All Articles by Nick Arnott

iOS 7 Security: The good, the bad, and the controversy

As with nearly all software updates from Apple, iOS 7 brought with it a large number of security updates for users. Ranging from entirely new features all the way down to minor tweaks and enhancements, there's a lot to discuss when it comes to iOS 7 security. iMore's editor-in-chief Rene Ritchie briefly touched on most of the changes in his iOS 7 review, but I thought it would be fun to take a closer look.

More →

16
loading...
0
loading...
81
loading...
0
loading...

A glimpse at Apple's new Bug Reporter [Update: It's back!]

Over the weekend, Apple’s Bug Reporter website saw a short-lived facelift. Developers were treated to a visually overhauled website on Saturday, but seems to have been reverted to its old, archaic predecessor sometime Sunday. If you missed it, you weren't alone. Here's what seems to have happened...

Update: The redesign has reappeared. If you're a developer and you've checked it out, let us know what you think!

More →

3
loading...
0
loading...
91
loading...
0
loading...

Apple discloses bug that was likely responsible for developer center downtime

Apple recently updated their Web Server notifications page with several new acknowledgements to people who discovered and reported security vulnerabilities in Apple's servers. Among the discoveries acknowledged seems to be the vulnerability that was responsible for Apple's Developer Portal's eight-day outage. The notifications page shows a remote code execution vulnerability being reported on July 18th, the same day that Apple took the developer site down.

More →

2
loading...
0
loading...
46
loading...
0
loading...

Jekyll apps: How they attack iOS security and what you need to know about them

Today researchers Tielei Wang, Kangjie Lu, Long Lu, Simon Chung, and Wenke Lee from Georgia Tech gave a talk at the 22nd USENIX Security Symposium and revealed the details of how they got a so-called "Jekyll app" through the App Store approval process and into a position where it could perform malicious tasks. Their methods highlight several challenges to the effectiveness of the Apple's App Store review process as well as security in iOS. The researchers immediately pulled their app from the App Store after downloading it to their test devices, but demonstrated techniques that could be used by others to also sneak malware past Apple's reviewers.

The details of Apple's app review process are not publicly known, but aside from a few notable exceptions it has been largely successful in keeping malware away from iOS devices. The basic premise of a Jekyll app is to submit a seemingly harmless app to Apple for approval that, once published to the App Store, can be exploited to exhibit malicious behavior. The concept is fairly straightforward, but let's dig in to the details.

More →

10
loading...
0
loading...
125
loading...
0
loading...

Researchers sneak 'Jekyll app' malware into App Store, exploit their own code

Tielei Wang and his team of researchers at Georgia Tech have discovered a method for getting malicious iOS apps past Apple's App Store review process. The team created a "Jekyll app" that seemed harmless at first, but after making it into the App Store and onto devices, is able to have its code rearranged in order to perform potentially malicious tasks.

More →

13
loading...
0
loading...
27
loading...
0
loading...

Apple closing security vulnerability that let fake chargers attack iOS devices

In June we heard about Mactans, a malicious iPhone charger created by three security researchers from the Georgia Institute of Technology. This week the researchers presented their findings at Black Hat, an annual hacker convention in Las Vegas, and Apple officially responded to them. Here's the deal...

More →

2
loading...
0
loading...
23
loading...
0
loading...

How to report iMessage spam to Apple

A new Apple Knowledge Base article details steps that people can take to report spam iMessages. If you receive and unwanted iMessage, you can report it to imessage.spam@icloud.com by sending a screenshot of the message, the sender's email address or phone number, and the date and time that the message was received.

More →

13
loading...
0
loading...
103
loading...
0
loading...

Apple Developer Center returns after an eight day outage

Apple's Developer Center has returned after a long eight days of downtime that began in response to a security threat last week. The recently launched System Status page shows that the iOS Dev Center,Mac Dev Center, and Safari Dev Center are all back up.

More →

3
loading...
0
loading...
56
loading...
0
loading...

Kaspersky reports increase in Apple phishing attempts this year

So far this year, Apple customers have been exposed to an increased number of phishing attempts according to a study done by Kaspersky Labs. The study shows a greatly increased number of phishing emails purporting to come from Apple in the first five months of this year when compared to the number of Apple-related phishing attempts detected in 2011. More specifically, Kaspersky seems to be looking at the number of attempts to access phishing sites that have been blocked by their products.

More →

3
loading...
0
loading...
27
loading...
0
loading...

