Security

iOS diagnostic services, their uses and protections, outlined by Apple in response to 'backdoor' allegations

Earlier this week Apple reaffirmed to iMore that it had never worked with any government agency to create a backdoor in any product or service. That was in answer to questions raised by Jonathan Zdziarski concerning iOS privacy and security. Apple has now published a new support page titled iOS: About diagnostic capabilities which elaborates on the services Zdziarski called out as data leaks. It does not, however, address vulnerabilities in passcode, pairing keys, or trusted device, though Apple typically does not address those types of things until they've pushed out patches. Here's Apple's full support article on the services:

More →

11
loading...
0
loading...
64
loading...
0
loading...

Apple reaffirms it has never worked with any government agency to create a backdoor in any product or service

On July 18, Jonathan Zdziarski, a former iOS jailbreaker and current iOS forensic scientist and law enforcement consultant, gave a talk at the HOPE X conference in New York City. Zdziarski's talk was on backdoors, attack points and surveillance mechanisms in iOS. In the talk he alleged that there are a number of ways for government agencies, including law-enforcement, to get at the personal data you store on your iPhone, iPod touch, and/or iPad. Zdziarski posted slides from the talk, based on an earlier journal publishing, on his website a couple of days ago. They've since been shared via other websites and social networks, and a lot of confusion and concern has arisen.

When reached for comment, Apple reiterated to iMore that it has never worked with any government agency to create a backdoor in any product or service:

"We have designed iOS so that its diagnostic functions do not compromise user privacy and security, but still provides needed information to enterprise IT departments, developers and Apple for troubleshooting technical issues," Apple told iMore. "A user must have unlocked their device and agreed to trust another computer before that computer is able to access this limited diagnostic data. The user must agree to share this information, and data is never transferred without their consent."

As we have said before, Apple has never worked with any government agency from any country to create a backdoor in any of our products or services."

So, what's going on here?

More →

29
loading...
0
loading...
156
loading...
0
loading...

Apple blocking older versions of Flash after yet another security exploit

Apple is now blocking older versions of the Adobe Flash web plugin, advising users to upgrade to the latest version in order to continue using it. This is due to a recent vulnerability that could cause user data to be lost to attackers exploiting the issue on a number of vulnerable sites.

More →

6
loading...
0
loading...
27
loading...
0
loading...

UK government set to rush through emergency surveillance legislation

The UK government is looking to reinforce powers of security services to require internet and phone providers to maintain records of customer email and calls. Emergency laws are to be introduced into the Commons next Monday, following private talks and gaining support of both Labour and the Liberal Democrats on the basis that there will be new board to oversee the functioning of new powers. The move is an effort to continue protecting UK citizens from external threats.

More →

59
loading...
0
loading...
33
loading...
0
loading...

UK officials follow US counterparts by banning electronics with no charge from boarding flights

The UK government's Department of Transport has now joined with the U.S. in requiring that passengers on some international flights coming in and out of the country must show that their electronic devices can be powered up, in an effort to improve security.

More →

-
loading...
-
loading...
-
loading...
-
loading...

Apple's security lock adapter will chain your Mac Pro to your desk

Apple has released a new tool to increase the security of your Mac Pro, a security lock adapter. This allows you to attach one of several Kensington computer locks to the Mac Pro, securing it to your desk. It also prevents the Mac Pro from being opened, blocking access to the internal components while a lock is engaged.

More →

1
loading...
0
loading...
30
loading...
0
loading...

Not only is Yo stupid, it's now also a security risk

Yo! Remember the hit new app that managed $1 million in funding we covered yesterday, which enables smartphone owners to send "Yo" alerts to contacts? The service has been hacked by a student and two roommates. Yo has confirmed they're investigating the hack and expect to have the security vulnerability patched in the "next few hours". The hackers have been able to access any Yo user's mobile number with the ability spam any user with multiple Yo messages.

More →

7
loading...
0
loading...
57
loading...
0
loading...

Apple confirms iCloud breach not the reason behind Apple ID hijack

Yesterday, we reported that several iPhone and iPad users in Australia were locked out of their devices. Apple issued a statement today clarifying that the iCloud service, which forms the backend for the Find my iPhone service, was unaffected, and that users impacted by the hack should change their Apple ID passwords.

More →

10
loading...
0
loading...
63
loading...
0
loading...

Bizarre Australian iPhone, iPad hijack serves as yet another reminder to use unique passwords

There are reports coming out of Australia about iPhones and iPads somehow getting locked down by Find my iPhone, in some cases with a message claiming the devices will only be unlocked if a AUS$100 ransom is paid. What makes this bizarre is that it appears to only be happening in Australia (and the internet has no borders) and it's unclear how the attackers are accessing Find my iPhone for the devices in question. So, what's going on?

More →

11
loading...
0
loading...
76
loading...
0
loading...

Using strong passwords and keeping your online self secure

Earlier today, eBay issued a press release letting users know that a cyberattack "compromised a database containing encrypted passwords and other non-financial data." Users will be asked to change their passwords just in case, though they noted that eBay "has seen no indication of increased fraudulent account activity." This is sadly just one of many attacks recently, and something that won't be going away anytime soon, if ever.

Attacks like this are nothing new, over the years plenty of big-name sites have become victim to similar cyberattacks. Retial chain Target has been all over the news lately, and there's also vulnerabilities like the recent Heartbleed Bug that affected Google, Facebook, Yahoo and dozens of other sites.

More →

10
loading...
0
loading...
43
loading...
0
loading...

Pages