Security

Apple starts blocking Russian servers that authenticate in-app content for free

Christian Zibreg ∙ July 16, 2012

Making good on its promise, Apple has started to block Russian servers which authenticate paid in-app content for free, The Next Web reports. The company is blocking IP addresses that host the rogue in-appstore.com domain by issuing takedown notices to hosting companies. PayPal has also intervened to block a private account through which donations had been collected, citing violation of its terms of service.

Despite this, hacker Alexey V. Borodin, the brains behind this controversial method, has already moved the servers to another country in an attempt to evade Apple’s legal requests...

Read More

Russian hacker cracks iOS in-app purchasing, no jailbreak required

Christian Zibreg ∙ Updated July 18, 2012

iOS in-app purchasing mechanism which lets you buy digital items in games, upgrade to full versions of apps and purchase additional content, has been cracked by a savvy Russian hacker who posted a proof of concept video, embedded below.

First noticed by Russian blog i-ekb.ru (via 9to5Mac), the hack is credited to Russian developer ZonD80 who runs the conveniently named In-AppStore.com website where he collects donations to support development of the project.

What's special about this method - and potentially devastating to the development community - is that it doesn't require a jailbreak and can be completed in a few simple steps by even the most inexperienced users. UPDATE: contrary to reports that Apple took the proxy site down, developer confirms it's simply under high load and says the info site is being moved to Blogger.

Read More

Malicious spam app discovered in the App Store [updated]

Cody Lee ∙ July 5, 2012

Apple has had a fairly spotless record thus far regarding iOS security. There hasn't been a single [serious] breach, or malware outbreak — aside from what jailbreak hackers have uncovered, of course.

But it looks like the perfect streak has finally come to an end. A Russian security firm announced this morning that it has discovered a malicious spam [aka a Trojan] application in the App Store...

Read More

Wickr lets you send messages with military grade encryption

Cody Lee ∙ Updated November 16, 2017

Meet Wickr, the latest messaging client to land on iOS. Like most other messaging platforms, it allows you to send texts, pictures and videos for free to anyone else using the service.

But unlike other platforms, Wickr is outfitted with "military grade" encryption and other features that make it one of the most secure messaging systems on Apple's mobile OS...

Read More

Car maker Ford creates remarkably effective password manager app

Christian Zibreg ∙ Updated November 5, 2017

Being overly paranoid about my passwords, I've traditionally resorted to using a bunch of tools to keep my login credentials safe, ranging from brute force solutions that involve keeping passwords in an encrypted text file up in the cloud to pricey utilities such as 1Password.

The problem is, these time-sucking tools involve daily management and require that I adapt my workflow. Wouldn't it be nice if my Mac could automagically recognize me by way of my iPhone? Enter KeyFree Login, an iPhone app from car maker Ford that puts all password managers to shame with its ubiquity and simplicity. It's magic, really.

By enabling Bluetooth on both your Mac and iOS device, you'll be automatically authenticated to Facebook, Twitter and whatever websites you use, each time the two devices are in range, no setup required whatsoever, just by standing next to your computer...

Read More

AutoProtect automatically disables your iPhone’s passcode when on your home Wi-Fi network

Jeff Benjamin ∙ May 10, 2012

If the title to this post seems a little familiar, you're not imagining things. AutoProtect is a tweak that works very much like Filippo Bigarella's CleverPin, in that it auto-disables the passcode lock once it senses you're on a "friendly" Wi-Fi network.

Although it's certainly not an original idea, AutoProtect works well from my testing, and provides you with a nice balance of convenience and peace of mind that's often hard to come by...

Read More

iOS 5.1.1 includes fix for dangerous Safari URL spoofing vulnerability

Cody Lee ∙ May 7, 2012

Earlier today, Apple released a new version of its mobile software: iOS 5.1.1. The update includes a number of bug fixes, and also apparently contains a patch for the dangerous URL spoofing vulnerability in mobile Safari.

We told you about the exploit, discovered by the folks at Major Security, back in March of this year. It allows web pages to spoof URLs in Safari's address bar, leading users to believe they're on a different website...

Read More

Surf the web in total privacy with Onion Browser

Cody Lee ∙ April 27, 2012

If a person wanted to browse the web discreetly on their iOS device, there are a number of ways to do so. For starters, there is the native 'Private Browsing' function in mobile Safari. And there dozens of third-party browsers available with similar features.

But if a person wanted to browse the web in an untraceable, highly-secure, super-stealth manner, they might have to turn to an app like Onion Browser. The software allows you to encrypt, block, and spoof your way to total anonymity on the web...

Read More

Apple prompting users to make their Apple ID accounts more secure

Cody Lee ∙ April 12, 2012

Have you recently received a notification on one of your iOS devices prompting you to confirm your Apple ID password? If so, you're not alone. Users have been flocking to Apple's support forums to report the suspicious popup.

No, it's not a phishing scam. Apple is trying to beef up its security. TheNextWeb is reporting that over the past 24 hours, the company has started prompting iOS device owners to make their accounts more secure...

Read More

Security hole in Facebook app could lead to identity theft

Cody Lee ∙ Updated December 19, 2017

Folks who use Facebook's iOS app might want to make sure to stay away from using public computers and charging stations for a while. Apparently a serious security glitch has been discovered in the software that could give hackers access to your account.

Security researcher Gareth Wright published a blog post yesterday that has raised some serious questions about how iOS developers are handling saved values — logins, etc. It seems that some apps are saving this data in plain, unencrypted text files...

Read More

How secure is your iCloud data?

Cody Lee ∙ April 4, 2012

To say that iCloud is a big deal for Apple is a bit of an understatement. The cloud-based storage and backup service was launched just 6 months ago, alongside the iPhone 4S and iOS 5, and has already garnered more than 100 million users.

But its quick rise in popularity and deep integration into Apple's software has led to one major question: how secure is it? Well the folks over at ArsTechnica recently spoke with some software security experts to find out...

Read More

Chronic: Two-minute iPhone crack valid only if passcode is 0000

Christian Zibreg ∙ Updated January 25, 2016

Remember that two-minute passcode lock exploit we told you about last week? The one by Swedish security firm Micro Systemation behind the XRY app that can get to your data, including contacts, messages and call logs? Well, prominent hacker Chronic has proved them wrong. In an effort to set the record straight, the hacker posted a clarification on his website that pretty much debunks their claim.

Though the XYR tool taps a popular jailbreak exploit, Chronic is adamant the two minutes it takes to crack your passcode is only valid if you set your passcode to '000'. Conspicuously, that's the passcode the firm showed in their demo clip. Interesting enough, the original video of the exploit in action is no longer available on YouTube.

Read More