Apple reportedly patches Find My iPhone vulnerability to hack Apple ID accounts

By Christian Zibreg on Sep 1, 2014

According to The Next Web this morning, Apple has allegedly patched a security hole in the Find My iPhone service which allowed nefarious users to brute-force Apple ID passwords, according to Twitter user @hackappcom who posted a proof of concept titled ‘iBrute’ to GitHub on Saturday.

This should be good news for celebrities who reported their iCloud accounts being hacked and saw their nude pictures posted online.

As Cody told you yesterday, Academy Award winner Jennifer Lawrence and several other celebrities found themselves in the middle of a major nude photo leak after attackers apparently exploited a vulnerability in Apple’s Find My iPhone service. Read More

 

How Apple can improve permission handling in iOS

By Jeff Benjamin on Aug 25, 2014

Every so often, it helps to take a step back and examine the way things are being done. This applies to our day-to-day routine, or perhaps our workout regimen. I’ve also found that it applies to software.

iOS is no exception to this. Here is a software product that has been through vast changes since its creation. A good majority of the changes have been for the better, and iOS 8, which is mere weeks away, promises to bring more awesome goodies to the table.

But, from time to time, it pays to look at the way things are being done. We have to ask ourselves, “Is this truly the best way?”

I feel that we’ve reached that fork in the road when it comes to the way iOS handles permission requests for apps. As more features are added to our devices, more permissions are required for apps that wish to use these features. It’s gotten to the point that some apps require you to go through a whole checklist of permissions before you can even begin using the app.

The permission handling in iOS has become a frustrating affair. Not only do the numerous pop-up alerts annoy me, but it irritates me even more when I accidentally decline a permission because of speeding through the app setup process.

As discussed on today’s episode of Let’s Talk iOS, I’m convinced that there’s a better way to handle permissions in iOS. There’s a less intrusive, less frustrating way to handle requests for access to the various features on your device. Check out our video inside for an explanation of the problem, and a demonstration of the solution. Read More

 

panicLockPro locks specific apps on your iPhone via an Activator gesture

By Alihassan Mahdi on Aug 22, 2014

Do you have nosy friends or roommates who sneak into your Messages app from time to time? Are you concerned about your privacy when handing your device to someone else? If you answered yes to any of these questions, you should probably check out a tweak called panicLockPro that secures the private data on your iPhone or iPad.

With panicLockPro, you can quickly lock applications via an Activator gesture and secretly protect the private data on your iOS device. The tweak allows you to select individual apps that you want to lock out and prevent unauthorized access to. Read More

 

Russia asks Apple for source code to alleviate espionage concerns

By Cody Lee on Jul 30, 2014

Russia’s Ministry of Communications and Mass Media has suggested that Apple, along with German tech giant SAP, open the source code for its software to ensure that it’s not enabling US intelligence agencies to spy on the country.

The request comes just a week after a security researcher accused Apple of building surveillance backdoors into iOS, and as the United States and Europe expand their sanctions on Moscow over Russia’s involvement in Ukraine affairs… Read More

 

Apple outlines diagnostic capabilities in response to iOS ‘backdoor’ concerns

By Cody Lee on Jul 23, 2014

Forensic expert, and former jailbreak hacker, Jonathan Zdziarski caused quite a stir earlier this week when he published a report accusing Apple of building backdoors into iOS that could be used for government surveillance.

Apple of course came out and denied the claim, saying that these so-called ‘backdoor services’ are actually used for troubleshooting. But this wasn’t a good enough explanation for a lot of users, so tonight it delved a little deeper… Read More

 

Former jailbreak hacker accuses Apple of building surveillance backdoors into iOS

By Cody Lee on Jul 21, 2014

Former iPhone jailbreak hacker Jonathan Zdziarski recently gave a presentation at the HOPE/X conference regarding iOS device security. He said that the platform is reasonably secure from attacks by malicious hackers, but noted there are several backdoors built-in for surveillance.

In the presentation, called ‘Identifying Backdoors, Attack Points, and Surveillance Mechanisms in iOS Devices,’ Zdziarski detailed a number of undocumented high-value forensic services running on iOS devices, and suspicious design omissions in the OS, that appear to be for snooping…  Read More

 

Apple ID 2-step verification live in 48 new markets

By Christian Zibreg on Jul 17, 2014

It appears that Apple has rolled out its two-factor authentication feature for Apple ID accounts in an additional 48 markets, bringing the total number of countries which support this security-minded feature to a cool 59.

Two-factor authentication bolsters up your security when logging in to your Apple ID account on the web by combining something you know – your Apple ID username and password or a Recovery Key – with something you own – a four-digit authorization code sent to your iPhone, iPod touch or iPad device… Read More

 

Apple responds to Chinese media warning against iPhone location tracking

By Cody Lee on Jul 13, 2014

Last week, China’s state-run China Central Television broadcasted a report that labeled the iPhone as a “national security concern.” More specifically, the CCTV criticized the “frequent locations” function in iOS 7, which records time and location for the owner’s movements.

