Chinese government apparently collecting iCloud credentials through phishing attacks

By Christian Zibreg on Oct 20, 2014

The Chinese government is reportedly phishing iCloud credentials of millions of people by staging a so-called man-in-the-middle attack which redirects unsuspecting users to a spoofed webpage that appears shockingly similar to the real iCloud.com website, Great Fire reported Monday.

Fooled users who type in their username and password into the fake web form risk exposing their iMessage communications, photos, contacts, reminders, calendars and other personal information associated with their Apple ID to a third-party. The problem is further accentuated by the fact that the popular Chinese browser Qihoo does not warn users that they’re visiting a fake website. Read More

 

Facebook developing brand new mobile app for anonymous sharing

By Christian Zibreg on Oct 7, 2014

Facebook is reportedly close to releasing a brand new mobile application said to let its users communicate among themselves without using their real name or Facebook account, The New York Times reported Tuesday.

Already likened to a Whisper/Secret clone, the anonymous chatting app is expected to be released in the coming weeks, according to two people briefed on Facebook’s plans.

The software would mark a notable reversal for the social networking giant, which has more than a billion active accounts and whose business policy largely revolves around encouraging its customers to use their real name to identify themselves on the service. Read More

 

Meet Xsser mRAT, Chinese trojan that steals treasure trove of info from jailbroken iOS devices

By Christian Zibreg on Oct 1, 2014

There’s a new trojan in town, one that attacks jailbroken iPhone, iPod touch and iPad devices.

As discovered by Lacoon, the malicious software dubbed Xsser mRAT uses social engineering to steal valuable data from jailbroken devices by fooling unsuspecting users to tap on an install link in phishing messages from unknown senders.

Created by Chinese hackers, it can extract a vast range of personal information including your iOS address book, SMS messages, call logs, GSM identities, your approximate geographical location (as determined by the cell tower ID), on-device pictures, as well as passwords and other authentication data in the iOS keychains used by your Apple ID, mail accounts and other services. Read More

 

iOS 8’s predictive QuickType keyboard found to suggest parts of your passwords [updated]

By Christian Zibreg on Sep 29, 2014

QuickType, Apple’s new predictive keyboard featured on the iPhone, iPod touch and iPad devices running iOS 8, is reportedly plagued with a potentially dangerous oversight where the software would suggest parts of your passwords that you previously used on websites, as first reported by French-language blog iGen.fr [Google Translate].

A new thread on Apple’s Support Communities website includes a note by one user who reported the keyboard offering “OrangeJuice” as a suggestion each time he would type in “AppleUser” because QuickType remembered the “OrangeJuice!2” password he previously used to log in to Outlook Web App. Read More

 

FBI director says he’s ‘very concerned’ about new privacy features in iOS 8

By Cody Lee on Sep 25, 2014

The FBI is very concerned with the new privacy features Apple is touting in iOS 8, the organization’s director James Comey told The Huffington Post on Thursday. In particular, he’s concerned the company is marketing something “expressly to allow people to place themselves above the law.”

Comey’s remarks follow Apple’s move last week to be more transparent and informative about its user privacy policies. In a new webpage on the topic, the Cupertino firm said it no longer stores encryption keys for devices running iOS 8, meaning it can’t bypass pass codes—even under subpoena.  Read More

 

Researcher warned Apple of iCloud vulnerability six months before nude celeb pics leaked

By Christian Zibreg on Sep 25, 2014

A string of bad news for Apple continues with a revelation published Thursday on The Daily Dot that London-based computer security expert Ibrahim Balic gave Apple a heads-up about a vulnerability he had discovered in iCloud, but the company discounted the severity of the issue and ignore the problem for six months.

As you know, the issue blew up in a major way, becoming the topic of late-night shows, after several celebrities with weak Apple ID passwords saw their nude photographs hijacked and posted on the web. Read More

 

Safari 7.1 for Mavericks is out with encrypted Yahoo searches, DuckGoGo and more

By Christian Zibreg on Sep 18, 2014

Apple on Thursday released an update to its desktop Safari browser for Macs running OS X Mavericks which contains improvements to compatibility and security while introducing a pair of new options for strengthening your privacy when searching.

The first such feature turns on SSL encryption for all Yahoo searches conducted from Safari’s search field. As a result, no one can eavesdrop on what you’re searching for online.

