All Articles by Nick Arnott

The State of Apple's Location Services and User Privacy

Apple’s handling of location data has made its way back into headlines recently due to a tool written by security researcher Hubert Seiwert. Seiwert presented the iSniff GPS tool, which makes it easy to capture potentially sensitive iPhone user data, last July at the Blackhat USA security conference and posted the source code to Github a month later. While the tool isn’t particularly new, it has been the recipient of some media attention after being covered earlier this month by SC Magazine. While the disclosure of the sensitive information by iPhones was previously known, iSniff makes the information more easily accessible and is worth a closer look to determine if users need to worry.

More →

7
loading...
3
loading...
33
loading...
0
loading...

New OS X Spyware Discovered at Oslo Freedom Forum

During the 2013 Oslo Freedom Forum, an annual conference focused on human rights, a new piece of spyware was discovered on an attendee's Mac. The spyware, which was discovered by security researcher Jacob Appelbaum, is currently being analyzed by F-Secure to fully understand what it does.

More →

5
loading...
17
loading...
49
loading...
0
loading...

Spark Inspector review: Audacious real-time debugging for iOS that might just be too audacious

Spark Inspector, by Foundry376 and J. Benjamin Gotow, brings a new approach to debugging, offering developers the ability to view their apps in an exploded 3D model, as well as change characteristics of elements on the fly, without the need to recompile. Often times apps appear to be relatively flat, two-dimensional beings. After all, they are displayed on a flat glass screen. However, developers and designers (as well as many users) are well aware that apps are made up of a series of layers, with many elements changing states, hiding some layers while revealing others. This can make it difficult to understand how an app is composed and what elements you’re interacting with, even for developers. So, can Spark Inspector help? Let's find out!

More →

6
loading...
0
loading...
39
loading...
0
loading...

iOS app flagged for malware, and why you shouldn't worry

An iOS game called Simply Find It, when run through BitDefender’s virus scanner, reportedly returns a positive result for Trojan.JS.iframe.BKD. This has drawn into question the effectiveness of Apple’s App Store approval process. Is this something that Apple should have caught, and is it something App Store customers should be worried about?

More →

6
loading...
5
loading...
108
loading...
0
loading...

Briefs 2 review: Quickly and easily prototype iOS and Android apps on your Mac

"Providing a clean interface and intuitive layout, Briefs offers an easy way to prototype apps, share ideas, tweak functionality, and adjust designs as new feedback arrives and your project evolves. It’s an app made for professionals, by professionals."

Briefs 2 is a Mac app by MartianCraft that allows you to quickly and easily create, edit and share prototypes for iOS and Android apps. Prototyping allows you to hash out features and designs before full development on a project begins, when it’s still easy and relatively inexpensive to make changes. A handful of iOS prototyping tools exist, but many of them have either fallen out of date or are simply lacking in functionality. Briefs seeks to provide a truly complete and professional solution for designers and developers. How well does it do?

More →

6
loading...
17
loading...
55
loading...
0
loading...

The Mailbox security failure that wasn’t

A few days ago it was reported that the popular Mailbox app was falling short on protecting user data. Developer Subhransu Behera published a post on his blog outlining what he considered to be security failures on the part of Mailbox.

More →

8
loading...
9
loading...
93
loading...
0
loading...

Apple declines to fix vulnerability in Safari's Web Archive files, likely because it requires user action to exploit

Metasploit software developer Joe Vennix has detailed a vulnerability in Safari’s webarchive file format along with how it can be exploited. The post on Rapid7 indicates that after being reported to Apple back in February, the bug was closed last month with a status of “wontfix”, indicating that Apple has no plans to address the bug. So what is it and why is that?

More →

8
loading...
5
loading...
75
loading...
0
loading...

Facebook Blast: Threaded group chat could be coming soon to Messenger app

iMore has learned that, following Facebook Home, Chat Heads, and other recent releases, Facebook has additional, incremental updates in the works for their Messenger app as well. One of the updates in the pipeline is Facebook Blast, an enhancement to how users can send messages to multiple recipients.

More →

6
loading...
8
loading...
69
loading...
0
loading...

How to test Facebook Chat Heads and stickers for iOS right now, even if they haven't yet been enabled for your account

Today Facebook released a fairly major update for the iOS Facebook app. Among the new features are messenger stickers and Chat Heads (a horribly named feature first announced for Facebook Home). Currently these new features have only rolled out to a limited number of users. However, if you have an urgent need to test them out, and you don't mind doing a little tweaking, you can temporarily enable them on your iOS device right now.

