Security

Galaxy S4 cleared for government use, iPhone and iPad to gain approval ‘in the next few weeks’

Christian Zibreg ∙ Updated January 26, 2016

As Samsung and Apple are bringing the smartphone wars to the Pentagon, the Galaxy maker has drawn first blood as its Galaxy S4 flagship smartphone gets cleared for government use ahead of the iPhone. A security approval from the US Department of Defense (DoD) is a major recognition for Samsung and its new Knox security software as the S4 becomes the first Android smartphone to win a DoD approval.

It wasn't immediately clear what's up with the holdup concerning Apple, but the iPhone and iPad devices should get cleared later this month...

Read More

Pentagon set to approve iOS, Samsung devices for secure use

Cody Lee ∙ Updated January 22, 2018

A new report is out this afternoon, claiming the US Department of Defense is going to grant security approvals for Samsung's Galaxy smartphones, as well as Apple's iPhones and iPads running iOS 6 in the coming weeks.

The move is separate from the mobile device implementation plan that the Pentagon announced back in February, and could pave the way for Apple to gain more notable influence in the hard-to-reach government sector...

Read More

Mailbox app security fail exposes your contacts, attachments and email messages

Christian Zibreg ∙ Updated August 26, 2017

Orchestra's Mailbox has quickly become my default iPhone email application. As you know, Mailbox offloads backend email management to the cloud so the thin client running on your device can let you zip through your inbox at a rapid pace while rethinking the workflow with abilities such as snoozing individual messages as if they were reminders and more. So is there anything not to like about Mailbox?

Apparently there is. According to one app developer, a database Mailbox maintains on your device is unsecured, potentially exposing your contacts, attachments and message contents to anyone who has physical access to your device, using just a simple file transfer tool like iExplorer or DiskAid...

Read More

Apple choice of 58% enterprises, Android choice of 97% malware

Ed Sutherland ∙ Updated April 18, 2016

A pair of reports issued yesterday really put the growth of mobile in perspective. Currently, the mobile landscape is dominated by two players - Apple's iOS and Google's Android.

While Apple is increasingly favored by companies big and small, Android has become the go-to vector for mobile malware, it seems.

Attacks involving mobile devices has risen dramatically in the space of just one year, skyrocketing to more than 36,000 instances in 2012, up from only 792 cases, according to a security research firm.

Meanwhile, large companies are adopting Apple devices at a faster clip than Android, according to another report...

Read More

Watch the evad3rs’ Q&A session from HITB 2013

Jeff Benjamin ∙ Updated April 11, 2018

Yesterday we linked you to the slide presentation from the evad3rs' appearance at the HITB 2013 security conference in Amsterdam. Today, we're bringing you video from their Q&A session.

In the video, which comes in at less than half an hour — and can probably be watched faster than it would take you to read their entire slide presentation — the evad3rs talk about exploits (obviously), iOS 6.1.3, Apple, downgrading, and more.

Read More

Two years later, DEA learns the government can’t break into Apple’s iMessage

Christian Zibreg ∙ April 4, 2013

Apple's iMessage platform has gone through its share of teething problems, ranging from issues related to iOS devices continuing to send and receive messages, even after being remotely wiped and having their SIM cards deactivated, to iOS saving deleted iMessage attachments to a recent exploit which involved denial of service attacks leading to a series of spam messages crashing the stock iOS Messages app. Although unpleasant and worrying, these problems are mostly localized.

When it comes to government surveillance, however, iMessage is bullet proof and the agile government, of course, has only recently become aware of this. According to an internal document from the Drug Enforcement Administration (DEA), instant messages exchanged between iOS users through the iMessage platform are "impossible to intercept" due to strong iCloud encryption...

Read More

Apple fixes iForgot security hole that compromised Apple ID passwords

Cody Lee ∙ March 23, 2013

That was fast. Earlier today, Christian told you that a major security hole had been discovered involving Apple's iForgot page that allowed someone to reset your Apple ID password with just your birthdate and email address.

Unsurprisingly, Apple immediately took the password page down after getting word of the vulnerability. And after just a few hours of 'maintenance,' the page is back up and—we're happy to report—once again safe to use...

Read More

How to enable Apple two-step verification

Cody Lee ∙ Updated January 8, 2016

Back in 2013, a Strategy Analytics report came out that showed iCloud as the top cloud media service in the US. People use it to store things like music and videos, but they also use it to store more personal stuff like contacts, photos and other data.

So you can see why users were relieved to hear that Apple beefed up its account security by adding a two-step verification option. And for those having trouble getting it setup, we've put together this easy-to-follow tutorial.

Read More

Major security hole compromises your Apple ID, enable two-step verification now

Christian Zibreg ∙ Updated May 2, 2017

The Verge claims to have discovered a major security hole which allows attackers to reset your Apple ID password using only your email address and date of birth. Yes, you read that right. The scary part is that it doesn't take a genius to harvest these two pieces of information from Google and your social media accounts or by analyzing your online identity per se.

Exploiting the vulnerability basically lets attackers take over your Apple ID account, and with it all your purchases, iTunes credits, email messages, contacts, your Photo Stream and pretty much any personal data residing up in the Apple cloud.

Apple's iForgot page went down "due to maintenance" shortly after the incident, presumably to prevent exploits until Apple plugs the security hole. Conveniently enough, the company just recently rolled out a new (and way overdue) two-step verification process to protect your Apple ID using not only your password, but also by tapping your trusted devices and a recovery key.

With this exploit making the headlines, you should enable two-step verification now (Cody has a timely tutorial on that)...

Read More

Apple bolsters account security with new two-step verification process

Cody Lee ∙ Updated May 2, 2017

It feels like every day we hear a new story about a major internet company like Evernote, Twitter or Facebook getting hacked. And when it happens, user passwords, personal information and uploaded content are all compromised.

With this in mind, it's nice to hear that Apple has given its account security a boost today with a new two-step verification process. The safeguard requires users to verify their identity on a trusted device before making any changes.

Tutorial: How to enable Apple two-step verification 

Read More

iOS 6.1.3 reportedly introduces another Lock screen vulnerability

Christian Zibreg ∙ March 20, 2013

http://www.youtube.com/watch?v=QCGJTuTZf8M

Apple yesterday let iOS 6.1.3 out of the gate, fixing the widely reported Lock screen vulnerability. As you're probably aware, the glitch was first detailed a month ago and lets people with access to your iPhone, iPad or iPod touch easily bypass your passcode and mess with your private data on the device. But as is often the case, new software releases fix old bugs and introduce new ones to be squashed in the future.

A report Wednesday claims an all-new Lock screen vulnerability has been discovered in iOS 6.1.3, one making it easy to - you guessed right - bypass one's passcode and gain access to an unsuspecting user's contacts and photos kept on the device. Luckily, this one can be avoided easily by disabling the Voice Dial feature...

Read More

Security firm says iOS configuration profiles pose malware threat

Cody Lee ∙ Updated April 11, 2018

Last week, Apple's Marketing SVP Phil Schiller tweeted out a link to a mobile malware report that showed Android devices accounted for a staggering 79% of new mobile threats last year, while iOS devices accounted for just 0.7%.

Of course, the fact that he tweeted the link was far more surprising than the report's data. After all, we've known for years that Android is far more susceptible to mobile malware than iOS. Right? Security experts say not so fast...

Read More