The other adds DuckGoGo, a search engine that does not track you (Google won’t like this) as a built-in option in the search field. Note that Safari in iOS 8 and OS X 10.10 Yosemite already includes DuckGoGo as an option.

Safari 7.1 has arrived on the heels of yesterday’s OS X Mavericks 10.9.5 update which contains Safari 7.0.6 and improves the stability, compatibility and security of your Mac. Read More

 

Apple launches new privacy-focused site with government request figures and more

By Cody Lee on Sep 17, 2014

Apple this evening launched a new privacy site in an effort to increase transparency on how it protects user data, and to educate users on how they can better protect themselves. Additionally, Tim Cook has posted an open letter to Apple Customers detailing the various sections of the new site, as well as Apple’s stance on user privacy.

The move follows recent bad publicity for Apple, in which its laxed iCloud security measures were blamed for the hacking of high profile celebrity accounts, which resulted in a slew of nude photos being leaked. The company maintains that its servers were never breached, but Tim Cook promised to double down on security anyway.

Read More

 

Tim Cook already being questioned about Apple Watch and privacy

By Cody Lee on Sep 15, 2014

Connecticut Attorney General George Jepsen announced this afternoon that he’s sent a letter to Tim Cook regarding the new Apple Watch and user privacy. Jepsen wants Cook to explain what data the device will collect, how that data will be stored, and what Apple’s policies are on apps that access health information.

Specifically, Jepsen asks whether Apple will allow consumers to store personal/health info on its servers, and if so. how will that information be safeguarded. He also wants to know what kind of data Apple Watch will collect from users, and how it and its developers plan to obtain consent for this collection from users. Read More

 

Apple starts sending email alerts when you sign in to iCloud via a web browser

By Christian Zibreg on Sep 8, 2014

As noted by Letem světem Applem and confirmed by MacRumors editor Eric Slivka, Apple in the aftermath of the nude celeb pics scandal seems to have taken the first in a series of promised steps to bolster up the security of its cloud.

Now each time you sign in to iCloud through a web browser, the Cupertino firm will issue an email notice which contains a date and time that the account was accessed. This behavior is now enabled by default.

Previously, login alerts had been sent only if there was an attempt to log in to iCloud on an unknown Apple device. Read More

 

The best password manager apps for iPhone and iPad

By Lory Gil on Sep 7, 2014

In light of recent hacking antics that have come to light regarding Apple’s iCloud service, we are all much more aware of how important it is to secure our personal data. One of the best way to ensure that your iCloud account is protected is to enable two-step verification, but this alone might not always be enough to prevent hackers from gaining access to some of your data.

Of course, a strong password manager helps ensure that you aren’t using those dreaded simple passwords for dozens of different accounts, which makes it even easier for a predator to gain access to even more of your private data. Today, we’ve got a list of what we think are the best password manager apps for iPhone and iPad. Read More

 

Celeb hacking tapped law enforcement tools to gain access to data inside device backups

By Christian Zibreg on Sep 3, 2014

The alleged iCloud hacking, which has resulted in a massive leak of hundreds of revealing celebrity photos, has most likely been made possible because attackers reportedly used a piece of software that law enforcement officials rely on to siphon data from iOS device backups, Wired reported last night.

Rather than obtain a user’s iCloud username and password with brute-force attacks, the article points to web forum reports describing using specialized software called Elcomsoft Phone Password Breaker (EPPB) to impersonate the user’s device in order to obtain the full device backup which holds data like photos, videos, application data, contacts, text messages and more. Read More

 

Apple updates App Store guidelines with new rules for HealthKit and more

By Cody Lee on Sep 2, 2014

Apple posted an update this evening for its App Store review guidelines—a set of instructions for third-party developers on what iOS apps may or may not contain. Tonight’s refresh adds rules for upcoming iOS 8 features such as extensions, HealthKit and HomeKit.

Most of the changes are only pertinent to developers, but there are a few things worth mentioning. Perhaps the most important item, in light of recent events, is that Apple says apps using the HealthKit framework that store user health data in iCloud will be rejected. Read More

 

Apple reportedly patches Find My iPhone vulnerability to hack Apple ID accounts

By Christian Zibreg on Sep 1, 2014

According to The Next Web this morning, Apple has allegedly patched a security hole in the Find My iPhone service which allowed nefarious users to brute-force Apple ID passwords, according to Twitter user @hackappcom who posted a proof of concept titled ‘iBrute’ to GitHub on Saturday.

