Russia asks Apple for source code to alleviate espionage concerns

By Cody Lee on Jul 30, 2014

Russia’s Ministry of Communications and Mass Media has suggested that Apple, along with German tech giant SAP, open the source code for its software to ensure that it’s not enabling US intelligence agencies to spy on the country.

The request comes just a week after a security researcher accused Apple of building surveillance backdoors into iOS, and as the United States and Europe expand their sanctions on Moscow over Russia’s involvement in Ukraine affairs… Read More

 

Apple outlines diagnostic capabilities in response to iOS ‘backdoor’ concerns

By Cody Lee on Jul 23, 2014

Forensic expert, and former jailbreak hacker, Jonathan Zdziarski caused quite a stir earlier this week when he published a report accusing Apple of building backdoors into iOS that could be used for government surveillance.

Apple of course came out and denied the claim, saying that these so-called ‘backdoor services’ are actually used for troubleshooting. But this wasn’t a good enough explanation for a lot of users, so tonight it delved a little deeper… Read More

 

Former jailbreak hacker accuses Apple of building surveillance backdoors into iOS

By Cody Lee on Jul 21, 2014

Former iPhone jailbreak hacker Jonathan Zdziarski recently gave a presentation at the HOPE/X conference regarding iOS device security. He said that the platform is reasonably secure from attacks by malicious hackers, but noted there are several backdoors built-in for surveillance.

In the presentation, called ‘Identifying Backdoors, Attack Points, and Surveillance Mechanisms in iOS Devices,’ Zdziarski detailed a number of undocumented high-value forensic services running on iOS devices, and suspicious design omissions in the OS, that appear to be for snooping…  Read More

 

Geohot joins elite team of hackers for Google’s Project Zero

By Cody Lee on Jul 17, 2014

Since wunderkind George Hotz, better known as Geohot, first made a name for himself by hacking the iPhone at age 17, he’s bounced around to several projects. He hacked the PlayStation, did some work for Facebook, and more recently popped up in Android land.

His latest gig is an internship for Google’s Project Zero—a team of elite hackers tasked with finding and eradicating serious software vulnerabilities. Back in March Geohot won $150K for exposing Chrome exploits, and it seems the Mountain View company took notice… Read More

 

Apple patent would let iPhone lock itself in case of unusual user behavior

By Christian Zibreg on Jul 17, 2014

Apple is researching new methods of securing data on your iPhone by sending an alert to another device or locking it altogether to protect against theft should it detect a pattern of unusual behavior.

The United States Patent and Trademark Office today published an Apple patent for “Generating notifications based on user behavior”.

The document outlines a method by which an iPhone could automatically lock itself or set off an alert in case it detects unusual changes in user behavior. Read on for more… Read More

 

Apple ID 2-step verification live in 48 new markets

By Christian Zibreg on Jul 17, 2014

It appears that Apple has rolled out its two-factor authentication feature for Apple ID accounts in an additional 48 markets, bringing the total number of countries which support this security-minded feature to a cool 59.

Two-factor authentication bolsters up your security when logging in to your Apple ID account on the web by combining something you know – your Apple ID username and password or a Recovery Key – with something you own – a four-digit authorization code sent to your iPhone, iPod touch or iPad device… Read More

 

Apple is now encrypting your iCloud emails in transit between providers

By Christian Zibreg on Jul 15, 2014

A month ago, Apple confirmed that it would soon start encrypting iCloud Mail traffic in transit.

As Google’s Transparency Report noted at the time, Apple and several major email providers did not properly encrypt email messages sent and received from other providers like Gmail and Yahoo, creating security concerns.

Although Apple only encrypts emails sent between its own iCloud customers, the company appears to have stepped up iCloud Mail security and is now finally protecting your emails from eavesdropping as they travel between various third-party email service providers using end-to-end encryption… Read More

 

Apple responds to Chinese media warning against iPhone location tracking

By Cody Lee on Jul 13, 2014

Last week, China’s state-run China Central Television broadcasted a report that labeled the iPhone as a “national security concern.” More specifically, the CCTV criticized the “frequent locations” function in iOS 7, which records time and location for the owner’s movements.

Yesterday, Apple issued an official response to the report on its Chinese website. The statement reaffirms the company’s commitment to privacy, and states that the Location Services found in the iOS firmware are only used to help users for activities that require navigation… Read More

 

How to fully mask password input on the iPhone

By Jeff Benjamin on Jul 8, 2014

Have you ever typed a password in iOS and wondered to yourself why Apple doesn’t mask the last character completely? The reason that Apple doesn’t fully mask the password as you type probably has to do with being able to verify that you entered the correct password.

Some may argue that such a feature is counter to staying secure as you enter your password. It’s easy to see why some people may feel that way.

Enter Fully Masked Passwords—a new jailbreak tweak that applies a full mask to every character entered in a password field. Check out our video after the break to see it in action. Read More

 

Apple launches $49 security lock adapter for Mac Pro

By Christian Zibreg on Jul 2, 2014

Apple on Wednesday launched an accessory to keep your gorgeously reimagined late-2013 “trashcan” style Mac Pro secure and tethered.

Available through the Online Apple Store for $49, the Mac Pro Security Lock Adapter ties the cylindrically shaped workstation to your desk using existing Kensington locks or similar third-party locks, so a thief would need to drag the desk itself to steal your precious Mac Pro.

Moreover, it prevents unauthorized access to the computer’s internal components by securing the lift-off cover to the base of the machine with a security cable… Read More

 

Microsoft now encrypts your OneDrive connections and Outlook emails

By Christian Zibreg on Jul 1, 2014

Microsoft’s OneDrive (formerly SkyDrive) is great if you need to store your files in the cloud and sync them between devices seamlessly. And with the recently introduced 15GB free tier, OneDrive has become even more competitive compared to Dropbox and its pedestrian 2GB free tier.

Also, Microsoft’s web-based email – which went through several rebranding efforts and is currently known as Outlook.com – has its loyal following.

Those who’ve been concerned about general security of their emails and OneDrive files needn’t worry as Microsoft now employs end-to-end encryption on both services to prevent eavesdropping as data travels between servers… Read More

 

Apple rolling out two-step verification for iCloud web portal

By Cody Lee on Jun 30, 2014

Apple has apparently begun rolling out a two-step verification system to its iCloud web portal this afternoon. The new system adds an additional layer of security to an area that offers access to web versions of stock Mac and iOS apps like Mail, Contacts and Calendar.

It’s not clear if Apple is simply testing the feature with some users or plans to eventually roll it out to all iCloud.com subscribers, but it seems not everyone has access to it yet. Those who do see it, though, say it requires users to enter a special code to access their apps… Read More

 

Yo hack compromises your phone contacts, but fix is underway

By Christian Zibreg on Jun 20, 2014

Yesterday, I told you about Yo, a ridiculous new messaging app which lets people exchange two-character “Yo” messages. Some like Stephen Colbert have eviscerated Yo for being utterly useless and plain dumb while others point out the fact that it’s received more than $1 million in VC-backed funding as a proof that the mobile messaging space is booming with innovation.

Be that as it may, turns out the controversial software poses something of a security risk as a pair of college students have found a vulnerability allowing them to compromise any Yo user’s phone number, spam them with unsolicited messages and more.

Yo founder Or Arbel has confirmed that the app was “having security issues” and has promised to deliver a fix “in next few hours”Read More

 

Apple working to encrypt iCloud emails in transit

By Joe Rossignol on Jun 13, 2014

Email encryption is a hot topic right now. A few weeks ago, Google published a report that reveals how much email sent in transit is encrypted and which major providers are taking measures to encrypt their own emails. Then yesterday, the NPR published a more in-depth report (via 9to5Mac) that looks at how well major email providers in the United States are doing at protecting the data of users online.

As it turns out, Apple was among several major email providers failing to properly encrypt its emails sent and received from other providers like Gmail and Yahoo. Following the report, however, the iPhone maker reached out to NPR to confirm that it will be working on encrypting its emails in transit. The company says the change will occur “soon,” but no timeline was provided…  Read More

 

Customer info accessed by third-party unlocking service in AT&T security breach

By Cody Lee on Jun 13, 2014

AT&T has confirmed with ITWorld that it has suffered a security breach where customer information was accessed. The breach actually occurred back in April, but was only disclosed this week by the company in a filing with California regulators.

According to the report, personal information—including social security numbers and call records—was accessed for an unknown number of customers in the breach. It’s believed the attack was part of an effort to obtain unlock codes from the carrier… Read More

 

iOS 8 lets native apps tap into Safari’s AutoFill & Passwords for frictionless login experience

By Christian Zibreg on Jun 13, 2014

In addition to using your device’s iSight camera to scan in credit card information, Safari in iOS 8 makes it easy for third-party apps to tap into the browser’s AutoFill & Passwords feature for hassle-free logins.

Provided a user has previously saved their username and password for a specific website using Safari’s AutoFill & Passwords feature, a native iOS app is now permitted to retrieve this information and re-use it to authorize a user quickly and securely, bypassing the login screen altogether… Read More

 

iOS 7 security flaw allows for Lock screen bypass in seconds

By Joe Rossignol on Jun 9, 2014

A new security flaw has been discovered that allows for the Lock screen on iOS 7.1.1 to be bypassed in just seconds. The vulnerability provides access to any app that was left open before the device was locked, such as Mail or Messages, but a prompt appears to re-enter your Lock screen passcode if you attempt to navigate to the Home screen or elsewhere. Read ahead for how it works…  Read More

 

iCloud hackers who held iOS devices ransom detained in Russia

By Joe Rossignol on Jun 9, 2014

The Sydney Morning Herald reports that Russian authorities have detained two young hackers for hijacking iOS devices through iCloud and holding them ransom for payment. The suspects, both residents of the Southern Administrative District of Moscow, are a 23-year-old named Ivan and an unnamed 17-year-old that served as his accomplice.

Russia’s Ministry of Internal Affairs announced on Monday that the hackers were detained during the course of “operational activities” by the Russian Interior Ministry. The hackers were caught on closed-caption TV after attempting to withdraw ransom payment from an ATM machine. The ministry also noted that one of the suspects has already been tried before…  Read More

 

PayPal integrating Touch ID into its iOS app

By Christian Zibreg on Jun 5, 2014

A year ago, PayPal CISO Michael Barrett spelled doom for existing verification methods based on passwords and expressed hope that the then unreleased iPhone 5s would kill the password once and for all. As it turned out, Apple limited the handset’s fingerprint scanner to iTunes purchases and user authentication on the Lock screen.

But with the iOS 8 SDK now official, Apple has opened up Touch ID to developers and PayPal is first out of the gate with the official confirmation that it is working on integrating Touch ID authentication into its mobile apps… Read More

 

Apple says Australian iOS device attacks not caused by iCloud breach

By Cody Lee on May 28, 2014

On Monday, a number of iOS and Mac users came forward with complaints that their devices had been remotely locked by hackers. In most of the cases, a message appeared via Find My iPhone on the locked devices, demanding payment for the hack to be reversed.

As far as we can tell, the attacks have been concentrated on Mac and iOS products in Australia. And among the various theories of how the hackers were able to set a remote lock has been the fear that iCloud was breached. But Apple says it hasn’t been compromised… Read More

 
Page 112345...