Apple’s focus on privacy slowing HomeKit rollout as cutting-edge encryption produces unacceptable lag

By Christian Zibreg on Jul 22, 2015

HomeKit, Apple’s platform for the connected home, sounds terrific on paper. In reality, HomeKit is like CarPlay, another Apple platform plagued with slower than expected rollout.

There are currently only five HomeKit-compatible accessories on the market: the Ecobee3, Elgato Eve, iHome iSP5 SmartPlug, Insteon Hub and Lutron Caseta Wireless Lighting Starter Kit.

A new report alleges that wider HomeKit adoption is being held back by Apple’s stringent encryption requirements. Apparently, Bluetooth chips currently available on the market and certified for HomeKit just can’t handle Apple’s super strong encryption without degrading the experience.

As Forbes reported Wednesday, Apple imposes a high level of encryption on HomeKit accessory makers in order to prevent eavesdropping and protect the privacy of its users. Apple’s focus on privacy, however, has created unacceptable levels of lag in prototype Bluetooth products whose chips have sub-par processing capability. Read More

 

Apple moving to prevent developers from accessing app data for ad targeting

By Cody Lee on Jun 24, 2015

Apple is quietly moving to prevent app developers from accessing app download data for ad targeting purposes, reports The Information. The move is part of the company’s recent, and very public, push for greater user privacy.

As most of you are probably aware, major apps like Facebook and Twitter will scan a user’s device for information on the app’s they have installed. This way, they can show users advertisements that better match their interests. Read More

 

Apple issues Mac App Store patch for XARA exploits as additional fixes are ‘in progress’

By Christian Zibreg on Jun 22, 2015

A cross application resource attack (XARA) that researchers at Indiana University, Georgia Tech and China’s Peking University publicized last week seems to have been partially addressed as Apple issued a server-side fix on the Mac App Store to block malicious apps and secure app data.

Additional fixes are in the works for the XARA exploits on both iOS and OS X, a company spokesperson told iMore. XARA exploits allow malicious apps to steal iCloud credentials of a user, access private data in apps like 1Password and Evernote, hijack their iCloud Keychain passwords and more. Read More

 

Major security flaws leave iOS and OS X vulnerable to wide ranging password theft

By Christian Zibreg on Jun 17, 2015

Your confidential information ranging from web passwords in Chrome and other browsers to app passwords to banking credentials stored and synced between devices though Apple’s iCloud Keychain service—even data you thought was stored safely in password managers like 1Password and LastPass—can be easily compromised due to a trio of major vulnerabilities discovered in Apple’s desktop and mobile operating systems.

As discovered by a team of researchers at Indiana University, Georgia Tech and China’s Peking University and reported by The Register, Keychain’s access control lists, URL schemes and OS X’s app containers contain flaws creating serious attack vectors. Read More

 

Flaw in Mail for iPhone and iPad can be used to hijack your iCloud password

By Christian Zibreg on Jun 10, 2015

A serious bug in Apple’s stock Mail application for iPhone, iPod touch and iPad permits attackers to fool users into providing their iCloud credentials.

Such phishing attacks can be devastating as iCloud increasingly becomes home for our digital life in the Apple universe, including our photo libraries, notes, contacts and other personal data.

The scam takes advantage of an exploit in the Mail application that makes it easy to deliver convincing-looking pop-ups resembling iCloud password prompts through a simple email message, The Register reported Wednesday.

While such emails look like they’re coming from a real company, they’re spoofed and once an unsuspecting user opens them on their iPhone, iPod touch or iPad running iOS 8.3, the operating system will execute malicious HTML content embedded inside. Read More

 

Tim Cook takes jabs at Google and Facebook in speech about privacy and security

By Cody Lee on Jun 2, 2015

Tim Cook took time out of his busy schedule yesterday to talk about privacy with folks attending EPIC’s Champions of Freedom event in Washington. EPIC, a non-profit research center focused on emerging privacy issues, was honoring the CEO for his superior “corporate leadership.”

