Security

On iOS, 'backdoors', and the eternal war between security and convenience

Earlier this week forensic researcher Jonathan Zdziarski's work on security exploits in iOS pairing records and potential data leaks in diagnostic services went viral. Unfortunately, it was his slides, which used more provocative language and lacked the context of his talk, and not his pay-walled yet far more understandable journal article, that made the rounds. Tragically, many in the media pounced on the attention-getting potential, posting alarming articles that did nothing but spread fear, uncertainty, and doubt (FUD) to a mainstream customer-base that deserves much, much better. Apple responded with comments to iMore on Monday, and with a Knowledge Base (KB) article on Tuesday. However, there's been no word yet on whether or not the exploits and potential data leaks will be closed and, if they will be, how soon. So, what does it all mean?

More →

11
loading...
0
loading...
101
loading...
0
loading...

iOS diagnostic services, their uses and protections, outline by Apple in response to 'backdoor' allegations

Earlier this week Apple reaffirmed to iMore that it had never worked with any government agency to create a backdoor in any product or service. That was in answer to questions raised by Jonathan Zdziarski concerning iOS privacy and security. Apple has now published a new support page titled iOS: About diagnostic capabilities which elaborates on the services Zdziarski called out as data leaks. It does not, however, address vulnerabilities in passcode, pairing keys, or trusted device, though Apple typically does not address those types of things until they've pushed out patches. Here's Apple's full support article on the services:

More →

12
loading...
0
loading...
64
loading...
0
loading...

Apple reaffirms it has never worked with any government agency to create a backdoor in any product or service

On July 18, Jonathan Zdziarski, a former iOS jailbreaker and current iOS forensic scientist and law enforcement consultant, gave a talk at the HOPE X conference in New York City. Zdziarski's talk was on backdoors, attack points and surveillance mechanisms in iOS. In the talk he alleged that there are a number of ways for government agencies, including law-enforcement, to get at the personal data you store on your iPhone, iPod touch, and/or iPad. Zdziarski posted slides from the talk, based on an earlier journal publishing, on his website a couple of days ago. They've since been shared via other websites and social networks, and a lot of confusion and concern has arisen.

When reached for comment, Apple reiterated to iMore that it has never worked with any government agency to create a backdoor in any product or service:

"We have designed iOS so that its diagnostic functions do not compromise user privacy and security, but still provides needed information to enterprise IT departments, developers and Apple for troubleshooting technical issues," Apple told iMore. "A user must have unlocked their device and agreed to trust another computer before that computer is able to access this limited diagnostic data. The user must agree to share this information, and data is never transferred without their consent."

As we have said before, Apple has never worked with any government agency from any country to create a backdoor in any of our products or services."

So, what's going on here?

More →

29
loading...
0
loading...
155
loading...
0
loading...

Apple blocking older versions of Flash after yet another security exploit

Apple is now blocking older versions of the Adobe Flash web plugin, advising users to upgrade to the latest version in order to continue using it. This is due to a recent vulnerability that could cause user data to be lost to attackers exploiting the issue on a number of vulnerable sites.

More →

6
loading...
0
loading...
27
loading...
0
loading...

UK government set to rush through emergency surveillance legislation

The UK government is looking to reinforce powers of security services to require internet and phone providers to maintain records of customer email and calls. Emergency laws are to be introduced into the Commons next Monday, following private talks and gaining support of both Labour and the Liberal Democrats on the basis that there will be new board to oversee the functioning of new powers. The move is an effort to continue protecting UK citizens from external threats.

More →

61
loading...
0
loading...
33
loading...
0
loading...

UK officials follow US counterparts by banning electronics with no charge from boarding flights

The UK government's Department of Transport has now joined with the U.S. in requiring that passengers on some international flights coming in and out of the country must show that their electronic devices can be powered up, in an effort to improve security.

More →

61
loading...
0
loading...
29
loading...
0
loading...

Apple's security lock adapter will chain your Mac Pro to your desk

Apple has released a new tool to increase the security of your Mac Pro, a security lock adapter. This allows you to attach one of several Kensington computer locks to the Mac Pro, securing it to your desk. It also prevents the Mac Pro from being opened, blocking access to the internal components while a lock is engaged.

More →

1
loading...
0
loading...
30
loading...
0
loading...

Not only is Yo stupid, it's now also a security risk

Yo! Remember the hit new app that managed $1 million in funding we covered yesterday, which enables smartphone owners to send "Yo" alerts to contacts? The service has been hacked by a student and two roommates. Yo has confirmed they're investigating the hack and expect to have the security vulnerability patched in the "next few hours". The hackers have been able to access any Yo user's mobile number with the ability spam any user with multiple Yo messages.

More →

7
loading...
0
loading...
57
loading...
0
loading...

Apple confirms iCloud breach not the reason behind Apple ID hijack

Yesterday, we reported that several iPhone and iPad users in Australia were locked out of their devices. Apple issued a statement today clarifying that the iCloud service, which forms the backend for the Find my iPhone service, was unaffected, and that users impacted by the hack should change their Apple ID passwords.

More →

10
loading...
0
loading...
63
loading...
0
loading...

Bizarre Australian iPhone, iPad hijack serves as yet another reminder to use unique passwords

There are reports coming out of Australia about iPhones and iPads somehow getting locked down by Find my iPhone, in some cases with a message claiming the devices will only be unlocked if a AUS$100 ransom is paid. What makes this bizarre is that it appears to only be happening in Australia (and the internet has no borders) and it's unclear how the attackers are accessing Find my iPhone for the devices in question. So, what's going on?

More →

11
loading...
35
loading...
76
loading...
0
loading...

Pages