This should be good news for celebrities who reported their iCloud accounts being hacked and saw their nude pictures posted online.

As Cody told you yesterday, Academy Award winner Jennifer Lawrence and several other celebrities found themselves in the middle of a major nude photo leak after attackers apparently exploited a vulnerability in Apple’s Find My iPhone service. Read More

 

How Apple can improve permission handling in iOS

By Jeff Benjamin on Aug 25, 2014

Every so often, it helps to take a step back and examine the way things are being done. This applies to our day-to-day routine, or perhaps our workout regimen. I’ve also found that it applies to software.

iOS is no exception to this. Here is a software product that has been through vast changes since its creation. A good majority of the changes have been for the better, and iOS 8, which is mere weeks away, promises to bring more awesome goodies to the table.

But, from time to time, it pays to look at the way things are being done. We have to ask ourselves, “Is this truly the best way?”

I feel that we’ve reached that fork in the road when it comes to the way iOS handles permission requests for apps. As more features are added to our devices, more permissions are required for apps that wish to use these features. It’s gotten to the point that some apps require you to go through a whole checklist of permissions before you can even begin using the app.

The permission handling in iOS has become a frustrating affair. Not only do the numerous pop-up alerts annoy me, but it irritates me even more when I accidentally decline a permission because of speeding through the app setup process.

As discussed on today’s episode of Let’s Talk iOS, I’m convinced that there’s a better way to handle permissions in iOS. There’s a less intrusive, less frustrating way to handle requests for access to the various features on your device. Check out our video inside for an explanation of the problem, and a demonstration of the solution. Read More

 

panicLockPro locks specific apps on your iPhone via an Activator gesture

By Alihassan Mahdi on Aug 22, 2014

Do you have nosy friends or roommates who sneak into your Messages app from time to time? Are you concerned about your privacy when handing your device to someone else? If you answered yes to any of these questions, you should probably check out a tweak called panicLockPro that secures the private data on your iPhone or iPad.

With panicLockPro, you can quickly lock applications via an Activator gesture and secretly protect the private data on your iOS device. The tweak allows you to select individual apps that you want to lock out and prevent unauthorized access to. Read More

 

Russia asks Apple for source code to alleviate espionage concerns

By Cody Lee on Jul 30, 2014

Russia’s Ministry of Communications and Mass Media has suggested that Apple, along with German tech giant SAP, open the source code for its software to ensure that it’s not enabling US intelligence agencies to spy on the country.

The request comes just a week after a security researcher accused Apple of building surveillance backdoors into iOS, and as the United States and Europe expand their sanctions on Moscow over Russia’s involvement in Ukraine affairs… Read More

 

Apple outlines diagnostic capabilities in response to iOS ‘backdoor’ concerns

By Cody Lee on Jul 23, 2014

Forensic expert, and former jailbreak hacker, Jonathan Zdziarski caused quite a stir earlier this week when he published a report accusing Apple of building backdoors into iOS that could be used for government surveillance.

Apple of course came out and denied the claim, saying that these so-called ‘backdoor services’ are actually used for troubleshooting. But this wasn’t a good enough explanation for a lot of users, so tonight it delved a little deeper… Read More

 

Former jailbreak hacker accuses Apple of building surveillance backdoors into iOS

By Cody Lee on Jul 21, 2014

Former iPhone jailbreak hacker Jonathan Zdziarski recently gave a presentation at the HOPE/X conference regarding iOS device security. He said that the platform is reasonably secure from attacks by malicious hackers, but noted there are several backdoors built-in for surveillance.

In the presentation, called ‘Identifying Backdoors, Attack Points, and Surveillance Mechanisms in iOS Devices,’ Zdziarski detailed a number of undocumented high-value forensic services running on iOS devices, and suspicious design omissions in the OS, that appear to be for snooping…  Read More

 

Apple ID 2-step verification live in 48 new markets

By Christian Zibreg on Jul 17, 2014

It appears that Apple has rolled out its two-factor authentication feature for Apple ID accounts in an additional 48 markets, bringing the total number of countries which support this security-minded feature to a cool 59.

Two-factor authentication bolsters up your security when logging in to your Apple ID account on the web by combining something you know – your Apple ID username and password or a Recovery Key – with something you own – a four-digit authorization code sent to your iPhone, iPod touch or iPad device… Read More

 
Page 112345...