Cook addressed attendees via a remote video feed, and spoke about a number of topics regarding privacy, security and what they mean to Apple versus other Silicon Valley tech giants. TechCrunch has a transcription of the speech, and he takes quite a few jabs at Facebook and Google. Read More

 

Good deal: 74% off a lifetime of online privacy protection from Blur

By iDB Deals on May 19, 2015

An all-in-one solution for online privacy, Blur protects you from credit card fraud, identity theft, and third-party monitoring. Get a lifetime subscription to Blur from iDownloadBlog Deals today for just $49.99. Read More

 

Apple moves to remove its customer data from RadioShack sale

By Christian Zibreg on May 14, 2015

In another showing of its commitment to protecting the privacy of its users, Apple has intervened in the sale of Radio Shack, which recently filed for bankruptcy, arguing that any information collected during the sale of its own products at RadioShack locations should be left out of the deal.

As noted by Law360 earlier this week, Apple, AT&T and others have objected to the potential sale of their customers’ data. The iPhone maker reportedly said that the fallen electronics retailer “doesn’t have the right to sell Apple customer information.” Read More

 

Tim Cook: there is no reason why you would have to choose between privacy and security

By Oliver Haslam on Feb 28, 2015

Apple CEO Tim Cook is on the final leg of his tour of Isreal and Europe and has been speaking to UK publication The Telegraph about a range of things including Apple customers’ privacy and of all things, terrorism.

Known for his unusual stance on privacy – one which doesn’t jive with other high profile tech executives who are happy to share everything about you – Cook told the publication during an interview that he feels people’s information is being “trafficked around” in ways that they just don’t yet understand. Read More

 

Apple Pay gets major backing from US Government

By Sébastien Page on Feb 13, 2015

As Apple CEO Tim Cook spoke at the President Obama’s Summit on Cybersecurity on Friday, the White House announced that Apple Pay will be enabled for federal payment cards, including Social Security and veterans benefits that are issued via debit cards.

The news represents a major vote of confidence for Apple Pay and Apple in general. While it shouldn’t be considered a proper endorsement from the White House, it is still a major win for Apple. Read More

 

Apple enables two-step verification for FaceTime and iMessages

By Cody Lee on Feb 12, 2015

Apple has enabled two-step verification for its FaceTime and iMessage services, The Guardian reported on Thursday. The move will force users who have the authentication system enabled to input an app-specific password when logging into either of the two services.

For those unfamiliar with the term, two-step verification is an opt-in system that adds an additional layer of security to Apple ID accounts. It requires users to input authentication codes when logging into iCloud on new devices, the web, and now iMessage and FaceTime. Read More

 

Poll: should Apple add multi-user access to iOS?

By Christian Zibreg on Jan 21, 2015

Yesterday, I stumbled upon an intriguing post over at The Loop which I felt raised a valid point about multi-user access in iOS, or the lack of.

It’s especially relevant in light of the fact that Android Lollipop enables multi-user support on phones.

Tablets, of course, have had this for nearly three years with Jelly Bean and up. Now, adding the ability to share your iPhone or iPad with someone else isn’t as trivial as it may appear at first sight as there are many technical hurdles to overcome.

On the other hand, can anyone imagine Apple not working on solving this pain point for its users? I mean, OS X supports multiple user accounts by design and iOS is basically a slimmed down version of OS X.

Anyways, is multi-user access one of those features the company should prioritize for the next major refresh of iOS, do you think? Read More

 

Spotlight bug exposes your Mac’s IP address and more to spammers

By Christian Zibreg on Jan 9, 2015

An unusual oversight in how OS X’s Spotlight feature handles privacy settings in Apple Mail leaves the door open to spammers, phishers and online tracking companies who can obtain private data such as your IP address, current operating system version, browser details and more, whenever an email message is previewed in Spotlight.

First discovered by German technology news site Heise, the bug takes advantage of a common information harvesting technique and a Mail setting which determines whether or not the program loads remote content in emails. Read More

 

It’s easy to create a fingerprint from smartphone photos of someone’s finger

By Christian Zibreg on Dec 29, 2014

Admittedly, Touch ID has popularized and mainstreamed biometric security on mobile devices using an impression made on a surface by the inner part of the top joint of a finger.

Having debuted on the iPhone 5s, Apple’s in-house sensor built into the Home button is based on a sophisticated technology by Israeli smart sensor maker AuthenTec, which the Cupertino firm snapped up in July of 2012 for a reported $356 million.

