By Lory Gil on Jan 24, 2015
Most of us have at least one extra iOS device lying around somewhere that doesn’t get used as much as the others. Instead of letting it sit around, slowly losing battery life, why not set it up to be a home security monitor?
Manything is a free app that you can download onto two iOS devices. One device acts as the camera to record everything, while the other acts as the remote viewer so you can check in to see what your cat is up to while you are away. Read More
By Christian Zibreg on Jan 23, 2015
CEO Tim Cook has agreed to allow Chinese government officials to conduct security audits on Apple devices sold in China, IDG News Service reported yesterday.
The surprising development comes amid tensions that have erupted in the 1.33 billion people country, Apple’s second largest market by revenue, over allegations that other governments are using Apple devices for surveillance and accusations of state-sponsored phishing attacks on Apple’s iCloud users. Read More
By Christian Zibreg on Jan 21, 2015
Yesterday, I stumbled upon an intriguing post over at The Loop which I felt raised a valid point about multi-user access in iOS, or the lack of.
It’s especially relevant in light of the fact that Android Lollipop enables multi-user support on phones.
Tablets, of course, have had this for nearly three years with Jelly Bean and up. Now, adding the ability to share your iPhone or iPad with someone else isn’t as trivial as it may appear at first sight as there are many technical hurdles to overcome.
On the other hand, can anyone imagine Apple not working on solving this pain point for its users? I mean, OS X supports multiple user accounts by design and iOS is basically a slimmed down version of OS X.
Anyways, is multi-user access one of those features the company should prioritize for the next major refresh of iOS, do you think? Read More
By Jake Smith on Jan 20, 2015
Password manager LastPass has finally launched a dedicated Mac app that will allow users to find and store their passwords.
Previously available as a web portal and browser extension, the new Mac app gives you the same features natively, along with a Quick Look feature that allows you to instantly search for passwords and other login information, as well as the ability to scavenge through secure notes. Read More
By Christian Zibreg on Jan 19, 2015
New documents by NSA leaker Edward Snowden were published this weekend by German newspaper Der Spiegel, giving us new insight into how the GCHQ tracked iPhone users without their consent.
Rather than tap specific exploits that GCHQ’s U.S. counterpart, NSA, relied on in order to compromise the iPhone’s software, GCHQ surveilled targets by following a device’s UDID across different services.
They were even able to pull data from the device itself when syncing with a compromised computer took place. Read More
By Christian Zibreg on Jan 9, 2015
An unusual oversight in how OS X’s Spotlight feature handles privacy settings in Apple Mail leaves the door open to spammers, phishers and online tracking companies who can obtain private data such as your IP address, current operating system version, browser details and more, whenever an email message is previewed in Spotlight.
First discovered by German technology news site Heise, the bug takes advantage of a common information harvesting technique and a Mail setting which determines whether or not the program loads remote content in emails. Read More
By Jeff Benjamin on Jan 9, 2015
There are tweaks that exist on Cydia that allow you to secure an entire app, but to my knowledge, no tweak yet exists that allows you to secure specific aspects of the stock Photos app with Touch ID. That’s where Photego comes in, a new jailbreak tweak that allows you to prevent users from deleting photos, accessing albums, and more via Touch ID. Read More
By Jeff Benjamin on Jan 9, 2015
Looking for a way to tidy up the App Switcher on iOS? Then WhitelistSwitcher may be a jailbreak tweak that appeals to you. As its name alludes to, this tweak allows you to whitelist the specific apps that appear in the App Switcher. Apps that aren’t on the whitelist do not appear in the App Switcher, even if they were recently launched. Read More
By Christian Zibreg on Jan 5, 2015
As of today, brute-forcing your way into your ex’s Apple ID or iCloud account by way of dictionary-based attacks is no longer a viable option.
As reported by James Cook of Business Insider, Apple’s reportedly patched a vulnerability in its iCloud service that determined hackers were able to exploit in order to hack into your Apple ID account.
Even though Apple IDs that employ weak passwords and don’t use Apple’s vaunted two-step verification feature were at greatest risk, we’re most certainly glad that Apple’s moved so swiftly to increase online security of its users. Read More
By Jeff Benjamin on Jan 2, 2015
Have you ever been in a situation where you would like to lock your iPhone in a discrete manner? Perhaps someone has asked to see your iPhone, or they’ve figured out your password, and they want to examine your phone. Obviously, you could just say no, but if you’re the passive aggressive type of person, you could just use PanicLock for iOS 8 instead. Read More
By Christian Zibreg on Jan 2, 2015
Friday, a new attack tool was posted to GitHub that uses brute-force dictionary attacks on iCloud and Apple ID accounts with weak passwords. Using a dictionary list containing more than 500 words, the ‘iDict’ tool pretends to be a legitimate iPhone device trying to log in to iCloud.com. Somehow, it manages to avoid Apple ID lockout restrictions.
