Home Tags Mirroring

Tag: Mirroring

Carbanak Using Google Services For Command And Control

Carbanak certainly has not sat idly by after years of advanced criminal campaigns targeting primarily financial institutions.

The outfit, alleged to have stolen from more than 100 banks worldwide, has popped up again with a new means of managing command and control over its malware and implants. Researchers at Forcepoint said Tuesday that an investigation into an active exploit sent in phishing messages as a RTF attachment led them to discover the group has been using hosted Google services for command and control. Services such as Google Forms and Google Sheets are being co-opted by the group, allowing Carbanak traffic to essentially hide in plain sight among Google traffic that is unlikely to be blocked by an organization. Forcepoint said that each time a victim is infected by the group’s malware, a Google Sheets spreadsheet is created along with a unique ID for the victim, which is used to manage interactions with the infected machine.

The attacker then manually goes into the spreadsheet, collects any data sent back from the target’s computer and loads the spreadsheet with commands and additional malware that is pulled to the compromised machine. Forcepoint said it was not aware of how many of these command and control channels were open on Google services, but said it is something that was privately disclosed to Google.

A request for comment from Google was not returned in time for publication. “The Carbanak actors continue to look for stealth techniques to evade detection,” Forcepoint said in its report published yesterday. “Using Google as an independent C&C channel is likely to be more successful than using newly created domains or domains with no reputation.” Researchers said their investigation was prompted in part by a new campaign disclosed by tr1adx, a scarcely populated website that has published four pieces of “intelligence,” primarily focusing on state-sponsored groups. On Jan. 1, it published a piece on a Carbanak campaign it was calling Digital Plagiarist.

The main tactic exposed in the report was the group’s use of tainted Office documents hosted on sites mirroring legitimate sites such as the U.S.

Food and Drug Administration, Department of the Treasury, Zyna, Atlantis Bahamas, Waldorf Astoria and many others across sectors such as manufacturing, hospitality, media and health care.

The group, which tr1adx calls the TelePort Crew, is likely Carbanak based on domains and malware used in this campaign that are similar to another disclosed by researchers at Trustwave last year. Forcepoint took a look at a RTF file previously used exclusively by Carbanak that includes crafted VBscript.

The document, Forcepoint said, contains an embedded OLE object disguised as an image asking the victim to click on it to view the attachment.

The image is hosting the VBscript, and if the victim clicks on the image, a dialogue box appears instructing the users to open the file, which executes the attack. “We decoded the script and found hallmarks typical of the Carbanak group’s VBScript malware, however we also found the addition of a new ‘ggldr’ script module,” Forcepoint said. “The module is base64 encoded inside the main VBScript file along with various other VBScript modules used by the malware. When we analyzed the script we noticed that it is capable of using Google services as a C&C channel.” Carbanak’s activities were exposed in 2015 by researchers at Kaspersky Lab who published an extensive report explaining was using advanced malware to attack more than 100 banks, stealing anywhere from $2.5 million to $10 million per bank, putting potential losses at $1 billion. Carbanak used spear phishing to infiltrate banks, laterally moving across compromised bank networks until they landed on the right system that allowed them to steal money. On some instances, Kaspersky Lab said, Carbanak would record video of system operators, which were used in concert with data obtained by implanted keyloggers to fully understand what the victim was doing on the infected machine. Kaspersky Lab said Carbanak would cash out in a number of ways: “ATMs were instructed remotely to dispense cash without any interaction with the ATM itself, with the cash then collected by mules; the SWIFT network was used to transfer money out of the organization and into criminals’ accounts; and databases with account information were altered so that fake accounts could be created with a relatively high balance, with mule services being used to collect the money.”

