into society for any militants that surrendered. He urged the families and friends to persuade the jihadists to come in and they would be deradicalized without punishment and allowed to rejoin the community.

The amnesty offer has worked in other countries like Somalia where al Shabaab militants surrender their arms and are rehabilitated before being allowed back into society. The amnesty program has proven effective especially targeting youth that were either coerced, kidnapped or those that changed their stance after seeing the terror group’s activities.

The surrender is a very positive sign of the effectiveness of the current CT operations and will be instrumental in undermining both the recruitment of new members as well as morale of existing terrorists. Despite the various challenges, the allied troops (SAMIM-RDF-FADM) have been exerting pressure on the terror organization and such occurrences show progress is being made towards eradicating the militancy in Cabo Delgado.

 

Rising Al-Shabaab Attacks Prompts Pentagon’s Decision to Redeploy US Special Forces to Somalia

The rising Al-Shabaab attacks in Somalia has prompted Pentagon to make a decision to redeploy the US Special Forces back to the war-torn country.

In the recent weeks, Al-Shabaab has escalated coordinated attacks on military positions especially in central and southern Somalia, with a deadly operation being recorded on March 3^rd, for El Baraf in Middle Shabelle region where scores of ATMIS-Burundian troops were killed and base overrun by the Al-Qaeda aligned militants.

Last year, before leaving office, the former President Donald Trump signed an order authorizing the repositioning of the US troops and now the current US President Joe Biden has been convinced to reverse that decision, thus decision to reinstate troops to Somalia.

Latest reports indicate that on Monday 16^th, President Joe Biden authorized the deployment of the fewer than 500 troops to the East African country battling with rising extremist insurgency. The troops will establish a small presence in Somalia in an attempt to better target Al-Shabaab and its leaders and that of the group’s senior commanders/leaders.

Referencing Pentagon sources on condition of anonymity, the decision to redeploy the Special Forces was occasioned by the growing Al-Shabaab threat which could further destabilize the country. Throughout the elections period, the Al-Qaeda associate militant group has managed to wage deadly attacks, mainly targeting security forces, senior government officials and innocent civilians.

The newly elected President of the Federal Republic of Somalia Hassan Sheikh Mohamud thanked and appreciates Biden for authorizing the deployment of American troops to Somalia underscoring that the US has always been a reliable ally in the fight against terrorism and quest for the stability of Somalia.

Galmudug police release names of Ahlu Sunna Wal'jamaa criminals

 Galmudug Police officials have released the names and photos of 36 highly wanted people identified by the Galmudug administration as criminals and are said to be members of the Sufist militia, Ahlu Sunna Wal’Jamaa. 

Among the 36 named people is the leader of Ahlu Sunna Wal’amaa (ASWJ) Sheikh Mohamed Shakir Ali Hassan, who alongside 35 followers have been accused of inciting violence in Dhusamareb and Guri’el, leading to the displacement of civilians.

Fighting erupted in Dhusamareb, the capital of Galmudug state on Friday after the moderate militia attacked the town resulting in the killing of several people, including government soldiers. Calm was restored after Galmudug forces backed by SNA engaged the militants in an hours-long battle.

Galmudug police spokesman Nur Elmi has called on neighboring states and internal security agencies to help in nabbing the criminals who have wreaked havoc in the region. 

Galmudug has had its share of violence in the recent past, with Al-Shabaab on one side and  ASWJ on the other side, a situation which calls for the Galmudug administration and the Federal Government to act fast before the state is left at the mercy of the two menacing groups.

 

The Armed Forces of the Democratic Republic of Congo, FARDC, supported by the Ugandan army UPDF, launched on Tuesday April 18, 2022 military bombing operations against certain positions of ADF fighters spotted in Mont Hoyo near the city of Komanda, capital of the Basili chiefdom in the territory of Irumu in the province of Ituri.

A salutary offensive for the inhabitants of the city of Komanda and the chiefdom of Walese Vonkutu in this territory of Irumu.

Indeed, these residents believe that it is a response to the promise given by the military governor of this province, Lieutenant General Johnny Luboya Kashama after a popular meeting held last year in Komanda.

Same story from the President of the Local Youth Council of the Irumu territory who is delighted with the start of these operations. He believes in the restoration of peace and security in this territory long shaken by these terrorists.

 Russia is developing new hypersonic strategic systems that will replace the Avangard glide vehicles when the United States finds an antidote for them, Col. Gen. Sergei Karakaev, the commander of the Strategic Missile Forces, said.