Yesterday, Apple issued an official response to the report on its Chinese website. The statement reaffirms the company’s commitment to privacy, and states that the Location Services found in the iOS firmware are only used to help users for activities that require navigation… Read More

 

Yo hack compromises your phone contacts, but fix is underway

By Christian Zibreg on Jun 20, 2014

Yesterday, I told you about Yo, a ridiculous new messaging app which lets people exchange two-character “Yo” messages. Some like Stephen Colbert have eviscerated Yo for being utterly useless and plain dumb while others point out the fact that it’s received more than $1 million in VC-backed funding as a proof that the mobile messaging space is booming with innovation.

Be that as it may, turns out the controversial software poses something of a security risk as a pair of college students have found a vulnerability allowing them to compromise any Yo user’s phone number, spam them with unsolicited messages and more.

Yo founder Or Arbel has confirmed that the app was “having security issues” and has promised to deliver a fix “in next few hours”Read More

 

Customer info accessed by third-party unlocking service in AT&T security breach

By Cody Lee on Jun 13, 2014

AT&T has confirmed with ITWorld that it has suffered a security breach where customer information was accessed. The breach actually occurred back in April, but was only disclosed this week by the company in a filing with California regulators.

According to the report, personal information—including social security numbers and call records—was accessed for an unknown number of customers in the breach. It’s believed the attack was part of an effort to obtain unlock codes from the carrier… Read More

 

iOS 8 lets native apps tap into Safari’s AutoFill & Passwords for frictionless login experience

By Christian Zibreg on Jun 13, 2014

In addition to using your device’s iSight camera to scan in credit card information, Safari in iOS 8 makes it easy for third-party apps to tap into the browser’s AutoFill & Passwords feature for hassle-free logins.

Provided a user has previously saved their username and password for a specific website using Safari’s AutoFill & Passwords feature, a native iOS app is now permitted to retrieve this information and re-use it to authorize a user quickly and securely, bypassing the login screen altogether… Read More

 

How iOS 8 defeats Wi-Fi location tracking in stores, malls and elsewhere

By Christian Zibreg on Jun 9, 2014

In a move designed to appease privacy watchers and further protect your privacy, Apple has made it that much harder for pesky marketeers to identify your device (and consequentially you as a user) or track your location as you go about your business. As discovered by Swiss programmer Frederic Jacobs, iOS 8 randomizes your device’s MAC address while scanning for networks.

A MAC address serves as a unique identifier assigned to network interfaces for communications on the physical network segment. By randomizing your device’s MAC address each time it scans for nearby Wi-Fi hotspots, iOS 8 effectively disguises any trace of the real device. Here’s hoping this becomes an industry standard. Jump past the fold to learn more about this nifty feature… Read More

 

Nest and Google clarify: recalled smoke detectors returning soon, no ads on thermostats

By Christian Zibreg on May 22, 2014

Contrary to a flurry of reports yesterday, Google was never going to put ads on the Nest Thermostat. Moreover, Nest co-founder and the iPod Godfather, Tony Fadell, has confirmed that recalled thermostats will be returning to store shelves sooner than you think.

Allow me to refresh your memory: soon after it was discovered that a safety bug with a Protect Wave feature could prevent the alarm from sounding, Google’s Nest unit has responded by preemptively recalling about 40,000 faulty units.

This should set the record straight and put to rest the ridiculous notion that recalling smoke detectors and not doing ads in thermostats is somehow evil… Read More

 

EFF report praises Apple for efforts to protect consumer data

By Cody Lee on May 16, 2014

The Electronic Frontier Foundation (or EFF) issued a new report this week entitled ‘Who Has Your Back.’ The document discusses major tech companies and their user privacy policies, and ranks them on transparency and other categories.

Interestingly enough, Apple was one of nine tech firms awarded a perfect score by the EFF. The Cupertino company received a star in each of the 6 categories, for a total of 6 stars—a remarkable improvement over its 1-star rating just last year… Read More

 

iOS bug leaves email attachments unencrypted, Apple working on a fix

By Christian Zibreg on May 5, 2014

Do you access sensitive document attachments on your iPhone, iPod touch or iPad, stuff like contracts, invoices, bank statements and what not?

If so, your security and privacy could be compromised because iOS is storing email attachments in the clear – that is, in the unencrypted form – thus making stored attachments easily readable by using a piece of software to browse a person’s on-device email folder for an IMAP account.

A researcher who claims to have discovered this security flaw has found that iOS 7.0.4 and later – including the latest iOS 7.1.1 – do not encrypt email attachments… Read More

 
Page 112345...