By Christian Zibreg on Apr 22, 2014
After pushing iOS 7.1.1 with additional Touch ID improvements and a pair of bug fixes for the iPhone, iPod touch, iPad and Apple TV devices, Apple has now released a minor software update containing security fixes for OS X systems and the Mac’s Safari browser.
Officially titled ‘Security Update 2014-002 1.0′, the download comes in at eighty megabytes and includes patches for Safari vulnerabilities and bug fixes for the rest of OS X.
Apple wholeheartedly recommends this OS X update for all OS X Mavericks users because it improves compatibility, stability and security of your computer. A reboot is required after applying the software… Read More
By Sébastien Page on Apr 18, 2014
We often praise iOS as a very secure platform, and this is mostly true, as many studies have confirmed over the years. But sometimes, it’s not so much the platform that is responsible for the lack of security, it is the user himself.
The perfect illustration of this is when you jailbreak your device. By gaining root access to your iPhone or iPad, you start walking outside of Apple’s walled garden and actually put yourself at risk of having untrusted files installed on your device without your knowledge.
As a jailbreaker myself, I am very well aware of the risks, but I do not mind them because the benefits usually far outweigh the drawbacks, and I assume most jailbreak users feel the same.
This being said, a new malware called Unflod has been targeting jailbroken devices for a few weeks. While there is still a lot we don’t know about Unflod, the little information we have about it is enough to raise concerns… Read More
By Jake Smith on Apr 15, 2014
Apple has entered into the “Smartphone Anti-Theft Voluntary Commitment” with HTC, Motorola, Samsung, and others, to curb the smartphone theft epidemic that has been plaguing many city streets.
Under the voluntary agreement, the manufacturers are planning to add several new security features to their smartphones going on sale after July 2015, to make for an industry standard.
Under the Commitment, manufacturers’ smartphones must: Read More
By Jake Smith on Apr 15, 2014
The fingerprint scanner on Samsung’s flagship Galaxy S5 is suffering from the same security flaw as the fingerprint scanner on the iPhone 5s, creating a bit of a risk for owners.
Germany-based security blog H Security found that using a wood glue mold from the fingerprint already set on the Galaxy S5, someone else could gain unauthorized access to your phone. Given Samsung’s fingerprint scanner tie-ins with the PayPal app, this means not only contacts and photos are up for grabs, but mobile payments, as well. Read More
By Cody Lee on Apr 11, 2014
If you’ve been holding out on purchasing Agile Bits’ popular 1Password app due to price tag, you may want to pay attention. In wake of the nasty Heartbleed bug that has compromised millions and millions of usernames and passwords this week, the developers have decided to discount both Mac and iOS versions of the app by 50%… Read More
By Christian Zibreg on Apr 10, 2014
If you’ve as much as glanced at what’s your inbox lately, chances are you’ve encountered messages in which your favorite apps and services announce emergency password resets in the wake of Heartbleed, a nasty bug that’s attacking millions of websites. And unless you’ve been sleeping under a rock for the past week, you must be aware by now that a shockingly high number of websites are at risk.
The latest security scare stems from a devastating flaw in the OpenSSL software many websites use to authorize login sessions and encrypt and transmit user data. Long story short, the exploit allows attackers to easily scoop up the website’s encryption keys, passwords and user content, prompting tons of emergency password resets by some of the Internet’s most popular services.
But what about your Apple ID? Have the keys to your account in the Apple cloud been compromised? How about iCloud or the App Store? According to an Apple spokesperson, its iOS and OS X platforms are protected against Heartbleed. Do I hear a collective sigh of relief? Read More
By Jeff Benjamin on Mar 31, 2014
MathPass is an interesting new jailbreak tweak that’s perfect for those who are just beginning to learn multiplication, or for those who just want to stay alert and have a little fun doing it. MathPass asks you to answer simple multiplication problems from the Lock screen, with the product being the Passcode that will unlock your device.
