By Cody Lee on Jul 23, 2014
Forensic expert, and former jailbreak hacker, Jonathan Zdziarski caused quite a stir earlier this week when he published a report accusing Apple of building backdoors into iOS that could be used for government surveillance.
Apple of course came out and denied the claim, saying that these so-called ‘backdoor services’ are actually used for troubleshooting. But this wasn’t a good enough explanation for a lot of users, so tonight it delved a little deeper… Read More
By Cody Lee on Jul 21, 2014
Former iPhone jailbreak hacker Jonathan Zdziarski recently gave a presentation at the HOPE/X conference regarding iOS device security. He said that the platform is reasonably secure from attacks by malicious hackers, but noted there are several backdoors built-in for surveillance.
In the presentation, called ‘Identifying Backdoors, Attack Points, and Surveillance Mechanisms in iOS Devices,’ Zdziarski detailed a number of undocumented high-value forensic services running on iOS devices, and suspicious design omissions in the OS, that appear to be for snooping… Read More
By Christian Zibreg on Jul 17, 2014
It appears that Apple has rolled out its two-factor authentication feature for Apple ID accounts in an additional 48 markets, bringing the total number of countries which support this security-minded feature to a cool 59.
Two-factor authentication bolsters up your security when logging in to your Apple ID account on the web by combining something you know – your Apple ID username and password or a Recovery Key – with something you own – a four-digit authorization code sent to your iPhone, iPod touch or iPad device… Read More
By Cody Lee on Jul 13, 2014
Last week, China’s state-run China Central Television broadcasted a report that labeled the iPhone as a “national security concern.” More specifically, the CCTV criticized the “frequent locations” function in iOS 7, which records time and location for the owner’s movements.
Yesterday, Apple issued an official response to the report on its Chinese website. The statement reaffirms the company’s commitment to privacy, and states that the Location Services found in the iOS firmware are only used to help users for activities that require navigation… Read More
By Christian Zibreg on Jun 20, 2014
Yesterday, I told you about Yo, a ridiculous new messaging app which lets people exchange two-character “Yo” messages. Some like Stephen Colbert have eviscerated Yo for being utterly useless and plain dumb while others point out the fact that it’s received more than $1 million in VC-backed funding as a proof that the mobile messaging space is booming with innovation.
Be that as it may, turns out the controversial software poses something of a security risk as a pair of college students have found a vulnerability allowing them to compromise any Yo user’s phone number, spam them with unsolicited messages and more.
Yo founder Or Arbel has confirmed that the app was “having security issues” and has promised to deliver a fix “in next few hours”… Read More
By Cody Lee on Jun 13, 2014
AT&T has confirmed with ITWorld that it has suffered a security breach where customer information was accessed. The breach actually occurred back in April, but was only disclosed this week by the company in a filing with California regulators.
According to the report, personal information—including social security numbers and call records—was accessed for an unknown number of customers in the breach. It’s believed the attack was part of an effort to obtain unlock codes from the carrier… Read More
By Christian Zibreg on Jun 13, 2014
In addition to using your device’s iSight camera to scan in credit card information, Safari in iOS 8 makes it easy for third-party apps to tap into the browser’s AutoFill & Passwords feature for hassle-free logins.
Provided a user has previously saved their username and password for a specific website using Safari’s AutoFill & Passwords feature, a native iOS app is now permitted to retrieve this information and re-use it to authorize a user quickly and securely, bypassing the login screen altogether… Read More
By Christian Zibreg on Jun 9, 2014
In a move designed to appease privacy watchers and further protect your privacy, Apple has made it that much harder for pesky marketeers to identify your device (and consequentially you as a user) or track your location as you go about your business. As discovered by Swiss programmer Frederic Jacobs, iOS 8 randomizes your device’s MAC address while scanning for networks.
A MAC address serves as a unique identifier assigned to network interfaces for communications on the physical network segment. By randomizing your device’s MAC address each time it scans for nearby Wi-Fi hotspots, iOS 8 effectively disguises any trace of the real device. Here’s hoping this becomes an industry standard. Jump past the fold to learn more about this nifty feature… Read More
By Christian Zibreg on May 22, 2014
Contrary to a flurry of reports yesterday, Google was never going to put ads on the Nest Thermostat. Moreover, Nest co-founder and the iPod Godfather, Tony Fadell, has confirmed that recalled thermostats will be returning to store shelves sooner than you think.
Allow me to refresh your memory: soon after it was discovered that a safety bug with a Protect Wave feature could prevent the alarm from sounding, Google’s Nest unit has responded by preemptively recalling about 40,000 faulty units.
This should set the record straight and put to rest the ridiculous notion that recalling smoke detectors and not doing ads in thermostats is somehow evil… Read More
By Cody Lee on May 16, 2014
The Electronic Frontier Foundation (or EFF) issued a new report this week entitled ‘Who Has Your Back.’ The document discusses major tech companies and their user privacy policies, and ranks them on transparency and other categories.
Interestingly enough, Apple was one of nine tech firms awarded a perfect score by the EFF. The Cupertino company received a star in each of the 6 categories, for a total of 6 stars—a remarkable improvement over its 1-star rating just last year… Read More
By Christian Zibreg on May 5, 2014
Do you access sensitive document attachments on your iPhone, iPod touch or iPad, stuff like contracts, invoices, bank statements and what not?
If so, your security and privacy could be compromised because iOS is storing email attachments in the clear – that is, in the unencrypted form – thus making stored attachments easily readable by using a piece of software to browse a person’s on-device email folder for an IMAP account.