Apple updates Developer Portal status, adds system status page

Apple has pushed out an update to their Developer Portal maintenance page to give developers some additional information about the current status of things in the wake of their security breach. The update announces the order in which developers can expect services and functionality to be restored.

More →

9
loading...
0
loading...
59
loading...
0
loading...

Ibrahim Balic on what he did, why he feels reponsible for Developer Center downtime, and what he's heard back from Apple since

Ibrahim Balic received a lot of attention recently after claiming he may be the person responsible for Apple's ongoing Developer Portal outage. With no further communication or corroboration from Apple, people are still trying to get a clear picture as to exactly what happened last Thursday that prompted Apple to take the site down, and if Balic's actions are truly the cause. In order to get a better handle on what may or may not have happened, and his potential role in it, I communicated with Balic yesterday and asked him a series of questions. Here's what I found out:

More →

4
loading...
0
loading...
44
loading...
0
loading...

Viber calling and messaging service hacked, 200 million phone numbers, IDs, IP addresses potentially compromised

Following just days after Tango's servers were compromised, the Syrian Electronic Army(SEA) has hacked another calling and messaging service, Viber. E Hacking News is reporting that this time SEA was able to acquire a partial database backup containing phone numbers, UDIDs (Viber generated, not Apple UDIDs) and IP addresses, among other user information for some of Viber's more than 200 million subscribers.

More →

2
loading...
0
loading...
39
loading...
0
loading...

iPhone could be susceptible to SIM card attack, still waiting on clarification

At this year's Black Hat USA security conference cryptographer and security researcher Karsten Nohl will be presenting his findings on SIM card insecurities. While Nohl's research revealed that about one-quarter of the tested SIM cards were vulnerable to an attack that exploits an outdated encryption standard, it's unclear at this point exactly who should be worried.

More →

3
loading...
0
loading...
33
loading...
0
loading...

SF District Attorney puts iOS 7 Activation Lock to the test, shares thoughts

Last week San Francisco District Attorney George Gascón and New York Attorney General Eric T. Schneiderman announced they would be putting Apple's recently announced Activation Lock feature to test. Details of the tests remain private, but for now Gascón is saying that "clear improvements" have been made.

More →

3
loading...
0
loading...
43
loading...
0
loading...

Security researcher claims to have reported bugs shortly before Apple took down its developer portal

London-based security researcher Ibrahim Balic has come forward, claiming he may be the one behind Apple's recent security threat. Following Apple's statement to developers earlier regarding a security threat to the developer portal, Balic posted a comment on TechCrunch's report of the story trying to set the record straight that no harm was ever intended.

More →

5
loading...
0
loading...
60
loading...
0
loading...

Apple reveals they took down Developer Center due to intrusion, completely overhauling system

Apple has sent an email out to developers addressing the reason behind the ongoing multi-day outage of their developer portal, confirming suspicions that it was the result of a security breach.

More →

27
loading...
0
loading...
71
loading...
0
loading...

Tango chat service hacked, 1.5 terabytes of phone, contact, and email data reportedly compromised

The Syrian Electronic Army has reportedly hacked the popular video chat app Tango. Since announcing the hack on Twitter yesterday, the group has posted a series of photos supporting their claims, and state they've acquired 1.5 terabytes of data.

More →

14
loading...
0
loading...
147
loading...
0
loading...

How Apple's Enterprise Distribution Program was abused to enable the installation of a GameBoy emulator

There's a story making the rounds about how a GameBoy emulator can be installed on non-jailbroken iOS devices. While this initially seems surprising, it's simply the result of a company abusing Apple's iOS Developer Enterprise Program, and allow users to install much more than just one emulator.

More →

7
loading...
0
loading...
34
loading...
0
loading...

Tumblr updates iOS app, fixes important potential password security issue

Tumblr for iOS has been updated with an important security fix. According to Tumblr's blog post, there was an issue in the app that allowed for a user's password to be compromised in certain circumstances.

More →

3
loading...
0
loading...
46
loading...
0
loading...

Hemlis promises to bring secure and beautiful messaging

Information about NSA spy programs that has been leaked recent weeks has prompted many to question how secure their communications are. Those leaks have also prompted Peter Sunde, best known for co-founding The Pirate Bay, along with Leif Högberg and Linus Olsson to begin developing a secure and elegant messaging app, Hemlis.

More →

2
loading...
0
loading...
24
loading...
0
loading...

Pages