RHBA-2017:0068-1: lftp bug fix update

Updated lftp packages that fix one bug are now available for Red Hat EnterpriseLinux 7. LFTP is a file transfer utility for File Transfer Protocol (FTP), Secure FileTransfer Protocol (SFTP), Hypertext Transfer Protocol (HTTP), and other commonlyused protocols. It uses the readline library for input, and provides support forbookmarks, built-in monitoring, job control, and parallel transfer of multiplefiles at the same time.This update fixes the following bug:* Previously, when mirroring files with the lftp utility over SFTP, lftpsometimes received EOF from SSH before it was able to flush the rest of the databuffer. As a consequence, the last data packet was lost. This update adds acondition to ensure that if there is some data left in the buffer in thedescribed situation, the data is safely passed to the internal buffer. As aresult, data packets are no longer lost in the described scenario. (BZ#1392944)Users of lftp are advised to upgrade to these updated packages, which fix thisbug. Before applying this update, make sure all previously released errata relevantto your system have been applied.For details on how to apply this update, refer to:https://access.redhat.com/articles/11258Red Hat Enterprise Linux Desktop (v. 7) SRPMS: lftp-4.4.8-8.el7_3.2.src.rpm     MD5: 32b2fdf953c0e1a6463185b24b87953eSHA-256: f83a8f962c00fe8b4b357d15553fec8b8570b458cad649ea85dfd5106bbc3770   x86_64: lftp-4.4.8-8.el7_3.2.i686.rpm     MD5: 7dac04214f0cc5fb942ee79ae9cdba7cSHA-256: cf34037dc04a8758b906fda491361501c6d53bcdc842d45512faac889cf2ac44 lftp-4.4.8-8.el7_3.2.x86_64.rpm     MD5: 0b652348f2bd3dfe1eab2ecc91993d94SHA-256: e4b37111e3fc9a74878efee3851a008767221f58881eefbddb49efa45f344735 lftp-debuginfo-4.4.8-8.el7_3.2.i686.rpm     MD5: ac4d066f1dcb96b1f86fdff80cddb75bSHA-256: cbb1b24d8634e201948ff37f9151c24d477aaa6aa75dfa27fc693adeac21c34f lftp-debuginfo-4.4.8-8.el7_3.2.x86_64.rpm     MD5: 03dbbaec1cff1109a04e672e9fd8784aSHA-256: 0319bbabf90cd63013f34a1e53e3e2a12377816c76d3597f761c6a2fce8093f5 lftp-scripts-4.4.8-8.el7_3.2.noarch.rpm     MD5: e79789c6edb6071e36fc6122e2f0b822SHA-256: fdfc4aa21162f78b957faaea845db97a29e5bb6e13bc4560d1c267789ff7eabf   Red Hat Enterprise Linux HPC Node (v. 7) SRPMS: lftp-4.4.8-8.el7_3.2.src.rpm     MD5: 32b2fdf953c0e1a6463185b24b87953eSHA-256: f83a8f962c00fe8b4b357d15553fec8b8570b458cad649ea85dfd5106bbc3770   x86_64: lftp-4.4.8-8.el7_3.2.i686.rpm     MD5: 7dac04214f0cc5fb942ee79ae9cdba7cSHA-256: cf34037dc04a8758b906fda491361501c6d53bcdc842d45512faac889cf2ac44 lftp-4.4.8-8.el7_3.2.x86_64.rpm     MD5: 0b652348f2bd3dfe1eab2ecc91993d94SHA-256: e4b37111e3fc9a74878efee3851a008767221f58881eefbddb49efa45f344735 lftp-debuginfo-4.4.8-8.el7_3.2.i686.rpm     