By Cody Lee on Jul 30, 2014
Russia’s Ministry of Communications and Mass Media has suggested that Apple, along with German tech giant SAP, open the source code for its software to ensure that it’s not enabling US intelligence agencies to spy on the country.
The request comes just a week after a security researcher accused Apple of building surveillance backdoors into iOS, and as the United States and Europe expand their sanctions on Moscow over Russia’s involvement in Ukraine affairs… Read More
By Cody Lee on Jul 23, 2014
Forensic expert, and former jailbreak hacker, Jonathan Zdziarski caused quite a stir earlier this week when he published a report accusing Apple of building backdoors into iOS that could be used for government surveillance.
Apple of course came out and denied the claim, saying that these so-called ‘backdoor services’ are actually used for troubleshooting. But this wasn’t a good enough explanation for a lot of users, so tonight it delved a little deeper… Read More
By Cody Lee on Jul 21, 2014
Former iPhone jailbreak hacker Jonathan Zdziarski recently gave a presentation at the HOPE/X conference regarding iOS device security. He said that the platform is reasonably secure from attacks by malicious hackers, but noted there are several backdoors built-in for surveillance.
In the presentation, called ‘Identifying Backdoors, Attack Points, and Surveillance Mechanisms in iOS Devices,’ Zdziarski detailed a number of undocumented high-value forensic services running on iOS devices, and suspicious design omissions in the OS, that appear to be for snooping… Read More
By Cody Lee on Jul 17, 2014
Since wunderkind George Hotz, better known as Geohot, first made a name for himself by hacking the iPhone at age 17, he’s bounced around to several projects. He hacked the PlayStation, did some work for Facebook, and more recently popped up in Android land.
His latest gig is an internship for Google’s Project Zero—a team of elite hackers tasked with finding and eradicating serious software vulnerabilities. Back in March Geohot won $150K for exposing Chrome exploits, and it seems the Mountain View company took notice… Read More
By Christian Zibreg on Jul 17, 2014
Apple is researching new methods of securing data on your iPhone by sending an alert to another device or locking it altogether to protect against theft should it detect a pattern of unusual behavior.
The United States Patent and Trademark Office today published an Apple patent for “Generating notifications based on user behavior”.
The document outlines a method by which an iPhone could automatically lock itself or set off an alert in case it detects unusual changes in user behavior. Read on for more… Read More
By Christian Zibreg on Jul 17, 2014
It appears that Apple has rolled out its two-factor authentication feature for Apple ID accounts in an additional 48 markets, bringing the total number of countries which support this security-minded feature to a cool 59.
Two-factor authentication bolsters up your security when logging in to your Apple ID account on the web by combining something you know – your Apple ID username and password or a Recovery Key – with something you own – a four-digit authorization code sent to your iPhone, iPod touch or iPad device… Read More
By Christian Zibreg on Jul 15, 2014
A month ago, Apple confirmed that it would soon start encrypting iCloud Mail traffic in transit.
As Google’s Transparency Report noted at the time, Apple and several major email providers did not properly encrypt email messages sent and received from other providers like Gmail and Yahoo, creating security concerns.
Although Apple only encrypts emails sent between its own iCloud customers, the company appears to have stepped up iCloud Mail security and is now finally protecting your emails from eavesdropping as they travel between various third-party email service providers using end-to-end encryption… Read More
By Cody Lee on Jul 13, 2014
Last week, China’s state-run China Central Television broadcasted a report that labeled the iPhone as a “national security concern.” More specifically, the CCTV criticized the “frequent locations” function in iOS 7, which records time and location for the owner’s movements.
Yesterday, Apple issued an official response to the report on its Chinese website. The statement reaffirms the company’s commitment to privacy, and states that the Location Services found in the iOS firmware are only used to help users for activities that require navigation… Read More
By Jeff Benjamin on Jul 8, 2014
Have you ever typed a password in iOS and wondered to yourself why Apple doesn’t mask the last character completely? The reason that Apple doesn’t fully mask the password as you type probably has to do with being able to verify that you entered the correct password.
Some may argue that such a feature is counter to staying secure as you enter your password. It’s easy to see why some people may feel that way.
Enter Fully Masked Passwords—a new jailbreak tweak that applies a full mask to every character entered in a password field. Check out our video after the break to see it in action. Read More
By Christian Zibreg on Jul 2, 2014
Apple on Wednesday launched an accessory to keep your gorgeously reimagined late-2013 “trashcan” style Mac Pro secure and tethered.
Available through the Online Apple Store for $49, the Mac Pro Security Lock Adapter ties the cylindrically shaped workstation to your desk using existing Kensington locks or similar third-party locks, so a thief would need to drag the desk itself to steal your precious Mac Pro.
Moreover, it prevents unauthorized access to the computer’s internal components by securing the lift-off cover to the base of the machine with a security cable… Read More
By Christian Zibreg on Jul 1, 2014
Microsoft’s OneDrive (formerly SkyDrive) is great if you need to store your files in the cloud and sync them between devices seamlessly. And with the recently introduced 15GB free tier, OneDrive has become even more competitive compared to Dropbox and its pedestrian 2GB free tier.
Also, Microsoft’s web-based email – which went through several rebranding efforts and is currently known as Outlook.com – has its loyal following.
Those who’ve been concerned about general security of their emails and OneDrive files needn’t worry as Microsoft now employs end-to-end encryption on both services to prevent eavesdropping as data travels between servers… Read More
By Cody Lee on Jun 30, 2014
Apple has apparently begun rolling out a two-step verification system to its iCloud web portal this afternoon. The new system adds an additional layer of security to an area that offers access to web versions of stock Mac and iOS apps like Mail, Contacts and Calendar.
It’s not clear if Apple is simply testing the feature with some users or plans to eventually roll it out to all iCloud.com subscribers, but it seems not everyone has access to it yet. Those who do see it, though, say it requires users to enter a special code to access their apps… Read More
By Christian Zibreg on Jun 20, 2014
Yesterday, I told you about Yo, a ridiculous new messaging app which lets people exchange two-character “Yo” messages. Some like Stephen Colbert have eviscerated Yo for being utterly useless and plain dumb while others point out the fact that it’s received more than $1 million in VC-backed funding as a proof that the mobile messaging space is booming with innovation.
Be that as it may, turns out the controversial software poses something of a security risk as a pair of college students have found a vulnerability allowing them to compromise any Yo user’s phone number, spam them with unsolicited messages and more.
Yo founder Or Arbel has confirmed that the app was “having security issues” and has promised to deliver a fix “in next few hours”… Read More
By Joe Rossignol on Jun 13, 2014
Email encryption is a hot topic right now. A few weeks ago, Google published a report that reveals how much email sent in transit is encrypted and which major providers are taking measures to encrypt their own emails. Then yesterday, the NPR published a more in-depth report (via 9to5Mac) that looks at how well major email providers in the United States are doing at protecting the data of users online.
As it turns out, Apple was among several major email providers failing to properly encrypt its emails sent and received from other providers like Gmail and Yahoo. Following the report, however, the iPhone maker reached out to NPR to confirm that it will be working on encrypting its emails in transit. The company says the change will occur “soon,” but no timeline was provided… Read More
By Cody Lee on Jun 13, 2014
AT&T has confirmed with ITWorld that it has suffered a security breach where customer information was accessed. The breach actually occurred back in April, but was only disclosed this week by the company in a filing with California regulators.
According to the report, personal information—including social security numbers and call records—was accessed for an unknown number of customers in the breach. It’s believed the attack was part of an effort to obtain unlock codes from the carrier… Read More
By Christian Zibreg on Jun 13, 2014
In addition to using your device’s iSight camera to scan in credit card information, Safari in iOS 8 makes it easy for third-party apps to tap into the browser’s AutoFill & Passwords feature for hassle-free logins.
Provided a user has previously saved their username and password for a specific website using Safari’s AutoFill & Passwords feature, a native iOS app is now permitted to retrieve this information and re-use it to authorize a user quickly and securely, bypassing the login screen altogether… Read More
By Joe Rossignol on Jun 9, 2014
A new security flaw has been discovered that allows for the Lock screen on iOS 7.1.1 to be bypassed in just seconds. The vulnerability provides access to any app that was left open before the device was locked, such as Mail or Messages, but a prompt appears to re-enter your Lock screen passcode if you attempt to navigate to the Home screen or elsewhere. Read ahead for how it works… Read More
By Joe Rossignol on Jun 9, 2014
The Sydney Morning Herald reports that Russian authorities have detained two young hackers for hijacking iOS devices through iCloud and holding them ransom for payment. The suspects, both residents of the Southern Administrative District of Moscow, are a 23-year-old named Ivan and an unnamed 17-year-old that served as his accomplice.
Russia’s Ministry of Internal Affairs announced on Monday that the hackers were detained during the course of “operational activities” by the Russian Interior Ministry. The hackers were caught on closed-caption TV after attempting to withdraw ransom payment from an ATM machine. The ministry also noted that one of the suspects has already been tried before… Read More
By Christian Zibreg on Jun 5, 2014
A year ago, PayPal CISO Michael Barrett spelled doom for existing verification methods based on passwords and expressed hope that the then unreleased iPhone 5s would kill the password once and for all. As it turned out, Apple limited the handset’s fingerprint scanner to iTunes purchases and user authentication on the Lock screen.
But with the iOS 8 SDK now official, Apple has opened up Touch ID to developers and PayPal is first out of the gate with the official confirmation that it is working on integrating Touch ID authentication into its mobile apps… Read More
By Cody Lee on May 28, 2014
On Monday, a number of iOS and Mac users came forward with complaints that their devices had been remotely locked by hackers. In most of the cases, a message appeared via Find My iPhone on the locked devices, demanding payment for the hack to be reversed.
As far as we can tell, the attacks have been concentrated on Mac and iOS products in Australia. And among the various theories of how the hackers were able to set a remote lock has been the fear that iCloud was breached. But Apple says it hasn’t been compromised… Read More