More →

8
loading...
39
loading...
86
loading...
0
loading...

What the DEA really said about iMessages, and what it means to you

It was recently reported that iMessage had caused a snag in the Drug Enforcement Administration’s ability to intercept text messages. Citing iMessage’s end-to-end encryption as the cause, the DEA stated that "iMessages between two Apple devices are considered encrypted communication and cannot be intercepted, regardless of the cell phone service provider." On the surface, this seems reassuring to iMessage users that their conversations can’t be intercepted. But is it possible that we’re giving a little too much credit to the DEA when they say iMessages are “impossible to intercept”?

More →

7
loading...
17
loading...
110
loading...
0
loading...

Anatomy of the Apple ID password reset exploit

When The Verge broke news of Apple’s password reset vulnerability, they cited a step-by-step guide that detailed the process of exploiting the service. They declined to link to the source for security reasons, and rightfully so. However, now that Apple has closed the security hole the topic of how it worked and why is worth exploring.

More →

11
loading...
30
loading...
92
loading...
0
loading...

Apple rolls out fix for password reset security hole, iForgot site back up

Apple’s iForgot password reset page is now back online, and iMore has verified that the security hole, discovered earlier today in Apple’s password reset page, has been closed.

More →

9
loading...
19
loading...
131
loading...
0
loading...

Newly discovered security hole lets attacker reset your Apple ID with only your birthday and email address

Arriving right on the coat tails of Apple’s two-step verification implementation, a new security flaw has been found in Apple’s password reset process for Apple IDs. The vulnerability allows an attacker to reset your Apple ID’s password with only the knowledge of your Apple ID and date of birth, completely bypassing the need to answer your security questions. The Verge first reported the vulnerability after being tipped off to the hack.

More →

4
loading...
19
loading...
97
loading...
0
loading...

Apple enables two-step verification for iCloud accounts

Apple has joined the growing list of companies offering two-step verification to secure their accounts. By enabling two-step verification, whenever you attempt to log in on a new device with your Apple ID, you will be asked to enter a 4-digit verification code. This code will be sent to a device that you have registered as a trusted device, such as your iPhone, via a Find My iPhone notification or SMS.

More →

12
loading...
16
loading...
77
loading...
0
loading...

Passcode bypass bug discovered for iOS 6.1.3

Apple recently released iOS 6.1.3 which included a fix for the passcode bypass bug that would allow an unauthorized person to access the Phone app on a locked iPhone. One day after the update, however, Matthew Panzarino of The Next Web is reporting that a new bypass bug has been discovered, this time by videosdebarraquito.

More →

0
loading...
11
loading...
41
loading...
0
loading...

Apple turns on HTTPS for the App Store, closes numerous security vulnerabilities

Some great work by Google researcher Dr. Elie Brusztein has led to Apple increasing security on its iOS App Store. Last July, Elie reported a number of vulnerabilities in the App Store to Apple. As of January, they have been fixed. It appears that certain areas of the App Store were not using HTTPS, and as a result, it was possible for attackers to execute a number of different exploits on users.

More →

3
loading...
9
loading...
102
loading...
0
loading...

Second iOS Lock screen bypass discovered, doesn't really expose filesystem

A couple of weeks ago a bug was discovered in the iOS 6 lock screen that allowed a person to access the Phone app, make phone calls, and get at a user’s contacts, without entering a passcode. Now a new, similar bug has been found, but it is being reported that this one will actually allow you to read from and write to the device, with unauthorized access to the filesystem. However, this does not appear to actually be the case.

More →

7
loading...
10
loading...
101
loading...
0
loading...

Privacy and security in the age of iPhone mics and cameras

iOS has experienced its fair share of privacy fiascos over the last few years. From user locations being tracked , to Address Book data being exposed, to full on malware in the App Store, privacy and security concerns over iOS are very much a reality. Two components often overlooked are your iPhone’s camera and microphone.

More →

5
loading...
48
loading...
88
loading...
0
loading...

Security oversight in some apps could leave you vulnerable to hacking, data theft

Usually when sensitive information is being transferred over a network, the application will open an encrypted connection with the server using SSL (Secure Sockets Layer). iOS ships with a list of Certificate Authorities whose SSL certificates should be trusted, helping to ensure traffic is only sent to trusted servers and not intercepted by a malicious third party using their own self-signed SSL certificate.

More →

5
loading...
39
loading...
81
loading...
0
loading...

Pages