For example, MathPass might ask: ten times one is? Your answer would then be 0010. It’s 0010 and not just 10, because you’re required to enter a four digit passcode in order to unlock your device. That’s pretty much the whole gist of MathPass in a nutshell; check out more detail inside. Read More
By Jeff Benjamin on Mar 27, 2014
QuickPass is a recently released jailbreak tweak that allows you to quickly disable the passcode lock on your iOS device using a handy toggle found in the stock Settings app. QuickPass is a great tool when you encounter situations where it would be easier to have no passcode on your device at all.
I find QuickPass useful when reviewing jailbreak tweaks, especially tweaks where I’m required to respring a lot. Have a look inside for a full video walkthrough showcasing how the tweak works. Read More
By Cody Lee on Mar 27, 2014
Russia’s telecoms minister Nikolai Nikiforov told news agencies yesterday that government officials for the country recently traded in their iPads for Samsung tablets. Reporters spotted the new devices at a cabinet meeting, and the minister explained that the changeover was due to security concerns.
“Some of the information at government meetings is confidential in nature,” he said, “and these devices fully meet these demands and have gone through the strictest system of certification.” And the timing of the switch is certainly interesting, considering what’s going on at the Russia/Ukraine border… Read More
By Cody Lee on Mar 19, 2014
According to a new report from security research firm Netcraft, Electronic Arts’ servers have been compromised. Two websites from the video game publisher’s domain have been hacked and are now hosting phishing pages setup to steal Apple ID and credit card information.
It works like this: when a potential victim arrives at one of the pages, they are asked to enter their Apple ID and password. Once completed, they’re taken to a second page which asks for personal details and credit card info, and then redirected to the official Apple ID website… Read More
By Cody Lee on Mar 15, 2014
Google held its Pwnium 4 security competition last week at CanSecWest in Vancouver, Canada. The day-long event ended with hundreds of thousands of dollars being awarded to hackers who demonstrated exploits in Google Chrome. And believe it or not, $150,000 of that went to Geohot.
For those not familiar with the name, Geohot has picked up a number of headlines over the past 7 years. After hacking the iPhone he took his talents to the PS3, where he caused enough chaos to get sued by Sony. And he’s since been spotted at Facebook, iOSDevCamp and various other places… Read More
By Jeff Benjamin on Mar 13, 2014
I have to be honest with you and state that for whatever reason, I’ve never been a big fan of PhotoAlbums+. I’ve never been big on taking photos with my iPhone, and I certainly don’t take photos that I care about hiding from others. That being said, PhotoAlbums+ contains features that jailbreakers should definitely be aware of—features that may help your workflow when it comes to photo management on iOS.
The iOS 7 compatible version of PhotoAlbums+ just recently touched down for both the iPhone and the iPad. Check past the break as we go hands-on in our video walkthrough… Read More
By Christian Zibreg on Mar 12, 2014
We’re pretty big fans of AgileBits‘s 1Password for iOS and OS X (Jeff and myself are converts). But why bother with a third-party app when Apple’s new iCloud Keychain feature in iOS 7 and OS X Mavericks keeps all your website and app passwords, Wi-Fi logins and credit cards synced?
Lots of reasons, mainly because iCloud Keychain won’t sync plenty of personal items like private notes, software serial numbers, bank accounts, passports and what not.
That’s where 1Password comes in handy. First and foremost, 1Password uses a robust architecture to ensure that your private data remains private. Apps to manage passwords usually tend to be cumbersome, but that’s never been the case with 1Password.
The software has been praised for its sleek interface, rich feature set and handy tools like browser extensions and the 1Password mini app which patiently sits in your Mac’s menu bar to make remembering new passwords a hassle-free affair.
AgileBits is now introducing a new edition of 1Password for Mac which further refines the experience of using 1Password mini, the AutoSave feature and item editing. Read on for the full reveal… Read More
By Christian Zibreg on Mar 10, 2014
Following the release of the first major iOS 7.1 software update earlier today, Apple has now updated contents of the support document which outlines security updates for its products with a link to this newly created document describing iOS 7.1 security improvements.