People with complex passwords shouldn’t be concerned but those with simple ones based on commonly used words such as pet names are at risk. If you fall in that category, you’re wholeheartedly recommended to change your password and optionally enable two-step verification for your Apple ID.
Seemingly unrelated to ‘iDict’, the Photos web app mysteriously disappeared from the iCloud website this morning. Read More
By Christian Zibreg on Dec 29, 2014
Admittedly, Touch ID has popularized and mainstreamed biometric security on mobile devices using an impression made on a surface by the inner part of the top joint of a finger.
Having debuted on the iPhone 5s, Apple’s in-house sensor built into the Home button is based on a sophisticated technology by Israeli smart sensor maker AuthenTec, which the Cupertino firm snapped up in July of 2012 for a reported $356 million.
However, existing fingerprint-based security solutions could be easily bypassed by generating a fingerprint image from a series of photos of someone’s finger, no physical print necessary whatsoever, according to claims by Chaos Computer Club, Europe’s largest association of hackers.
As relayed by VentureBeat, the hackers have now successfully demonstrated a proof-of-concept by copying the thumbprint of German Defense Minister Ursula von der Leyen.
They used a close-up photograph of von der Leyen’s thumb, obtained during a news conference in October, along with photographs taken from different angles, said Jan Krissler aka “Starbug” at the 31st annual Chaos Computer Club convention in Hamburg, Germany. Read More
By Christian Zibreg on Dec 18, 2014
Moscow-based Elcomsoft, which produces a mobile forensic tool used by law enforcement around the world to gain access to a suspect’s iOS devices, has updated its Phone Breaker application which now makes it easier to bypass Apple’s two-step verification for Apple ID accounts in order to access underlying iCloud data, Engadget reported Thursday.
Not only does this include iWork documents stored in iCloud, but also data in third-party apps such as WhatsApp communications, 1Password password databases — even user dictionaries that may contain secret words and phrases — provided a user has enabled the app in question to sync data with iCloud.
Although hackers still need both your Apple ID username/password and a two-factor code sent to your trusted device (or a digital token stolen from your computer), once they do gain access to your account Phone Breaker can then create a digital token granting them permanent access to iCloud data, no two-step verification code needed — until you change your Apple ID password, that is. Read More
By Christian Zibreg on Dec 9, 2014
Two-step verification protects your Apple ID from unauthorized access when accessing iCloud.com and the Apple ID web interface or when when making an App Store or iTunes purchase from a new device. It’s an additional layer of security which combines something you know (your Apple ID password) with something you have (an iOS device).
Once enabled, it requires that you enter a four-digit code after providing your Apple ID credentials, with the code being pushed to a trusted iOS device.
You will also get a 14-character Recovery Key to regain control of your account should you ever lose access to your trusted devices or forget your password.
So, is your Apple ID protected with two-factor verification or do you still trust your digital life with the good ol’ password in conjunction with security questions? Read More
By Christian Zibreg on Dec 9, 2014
With two-step verification enabled for your Apple ID, you don’t need to create or remember any security questions because your identity is exclusively verified using your password, verification codes sent to your trusted devices and your Recovery Key.
The added layer of security is a tremendous convenience, but with great power comes great responsibility and I can’t stress enough how crucial it is to ensure you never forget where you stored your Recovery Key. As Owen Williams of The Next Web learned the hard way, they’re calling it “Key” for a good reason.
Losing your Recovery Key puts you at risk of being locked out of your Apple ID if Apple’s temporarily disabled it as a security precaution because someone’s tried to hack it.
Apple cannot grant you access back into your Apple ID. This is by design: the system’s been engineered in such a way so that only you can regain access to it. And in order to do that, you absolutely need a Recovery Key.
Here’s what to know about securing your Apple ID with two-step verification. Read More
By Sébastien Page on Dec 9, 2014
Password manager Dashlane introduced today Password Changer, a new feature that allows you to change all your passwords at once, including accounts secured by two-factor authentication. Powered by Dashlane’s recent acquisition of startup PassOmatic came up with the core technology, the feature, that is just entering beta, currently works with about 70 different websites, including Apple, Amazon, Twitter, Facebook, but will open up to more sites in the future. Read More
By Christian Zibreg on Dec 2, 2014
The United States Department of Justice is reportedly pursuing an unusual legal strategy to compel cellphone makers to assist investigations by removing device encryption on iPhones and other mobile devices, according to findings by technology website Ars Technica.
Tapping the All Writs Act, feds want Apple’s help to defeat encrypted phones, as revealed by newly discovered court documents from two federal criminal cases in New York and California. Read More
By Christian Zibreg on Nov 19, 2014
WhatsApp, the most popular instant-messaging platform with more than 600 million users which Facebook snapped up for $16 billions earlier this year, has started to protect data with end-to-end encryption, The Wall Street Journal reports.
For the time being, text messages exchanged between Android users of WhatsApp are being encrypted by default.
It shouldn’t be too long until the company adds encryption to the iOS app and other mobile platforms. Encryption protects users’ communications from governments and hackers alike by making the data unreadable as it travels between servers. Read More