Privacy

Apple suspends Apple ID password resets over the phone

Christian Zibreg ∙ August 8, 2012

You've no doubt heard about a scandalous security oversight which has enabled hackers to break into former Gizmodo writer Mat Honan's iCloud account to remotely wipe his MacBook Air, iPhone and iPad. He was easily hacked because Amazon used to publish the last four digit of users' credit card on the web, which happens to be exactly what Apple's customer support reps need to reset one's Apple ID password over the phone (in addition to your name and billing address).

Reacting to the security outbreak, Amazon has stepped up its battle to prevent this kind of social engineering. The online retailer on Monday closed a privacy hole that could allow anyone to access to Amazon accounts over the phone using just a name, email address and mailing address.

Amazon also promised to no longer allow adding new credit cards to accounts over the phone. Today, Apple reportedly sent a notice to its support staff, temporarily halting Apple ID password resets over the phone...

Apple to present at Black Hat Security Conference for the first time

Christian Zibreg ∙ Updated January 25, 2016

Black Hat Security Conference is underway at Ceasar's Palace in Las Vegas and Apple is planning to present for the first time in the event's fifteen-year history. Warming up to hackers, the iPhone maker dispatched Dallas De Atley, its Manager of the Platform Security team, to talk iOS security.

According to the conference agenda, De Atley will "discuss key security technologies in iOS" as "Apple designed the iOS platform with security at its core". Apple's decision to take part in the conference coincides with a few security breaches in its mobile and desktop operating systems that routinely make headlines in the press.

Some of the recent examples include the widely reported IAP exploit and Mac malware that prompted Apple to step up its game with the new Gatekeeper feature in OS X Mountain Lion, designed to only allow for approved, signed apps from the Mac App Store...

Russian hacker admits defeat in IAP breach

Christian Zibreg ∙ Updated January 29, 2016

Alexey V. Borodin, the Russian hacker who made headlines with a tool which lets anyone steal extra content in apps, no jailbreak required, is admitting defeat following Apple's announcement that the in-app purchasing (IAP) exploit will be fixed in the shipping version of iOS 6 this fall.

In an unprecedented move, Apple gave developers access to a pair of private APIs in iOS, a temporary solution that effectively bypasses the hack. Borodin just publicly acknowledged that currently there is no way to circumvent Apple's band-aid fix in apps updated to take advantage of the private APIs...

Apple pulls Clueful privacy app from the App Store

Cody Lee ∙ July 20, 2012

It's not uncommon for Apple to pull applications from its App Store without word or warning. Let's just say the company doesn't take security on its mobile platform lightly.

Typically, the removals are warranted. The apps are either malicious, violate copyright laws or other App Store guidelines. But with titles like Clueful, it's not so cut and dry...

Apple starts blocking Russian servers that authenticate in-app content for free

Christian Zibreg ∙ July 16, 2012

Making good on its promise, Apple has started to block Russian servers which authenticate paid in-app content for free, The Next Web reports. The company is blocking IP addresses that host the rogue in-appstore.com domain by issuing takedown notices to hosting companies. PayPal has also intervened to block a private account through which donations had been collected, citing violation of its terms of service.

Despite this, hacker Alexey V. Borodin, the brains behind this controversial method, has already moved the servers to another country in an attempt to evade Apple’s legal requests...

Google to pay $22.5M fine in Safari privacy debacle settlement

Christian Zibreg ∙ Updated April 4, 2018

Remember when Google was caught with its hands in the jar, overriding privacy settings of both desktop and iOS Safari users' privacy settings in order to better track their web browsing activity? The issue snowballed into a privacy scandal as the U.S. Federal Trade Commission (FTC) said in April it would investigate the practice. The Wall Street Journal reports this morning that the FTC and the search Goliath are now close to finalizing a settlement that will see Google pony up a whopping $22.5 million to settle the privacy issue, FTC's largest ever fine...

iOS 6 brings brand new privacy settings you can’t miss

IDB Staff ∙ June 11, 2012

You might remember the privacy fiasco that started earlier this year when it was discovered that Path was uploading your whole address book to its servers. Of course, Path wasn't the only app to do that, but it was the first to get the backlash that followed, forcing Apple to slightly change what the company requires app developer to do with your data and how they notify you.

Because privacy is such a hot topic these days, Apple has gone the extra mile in the beta release of iOS 6, giving "privacy" its very own tab inside the Settings app...

LinkedIn privacy scare: 6.5M passwords leak, iOS app scraps meeting notes

Christian Zibreg ∙ June 6, 2012

Today's a bad, bad day for LinkedIn and a field day for privacy advocates around the world as someone has just managed to leak over 6.5 million hashed and encrypted LinkedIn passwords on a Russian hacker forum.

What are you waiting for, change your LinkedIn password now!

On top of that, the LinkedIn for iOS app, which was recently updated with iPad support, has an opt-in feature that lets you synchronize your iOS calendar to view upcoming events inside the app.

But similar to the unauthorized Path address book access, this feature sends your meeting notes to LinkedIn's servers without you ever knowing it...

IBM bans the use of Siri on its network over data privacy fears

Cody Lee ∙ May 23, 2012

Have you ever wondered what happens to your conversations with Siri? Obviously your queries are sent over the internet to Apple's servers for processing, but what then? Does Apple store these conversations? Does anyone have access to them?

These questions seem to be heavy on the mind of IBM's Jeanette Horan, as the CIO recently told MIT's Technology Review that her company has banned Siri from their network over fears that the assistant could be logging sensitive information...

Surf the web in total privacy with Onion Browser

Cody Lee ∙ April 27, 2012

If a person wanted to browse the web discreetly on their iOS device, there are a number of ways to do so. For starters, there is the native 'Private Browsing' function in mobile Safari. And there dozens of third-party browsers available with similar features.

But if a person wanted to browse the web in an untraceable, highly-secure, super-stealth manner, they might have to turn to an app like Onion Browser. The software allows you to encrypt, block, and spoof your way to total anonymity on the web...

FTC looking to fine Google for bypassing Safari users’ privacy

Christian Zibreg ∙ April 17, 2012

Following a report that claimed Google had been overriding Safari users' privacy settings to set tracking code in order to collect web browsing habits, a newspaper story this morning asserts that the U.S. Federal Trade Commission (FTC) is taking a long, hard look at the search giant's practice.

The FTC is said to be “deep into an investigation” of Google’s tactics of bypassing Apple’s security settings on both the desktop and iOS versions of Safari.

Apparently, they are looking to fine Google and the financial sanctions could be "sizable", according to the obligatory people familiar with the matter.

Apple called back to Congress to discuss privacy concerns

Jake Smith ∙ March 14, 2012

The United States Congress is set to give Apple another look. AllThingsD reports that Congress has sent a letter to Apple's CEO Tim Cook requesting he sends a company representative to the Capitol to brief Congress on how Apple is protecting its users personal information on mobile devices.

While Apple was called to congress in February, this time around it's about the issue of apps being able to view customers' photos, location data, and more without their permission...