iPhone users: Beware of fake ‘lockdown mode’ attack

Dec 07 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that’s like a cybersecurity safari, we guide you through the Serengeti of hackers and scammers, so you emerge unscathed.

Today’s hottest cybersecurity news stories: 

  • ⚠️ iPhone users: Beware of fake ‘lockdown mode’ attack ????

  • ???? New ‘BLUFFS’ bluetooth attack leaves devices exposed ????

  • ???? Russian bots target Germany, Ukraine, & US with disinfo ????  

Not more lockdowns ????️????????️

???? Breaking News: iPhone Users Beware of Fake Lockdown Mode Threat! ????

A new "post-exploitation tampering technique" discovered by Jamf Threat Labs exposes how hackers can visually deceive iPhone users into thinking their device is in Lockdown Mode when it's not, enabling covert attacks.

???? Lockdown Mode ????

FYI: Introduced by Apple in iOS 16 last year, Lockdown Mode stands as a robust security feature ????. Its primary goal is to shield high-risk individuals from advanced digital threats, including mercenary spyware, by reducing the potential areas of attack. ????️ Lockdown Mode minimises the attack surface, enhancing device security and protecting users from sophisticated cyber threats.

???? Bypassing Lockdown Mode ????

Back to the threat… Once infiltrated, hackers can trigger a 'bypass' of Lockdown Mode, creating a Fake Lockdown Mode on compromised devices. Unpatched security flaws are potential entry points for such attacks.

????️ Lockdown Mode Vulnerabilities Revealed ????

While Lockdown Mode was introduced for enhanced security in iOS 16 and elevated to kernel level in iOS 17, this novel method exposes vulnerabilities that allow persistent malware existence even after a user-initiated reboot.

???? Safari Browser at Risk: PDF Access Enabled ????

The report highlights that adversaries can manipulate Lockdown Mode on Safari, potentially giving access to blocked PDF files, posing additional risks to user data.

???? Stay Vigilant and Update Your Devices! ????

In light of this threat, it's crucial to stay vigilant, update your devices promptly, and exercise caution to protect against potential security breaches.

Shift Left: How to Turn Security into Review 

In the competitive landscape of software business, optimizing processes and leveraging efficiencies can make a significant difference in building a strong pipeline and closing revenue faster.

Read the free ebook from Vanta to learn how to:

  • Apply the DevOps principles of “shifting left” to position security as a differentiator — instead of a hurdle

  • Center security in your sales conversations at every stage to proactively remove roadblocks to revenue

  • Invest in your security story by making it easy for buyers to access security-related information

Vanta helps SaaS businesses of all sizes manage risk and prove security in real time. Download the guide to get started.

Do ya reckon they’re BLUFFing? ????????????

???? Bluetooth Vulnerabilities Expose Devices to Adversary-in-the-Middle Attacks! ????

New research has unveiled BLUFFS, a series of vulnerabilities impacting Bluetooth Core Specifications 4.2 through 5.4, tracked under CVE-2023-24023 (CVSS score: 6.8). These vulnerabilities break forward and future secrecy guarantees, creating adversary-in-the-middle (AitM) scenarios.

???? Understanding the Threat ????

EURECOM researcher Daniele Antonioli explains that the attacks enable device impersonation and machine-in-the-middle by compromising just one session key. This is achieved by exploiting flaws in the Bluetooth session key derivation mechanism, allowing the derivation of the same key across sessions.

???? Real-Time Encryption Key Brute-Force ????

The AitM attacker can negotiate connections and force the lowest encryption key length, potentially allowing live injection attacks on traffic between vulnerable Bluetooth peers. Successful attacks require the attacking device to be within wireless range during a pairing procedure.

????️ Protecting Your Devices ????

Bluetooth Special Interest Group (SIG) recommends rejecting connections with key strengths below 7 octets, operating in "Secure Connections Only Mode," and using "Secure Connections" mode for pairing. These measures aim to limit the impact of session key reuse and enhance overall security.

???? The Cybersecurity Landscape ????️

These revelations highlight the importance of staying informed and implementing recommended mitigations to safeguard against emerging threats. Be cautious during Bluetooth pairing and ensure secure practices.

???? Catch of the Day!! ????????????

???? The Motley Fool: “Fool me once, shame on — shame on you. Fool me — you can't get fooled again.” Good ol’ George Dubya ???? Let us tell who’s not fooling around though; that’s the Crüe ???? at Motley Fool. You’d be a fool (alright, enough already! ????) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ???? Kidding aside, if you check out their website they’ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ???? (LINK)

???? Wander: Find your happy place. Cue Happy Gilmore flashback ????️⛳????????️ Mmmm Happy Place… ???? So, we’ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, it’s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ????️???? (LINK)

???? Digital Ocean: If you build it they will come. Nope, we’re not talking about a baseball field for ghosts ???????? (Great movie, to be fair ????). This is the Digital Ocean who’ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website you’ll find yourself catching the buzz even if you can’t code (guilty ????). But if you can and you’re looking for somewhere to test things out or launch something new or simply enhance what you’ve got, we’d recommend checking out their services fo’ sho ???? And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ???? (LINK)

Knock, Knock

Who’s there?


KGB wh-

slaps face VE VILL ASK ZE QUESTIONS! ????????????

????️‍♂️ Cybersecurity Alert: Doppelganger Targets Global Audiences ????

A new report reveals that the Russia-linked influence operation, Doppelganger, has been actively targeting Ukrainian, U.S., and German audiences. Meta describes it as the "largest and most aggressively-persistent Russian-origin operation."

???? Inauthentic Campaigns and AI Tactics ????‍????

Doppelganger employs inauthentic news sites and social media accounts to spread anti-Ukrainian propaganda, anti-LGBTQ+ sentiment, and undermine U.S. military competence and Germany's economic and social issues. The influence operation, active since February 2022, uses brandjacking and advanced obfuscation techniques, including AI-generated news articles.

???? Evolving Tactics and AI-Powered Disinformation ????

Doppelganger's tactics are evolving, utilising over 800 social media accounts for the Ukraine campaign. The use of inauthentic media outlets, such as Election Watch and Warfare Insider, exemplifies the adaptability of Russian information warfare.

???? Meta's Warning and Disruptions ⚠️

Meta's Adversarial Threat Report highlights Doppelganger's influence in U.S. and European political affairs. They discovered new websites focusing on migration and border security. Meta disrupted three covert influence operations in Q3 2023 but raised concerns about paused threat sharing, limiting efforts against malicious foreign campaigns.

???? Stay Vigilant Against Deceptive Campaigns! ????

Doppelganger's tactics showcase the enduring nature of Russian information warfare. Stay informed, be cautious of misleading content, and ensure your cybersecurity measures are up to date.

????️ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.

  • Libby Copa: The Rebel Newsletter helps writers strengthen their writing and creative practice, navigate the publishing world, and turn their art into an act of rebellion.

  • Techspresso: Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)

Let us know what you think!

So long and thanks for reading all the phish!

Recent articles