Security

iOS devices could gain NFC and fingerprint sensors from AuthenTec

Christian Zibreg ∙ Updated January 25, 2016

Apple's unexpected $356 million acquisition of mobile security and smart sensors experts AuthenTec was finalized with an unusual urgency as the transaction will likely result in future iOS devices getting advanced built-in fingerprint and NFC sensors. Furthermore, it would seem Apple's offer to AuthenTec even included an IP agreement giving Apple rights to use AuthenTec's patents on an exclusive basis and even license them out to third-parties...

MIT says iPhone has crossed a significant threshold in security

Cody Lee ∙ August 13, 2012

The iPhone hasn't always been known for its security. In fact, when the handset first launched back in 2007, hackers could gain root access to the device through simple application exploits.

But it fixed that particular bug in early 2008, and has since then spent a lot of time and resources on beefing up its iOS security. And MIT says that the extra effort is paying off...

Apple suspends Apple ID password resets over the phone

Christian Zibreg ∙ August 8, 2012

You've no doubt heard about a scandalous security oversight which has enabled hackers to break into former Gizmodo writer Mat Honan's iCloud account to remotely wipe his MacBook Air, iPhone and iPad. He was easily hacked because Amazon used to publish the last four digit of users' credit card on the web, which happens to be exactly what Apple's customer support reps need to reset one's Apple ID password over the phone (in addition to your name and billing address).

Reacting to the security outbreak, Amazon has stepped up its battle to prevent this kind of social engineering. The online retailer on Monday closed a privacy hole that could allow anyone to access to Amazon accounts over the phone using just a name, email address and mailing address.

Amazon also promised to no longer allow adding new credit cards to accounts over the phone. Today, Apple reportedly sent a notice to its support staff, temporarily halting Apple ID password resets over the phone...

Apple gave hackers access to user’s iCloud account

Cody Lee ∙ Updated April 18, 2016

As we continue to upload more and more of our lives to the web, the dangers of being hacked multiply. Our credit card numbers, our home addresses — they're all there for the taking. That's why so many security experts preach using a complicated password.

But sometimes, using a strong password isn't enough. Just ask former Gizmodo writer Mat Honan. Mat's world was turned upside down this weekend when a hacker gained access to his iCloud account, wiping his Mac, iPhone and iPad, thanks to Apple...

Apple’s AuthenTec purchase indicates an e-wallet fingerprint service

Christian Zibreg ∙ Updated January 25, 2016

Apple's $356 million acquisition of mobile security firm AuthenTec (already under investigation, by the way) has been already deemed by one analyst as a move meant to bolster security of iOS devices in enterprise. Now another analysts chimes in with speculation that the transaction, still pending approval, will probably help Apple create a mobile payment system around future iOS devices built around an e-wallet fingerprint service...

Analyst: Apple bought AuthenTec for enterprise security

Christian Zibreg ∙ Updated January 25, 2016

The news that Apple bought AuthenTec for $356 million is making rounds today, leading many to speculate that AuthenTec's technology will help turn into reality Apple's patented and yet unreleased iWallet and iTravel mobile apps that rely on NFC technology.

One analyst has a different take, saying Apple simply snapped up the NFC and smart sensors maker to keep it from falling into Samsung's hands, potentially making Galaxy tablets and smartphones more appealing to enterprise customers who above anything demand strong security...

Relying on Apple for security could be developers’ biggest mistake

Christian Zibreg ∙ Updated January 25, 2016

When it comes to security, Apple has gone to great lengths to make its iOS platform much less prone to exploits and has engineered measures such as sandboxed environment, protected app space and even encrypting every single file created on the iPhone with its own encryption key wrapped in the user’s passcode.

But developers have become increasingly reliant on Apple for app security and as a result security has now become an afterthought for many app developers. That's why security experts attending the Black Hat cybersecurity conference in Las Vegas think developers should take matters in their own hands and add more security above Apple's baked-in protections...

Apple snaps up NFC and smart sensors maker AuthenTec for $356 million

Christian Zibreg ∙ Updated November 20, 2017

Apple has made an interesting acquisition, snapping up smart sensors maker AuthenTec in a transaction valued at $356 million, Reuters reported Friday. AuthenTec makes fingerprint sensor chips used in personal computers.

What's more, its swipe sensors can read the live layer beneath the skin's surface and comply with strict government standards. They also produce chips that utilize near-field communication (NFC) technology which is said to be a part of this fall's iPhone hardware refresh...

Apple to present at Black Hat Security Conference for the first time

Christian Zibreg ∙ Updated January 25, 2016

Black Hat Security Conference is underway at Ceasar's Palace in Las Vegas and Apple is planning to present for the first time in the event's fifteen-year history. Warming up to hackers, the iPhone maker dispatched Dallas De Atley, its Manager of the Platform Security team, to talk iOS security.

According to the conference agenda, De Atley will "discuss key security technologies in iOS" as "Apple designed the iOS platform with security at its core". Apple's decision to take part in the conference coincides with a few security breaches in its mobile and desktop operating systems that routinely make headlines in the press.

Some of the recent examples include the widely reported IAP exploit and Mac malware that prompted Apple to step up its game with the new Gatekeeper feature in OS X Mountain Lion, designed to only allow for approved, signed apps from the Mac App Store...

Russian hacker admits defeat in IAP breach

Christian Zibreg ∙ Updated January 29, 2016

Alexey V. Borodin, the Russian hacker who made headlines with a tool which lets anyone steal extra content in apps, no jailbreak required, is admitting defeat following Apple's announcement that the in-app purchasing (IAP) exploit will be fixed in the shipping version of iOS 6 this fall.

In an unprecedented move, Apple gave developers access to a pair of private APIs in iOS, a temporary solution that effectively bypasses the hack. Borodin just publicly acknowledged that currently there is no way to circumvent Apple's band-aid fix in apps updated to take advantage of the private APIs...

Apple pulls Clueful privacy app from the App Store

Cody Lee ∙ July 20, 2012

It's not uncommon for Apple to pull applications from its App Store without word or warning. Let's just say the company doesn't take security on its mobile platform lightly.

Typically, the removals are warranted. The apps are either malicious, violate copyright laws or other App Store guidelines. But with titles like Clueful, it's not so cut and dry...

Is Apple stepping up fight against IAP exploit with UDIDs?

Christian Zibreg ∙ Updated April 15, 2024

A flaw in the in-app purchasing mechanism in iOS that a Russian hacker exposed last week by leveraging a proxy server which enabled $30,000+ in sales of extra content may soon become a thing of the past as Apple is reportedly looking to contain the exploit by issuing a unique identifier in validation receipts.

This identifier apparently includes the Unique Device Identifier (UDID) for the device making the in-app purchase. The development is indicative remembering that the company recently began rejecting third-party apps over use of UDIDs. Apple was also thought to be readying tools for developers to let apps figure out users without resorting to UDIDs...