Privacy

Proof-of-concept charger can install malware on iDevices in less than 60 seconds

Christian Zibreg ∙ June 3, 2013

Unlike the malware-infested Android, Apple's mobile platform is mostly malware-free. Little wonder that Apple prides itself with reviewing apps "to guard against malware" while asserting that other mobile platforms pose a "security risk".

But what if malicious users could hack your iPhone via a specially built charger - and in less than a minute? That's exactly what three researchers at the Georgia Institute of Technology claim is possible as they prep to show off a proof-of-concept charger which can be used to invisibly install malware on non-jailbroken iOS devices...

Read More

How to step up your Evernote account security with two-step verification

Christian Zibreg ∙ May 30, 2013

Following in the footsteps of Twitter, Apple, Dropbox, Google and others who recently ramped up security by rolling out two-step account verification, the note-taking platform Evernote today announced similar security features. Small wonder, given recent security exploits which prompted Evernote to issue a password reset across the board.

In a nutshell, two-step authentication makes your notes more secure by requiring a verification code sent to your phone whenever you’re asked to provide your username and password.

This will usually happen when logging into the web interface or installing Evernote apps on a new device, such as your iPhone, iPad or Mac. Additionally, Evernote is also launching Access History and Authorized Applications features. I've included more information right after the break...

Read More

‘Login with Amazon’ launches on iOS and Android

Christian Zibreg ∙ Updated October 12, 2018

The online retail giant Amazon today launched a new sign-in service and an accompanying software development kit (SDK) for both Android and iOS app developers. The feature allows programmers to write apps letting folks login to apps, games, and web sites using their Amazon.com credentials. The Amazon sign-in taps the over 200 million active accounts hosted by "one of the most reputable companies in the United States," as the promo clip puts it...

Read More

Huge 1Password update brings lots of changes

Christian Zibreg ∙ May 13, 2013

1Password is something of a hit with some members of the iDB team. Though I can obviously speak for myself only, I happen to know Jeff is a fan so it goes without saying we're both pretty excited about today's update.

The new 1Password version 4.2, now available as a free download to registered users, comes with a whole bunch of changes. For starters, it's got an optimized in-app web browser that on iPad includes the Strong Password Generator capability.

The improved browser can automatically submit passwords after using AutoFill for login items and now also recognizes a URL in the clipboard and offers to open it for you. That's just scratching the surface, go past the fold for the full changelog...

Read More

German court says Apple’s customer data-sharing policies violate privacy laws

Cody Lee ∙ May 7, 2013

While Apple has been praised for its security efforts in iOS, it does not get the same applause for its privacy policies. The company is currently involved in a US-based lawsuit over its information-sharing practices, and today, a German court ruled against it.

This morning, the Berlin Regional Court in Germany ruled that Apple's sharing of customer data violates its privacy laws. It said that Apple cannot request "global consent" for use of a customer’s data without telling them where and how the data will be used...

Read More

CEO defends against Path spamming allegations

Christian Zibreg ∙ Updated March 19, 2019

The Path controversy just wouldn't die down. Last week, the private social network has gotten itself in hot water (again) by spamming users’ address book contacts with unwanted robocalls and texts, sometimes even after they uninstalled the software from their devices.

It's a feature rather than a bug, but Path’s poorly designed sign-up process tricked unsuspecting users - the types who don't read on-screen prompts carefully - into inadvertently mass-inviting their friends to Path.

And because Path taps extra carrier services, text messages would get turned to landlines into phone calls. None of this seems to aggravate Path CEO Dave Morin, who is a former Facebook employee.

He insisted Monday that Path does not spam users and argued his service never sent mass communication without your consent. "Any allegations to the contrary are false,” Morin said...

Read More

Path updated with enhanced privacy features and more

Cody Lee ∙ Updated November 12, 2018

Attention Path users: the personal social network has just released a new version of its iOS app. The update brings the application to version 3.0.4, and includes enhanced privacy features, as well as other improvements and bug fixes.

The fact that it includes new privacy tools is particularly interesting, given that Path spent most of this past week dealing with privacy concerns after a user accused its app of 'erroneously' sending text messages to all of his contacts...

