By Christian Zibreg on Sep 1, 2014
According to The Next Web this morning, Apple has allegedly patched a security hole in the Find My iPhone service which allowed nefarious users to brute-force Apple ID passwords, according to Twitter user @hackappcom who posted a proof of concept titled ‘iBrute’ to GitHub on Saturday.
This should be good news for celebrities who reported their iCloud accounts being hacked and saw their nude pictures posted online.
As Cody told you yesterday, Academy Award winner Jennifer Lawrence and several other celebrities found themselves in the middle of a major nude photo leak after attackers apparently exploited a vulnerability in Apple’s Find My iPhone service. Read More
By Jeff Benjamin on Aug 25, 2014
Every so often, it helps to take a step back and examine the way things are being done. This applies to our day-to-day routine, or perhaps our workout regimen. I’ve also found that it applies to software.
iOS is no exception to this. Here is a software product that has been through vast changes since its creation. A good majority of the changes have been for the better, and iOS 8, which is mere weeks away, promises to bring more awesome goodies to the table.
But, from time to time, it pays to look at the way things are being done. We have to ask ourselves, “Is this truly the best way?”
I feel that we’ve reached that fork in the road when it comes to the way iOS handles permission requests for apps. As more features are added to our devices, more permissions are required for apps that wish to use these features. It’s gotten to the point that some apps require you to go through a whole checklist of permissions before you can even begin using the app.
The permission handling in iOS has become a frustrating affair. Not only do the numerous pop-up alerts annoy me, but it irritates me even more when I accidentally decline a permission because of speeding through the app setup process.
As discussed on today’s episode of Let’s Talk iOS, I’m convinced that there’s a better way to handle permissions in iOS. There’s a less intrusive, less frustrating way to handle requests for access to the various features on your device. Check out our video inside for an explanation of the problem, and a demonstration of the solution. Read More
By Alihassan Mahdi on Aug 22, 2014
Do you have nosy friends or roommates who sneak into your Messages app from time to time? Are you concerned about your privacy when handing your device to someone else? If you answered yes to any of these questions, you should probably check out a tweak called panicLockPro that secures the private data on your iPhone or iPad.
With panicLockPro, you can quickly lock applications via an Activator gesture and secretly protect the private data on your iOS device. The tweak allows you to select individual apps that you want to lock out and prevent unauthorized access to. Read More
By Cody Lee on Jul 30, 2014
Russia’s Ministry of Communications and Mass Media has suggested that Apple, along with German tech giant SAP, open the source code for its software to ensure that it’s not enabling US intelligence agencies to spy on the country.
The request comes just a week after a security researcher accused Apple of building surveillance backdoors into iOS, and as the United States and Europe expand their sanctions on Moscow over Russia’s involvement in Ukraine affairs… Read More
By Cody Lee on Jul 23, 2014
Forensic expert, and former jailbreak hacker, Jonathan Zdziarski caused quite a stir earlier this week when he published a report accusing Apple of building backdoors into iOS that could be used for government surveillance.
Apple of course came out and denied the claim, saying that these so-called ‘backdoor services’ are actually used for troubleshooting. But this wasn’t a good enough explanation for a lot of users, so tonight it delved a little deeper… Read More
By Cody Lee on Jul 21, 2014
Former iPhone jailbreak hacker Jonathan Zdziarski recently gave a presentation at the HOPE/X conference regarding iOS device security. He said that the platform is reasonably secure from attacks by malicious hackers, but noted there are several backdoors built-in for surveillance.
In the presentation, called ‘Identifying Backdoors, Attack Points, and Surveillance Mechanisms in iOS Devices,’ Zdziarski detailed a number of undocumented high-value forensic services running on iOS devices, and suspicious design omissions in the OS, that appear to be for snooping… Read More
By Christian Zibreg on Jul 17, 2014
It appears that Apple has rolled out its two-factor authentication feature for Apple ID accounts in an additional 48 markets, bringing the total number of countries which support this security-minded feature to a cool 59.
Two-factor authentication bolsters up your security when logging in to your Apple ID account on the web by combining something you know – your Apple ID username and password or a Recovery Key – with something you own – a four-digit authorization code sent to your iPhone, iPod touch or iPad device… Read More
By Cody Lee on Jul 13, 2014
Last week, China’s state-run China Central Television broadcasted a report that labeled the iPhone as a “national security concern.” More specifically, the CCTV criticized the “frequent locations” function in iOS 7, which records time and location for the owner’s movements.
