By Jeff Benjamin on Mar 7, 2014
There’s no shortage of Touch ID enabled security tweaks for iOS 7. There’s AppLocker, BioProtect, and my favorite, BioLockdown from Ryan Petrich. So the question is, do we need another entry into what has become an increasingly crowded market? If the team behind the release is a3tweaks, then the answer to that question is an emphatic yes.
Unlike the majority of the other releases in the a3tweaks’ repertoire, Asphaleia is extremely deep with tons of options. Sentry, the tweak’s designer, isn’t known for throwing a bunch of unnecessary features into his work with no purpose in mind. Instead, he reasoned that a security tweak like this made it necessary to have enough options to a). keep it secure, and b). give users the options that they need. It’s a strategy that, for the most part at least, has paid off reasonably well.
If you’re looking for an alternative to any of the aforementioned security tweaks—AppLocker, BioProtect, or BioLockdown—then Asphaleia is a release you should definitely check for upon its impending launch. Have a look at our full 10+ minute video walkthrough, as we break down all that the highly anticipated release has to offer. Read More
By Cody Lee on Mar 6, 2014
Folks who use eBay’s PayPal payment service will be happy to hear that the company updated its iOS client this morning, bringing the app to version 5.4. The update brings about an important new security feature as well as various other improvements.
The new security feature allows you to attach your mobile phone to your PayPal account so that they can be sure it’s you authorizing activity. It does this by linking the phone number(s) of the device(s) you use PayPal on to your 4-digit security PIN code… Read More
By Cody Lee on Mar 5, 2014
Popular encrypted chat app Cryptocat has launched this week for iOS. Originally available as a desktop app and a browser plugin, the app offers strong encryption and secrecy for text conversations, as well as protection from government intrusion thanks to its Swedish nuclear bunker headquarters.
This week’s iOS launch comes after an initial rejection by Apple’s app review team in December. Cryptocat’s founder Nadim Kobeissi called Apple’s reason for rejection ‘illegitimate,’ but it’s obvious someone or something had to give because the app is now available for download in the App Store… Read More
By Christian Zibreg on Feb 27, 2014
In the wake of numerous reports that all point to the same conclusion – that malware infestation is running amok on Android – the Internet giant made an unusually open statement through the mouth of its Android lead, Sundar Pichai, who finally admitted that Android wasn’t built for security.
“If I had a company dedicated to malware, I would also be targetting Android”, Pichai allegedly said to a stunned audience at Mobile World Congress in Barcelona, Spain. When your own platform lead starts making such frank statements about Android security, it’s high time you considered taking these security reports at face value… Read More
By Christian Zibreg on Feb 26, 2014
We know quite a lot about the iPhone 5s’s fingerprint scanner, Touch ID. The advanced sensor works seamlessly and learns more about your prints over time so it continues to expand your fingerprint map as additional overlapping nodes are identified with each use.
It can match prints in any orientation, unless your fingers are greasy or wet, or there’s some dirt or debris on the Home button. There’s a 1 in 50,000 chance of a successful random match with someone else’s print, which is much better than the 1 in 10,000 odds of guessing a typical four-digit passcode.
The Touch ID sensor doesn’t store actual fingerprint images and instead creates an encrypted profile of your print and stores it on a module on the A7 processor called the Secure Enclave that’s walled off from the rest of the system.
After five unsuccessful fingerprint match attempts, or after every restart, the system asks for your passcode so that hackers can’t stall for time. These are pretty much key pieces of information on Touch ID that was made public since its inception.
Today, Apple updated its iOS Security white paper [PDF download] with a few previously unknown specifics relating to how Touch ID works side by side with the A7 chip and its Secure Enclave portion to detect a fingerprint match in a highly secure manner. The document also details other security safeguards Apple put in place to prevent tampering with fingerprint data… Read More
By Christian Zibreg on Feb 26, 2014
Now that Apple has fixed that nasty SSL bug across iOS devices, Macs and the Apple TV, the question arises as to how many active iPhone, iPod touch and iPad users are safe by running the latest iOS 7.0.6 software, which patches the dangerous vulnerability.