However, existing fingerprint-based security solutions could be easily bypassed by generating a fingerprint image from a series of photos of someone’s finger, no physical print necessary whatsoever, according to claims by Chaos Computer Club, Europe’s largest association of hackers.

As relayed by VentureBeat, the hackers have now successfully demonstrated a proof-of-concept by copying the thumbprint of German Defense Minister Ursula von der Leyen.

They used a close-up photograph of von der Leyen’s thumb, obtained during a news conference in October, along with photographs taken from different angles, said Jan Krissler aka “Starbug” at the 31st annual Chaos Computer Club convention in Hamburg, Germany. Read More

 

Twitter unveils better reporting and blocking tools

By Christian Zibreg on Dec 2, 2014

Twitter isn’t exactly a great example of what you’d call a privacy-minded online service with a wide-ranging set of comprehensive tools to prevent harassment and block poor souls who spew abuse at others.

And who could blame them? At its core, Twitter is about sharing quick thoughts with the web at large. Of course, Twitter over the years did roll out a bare minimum of reporting features.

Now Twitter’s privacy capabilities have gotten a tad better. Announced Tuesday, a sweeping update to Twitter’s existing reporting and blocking tools calls for simplified forms that mobile users can fill out with easy when reporting abuse, a change to blocking policy, a better web interface to manage blocked users and more.

Read More

 

AT&T says it’s no longer tracking subscribers using perma-cookies

By Cody Lee on Nov 15, 2014

AT&T told the Associated Press on Friday that it is no longer using permanent cookies to track its subscribers. In late October, security researchers discovered that the carrier, along with its competitor Verizon, were using unique identifying numbers or “perma-cookies” to track their customers online habits.

A spokesperson for AT&T said that the tracking practice was part of a pilot program to improve targeted marketing called “Relevant Advertising.” But it says that the experiment is over, and it has pulled the identifying numbers from their customers’ accounts, although it may still sell the data it’s collected. Read More

 

Apple being questioned by the FTC regarding health data protection

By Cody Lee on Nov 13, 2014

The US Federal Trade Commission is seeking assurances from Apple that it will prevent sensitive health data from being used without the users’ consent, reports Reuters. The outlet says Apple representatives have met with FTC officials multiple times in recent months to discuss the matter.

More specifically, the FTC wants to be sure that Apple will not sell health data collected by its upcoming smartwatch and other devices to third party marketers, or allow app developers to do so. It also wants to be sure proper measures are being taken to protect the data against malicious attacks. Read More

 

The EFF ranks iMessage and FaceTime as most secure mass-market messaging options

By Cody Lee on Nov 5, 2014

The Electronic Frontier Foundation (or EFF) has posted a new Secure Messaging Scorecard, which ranks popular messaging offerings based on their security measures. The Scorecard uses a variety of metrics, such as methods of encryption and user privacy, and Apple’s messaging options faired rather well.

While dedicated secure messaging apps like ChatSecure and CryptoCat scored the highest, the EFF found Apple’s iMessage and FaceTime systems to be “the best of the mass-market options.” The two services were found more secure than several high profile apps, including BlackBerry Messenger and Skype. Read More

 

Tim Cook flies to China in response to iCloud phishing allegations

By Christian Zibreg on Oct 22, 2014

Apple’s boss Tim Cook went to China to meet with a top Chinese government official in Beijing amid allegations of government-backed phishing attempts on users’ iCloud accounts, according to a report by the state-run Xinhua news agency, relayed by Reuters Wednesday.

The meeting coincides with reports by GreatFire.org, a Chinese web monitoring group, alleging that the Chinese government sponsored man-in-the-middle attacks that redirected local users to a fake iCloud.com login page in an effort to harvest Apple ID user names and passwords. Read More

 

Following iCloud phishing attempts, Apple issues browser security support doc

By Christian Zibreg on Oct 21, 2014

Following a report Monday by Great Fire alleging that the government in China attempted to compromise the security of Apple’s users by redirecting local traffic to a fake iCloud.com login webpage, Apple on Tuesday confirmed it was aware of the phishing attempts and ensured its servers had not been compromised, according to a CNBC report.

The company also took additional steps in the form of a new support document which teaches unsuspecting users how to verify that their web browser is in fact securely connected to the genuine iCloud.com login page. Read More

 
Page 112345...