Security

PSA: Popular iPhone and iPad apps and what they're doing with your Contacts

By Rene Ritchie, Tuesday, Feb 14, 2012 a 10:46 pm

What do some popular iOS apps to with your Contact data? Do they grab it without permission, transmit it without protection, and store it without regard to privacy? Or do they treat it right, with respect and responsibility?

iPhone and iPad manufacturer Foxconn hacked by Swagg Security, e-mail addresses and passwords leaked

By Simon Sage, Friday, Feb 10, 2012 a 11:30 am

Foxconn, a major manufacturing partner for Apple and many others in the electronics industry, has recently been hacked by a group called Swagg Security.

Path apologizes for taking your address book, wipes data from their servers

By Simon Sage, Wednesday, Feb 8, 2012 a 10:35 pm

Despite iPhone address books being transferred over SSL, and the data only being used to notifications when friends signed up, Path has apologized profusely and wiped any personal information from their servers.

PSA: Popular social network app Path uploads your entire iPhone address book to their servers... in plain text

By Simon Sage, Tuesday, Feb 7, 2012 a 6:59 pm

Do you love Path, the slick, simple, moment-sharing social network app for iPhone? Well, you get ready to dial it back a notch, because apparently they're storing your entire address book, e-mail addresses and all, on their servers, and in plain, un-encrypted text. What kind of evil deeds does Path have planned for all that data?

Forums: Positives and negatives about jailbreaking, Email security on WiFi

By Chris Parsons, Monday, Jan 2, 2012 a 6:28 pm

We're now fully into 2012 and already, we've been hearing about some great things to come from Apple. Of course, we'll have to wait and see what turns out to be true and what turns out to just be rumors but that's part of the fun. Looking to discuss all things Apple? We've got a spot just for you in the TiPb forums, you can register now to get started today:

Siri security protocol cracked, now possible to run on any device

By chrisoldroyd, Tuesday, Nov 15, 2011 a 6:11 am

The guys from Applidium claim to have cracked Siri’s security protocol and it could open the floodgates to third party developers and of course other hardware too. There is a downside, in order to use Siri on one of these other devices; you still need to have a UDID of an iPhone 4S device. A UDID is a Unique Device Identifier and is a 40 character unique number assigned to every iPhone.

Smart Cover security flaw allows limited iPad 2 passcode bypass

By Andrew Wray, Friday, Oct 21, 2011 a 2:31 pm

A potential security flaw involving the iPad 2 on iOS 5 and Apple's Smart Cover's ability to bypass the Passcode Lock is making the rounds this week.

a Smart Cover can essentially unlock an iPad 2. The person who unlocks your iPad 2 will not have complete access to your iPad, but will be able to gain entrance to whatever you locked your iPad 2 on. If your iPad 2 went to sleep in Mail, Safari, Messages, Contacts, or Maps, you can imagine the sorts of personal information that can be viewed on your iPad.

Warning: Don't leave your iPhone unattended or risk pranks, data theft

By Rene Ritchie, Thursday, Oct 20, 2011 a 10:52 am

Thanks to the quick Camera access and power of Siri as a virtual assistant, iOS 5 and iPhone 4S are more convenient than ever -- but they also leave you open to everything from pranks to data theft. We've talked about this extensively on the iPhone Live podcast but it's worth repeating here.

Smashed and grabbed

By Rene Ritchie, Thursday, Sep 22, 2011 a 11:01 pm

Skype admits to iPhone app security problem, releasing a fix "soon"

By Andrew Wray, Wednesday, Sep 21, 2011 a 4:42 pm

Skype has stated they are aware of a serious cross-site scripting vulnerability within the chat feature for Skype on the iPhone. The security hole could allow for malicious JavaScript code to access to your address book and is known to affect versions 3.0.1 and below.

Skype reached out to TechCrunch to say they're hard at work on getting an update pushed to the App Store.

We are working hard to fix this reported issue in our next planned release which we hope to roll out imminently. In the meantime we always recommend people exercise caution in only accepting friend requests from people they know and practice common sense internet security as always.

The funny thing is, Skype has known about the issue for a while now. AppSec Consulting security researcher Phil Purviance helped discover the problem and let Skype know about it almost a month ago. Skype responded saying they would release an update earlier this month, but we're nearing the end of September and there's no update to be found.

Here's hoping Skype gets on this quick and pushes out an update soon, but in the meantime check out the video below detailing how the vulnerability works.

[superevr, TechCrunch]