According to a new survey by Chitika, in 48 hours about 13.3 percent of North American users were on iOS 7.0.6. “More than two full days since Apple pushed the fix live, 13.3 percent of iOS traffic is driven by the latest update,” the firm wrote.
Apple traditionally sees the strongest firmware adoption of any mobile platform because software updates are not dependent on carriers’ good will and on-device alerts prompt users when a software update goes live, so the adoption rate should increase exponentially in the coming days and weeks… Read More
By Christian Zibreg on Feb 25, 2014
The nasty SSL bug was found in iOS last week that opens the door to a dangerous man-in-the-middle attack which makes it easy for attackers to intercept communications and steal sensitive info like usernames, passwords and even credit card numbers, by posing as a trusted website.
Apple quickly squashed the dangerous bug with the release of iOS 7.0.6. If you’re jailbroken, you can patch the SSL exploit without updating to iOS 7.0.6 (here’s how).
Unfortunately, Apple hasn’t yet issued an urgent OS X fix for the exploit, meaning Mac users are left out in the cold and at risk of having their personal information and passwords hijacked.
One security researcher from New Zealand has now confirmed that the vulnerability is more dangerous than previously thought: virtually all encrypted traffic to be intercepted, including iCloud data, Keychain enrollment, certificate from apps like Twitter and more… Read More
By Cody Lee on Feb 25, 2014
While the dust is far from settled on the nasty SSL bug found in iOS last week, a new security flaw in the mobile OS has been brought to light. The new flaw makes it possible for attackers to covertly log every touch a user makes, including keyboard and Touch ID presses.
Researchers at security firm FireEye made the discovery, saying in a blog post that the gap exists within iOS’ multitasking feature that allows for the background monitoring, and it can be exploited via a malicious app install or remotely via a separate app vulnerability… Read More
By Cody Lee on Feb 24, 2014
By now you’ve probably already heard about the SSL bug that was discovered in iOS and OS X. Apple pushed an iOS update out on Friday to fix it, and it didn’t sound like a big deal at the time, but we have since learned that it is an extremely serious security flaw.
The flaw leaves Apple devices open to what’s called a man-in-the-middle attack, in where a malicious program poses as a trusted website to intercept communications or inject malware. And its existence has fueled conspiracy theories about Apple and the NSA… Read More
By Cody Lee on Feb 22, 2014
When we told you that Apple had released iOS 7.0.6 to the public yesterday, all we really knew about the update was that it fixed an SSL connection verification issue. We didn’t know it at the time, but it turns out that this was actually a major security flaw in iOS 7.
In a support document, Apple noted that the patch repaired a specific vulnerability that could allow an attacker with a “privileged network position” to capture or modify data protected by SSL/TLS. In other words, iOS was vulnerable to a ‘man-in-the-middle attack.’ Read More
By Christian Zibreg on Feb 20, 2014
Following a flurry of reports which criticized various security holes allowing hackers to break into people’s Apple ID accounts, Apple in March of 2013 finally stepped up account security by rolling out two-step verification for Apple IDs in the United States, United Kingdom, Australia, Ireland and New Zealand.
Two months later, the feature launched in nearly a dozen additional countries: Austria, Argentina, Belgium, Brazil, Mexico, Netherlands, Pakistan, Poland and Russia.
And now, as part of the third wave of expansion, the firm is enabling stronger account security for Apple ID users located in Canada, France, Germany, Japan, Italy and Spain… Read More
By Christian Zibreg on Feb 18, 2014
Apple paid big bucks to acquire AuthenTec, the world’s leading maker of fingerprint sensors. Following the $356 million deal, it took Apple’s teams an additional year or so to apply AuthenTec’s technology to Touch ID. An in-house project, Touch ID has rethought what fingerprint scanning on mobile devices should be like, resulting in a seamless and integrated solution that, in Apple’s parlance, “just works”.
That’s not saying Touch ID isn’t without pitfalls.