MD5: ac4d066f1dcb96b1f86fdff80cddb75bSHA-256: cbb1b24d8634e201948ff37f9151c24d477aaa6aa75dfa27fc693adeac21c34f lftp-debuginfo-4.4.8-8.el7_3.2.x86_64.rpm     MD5: 03dbbaec1cff1109a04e672e9fd8784aSHA-256: 0319bbabf90cd63013f34a1e53e3e2a12377816c76d3597f761c6a2fce8093f5 lftp-scripts-4.4.8-8.el7_3.2.noarch.rpm     MD5: e79789c6edb6071e36fc6122e2f0b822SHA-256: fdfc4aa21162f78b957faaea845db97a29e5bb6e13bc4560d1c267789ff7eabf   Red Hat Enterprise Linux Server (v. 7) SRPMS: lftp-4.4.8-8.el7_3.2.src.rpm     MD5: 32b2fdf953c0e1a6463185b24b87953eSHA-256: f83a8f962c00fe8b4b357d15553fec8b8570b458cad649ea85dfd5106bbc3770   PPC: lftp-4.4.8-8.el7_3.2.ppc.rpm     MD5: 0d4e3899c45f7719a796e935ac9bec69SHA-256: 79c7fe8f24f7f10360541453a1f554f542d66d36d704a1f9e16b62e33805208e lftp-4.4.8-8.el7_3.2.ppc64.rpm     MD5: ef5ea105c9a7d01cc3c60ba89b984665SHA-256: efe7d81120d54733bc2d747a28fc15f8f590d05c140dd407ddb8cb722928a1ef lftp-debuginfo-4.4.8-8.el7_3.2.ppc.rpm     MD5: 27609feea0968a8b3b199470b3066f2fSHA-256: 14433614d5ecc5c87fa468300d79f524de735251c4642f33119aa413dac3fc73 lftp-debuginfo-4.4.8-8.el7_3.2.ppc64.rpm     MD5: 0746383af9ca3e9bc857a6ed300ab93cSHA-256: c31d9b8fd7a957714620292aeea8333b33ea6fb93d481e5a5f8f4307f5d0b47e lftp-scripts-4.4.8-8.el7_3.2.noarch.rpm     MD5: e79789c6edb6071e36fc6122e2f0b822SHA-256: fdfc4aa21162f78b957faaea845db97a29e5bb6e13bc4560d1c267789ff7eabf   PPC64LE: lftp-4.4.8-8.el7_3.2.ppc64le.rpm     MD5: 41f78266bd3d2ded60aad498296be9aaSHA-256: 437ac914567957cc645999b225181a291b472d8c283e16cea4c1f08aad6ad3a5 lftp-debuginfo-4.4.8-8.el7_3.2.ppc64le.rpm     MD5: c85f2d06b56520fd9d5de9b3ca7586ccSHA-256: bffae09d2b914f3d8b3d94b5478b39fe2bc83a85bcdc637d9698137fe5631d9b lftp-scripts-4.4.8-8.el7_3.2.noarch.rpm     MD5: e79789c6edb6071e36fc6122e2f0b822SHA-256: fdfc4aa21162f78b957faaea845db97a29e5bb6e13bc4560d1c267789ff7eabf   s390x: lftp-4.4.8-8.el7_3.2.s390.rpm     MD5: 2905cc336f49952d5ec21b8f0a0d0a0aSHA-256: da31820175d36b798be6830daf87f329dfd949f5da413dcc6043bccb1a8f3787 lftp-4.4.8-8.el7_3.2.s390x.rpm     MD5: 0d39a9c0b5bdf8deaa168b2d4d499a73SHA-256: 8f9ce2ef8ac5e871b6c0b7504baf50369ec8fcc5a58773fafe4d2719ae6b4a64 lftp-debuginfo-4.4.8-8.el7_3.2.s390.rpm     MD5: 4c9767cd4de6e4eb9b02c39cb4a21466SHA-256: 8186d99f918622bae44cb3c3672e159d4b187ae02d78ebe40e767c1ea1e52a99 lftp-debuginfo-4.4.8-8.el7_3.2.s390x.rpm     MD5: 7b81e54713b1eea893fb0a70b1d37913SHA-256: bf80c5b99f0bcc65848e095f5484661dc5181d81d23c3ee9ef7851181ed3802a lftp-scripts-4.4.8-8.el7_3.2.noarch.rpm     MD5: e79789c6edb6071e36fc6122e2f0b822SHA-256: fdfc4aa21162f78b957faaea845db97a29e5bb6e13bc4560d1c267789ff7eabf   x86_64: lftp-4.4.8-8.el7_3.2.i686.rpm     MD5: 7dac04214f0cc5fb942ee79ae9cdba7cSHA-256: cf34037dc04a8758b906fda491361501c6d53bcdc842d45512faac889cf2ac44 lftp-4.4.8-8.el7_3.2.x86_64.rpm     MD5: 0b652348f2bd3dfe1eab2ecc91993d94SHA-256: e4b37111e3fc9a74878efee3851a008767221f58881eefbddb49efa45f344735 lftp-debuginfo-4.4.8-8.el7_3.2.i686.rpm     MD5: ac4d066f1dcb96b1f86fdff80cddb75bSHA-256: cbb1b24d8634e201948ff37f9151c24d477aaa6aa75dfa27fc693adeac21c34f lftp-debuginfo-4.4.8-8.el7_3.2.x86_64.rpm     MD5: 03dbbaec1cff1109a04e672e9fd8784aSHA-256: 0319bbabf90cd63013f34a1e53e3e2a12377816c76d3597f761c6a2fce8093f5 lftp-scripts-4.4.8-8.el7_3.2.noarch.rpm     MD5: e79789c6edb6071e36fc6122e2f0b822SHA-256: fdfc4aa21162f78b957faaea845db97a29e5bb6e13bc4560d1c267789ff7eabf   Red Hat Enterprise Linux Server TUS (v. 7.3) SRPMS: lftp-4.4.8-8.el7_3.2.src.rpm     MD5: 32b2fdf953c0e1a6463185b24b87953eSHA-256: f83a8f962c00fe8b4b357d15553fec8b8570b458cad649ea85dfd5106bbc3770   x86_64: lftp-4.4.8-8.el7_3.2.i686.rpm     MD5: 7dac04214f0cc5fb942ee79ae9cdba7cSHA-256: cf34037dc04a8758b906fda491361501c6d53bcdc842d45512faac889cf2ac44 lftp-4.4.8-8.el7_3.2.x86_64.rpm     MD5: 0b652348f2bd3dfe1eab2ecc91993d94SHA-256: e4b37111e3fc9a74878efee3851a008767221f58881eefbddb49efa45f344735 lftp-debuginfo-4.4.8-8.el7_3.2.i686.rpm     MD5: ac4d066f1dcb96b1f86fdff80cddb75bSHA-256: cbb1b24d8634e201948ff37f9151c24d477aaa6aa75dfa27fc693adeac21c34f lftp-debuginfo-4.4.8-8.el7_3.2.x86_64.rpm     MD5: 03dbbaec1cff1109a04e672e9fd8784aSHA-256: 0319bbabf90cd63013f34a1e53e3e2a12377816c76d3597f761c6a2fce8093f5 lftp-scripts-4.4.8-8.el7_3.2.noarch.rpm     MD5: e79789c6edb6071e36fc6122e2f0b822SHA-256: fdfc4aa21162f78b957faaea845db97a29e5bb6e13bc4560d1c267789ff7eabf   Red Hat Enterprise Linux Workstation (v. 7) SRPMS: lftp-4.4.8-8.el7_3.2.src.rpm     MD5: 32b2fdf953c0e1a6463185b24b87953eSHA-256: f83a8f962c00fe8b4b357d15553fec8b8570b458cad649ea85dfd5106bbc3770   x86_64: lftp-4.4.8-8.el7_3.2.i686.rpm     MD5: 7dac04214f0cc5fb942ee79ae9cdba7cSHA-256: cf34037dc04a8758b906fda491361501c6d53bcdc842d45512faac889cf2ac44 lftp-4.4.8-8.el7_3.2.x86_64.rpm     MD5: 0b652348f2bd3dfe1eab2ecc91993d94SHA-256: e4b37111e3fc9a74878efee3851a008767221f58881eefbddb49efa45f344735 lftp-debuginfo-4.4.8-8.el7_3.2.i686.rpm     MD5: ac4d066f1dcb96b1f86fdff80cddb75bSHA-256: cbb1b24d8634e201948ff37f9151c24d477aaa6aa75dfa27fc693adeac21c34f lftp-debuginfo-4.4.8-8.el7_3.2.x86_64.rpm     MD5: 03dbbaec1cff1109a04e672e9fd8784aSHA-256: 0319bbabf90cd63013f34a1e53e3e2a12377816c76d3597f761c6a2fce8093f5 lftp-scripts-4.4.8-8.el7_3.2.noarch.rpm     MD5: e79789c6edb6071e36fc6122e2f0b822SHA-256: fdfc4aa21162f78b957faaea845db97a29e5bb6e13bc4560d1c267789ff7eabf   (The unlinked packages above are only available from the Red Hat Network) These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:

iPhone passcode bypassed with NAND mirroring attack

EnlargeSergei Skorobogatov/YouTube reader comments 46 Share this story Passcodes on iPhones can be hacked using store-bought electronic components worth less than $100 (£77), according to one Cambridge computer scientist. Sergei Skorobogatov has demonstrated that NAND mirroring—the technique dismissed by James Comey, the director of the FBI, as unworkable—is actually a viable means of bypassing passcode entry limits on an Apple iPhone 5C. What's more, the technique, which involves soldering off the phone's flash memory chip, can be used on any model of iPhone up to the iPhone 6 Plus, which use the same type of LGA60 NAND chip. Later models, however, will require "more sophisticated equipment and FPGA test boards." In a paper he wrote on the subject, Skorobogatov, a Russian senior research associate at the Cambridge Computer Laboratory's security group, confirmed that "any attacker with sufficient technical skills could repeat the experiment," and while the technique he used is quite fiddly, it should not present too much of an obstacle for a well-resourced branch of law enforcement. The attack works by cloning the iPhone's flash memory chip. iPhones generally allow users six attempts to guess a passcode before locking them out for incrementally longer periods of time; by the complex process of taking the phone apart, removing its memory chip, and then cloning it, an attacker is able to have as many clusters of six tries as they have the patience to make fresh clones.
Skorobogatov estimates that each run of six attempts would take about 45 seconds, meaning that it would take around 20 hours to do a full cycle of all 10,000 passcode permutations.

For a six-digit passcode, this would grow to about three months—which he says might still be acceptable for national security. He demonstrated the fruits of his labour in a YouTube video, which clearly shows him making more than the regulation number of passcode entries by switching a fresh, identical chip into a physical port he'd attached to the phone he was attacking. "Because I can create as many clones as I want, I can repeat the process many many times until the passcode is found," he explained in the video.
NAND mirroring attack. Apple doesn't readily release the part numbers or wiring diagrams for the chips and circuits inside each iPhone, but the information is easy to find online (see the recent iPhone 7 teardown).

