Security

iOS diagnostic services, their uses and protections, outline by Apple in response to 'backdoor' allegations

Earlier this week Apple reaffirmed to iMore that it had never worked with any government agency to create a backdoor in any product or service. That was in answer to questions raised by Jonathan Zdziarski concerning iOS privacy and security. Apple has now published a new support page titled iOS: About diagnostic capabilities which elaborates on the services Zdziarski called out as data leaks. It does not, however, address vulnerabilities in passcode, pairing keys, or trusted device, though Apple typically does not address those types of things until they've pushed out patches. Here's Apple's full support article on the services:

More →

12
loading...
22
loading...
63
loading...
0
loading...

Apple reaffirms it has never worked with any government agency to create a backdoor in any product or service

On July 18, Jonathan Zdziarski, a former iOS jailbreaker and current iOS forensic scientist and law enforcement consultant, gave a talk at the HOPE X conference in New York City. Zdziarski's talk was on backdoors, attack points and surveillance mechanisms in iOS. In the talk he alleged that there are a number of ways for government agencies, including law-enforcement, to get at the personal data you store on your iPhone, iPod touch, and/or iPad. Zdziarski posted slides from the talk, based on an earlier journal publishing, on his website a couple of days ago. They've since been shared via other websites and social networks, and a lot of confusion and concern has arisen.

When reached for comment, Apple reiterated to iMore that it has never worked with any government agency to create a backdoor in any product or service:

"We have designed iOS so that its diagnostic functions do not compromise user privacy and security, but still provides needed information to enterprise IT departments, developers and Apple for troubleshooting technical issues," Apple told iMore. "A user must have unlocked their device and agreed to trust another computer before that computer is able to access this limited diagnostic data. The user must agree to share this information, and data is never transferred without their consent."

As we have said before, Apple has never worked with any government agency from any country to create a backdoor in any of our products or services."

So, what's going on here?

More →

30
loading...
0
loading...
155
loading...
0
loading...

How to prevent unauthorized pairing with your iPhone or iPad using Apple Configurator

When you connect your iPhone or iPad to iTunes on Mac or Windows, and choose to trust that computer, a pairing record is created that maintains that trust for future connections. There's a report going around that claims that if someone takes physical possession of your device and your computer, they can steal those pairing records and use them to retrieve your personal information and/or enable remote logging. If they don't have your computer, it's also claimed they can try and generate a pairing record by tricking you into connecting to a compromised accessory (juice jacking), like a dock, and/or by using mobile device management (MDM) tools intended for enterprise to get around safeguards like Apple's Trusted Device requestor. So, how can you protect yourself?

More →

9
loading...
0
loading...
50
loading...
0
loading...

How to use Touch ID: The ultimate guide

Touch ID is Apple's biometric fingerprint authentication technology. With it, the Home button can now unlock your iPhone 5s and authorize your purchases on the iTunes Store simply by reading and recognizing your fingerprints. In the perpetual battle between security and convenience, where many people would rather go without a passcode or strong password than fuss with anything complicated on mobile, Apple's Touch ID fingerprint identity sensor aims to do for authentication what iCloud did for backup and restore - make it easy enough that people will actually use it.

More →

10
loading...
25
loading...
50
loading...
0
loading...

Best password manager apps for iPhone and iPad: 1Password, Dashlane, mSecure, and more!

The best password manager apps for iPhone and iPad to help you create strong passwords, keep them secure, and use them when you need them!

On the hunt for the best iPhone apps and best iPad apps to help you create, store, and manage all your passwords and logins? Passwords are what keep our stuff safe, from our iPhones, iPod touches, iPads, and Macs, to the apps and services we use on them. Good, strong, unique passwords are also a complete pain in the ass to remember, and on mobile, an incredible pain to enter. However, given how many security breaches there've been lately - and how many passwords have been compromised - it's absolutely necessary. Due to the lack of browser plugins on iOS, iPhone and iPad password managers aren't as well integrated as they are on Mac or Windows, but there are still many on the App Store to choose from. But which iPhone and iPad apps are the absolute best password manager apps?

More →

18
loading...
26
loading...
26
loading...
0
loading...

New iPhone Lock screen bypass discovered — here's how to protect against it!

A new iOS 7.1.1 iPhone Lock screen bypass has been discovered. Lock screen bypasses in and of themselves aren't new — trying to protect a phone while also allowing access to convenient features results is an incredible tension — but this one can provide access to an app, which makes it one of the most serious to date. It does require physical access to your iPhone, but if you do lose possession, here's how the bypass works and, more importantly, how you can protect yourself from it.

More →

10
loading...
0
loading...
82
loading...
0
loading...

Apple confirms iCloud breach not the reason behind Apple ID hijack

Yesterday, we reported that several iPhone and iPad users in Australia were locked out of their devices. Apple issued a statement today clarifying that the iCloud service, which forms the backend for the Find my iPhone service, was unaffected, and that users impacted by the hack should change their Apple ID passwords.

More →

10
loading...
30
loading...
63
loading...
0
loading...

Bizarre Australian iPhone, iPad hijack serves as yet another reminder to use unique passwords

There are reports coming out of Australia about iPhones and iPads somehow getting locked down by Find my iPhone, in some cases with a message claiming the devices will only be unlocked if a AUS$100 ransom is paid. What makes this bizarre is that it appears to only be happening in Australia (and the internet has no borders) and it's unclear how the attackers are accessing Find my iPhone for the devices in question. So, what's going on?

More →

11
loading...
35
loading...
76
loading...
0
loading...

Apple outlines how it handles law enforcement data requests

Apple has published a new set of guidelines that detail how government entities and law enforcement agencies can request user data, and what information the company can and cannot retrieve upon receipt of a search warrant or legal notice. The guidelines state that Apple will start notifying its customers when it receives law enforcement data requests.

More →

9
loading...
0
loading...
59
loading...
0
loading...

Apple is aware of iOS 7 mail attachment bug, working on a fix

A bug has been discovered in iOS 7 that causes email attachments to not be encrypted. Before anyone panics, however, in order for an attacker to exploit the bug they'd need to a) steal your device and, b) brute force or jailbreak-bypass the passcode or password, which c) currently means there's no risk to iPhone 4s and later devices running iOS 7.1 or later software. When reached for comment about the bug, Apple provided us with the following statement:

More →

26
loading...
42
loading...
123
loading...
0
loading...

Pages