Yesterday, Apple issued an official response to the report on its Chinese website. The statement reaffirms the company’s commitment to privacy, and states that the Location Services found in the iOS firmware are only used to help users for activities that require navigation… Read More
By Christian Zibreg on Jun 20, 2014
Yesterday, I told you about Yo, a ridiculous new messaging app which lets people exchange two-character “Yo” messages. Some like Stephen Colbert have eviscerated Yo for being utterly useless and plain dumb while others point out the fact that it’s received more than $1 million in VC-backed funding as a proof that the mobile messaging space is booming with innovation.
Be that as it may, turns out the controversial software poses something of a security risk as a pair of college students have found a vulnerability allowing them to compromise any Yo user’s phone number, spam them with unsolicited messages and more.
Yo founder Or Arbel has confirmed that the app was “having security issues” and has promised to deliver a fix “in next few hours”… Read More
By Cody Lee on Jun 13, 2014
AT&T has confirmed with ITWorld that it has suffered a security breach where customer information was accessed. The breach actually occurred back in April, but was only disclosed this week by the company in a filing with California regulators.
According to the report, personal information—including social security numbers and call records—was accessed for an unknown number of customers in the breach. It’s believed the attack was part of an effort to obtain unlock codes from the carrier… Read More
By Christian Zibreg on Jun 13, 2014
In addition to using your device’s iSight camera to scan in credit card information, Safari in iOS 8 makes it easy for third-party apps to tap into the browser’s AutoFill & Passwords feature for hassle-free logins.
Provided a user has previously saved their username and password for a specific website using Safari’s AutoFill & Passwords feature, a native iOS app is now permitted to retrieve this information and re-use it to authorize a user quickly and securely, bypassing the login screen altogether… Read More
By Christian Zibreg on Jun 9, 2014
In a move designed to appease privacy watchers and further protect your privacy, Apple has made it that much harder for pesky marketeers to identify your device (and consequentially you as a user) or track your location as you go about your business. As discovered by Swiss programmer Frederic Jacobs, iOS 8 randomizes your device’s MAC address while scanning for networks.
A MAC address serves as a unique identifier assigned to network interfaces for communications on the physical network segment. By randomizing your device’s MAC address each time it scans for nearby Wi-Fi hotspots, iOS 8 effectively disguises any trace of the real device. Here’s hoping this becomes an industry standard. Jump past the fold to learn more about this nifty feature… Read More
By Christian Zibreg on May 22, 2014
Contrary to a flurry of reports yesterday, Google was never going to put ads on the Nest Thermostat. Moreover, Nest co-founder and the iPod Godfather, Tony Fadell, has confirmed that recalled thermostats will be returning to store shelves sooner than you think.
Allow me to refresh your memory: soon after it was discovered that a safety bug with a Protect Wave feature could prevent the alarm from sounding, Google’s Nest unit has responded by preemptively recalling about 40,000 faulty units.
This should set the record straight and put to rest the ridiculous notion that recalling smoke detectors and not doing ads in thermostats is somehow evil… Read More
By Cody Lee on May 16, 2014
The Electronic Frontier Foundation (or EFF) issued a new report this week entitled ‘Who Has Your Back.’ The document discusses major tech companies and their user privacy policies, and ranks them on transparency and other categories.
Interestingly enough, Apple was one of nine tech firms awarded a perfect score by the EFF. The Cupertino company received a star in each of the 6 categories, for a total of 6 stars—a remarkable improvement over its 1-star rating just last year… Read More
By Christian Zibreg on May 5, 2014
Do you access sensitive document attachments on your iPhone, iPod touch or iPad, stuff like contracts, invoices, bank statements and what not?
If so, your security and privacy could be compromised because iOS is storing email attachments in the clear – that is, in the unencrypted form – thus making stored attachments easily readable by using a piece of software to browse a person’s on-device email folder for an IMAP account.
A researcher who claims to have discovered this security flaw has found that iOS 7.0.4 and later – including the latest iOS 7.1.1 – do not encrypt email attachments… Read More