A researcher who claims to have discovered this security flaw has found that iOS 7.0.4 and later – including the latest iOS 7.1.1 – do not encrypt email attachments… Read More
By Cody Lee on May 2, 2014
The move should appease user privacy rights activists, who believe it’s unlawful for a government agency to have the power to access user data so discretely. The Justice Department, however, is concerned that the new routine could threaten investigations… Read More
By Christian Zibreg on Apr 10, 2014
If you’ve as much as glanced at what’s your inbox lately, chances are you’ve encountered messages in which your favorite apps and services announce emergency password resets in the wake of Heartbleed, a nasty bug that’s attacking millions of websites. And unless you’ve been sleeping under a rock for the past week, you must be aware by now that a shockingly high number of websites are at risk.
The latest security scare stems from a devastating flaw in the OpenSSL software many websites use to authorize login sessions and encrypt and transmit user data. Long story short, the exploit allows attackers to easily scoop up the website’s encryption keys, passwords and user content, prompting tons of emergency password resets by some of the Internet’s most popular services.
But what about your Apple ID? Have the keys to your account in the Apple cloud been compromised? How about iCloud or the App Store? According to an Apple spokesperson, its iOS and OS X platforms are protected against Heartbleed. Do I hear a collective sigh of relief? Read More
By Christian Zibreg on Mar 17, 2014
Facebook-owned WhatsApp, the world’s most popular mobile messaging service, has received a nice little update Monday bringing some much-needed privacy controls.
For starters, you can now tell the app who you want to share your profile photo and status with, quite in handy if you’re a private person who only wants to share this type of information with your phone contacts rather than with anyone using the service.
The same privacy settings are available for your Last Seen status as well – useful when you don’t want others to tell you haven’t opened their messages yet. Oh, and this edition of WhatsApp also includes some nice new wallpapers.
The update is live in the App Store so grab it now… Read More
By Christian Zibreg on Mar 12, 2014
We’re pretty big fans of AgileBits‘s 1Password for iOS and OS X (Jeff and myself are converts). But why bother with a third-party app when Apple’s new iCloud Keychain feature in iOS 7 and OS X Mavericks keeps all your website and app passwords, Wi-Fi logins and credit cards synced?
Lots of reasons, mainly because iCloud Keychain won’t sync plenty of personal items like private notes, software serial numbers, bank accounts, passports and what not.
That’s where 1Password comes in handy. First and foremost, 1Password uses a robust architecture to ensure that your private data remains private. Apps to manage passwords usually tend to be cumbersome, but that’s never been the case with 1Password.
The software has been praised for its sleek interface, rich feature set and handy tools like browser extensions and the 1Password mini app which patiently sits in your Mac’s menu bar to make remembering new passwords a hassle-free affair.
AgileBits is now introducing a new edition of 1Password for Mac which further refines the experience of using 1Password mini, the AutoSave feature and item editing. Read on for the full reveal… Read More
By Cody Lee on Mar 5, 2014
Popular encrypted chat app Cryptocat has launched this week for iOS. Originally available as a desktop app and a browser plugin, the app offers strong encryption and secrecy for text conversations, as well as protection from government intrusion thanks to its Swedish nuclear bunker headquarters.
This week’s iOS launch comes after an initial rejection by Apple’s app review team in December. Cryptocat’s founder Nadim Kobeissi called Apple’s reason for rejection ‘illegitimate,’ but it’s obvious someone or something had to give because the app is now available for download in the App Store… Read More
By Cody Lee on Feb 25, 2014
While the dust is far from settled on the nasty SSL bug found in iOS last week, a new security flaw in the mobile OS has been brought to light. The new flaw makes it possible for attackers to covertly log every touch a user makes, including keyboard and Touch ID presses.
Researchers at security firm FireEye made the discovery, saying in a blog post that the gap exists within iOS’ multitasking feature that allows for the background monitoring, and it can be exploited via a malicious app install or remotely via a separate app vulnerability… Read More
By Joe Rossignol on Feb 9, 2014
While multiple user account support exists on OS X and certain Android devices, the same cannot be said for iPhone. Enter GuestMode, a new jailbreak tweak by computer science graduate student Ian Burns that offers a fully customizable guest experience like none other.
Allow your kids to play games on your smartphone without accidentally calling someone, or let your friends control your music without lurking through your Facebook or Photos app. Find out how it works… Read More
By Christian Zibreg on Feb 3, 2014
An interesting finding by TechCrunch this morning that Apple has now started to reject apps which retrieve users’ Identifier for Advertisers (IDFA), but don’t show any ads. IDFA was introduced alongside iOS 6 two years ago to replace the universal device identifier (UDID) from prior iOS versions amid privacy concerns and new regulatory requirements. The company last March stopped accepting apps into the App Store that use the now defunct UDID… Read More
By Christian Zibreg on Jan 28, 2014
A report yesterday by The New York Times and other news organizations has provided yet another unsettling glimpse into the NSA’s wide-ranging surveillance practices.
The speculation, based on information from documents provided by the NSA leaker Edward Snowden, suggests that the NSA and its British counterpart GCHQ have been collecting private user data from mobile apps, in real time, as it travels across the Internet.
Profile data being collected from popular games such as Rovio’s Angry Birds typically includes age, location and gender, the allegations go. And with games that show ads, the agencies are also able to intercept users’ surprisingly detailed advertising profiles, mining it for new information… Read More