This information can be used to cleanly open the handset up and identify the location of the flash memory chip on its main board.

And while NAND flash memory manufacturers have so far managed to prevent the release of any documentation on how they actually work, it's possible to eavesdrop on their protocols and commands with an oscilloscope or a logic analyser. NAND memory is usually preferred to NOR memory on small devices due to its higher density and faster data-transfer rate, though it can only withstand tens of thousands of rewrites rather than hundreds of thousands for NOR, which complicates the hacking process. Despite the strength of the solder and epoxy which affixes the memory to the board, it proved relatively easy to separate the phone's NAND chip, provided a certain amount of care was taken.

From there, Skorobogatov attached an external connector for fresh chips, forcing him to painstakingly rewire the board to get the balance of voltages right once the components were in a different configuration. He then listened to the way the memory chip communicated with the rest of the device and spoofed the commands on a PC, "to support reading, erasing, and rewriting of the flash memory in a separate setup controlled... via a serial port." With this basis and a little refinement, it is possible for a determined hacker to use the technique to brute-force the re-engineered iPhone's passcode, giving full access without the possibility of overwriting the memory too much and changing vital information within. According to Skorobogatov, "the process does not require any expensive and sophisticated equipment." By using the described and successful hardware mirroring process it was possible to bypass the limit on passcode retry attempts.

This is the first public demonstration of the working prototype and the real hardware mirroring process for iPhone 5C.

Although the process can be improved, it is still a successful proof-of-concept project. Knowledge of the possibility of mirroring will definitely help in designing systems with better protection.

Also some reliability issues related to the NAND memory allocation in iPhone 5C are revealed. The demonstration should also please the FBI, which earlier this year tried and failed to persuade Apple to build backdoors for law enforcement into future versions of iOS, following a deadly shooting in San Bernardino, California, last December.

The FBI had wanted to access a phone taken from one of the killers, which was protected by a passcode; in March, Director Comey insisted that NAND mirroring "doesn't work." Eventually, the FBI paid a reported $1.3 million (£1 million) to a private security contractor to get into the phone—itself an iPhone 5C. iPhone models since the release of iPhone 6 Plus come with upgraded NAND memory chips, which Skorobogatov told Ars would require "an advanced team of researchers" to properly analyse. We don't know for sure if this attack will work for iPhone 7 therefore we're going to investigate this. However, due to more advanced NAND m-PCIe interface being used starting from iPhone 6S, more sophisticated equipment will be required to decode the protocol and talk to NAND. In order to analyse iPhone 7 for any threats an advanced team of researchers will be necessary, this of course requires substantial funding. Meanwhile, he said, "iPads use very similar hardware, hence models which are based on A6 SoC or previous generations should be possible to attack," though "newer versions will require further testing." And because Android phones are "normally based on standard NAND products, reading them and cloning should be easier because standard off-the-shelf programmes can be used." However, he added that it "all depends on particular implementations," as "NAND mirroring can be defeated." He included suggestions on how to defeat NAND mirroring in his paper. This post originated on Ars Technica UK

FBI overpaid $999,900 to crack San Bernardino iPhone 5c password

Hacker brews fast NAND mirroring prototype for $100. University of Cambridge senior research associate Sergei Skorobogatov has laid waste to United States Federal Bureau of Intelligence (FBI) assertions about iPhone security by demonstrating password bypassing using a $100 NAND mirroring rig. FBI director James Comey made the claim during the agency's bid to defeat the password lock screen protection on the San Bernardino shooter's iPhone 5c. The hacking effort erupted into a sparring match between the FBI and Apple, after the agency asked Cupertino to bypass the device's password protection.

The agency reportedly paid a security firm more than US$1 million to concoct a bypass for the device. Forensics expert Jonathan Zdziarsk first flagged NAND mirroring as an option to defeat iPhone password protection and the security controls that would erase device data if the wrong codes were entered 10 times. Skorobogatov built a working prototype demonstrating how NAND mirroring could work using off-the-shelf components for an updated iPhone 5c, revealing a password in about 24 hours. Youtube Video The researcher spent four months of part-time work to successfully remove the iPhone 5c NAND memory chip, cloning it so he could launch brute-force attacks against the password control. Skorobogatov says his work is the first public demonstration of a working NAND mirroring prototype and show the FBI's claims on the technique "were ill-advised". "[It] was achieved by desoldering the NAND flash chip of a sample phone in order to physically access its connection to the system-on-a-chip and partially reverse engineering its proprietary bus protocol," Skorobogatov says in the paper The bumpy road towards iPhone 5c NAND mirroring [PDF]. "The process does not require any expensive and sophisticated equipment.

