serisec

Category: iOS

  • DarkSword Malware

    DarkSword Malware DarkSword is a sophisticated piece of malware—probably government designed—that targets iOS. Google Threat Intelligence Group (GTIG) has identified a new iOS full-chain exploit that leveraged multiple zero-day vulnerabilities to fully compromise devices. Based on toolmarks in recovered payloads, we believe the exploit chain to be called DarkSword. Since at least November 2025, GTIG…

  • Google Launches Gmail End-to-End Encryption for Android and iOS

    Google Launches Gmail End-to-End Encryption for Android and iOS Google has officially rolled out End-to-End Encryption (E2EE) for the Gmail application on Android and iOS devices. This major update targets users utilizing Gmail client-side encryption. It allows organisations to handle sensitive data confidentially directly from their smartphones or tablets. The feature ensures compliance with strict…

  • Possible US Government iPhone Hacking Tool Leaked

    Possible US Government iPhone Hacking Tool Leaked Wired writes (alternate source): Security researchers at Google on Tuesday released a report describing what they’re calling “Coruna,” a highly sophisticated iPhone hacking toolkit that includes five complete hacking techniques capable of bypassing all the defenses of an iPhone to silently install malware on a device when it…

  • Smashing Security podcast #452: The dark web’s worst assassins, and Pegasus in the dock

    Smashing Security podcast #452: The dark web’s worst assassins, and Pegasus in the dock In episode 452, a London-based YouTuber wins a landmark court case against Saudi Arabia after his phone was hacked with Pegasus spyware — exposing how a single, seemingly harmless text message can turn a smartphone into a round-the-clock surveillance device. Plus,…

  • Your favourite phone apps might be leaking your company’s secrets

    Your favourite phone apps might be leaking your company’s secrets Most of the apps on your phone are talking to a server somewhere – sending and receiving data through messages sent through APIs, the underlying infrastructure that allows apps to communicate. And here’s the problem – hackers have determined that the APIs of mobile apps,…

  • TeaOnHer copies everything from Tea – including the data breaches

    TeaOnHer copies everything from Tea – including the data breaches TeaOnHer hasn’t stopped at copying the functionality of the original Tea app (albeit skewed towards men rating women). It also appears to have carelessly mimicked the Tea dating advice app’s recklessness when it comes to data security. Read more in my article on the Hot…

  • Smashing Security podcast #427: When 2G attacks, and a romantic road trip goes wrong

    Smashing Security podcast #427: When 2G attacks, and a romantic road trip goes wrong Graham warns why it is high time we said goodbye to 2G – the outdated mobile network being exploited by cybercriminals with suitcase-sized SMS blasters. From New Zealand to London, scammers are driving around cities like dodgy Uber drivers, spewing phishing…

  • Security Vulnerabilities in ICEBlock

    Security Vulnerabilities in ICEBlock The ICEBlock tool has vulnerabilities: The developer of ICEBlock, an iOS app for anonymously reporting sightings of US Immigration and Customs Enforcement (ICE) officials, promises that it “ensures user privacy by storing no personal data.” But that claim has come under scrutiny. ICEBlock creator Joshua Aaron has been accused of making…

  • Smashing Security podcast #412: Signalgate sucks, and the quandary of quishing

    Smashing Security podcast #412: Signalgate sucks, and the quandary of quishing QR codes are being weaponised by scammers — so maybe think twice before scanning that parking meter. And in a blunder so dumb it makes autocorrect look smart, the White House explains how it leaked war plans on Signal because an iPhone mistook a…

  • Experts Flag Security, Privacy Risks in DeepSeek AI App

    Experts Flag Security, Privacy Risks in DeepSeek AI App New mobile apps from the Chinese artificial intelligence (AI) company DeepSeek have remained among the top three “free” downloads for Apple and Google devices since their debut on Jan. 25, 2025. But experts caution that many of DeepSeek’s design choices — such as using hard-coded encryption…

  • Smashing Security podcast #399: Honey in hot water, and reset your devices

    Smashing Security podcast #399: Honey in hot water, and reset your devices Ever wonder how those “free” browser extensions that promise to save you money actually work? We dive deep into the controversial world of Honey, the coupon-finding tool owned by PayPal, and uncover a scheme that might be leaving you with less savings and…

  • Details about the iOS Inactivity Reboot Feature

    Details about the iOS Inactivity Reboot Feature I recently wrote about the new iOS feature that forces an iPhone to reboot after it’s been inactive for a longish period of time. Here are the technical details, discovered through reverse engineering. The feature triggers after seventy-two hours of inactivity, even it is remains connected to Wi-Fi.…