Apple cautions that fingerprint scanning doesn’t work well with greasy or wet fingers and there are reports of old people’s prints not being recognized properly as a result of a few decades worth of scarring and general wear and tear.
Despite rumors that Samsung’s upcoming Galaxy S5 would feature iris scanning, KGI Research analysts instead pointed to a fingerprint sensor.
And now a publication called SamMobile says it’s been able to confirm with a Samsung source that the feature will work by swiping one’s finger over the handset’s redesigned Home button. It would let users unlock the device by swiping and remember website passwords, the latter not (yet) being supported by Touch ID… Read More
By Jeff Benjamin on Feb 13, 2014
Have you ever wanted to use your Lock screen passcode for more than just unlocking your iPhone? If so, then boy, do I have a jailbreak tweak for you.
PassDial is a brand new tweak that allows you to assign a speed-dial number to a passcode of your choice. For example, I can assign the passcode ’1-2-1-2′ to phone number 1-888-888-8000, and any time I enter that specific passcode, the number assigned will be dialed.
We’ve created a hands-on video to show you how PassDial works in action. Take a look inside to see what this jailbreak tweak is all about. Read More
By Joe Rossignol on Feb 8, 2014
While setting a passcode on your iPhone, iPad or iPod touch can go a long way towards improving the security of your device, it is meaningless in situations where it is already unlocked and an invasive family member decides to read through your Messages history or tamper with your ongoing Candy Crush Saga game.
Fortunately, a myriad of jailbreak tweaks have been released over the years that password protect apps on iOS devices. iAppLock stands as one of the first candidates to be updated with support for iOS 7 or later, and it has some useful features. Read ahead for a complete rundown… Read More
By Cody Lee on Feb 8, 2014
The New York Times is reporting that California State Senator Mark Leno plans to introduce a bill that would require all cell phones sold in the state to include antitheft technology. He hopes to curb smartphone thefts—a major problem in larger cities.
The bill is being co-sponsored by San Francisco DA George Gascón, which isn’t surprising considering he’s long been pushing for Apple and other manufacturers to build ‘kill switches’ in their devices. And if it passes, it could go into effect as early as next year… Read More
By Cody Lee on Feb 7, 2014
According to a new report from cyber security researcher Jamie Sanchez, the Snapchat app contains a vulnerability that makes it possible for hackers to launch a denial-of-service (DoS) attack that can temporarily freezes a user’s iPhone.
Sanchez and a fellow research discovered a flaw in the app’s system that allows a hacker to send thousands of messages to a Snapchat user in seconds, which can cause crashes. And often times, these crashes can only be fixed with a reset… Read More
By Cody Lee on Feb 6, 2014
A major flaw has been discovered in iOS 7 that seemingly allows users to disable the important ‘Find My iPhone’ feature on a device without typing in the typically-required password. Turning off the feature on a stolen device makes it invisible to Apple’s location service.
And what’s worse is, the flaw isn’t difficult to exploit. The bug can be reproduced on any device [that we've seen] running iOS 7.0.4 by following a few simple steps that involve making changes in the iCloud section of the Settings app and entering in a dummy password… Read More
By Jeff Benjamin on Feb 3, 2014
TimePasscode is a new jailbreak tweak that lets you use your device’s current time as a passcode to unlock your device. Spurred on by a Reddit request, developer Steve Hetelekides has created a tweak that allows you to have a different passcode with every passing minute.
If you’re looking for a way to spice things up on the Lock screen from a security standpoint, then this might be the tweak for you. Have a look inside as we demonstrate how TimePasscode works on video. Read More
By Jeff Benjamin on Feb 3, 2014
Mesalation is brand new jailbreak tweak from developer r_plus that allows you to get back the passcode grace period list when using Touch ID. Enabling Touch ID on the iPhone 5s forces iOS to require a passcode immediately and there are no options otherwise.
If you’re someone who likes to use Touch ID, but don’t necessarily like the idea of having to verify every time your device is locked, Mesalation is the jailbreak tweak for you. Have a look at our walkthrough inside for more details on how the tweak works. Read More