All needed parts are low cost and were obtained from local electronics distributors. "By using the described and successful hardware mirroring process it was possible to bypass the limit on passcode retry attempts." The attacks could also work against iPhone 6 with more sophisticated hardware, Skorobogatov says. He found Apple employed security-through-obscurity rather than "fully thought through" hardening in its protection against NAND mirroring attacks. Skorobogatov says his set up could help Apple and others find hardware security problems and reliability issues, citing his discovery that some NAND chips from broken iPhone 5c main boards had specific blocks that had failed due to excessive rewriting. "This might happen because of a bug in Flash memory wear-levelling algorithm as it was implemented in software," he says. ®

Download iOS 10.0 – iOS 10.2.1 Information

iOS 10.2  iOS 10.2 introduces new features including the TV app (US Only), a new and unified experience for accessing your TV shows and movies across multiple video apps.

Emoji have been beautifully redesigned to reveal even more detail and over 100 new emoji have been added including new faces, food, animals, sports, and professions.

This update also includes stability improvements and bug fixes.   TV Use Up Next to see the movies and shows you’re currently watching and pick up where you left off Get recommendations for new movies and TV shows in Watch Now  Discover new apps and the latest iTunes releases in the Store  Access the Library for your iTunes purchases and rentals   Emoji Beautifully redesigned emoji that reveal even more detail Over 100 new emoji including new faces, food, animals, sports, and professions   Photos Improves stabilization and delivers faster frame rate for Live Photos Improves accuracy of groupings of similar photos of the same person in the People album Fixes an issue where Memories might generate a memory from photos of screenshots, whiteboards or receipts Fixes an issue where the camera would stay zoomed in after switching back from the Camera Roll on iPhone 7 Plus Additional support for RAW digital cameras   Messages Adds new love and celebration full screen effects in Messages Fixes an issue that sometimes prevented the keyboard from displaying in Messages   Music Swipe up the Now Playing screen to more easily access Shuffle, Repeat and Up Next Choose how to sort Playlists, Albums, and Songs in Library   News Stories you’ve saved for later now appear in the new Saved section The best paid stories from channels you subscribe to will now appear in a dedicated section in For You It’s now easier than ever to get to the next story, just swipe left or tap Next Story while reading   Mail Fixes an issue that caused the Move sheet to persist after filing a Mail message Addresses an issue with long press activating copy and paste in Mail Fixes an issue in which the wrong message would be selected after deleting a Mail conversation   Accessibility Adds BraillePen14 support to VoiceOver Fixes an issue where the braille table could switch unexpectedly with VoiceOver Fixes an issue where sometimes Siri enhanced voices were unavailable to VoiceOver Fixes an issue where VoiceOver users could not re-order items in lists Fixes an issue where Switch Control was sometimes unable to delete Voicemails   Other improvements and fixes Adds notification support for HomeKit accessories including window coverings, occupancy, motion, door/window, smoke, carbon monoxide, and water leak sensors Adds notification support for HomeKit accessories when software updates are available to HomeKit accessories  Improves Bluetooth performance and connectivity with 3rd party accessories Fixes an issue that could cause FaceTime participants to appear out of focus Fixes an issue that could cause FaceTime calls to appear with incorrect aspect ratio and orientation Fixes an issue that prevented some Visual Voicemail from completing playback Fixes a Safari Reader issue that could cause articles to open as empty pages Fixes an issue that could cause Safari to quit unexpectedly after marking an item as read in Reading List   For information on the security content of Apple software updates, please visit this website: https://support.apple.com/HT201222 iOS 10.1.1 This update fixes bugs including an issue where Health data could not be viewed for some users. For information on the security content of Apple software updates, please visit this website:  https://support.apple.com/kb/HT201222 iOS 10.1 This update includes Portrait Camera for iPhone 7 Plus (beta), transit directions for Japan, stability improvements and bug fixes. Camera and Photos Introduces Portrait Camera for iPhone 7 Plus that creates a depth effect that keeps your subject sharp while creating a beautifully blurred background (beta) People names in the Photos app are saved in iCloud backups Improved the display of wide color gamut photos in the grid views of the Photos app Fixes an issue where opening the Camera app would show a blurred or flashing screen for some users Fixes an issue that caused Photos to quit for some users when turning on iCloud Photo Library Maps Transit support for every major train, subway, ferry, and national bus line, as well as local bus systems for Tokyo, Osaka, and Nagoya Sign-based transit navigation including layouts of all underground structures and walkways that connect large transit stations Transit fare comparison when viewing alternative transit routes Messages New option to replay bubble and full screen effects Messages effects can play with Reduce Motion enabled Fixes an issue that could lead to contact names appearing incorrectly in Messages Addresses an issue where Messages could open to a white screen Addresses an issue that could prevent the report junk option from displaying with unknown senders Fixes an issue where videos captured and sent in the Messages app could be missing audio Apple Watch Adds distance and average pace to workout summaries in the Activity app for outdoor wheelchair run pace and outdoor wheelchair walk pace Fixes issues that may have prevented Music playlists from syncing to Apple Watch Addresses an issue that was preventing invitations and data to appear in Activity Sharing Fixes an issue that was allowing Activity Sharing to update over cellular when manually disabled Resolves an issue that was causing some third-party apps to crash when inputting text Other improvements and fixes Improves Bluetooth connectivity with 3rd party accessories Improves AirPlay Mirroring performance when waking a device from sleep Fixes an issue where playback would not work for iTunes purchased content when the “Show iTunes Purchases” setting is turned off Fixes an issue where certain selfie apps and face filters used with the FaceTime HD Camera on iPhone 7 and iPhone 7 Plus did not display a live preview Fixes an issue in Health where individual strokes are converted to separate characters when using the Chinese handwriting keyboard Improves performance of sharing websites from Safari to Messages Fixes an issue in Safari that caused web previews in tab view to not display correctly Fixes an issue that caused certain Mail messages to be reformatted with very small text Fixes an issue that caused some HTML email to be formatted incorrectly Fixes an issue that in some cases caused the search field to disappear in Mail Fixes an issue that could prevent Today View Widgets from updating when launched Fixes an issue where Weather widget sometimes failed to load data Fixes an issue on iPhone 7 where Home Button click settings would not appear in search results Fixes an issue that prevented spam alert extensions from blocking calls Resolves an issue that could prevent alarm sounds from going off Fixes an issue where audio playback via Bluetooth would cause the Taptic engine to stop providing feedback for some users Resolves an issue preventing some users from restoring from iCloud Backup For information on the security content of this update, please visit this website: https://support.apple.com/HT201222 iOS 10.0.3 iOS 10.0.3 fixes bugs including an issue where some users could temporarily lose cellular connectivity.  For information on the security content of this update, please visit this website: https://support.apple.com/kb/HT201222     iOS 10.0.2 iOS 10.0.2 fixes bugs and improves the stability of your iPhone or iPad.