Read More

Trust Twitter and Google, not Apple, to protect you from government data demands

Christian Zibreg ∙ May 1, 2013

Well, this is certainly noteworthy. According to the third annual report by the Electronic Frontier Foundation (EFF) titled "Who Has Your Back?", gadget giant Apple along with carriers AT&T and Verizon, Google's rival Yahoo and the forgotten social network MySpace all are very likely to give in to Uncle Sam's data demands.

Specifically, Apple and Yahoo scored one out of six possible stars, with Verizon and Yahoo rather ingloriously earning zero stars each. These companies' weak safeguard implementation does little to circumvent data demands and protect your private information from the government's prying eyes.

Whereas Apple and Yahoo only fight for users' privacy rights in Congress, companies like Google, LinkedIn, Microsoft and Dropbox go to great lengths to ensure privacy of your data, earning four out of six stars each...

Read More

Mailbox app security fail exposes your contacts, attachments and email messages

Christian Zibreg ∙ Updated August 26, 2017

Orchestra's Mailbox has quickly become my default iPhone email application. As you know, Mailbox offloads backend email management to the cloud so the thin client running on your device can let you zip through your inbox at a rapid pace while rethinking the workflow with abilities such as snoozing individual messages as if they were reminders and more. So is there anything not to like about Mailbox?

Apparently there is. According to one app developer, a database Mailbox maintains on your device is unsecured, potentially exposing your contacts, attachments and message contents to anyone who has physical access to your device, using just a simple file transfer tool like iExplorer or DiskAid...

Read More

Apple confirms Siri remembers your data for two years

Christian Zibreg ∙ April 19, 2013

Apple has finally disclosed how long Siri keeps your personalized data collected and stored on its servers whenever you pick up your iPhone and ask her a question. In a new report published Friday, an Apple representative was quoted confirming the company keeps Siri data stored in the  cloud for two years.

Watchers often express concern over digital voice assistants such as Siri because they store users' voice clips, opening door to a potential privacy nightmare should this private data ever be compromised. Apple on its part argues it stores anonymized data, and for two years only. Other companies that collect data from users, such as the Internet giant Google and industries like telecommunications, have similar data retention policies in place...

Read More

Major security hole compromises your Apple ID, enable two-step verification now

Christian Zibreg ∙ Updated May 2, 2017

The Verge claims to have discovered a major security hole which allows attackers to reset your Apple ID password using only your email address and date of birth. Yes, you read that right. The scary part is that it doesn't take a genius to harvest these two pieces of information from Google and your social media accounts or by analyzing your online identity per se.

Exploiting the vulnerability basically lets attackers take over your Apple ID account, and with it all your purchases, iTunes credits, email messages, contacts, your Photo Stream and pretty much any personal data residing up in the Apple cloud.

Apple's iForgot page went down "due to maintenance" shortly after the incident, presumably to prevent exploits until Apple plugs the security hole. Conveniently enough, the company just recently rolled out a new (and way overdue) two-step verification process to protect your Apple ID using not only your password, but also by tapping your trusted devices and a recovery key.

With this exploit making the headlines, you should enable two-step verification now (Cody has a timely tutorial on that)...

Read More

iOS 6.1.3 reportedly introduces another Lock screen vulnerability

Christian Zibreg ∙ March 20, 2013

http://www.youtube.com/watch?v=QCGJTuTZf8M

Apple yesterday let iOS 6.1.3 out of the gate, fixing the widely reported Lock screen vulnerability. As you're probably aware, the glitch was first detailed a month ago and lets people with access to your iPhone, iPad or iPod touch easily bypass your passcode and mess with your private data on the device. But as is often the case, new software releases fix old bugs and introduce new ones to be squashed in the future.

A report Wednesday claims an all-new Lock screen vulnerability has been discovered in iOS 6.1.3, one making it easy to - you guessed right - bypass one's passcode and gain access to an unsuspecting user's contacts and photos kept on the device. Luckily, this one can be avoided easily by disabling the Voice Dial feature...

Read More