In it, Apple credits prominent members of the jailbreak community such as evad3rs, the team behind the evasi0n jailbreak, as well as Google and others who reported issues and helped contribute toward the security changes within iOS 7.1… Read More
By Jeff Benjamin on Mar 7, 2014
There’s no shortage of Touch ID enabled security tweaks for iOS 7. There’s AppLocker, BioProtect, and my favorite, BioLockdown from Ryan Petrich. So the question is, do we need another entry into what has become an increasingly crowded market? If the team behind the release is a3tweaks, then the answer to that question is an emphatic yes.
Unlike the majority of the other releases in the a3tweaks’ repertoire, Asphaleia is extremely deep with tons of options. Sentry, the tweak’s designer, isn’t known for throwing a bunch of unnecessary features into his work with no purpose in mind. Instead, he reasoned that a security tweak like this made it necessary to have enough options to a). keep it secure, and b). give users the options that they need. It’s a strategy that, for the most part at least, has paid off reasonably well.
If you’re looking for an alternative to any of the aforementioned security tweaks—AppLocker, BioProtect, or BioLockdown—then Asphaleia is a release you should definitely check for upon its impending launch. Have a look at our full 10+ minute video walkthrough, as we break down all that the highly anticipated release has to offer. Read More
By Cody Lee on Mar 6, 2014
Folks who use eBay’s PayPal payment service will be happy to hear that the company updated its iOS client this morning, bringing the app to version 5.4. The update brings about an important new security feature as well as various other improvements.
The new security feature allows you to attach your mobile phone to your PayPal account so that they can be sure it’s you authorizing activity. It does this by linking the phone number(s) of the device(s) you use PayPal on to your 4-digit security PIN code… Read More
By Cody Lee on Mar 5, 2014
Popular encrypted chat app Cryptocat has launched this week for iOS. Originally available as a desktop app and a browser plugin, the app offers strong encryption and secrecy for text conversations, as well as protection from government intrusion thanks to its Swedish nuclear bunker headquarters.
This week’s iOS launch comes after an initial rejection by Apple’s app review team in December. Cryptocat’s founder Nadim Kobeissi called Apple’s reason for rejection ‘illegitimate,’ but it’s obvious someone or something had to give because the app is now available for download in the App Store… Read More
By Christian Zibreg on Feb 27, 2014
In the wake of numerous reports that all point to the same conclusion – that malware infestation is running amok on Android – the Internet giant made an unusually open statement through the mouth of its Android lead, Sundar Pichai, who finally admitted that Android wasn’t built for security.
“If I had a company dedicated to malware, I would also be targetting Android”, Pichai allegedly said to a stunned audience at Mobile World Congress in Barcelona, Spain. When your own platform lead starts making such frank statements about Android security, it’s high time you considered taking these security reports at face value… Read More
By Christian Zibreg on Feb 26, 2014
We know quite a lot about the iPhone 5s’s fingerprint scanner, Touch ID. The advanced sensor works seamlessly and learns more about your prints over time so it continues to expand your fingerprint map as additional overlapping nodes are identified with each use.
It can match prints in any orientation, unless your fingers are greasy or wet, or there’s some dirt or debris on the Home button. There’s a 1 in 50,000 chance of a successful random match with someone else’s print, which is much better than the 1 in 10,000 odds of guessing a typical four-digit passcode.
The Touch ID sensor doesn’t store actual fingerprint images and instead creates an encrypted profile of your print and stores it on a module on the A7 processor called the Secure Enclave that’s walled off from the rest of the system.
After five unsuccessful fingerprint match attempts, or after every restart, the system asks for your passcode so that hackers can’t stall for time. These are pretty much key pieces of information on Touch ID that was made public since its inception.
Today, Apple updated its iOS Security white paper [PDF download] with a few previously unknown specifics relating to how Touch ID works side by side with the A7 chip and its Secure Enclave portion to detect a fingerprint match in a highly secure manner. The document also details other security safeguards Apple put in place to prevent tampering with fingerprint data… Read More