This update:   Addresses an issue that could prevent headphone audio controls from temporarily not working Resolves an issue that caused Photos to quit for some users when turning on iCloud Photo Library Fixes an issue that prevented enabling some app extensions   For information on the security content of this update, please visit this website: https://support.apple.com/kb/HT201222   iOS 10.0 - iOS 10.0.1 Messages Expressive Messaging Bubble effects let you send messages loudly, gently, slam or with invisible ink Full-screen effects to celebrate special moments Tapback for quick replies to messages, links, and photos Handwritten messages animate like ink on paper Digital Touch lets you send sketches, taps, and heartbeats Tap to replace can emojify your text with just a tap Rich links show a preview of web pages you share iMessage apps New App Store for iMessage Use the power of apps in Messages to share and collaborate with friends Download stickers to send and place on text bubbles and photos   Siri Siri now works with the following types of apps Messaging apps to send, search and read back text messages VoIP apps to place phone calls Photos apps to search for images and photos Ride service apps to book rides Payment apps to make personal payments Fitness apps to start, stop, and pause workouts CarPlay automaker apps to adjust climate, radio, seat, and personal settings   Maps All new look Proactive suggestions for places you’re likely to go next, based on your routine or appointments in Calendar Improved search with new callout design, clustered results and category filters Home, work, favorite locations, and locations from upcoming Calendar events are displayed on the map Displays where your car is parked via CarPlay or Bluetooth Weather for the currently viewed area Extensions Make a reservation within Maps using extensions from participating reservations apps Book a ride to a destination within Maps using extensions from participating ride service apps Turn-by-turn navigation improvements Search along route for gas stations, food, and coffee shops Automatic view adjustment of the road ahead Use pan and zoom during navigation Option to avoid tolls and highways   Photos Advanced face recognition designed with deep learning to automatically group similar faces together Object and scene recognition to intelligently search for photos by what’s in them using advanced computer vision that scans your library locally on device Places album to see all your photos, videos and Live Photos on a map Memories Intelligently highlights forgotten events, trips, and people, and presents them in a beautiful collection Memory movies automatically edited with theme music, titles, and cinematic transitions Related memories make it easy to rediscover even more photos in your collection, based on location, time, people, scenes and objects Easily share with family and friends Brilliance control applies region-specific adjustments to brightness, highlights and contrast   Home New Home app to securely manage and control HomeKit enabled accessories Scenes to control groups of accessories with just a tap Rich Notifications with quick actions to control accessories Optionally share home access with family and friends Remote access and automation of accessories with Apple TV or iPad   Apple Music An all-new design for Apple Music brings greater clarity and simplicity to every aspect of the experience Navigate your Library with an improved menu and see all of the Downloaded Music that you can play on your device while offline See recommendations in For You that highlight mixes, playlists, albums, and Connect posts—selected for you based on the music and artists you love Visit Browse to more easily see exclusive releases, find curated playlists, and discover the most important new releases—picked by our editors each week Listen to Radio more easily—clearly see what’s live on Beats 1, hear your favorite shows on-demand, or choose a curated station for any genre of music Play music with an improved Now Playing experience—swipe up to view available lyrics and quickly see or edit songs that are coming up next   Apple News An all-new design in For You adds bold typography, vibrant color, and distinct sections that make it easier to find stories on specific topics See the most important stories of the day within Top Stories—updated by our editors throughout the day Find the most popular stories right now within Trending Stories—selected based on what others are reading See all of your stories grouped into easy-to-understand sections on the topics you follow or read Discover the best and most interesting stories of the week within Featured Stories—selected by our editors Share stories more easily—just tap the icon on any story to send it to a friend right from For You Receive breaking news notifications from some of your most trusted sources Subscribe to your favorite magazines and newspapers directly in News New personalized Today View widget lets you keep up with the latest stories throughout the day   Experience Raise to Wake automatically wakes the screen as you raise your iPhone Rich notifications that support real time information, audio, photos and videos Today view is redesigned and supports all new widgets for apps like Weather, Up Next, Maps, Stocks and more Control Center is redesigned with easier to access controls including dedicated cards for music playback and Home Expanded use of 3D Touch Lock screen notifications to support an expanded view and access to quick actions New quick actions for built in apps like Weather, Stocks, Reminders, Health, Home, FaceTime, iCloud Drive and Settings Home Screen widgets Control Center for access to quick actions for Flashlight, Timer, Calculator and Camera Clear all in Notification Center   QuickType New emoji, including gender diverse options to existing characters, single parent family variations, rainbow flag and beautiful redesigns of popular emoji Contextual predictions for current location, recent addresses, contact information and calendar availability using deep neural network technology Emoji predictions Calendar events are intelligently populated using deep learning technology with information from your conversations in Mail and Messages Multi-lingual typing now lets you type in two languages at once without having to switch keyboards Rest & Type on iPad intelligently adapts to your unique typing patterns Predictive typing now uses deep neural network technology for greater prediction accuracy   Phone Voicemail transcription (beta) Spam call alerts with spam call identification apps Support for third party VoIP apps receiving calls on the Lock screen, including support for Call Waiting, Mute and Do Not Disturb   Other improvements Apple Pay in Safari View two pages at once using Split View in Safari on iPad Notes collaboration lets you invite people to work on your notes together Markup support in Messages, Photos and PDFs stored in Notes Bedtime Alarm in the Clock app lets you set a regular sleep schedule and receive bedtime reminders Health adds support for health records and organ donation (US Only) Stabilization support for Live Photos for improved camera capture Live Filters support when capturing Live Photos iCloud Drive now supports Desktop and Documents folders from macOS Live search results in Spotlight for Chinese and Japanese Siri support for Spanish (Chile), Chinese (Cantonese - China), English (Ireland), English (South Africa) Ling Wai and Kaiti Black document fonts for Chinese Yu Kyokasho and Toppan Bunkyu fonts for Japanese New definition dictionaries in Traditional Chinese and Danish and bilingual dictionaries in Dutch and Italian New keyboard for Spanish (Latin America)   Accessibility Magnifier now uses the camera on your iPhone or iPad like a digital magnifying glass for real-life objects New range of display color filters to support different forms of color blindness or other vision challenges VoiceOver adds a Pronunciation Editor to customize the way words are pronounced, additional voices, and support for multiple audio sources Additional text highlighting options in Speak Screen and Speak Selection, as well as the ability to speak keyboard letters and predictive typing suggestions to support multi-modal learning Switch control now lets you control iOS, macOS and tvOS all from the same iPhone or iPad, so you don’t need to configure switches for the secondary device Software TTY allows you to place and receive TTY calls without the need for traditional hardware teletypewriter accessories Some features may not be available for all countries or all areas, for more information visit:    http://www.apple.com/ios/feature-availability and http://www.apple.com/ios/whats-new For information on the security content of this update, please visit this website:       http://support.apple.com/kb/HT1222