"We must understand this and do it and go further in hypersonic weapons. By the time they find an antidote, we must have found another solution to this. And today we are working on it. There are developments, there is work in progress. I think that this task is within our reach," the commander said on the air of the Zvezda broadcaster.

The Avangard hypersonic gliding unit is capable of flying at Mach 27. The first regiment in a reduced composition, armed with a strategic missile system with a hypersonic gliding winged vehicle Avangard, took up combat duty of the Yasnenskaya missile division in Orenburg region .According to experts, due to the ability to maneuver in the atmosphere along an unpredictable trajectory, Avangard can overcome any existing missile defense system.

RDF gets a deputy chief of military intelligence

 The President of the Republic and the Commander-in-Chief of the Rwandan Armed Forces, Paul Kagame has appointed Col François Regis Gatarayiha the Deputy Commander-in-Chief of Military Intelligence, and promoted to the rank of Lieutenant Colonel of the rank of lieutenant colonel, of which 460 were Major. It is contained in a statement issued by the Ministry of Defense on Friday, December 17, 2021. The statement states that the President of the Republic and the Commander-in-Chief of the Rwandan Armed Forces have appointed Col François Regis Gatarayiha as Deputy Commander-in-Chief. Military Intelligence Officer and Director of Technology. Col François Regis Gatarayiha, who has been the head of the National Immigration Service since 2018, had been promoted to Lieutenant Colonel in early September 2021 and was promoted to the rank of Colonel and was immediately appointed Director of Communications. and Information Security in the RDF. A statement from the Ministry of Defense also said that on Friday, President Kagame promoted 460 officers to the rank of Major and was promoted to Lieutenant Colonel. Other officers were promoted, including 472 who held the rank of Captain and were given the rank of Major. He also promoted 12,690 Private, Corporal and 2,836 Corporal.

The operation against ADF in the VIRUNGA

 Backpacks, machine guns slung over their shoulders, the infantry soldiers advance in the forest towards previously bombed sites, supposed to shelter ADF rebels hunted down in the northeast of the DRC by the Ugandan and Congolese armies.We will  fight, until the supreme sacrifice ...", launches one of the young Congolese soldiers in fatigues in front of the cameras of a small handful of journalists, including one of the 'AFP, who accompanied the army this week to northern Virunga National Park. Just before, multiple rocket launchers had fired from the Semuliki military camp, a former UN base in the area. inside the park, where 15 Tanzanian peacekeepers were killed by ADF in 2017. Famous for its mountain gorillas, who live in its southern part, the park is also used as a rear base by various armed groups that are raging. has been in eastern Democratic Republic of the Congo for a quarter of a century, including the ADF in its northern part. This is where a temporary joint HQ has been set up. Two generals, Ugandan Kayanja Muhanga, Congolese Bertin Mputela, discussed operations, while infantry from the Congolese jungle combat unit and the Ugandan mountain unit plunge into the forest. triggered on November 30 by the Ugandan air force and artillery against ADF rebel bases in eastern DRC is in its third week. No death or injury toll has been released, only a "preliminary" point. made public on December 11 reported 34 “captured terrorists”, “4 enemy bivouacs destroyed” and “31 Congolese hostages freed.” The Ugandan army said earlier this week that “three additional enemy positions” had been targeted by air and artillery strikes. the first bombardments, which had targeted the north of the province of North Kivu and the south of Ituri, Ugandan troops on the ground entered Congolese territory by the border post of Nobili. ten km, time to repair the road in poor condition and open the way for heavy machinery. - Collaborate with the army - Captain Antony Mualushayi, spokesperson for the Armed Forces of the DRC (FARDC) in the region of Beni (North Kivu), estimated at the end of last week at "more or less 48 hours" the time still necessary to make the road practicable and to allow in the Virunga a ground operation of scale. Tuesday, at the HQ installed in the park, he welcomed the progress of the intervention against the ADF (Allied Democratic Forces), rebels accused of jihadist attacks on Ugandan soil and of repeated massacres of civilians in the DRC, where they have been established since 1995. “The large-scale operations advanced wingspan very well on the ground, "he told reporters, asking the populations of the region" not to panic because of the heavy weapons. "At the same time, the Congolese coordinator of the operation, Major General Camille Bombele, arrived in Beni. He called on Wednesday residents to seize "the outstretched hand" by Congolese President Félix Tshisekedi and Ugandan President Yoweri Museveni, who "agreed to join forces to impose peace" in the region. We must "collaborate with the army and the police," he told them. North Kivu and Ituri have been under siege since the beginning of May, an exceptional measure which gave full powers to the military but which has so far failed to stop the abuses of armed groups. The inhabitants, exhausted by years of killings and insecurity, have rather welcomed the intervention