July 18, 2013

Can You Trust What Your Eyes See?

The team at Positive Research, the research division of Positive Technologies, has recently discovered a large number of alarming vulnerabilities in digital video recorder (DVR) software used with closed-circuit TV systems. By exploiting these weaknesses, an intruder can remotely take control of an entire system; giving them the ability to watch, substitute or delete recorded video, illegally access a company network, broadcast spam or carry out a host of other malicious activities.

July 15, 2013

Non-Standard Way to Get Inaccessible Data from iOS

In the wake of my speech at Positive Hack Days, I would like to share information I got exploring a daemon configd on iOS 6 MACH. As you know, iOS gives little information about Wi-Fi connection status. Basically, Public API allows getting SSID, BSSID, adapter network settings and that's all. And what about encryption mode? Signal power? You can look under the cut for more information on how to get such data without Private API and jailbreaking.

Now I must apologize for posting so many source codes. To begin with, let us recall how it was earlier, in iOS 5.*. Then you could use Apple System Log facility to get the system messages that are displayed when connecting to a network. The encryption mode and signal power data appeared in the messages. And you could get them this way: