By Christian Zibreg on Nov 19, 2014
WhatsApp, the most popular instant-messaging platform with more than 600 million users which Facebook snapped up for $16 billions earlier this year, has started to protect data with end-to-end encryption, The Wall Street Journal reports.
For the time being, text messages exchanged between Android users of WhatsApp are being encrypted by default.
It shouldn’t be too long until the company adds encryption to the iOS app and other mobile platforms. Encryption protects users’ communications from governments and hackers alike by making the data unreadable as it travels between servers. Read More
By Cody Lee on Nov 18, 2014
Apple has posted a support page on the security content of the just-released iOS 8.1.1, reaffirming previous reports that the firmware breaks the Pangu jailbreak tool. In the page, the company credits the Pangu team for discovering three vulnerabilities patched in 8.1.1.
Among those vulnerabilities was a state management issue in the dyld directory, which has to do with app launches. There was also a validation issue in the handling of metadata fields with the kernel, and a sandbox profile bug that allowed apps to launch arbitrary binaries. Read More
By Cody Lee on Nov 17, 2014
Chinese authorities arrested three individuals last Friday that are believed to have developed the “WireLurker” malware, according to a police post on Sina Weibo. The authorities were tipped off by Chinese security company Qihoo 360 technology. Additionally, the post says that authorities have also identified and shut down the website that was hosting and distributing the malware. Read More
By Cody Lee on Nov 13, 2014
Apple tonight broke its silence regarding Masque Attack, a recently discovered vulnerability in iOS. In a statement to iMore, the company says it encourages customers to only download apps from trusted sources and that it’s not currently aware of any users affected by the exploit.
Research security FireEye announced its discovery of Masque Attack on Monday. The malware installs itself through a phishing link disguised as a new app or game, and then masquerades as a legitimate app. Once installed, it can access login credentials, credit card info and more. Read More
By Cody Lee on Nov 13, 2014
The United States government issued a warning for iPhone and iPad users today regarding the recently-discovered ‘Masque Attack’ vulnerability, reports Reuters. The security flaw, which began circulating the web earlier this week, allows malicious third-party apps to be installed to a device using enterprise provision profiles.
Today’s bulletin was issued by the National Cybersecurity and Communications Integration Center, and it warns users of how Masque Attack can spread and what it’s capable of doing. The malware installs itself through a phishing link disguised as a new app or game, and then it can masquerade as a well-known app like Gmail. Read More
By Christian Zibreg on Nov 10, 2014
A new security exploit discovered in Apple’s mobile operating system allows attackers to fool unsuspecting users into installing malicious iPhone and iPad apps disguised as new versions of popular apps and games such as Gmail, Angry Birds and more.
Instances of malicious apps with such deceiving names as “New Angry Bird”, “New Flappy Bird” and others were mentioned Monday in a report by mobile security research firm FireEye. Read More
By Cody Lee on Nov 6, 2014
Apple released a statement today saying that it is aware of the newly discovered WireLurker malware that targets Macs and iOS devices, and it has taken action. “We’ve blocked the identified apps to prevent them from launching,” a spokesman for the company told the Wall Street Journal.
Yesterday security researchers at Palo Alto Networks published a report saying they had discovered a new malware targeting Macs and iOS that is the “biggest in scale” it has ever seen. They named the malware “WireLurker” for its ability to jump from infected Macs to iOS devices over USB. Read More
By Cody Lee on Nov 5, 2014
Security researchers at Palo Alto Networks say they’ve uncovered a new malware campaign targeting Macs and iOS that is the “biggest in scale” it has ever seen. Dubbed WireLurker, the malware has infected more than 400 apps in the Maiyadi App Store, a third-party Mac app store in China.
In the last six months, researchers say 467 infected applications have been downloaded 356,104 times, and “may have impacted hundreds of thousands of users.” The scary part is, the malware can be transmitted to a connected iOS device via USB, regardless of whether or not it’s jailbroken. Read More
By Christian Zibreg on Oct 31, 2014
Criminals should protect their iPhones with a passcode, not Touch ID, as a Virginia District Court has determined that passcodes are protected under the Fifth Amendment of the United States Constitution while fingerprints are not, according to a report Friday by Hampton Roads.
The Fifth Amendment protects citizens from self-incrimination so a phone is protected under the law because otherwise it would require a defendant to divulge knowledge. Put simply, a Circuit Court judge has ruled that a criminal defendant can be compelled to reveal their fingerprint but not the passcode, so that police could search their mobile phone. Read More
By Jeff Benjamin on Oct 29, 2014
At this point in time, running Cydia on a jailbroken iPhone can still be a bit confusing for users who aren’t always knee-deep in this stuff. One of the biggest issues encountered when running Cydia on a jailbroken iOS 8 device at the moment involves using the passcode and Touch ID.
After installing Cydia on a jailbroken iOS 8 device, many are reporting that establishing a passcode sends them into a bootloop. I verified that I encountered the same issue.
Let me just preface this by saying that the problems encountered here are no fault of the Pangu team or of Saurik. This jailbreak is a work in progress, and we’ve been advised that the jailbreak is only for developers at the moment. That said, many of you are adventurous and want to take the plunge as soon as possible; as do I.
In this video, I share an unsanctioned workaround to the boot loop issue. I show you how to establish a passcode on a device with Cydia and Cydia Substrate installed. I’ve tested this out, and have recorded the entire Cydia installation process for your convenience. Have a look inside for the full tutorial. Read More
By Sébastien Page on Oct 28, 2014
I just got my all new iMac with Retina 5K display last week and I’m still going through all the settings to have it behave the way I want. One thing I noticed is that every time it goes to sleep or the screen saver kicks in, my Mac will require me to enter my user password when I wake it up.
What is a great security feature if you work in an office is somewhat of an annoyance to me, simply because I work from home and no one except my wife ever gets to touch my computer, making this password an extra step that I don’t need.
In this post, I’ll show you how to stop OS X Yosemite from requiring a password after waking up your Mac. Read More
By Jeff Benjamin on Oct 24, 2014
SleekCode is a brand new jailbreak tweak that just recently touched down on Cydia’s BigBoss repo. SleekCode allows you to change up the look of the passcode screen. You can alter the background of the blur, alpha, and passcode rings, along with hiding the emergency dial button and slide to unlock chevron.
I was fairly impressed with the look of the passcode screen after configuring SleekCode. Have a look at our video walkthrough for more information. Read More
By Christian Zibreg on Oct 22, 2014
Apple’s boss Tim Cook went to China to meet with a top Chinese government official in Beijing amid allegations of government-backed phishing attempts on users’ iCloud accounts, according to a report by the state-run Xinhua news agency, relayed by Reuters Wednesday.
The meeting coincides with reports by GreatFire.org, a Chinese web monitoring group, alleging that the Chinese government sponsored man-in-the-middle attacks that redirected local users to a fake iCloud.com login page in an effort to harvest Apple ID user names and passwords. Read More
By Christian Zibreg on Oct 21, 2014
Following a report Monday by Great Fire alleging that the government in China attempted to compromise the security of Apple’s users by redirecting local traffic to a fake iCloud.com login webpage, Apple on Tuesday confirmed it was aware of the phishing attempts and ensured its servers had not been compromised, according to a CNBC report.
The company also took additional steps in the form of a new support document which teaches unsuspecting users how to verify that their web browser is in fact securely connected to the genuine iCloud.com login page. Read More
By Christian Zibreg on Oct 20, 2014
The Chinese government is reportedly phishing iCloud credentials of millions of people by staging a so-called man-in-the-middle attack which redirects unsuspecting users to a spoofed webpage that appears shockingly similar to the real iCloud.com website, Great Fire reported Monday.
Fooled users who type in their username and password into the fake web form risk exposing their iMessage communications, photos, contacts, reminders, calendars and other personal information associated with their Apple ID to a third-party. The problem is further accentuated by the fact that the popular Chinese browser Qihoo does not warn users that they’re visiting a fake website. Read More
By Cody Lee on Oct 16, 2014
Following the release of OS X Yosemite this afternoon, Apple quickly pushed out iTunes 12.0.1. As you know, Yosemite includes a refreshed edition of iTunes marked as version 12, and this is an update for the folks who are using the new software.
Not much is mentioned in the change log in terms of what’s new in 12.0.1, but it does note that at least one of the changes has to do with security. And given its release time, and .1 build number, we imagine that it includes other bug fixes as well. Read More
By Jeff Benjamin on Oct 8, 2014
If you have two-step verification enabled and you’re currently signed in to a third-party app using your Apple ID password, you’ll need to adjust to a new change starting tomorrow. For security purposes, Apple is introducing app-specific passwords to access iCloud data using third-party apps.
Apple will allow users to generate these app-specific passwords via the Password & Security section of its Apple ID website. Once there, you’ll simply need to click Generate App-Specific Password to create a password for the third-party app that you wish to grant access to your iCloud data. Read More
By Cody Lee on Oct 7, 2014
AT&T confirmed on Monday that it suffered a data breach in August, carried out by one of its own employees. In a letter to Vermont’s attorney general, officials for the carrier said a former staffer accessed customer account information, including Social Security and driver’s license numbers.
Additionally, the company notes that the insider viewed Customer Proprietary Network Information (or CPNI), which includes metadata such as time, duration and destination of phone calls. It would not identify, however, how many of its customer accounts were affected by the breach. Read More
By Sébastien Page on Oct 1, 2014
Apple recently released a tool that lets anyone check the Activation Lock status of iOS devices. Introduced along iOS 7, Activation Lock is a security feature that prevents anyone from erasing or activating your iOS device without entering your Apple ID and password first. The feature must be disabled before a device is passed or sold to another person. Failure to do so renders the device unusable for the new owner.
With the release of this new tool, Apple wants to make the process of checking for Activation Lock easier, and prevent people from buying a device that might have been locked because it was lost, stolen, or simply because the previous owner forgot remove the device from his account. Read More