Security

Siri security protocol cracked, now possible to run on any device

By chrissyboy6969, Tuesday, Nov 15, 2011 a 6:11 am

The guys from Applidium claim to have cracked Siri’s security protocol and it could open the floodgates to third party developers and of course other hardware too. There is a downside, in order to use Siri on one of these other devices; you still need to have a UDID of an iPhone 4S device. A UDID is a Unique Device Identifier and is a 40 character unique number assigned to every iPhone.

Smart Cover security flaw allows limited iPad 2 passcode bypass

By Andrew Wray, Friday, Oct 21, 2011 a 2:31 pm

A potential security flaw involving the iPad 2 on iOS 5 and Apple's Smart Cover's ability to bypass the Passcode Lock is making the rounds this week.

a Smart Cover can essentially unlock an iPad 2. The person who unlocks your iPad 2 will not have complete access to your iPad, but will be able to gain entrance to whatever you locked your iPad 2 on. If your iPad 2 went to sleep in Mail, Safari, Messages, Contacts, or Maps, you can imagine the sorts of personal information that can be viewed on your iPad.

Warning: Don't leave your iPhone unattended or risk pranks, data theft

By Rene Ritchie, Thursday, Oct 20, 2011 a 10:52 am

Thanks to the quick Camera access and power of Siri as a virtual assistant, iOS 5 and iPhone 4S are more convenient than ever -- but they also leave you open to everything from pranks to data theft. We've talked about this extensively on the iPhone Live podcast but it's worth repeating here.

Smashed and grabbed

By Rene Ritchie, Thursday, Sep 22, 2011 a 11:01 pm

Skype admits to iPhone app security problem, releasing a fix "soon"

By Andrew Wray, Wednesday, Sep 21, 2011 a 4:42 pm

Skype has stated they are aware of a serious cross-site scripting vulnerability within the chat feature for Skype on the iPhone. The security hole could allow for malicious JavaScript code to access to your address book and is known to affect versions 3.0.1 and below.

Skype reached out to TechCrunch to say they're hard at work on getting an update pushed to the App Store.

We are working hard to fix this reported issue in our next planned release which we hope to roll out imminently. In the meantime we always recommend people exercise caution in only accepting friend requests from people they know and practice common sense internet security as always.

The funny thing is, Skype has known about the issue for a while now. AppSec Consulting security researcher Phil Purviance helped discover the problem and let Skype know about it almost a month ago. Skype responded saying they would release an update earlier this month, but we're nearing the end of September and there's no update to be found.

Here's hoping Skype gets on this quick and pushes out an update soon, but in the meantime check out the video below detailing how the vulnerability works.

[superevr, TechCrunch]

Developer reveals the lengths Apple will go to minimize product leaks

By chrissyboy6969, Sunday, Sep 11, 2011 a 4:21 am

Business Insider talked with a developer who had early access to an iPad, before it was even announced, and he revealed a intriguing tale of physically chained down devices, hidden behind frames, subject to spot checks.

Apple flew the iPads to the developers destination accompanied by at least one engineer. They had to be kept in a room with no windows. Apple changed the locks on the doors and took the names and social security numbers of the four people who were allowed access to it. The iPads were fixed to the desk with high strength security cabling, similar to the material used for cycle locks.

iPhone, iPad untouched by mobile malware attacks

By Rene Ritchie, Wednesday, Aug 24, 2011 a 10:04 am

Anti-virus maker McAfee has released a report saying that iOS devices, including iPhone, iPad, and iPod touch were pretty much unaffected by the growing mobile malware attacks facing platforms like Google's Android. Jailbroken iOS devices were slightly more vulnerable, having had to deal with 4 variants of the same attack, but still far less than the 44 affecting Android (a 76% increase.)

iPad at risk from over the shoulder password spies, new software can reveal all [video]

By chrissyboy6969, Friday, Jul 15, 2011 a 1:20 pm

Your iPads’s secure passwords could be at risk from a new breed of thieves that peer over your shoulder as you enter passwords into your device. They could then steal your bank log in details, PayPal password or anything else that you have secured by a password.

The technique known as “Shoulder Surfing” could become a whole lot easier to carry out as demonstrated by a South African security research company. It has built an app that can decipher the key presses you make on your iPad. It works on a jailbroken iPhone, iPad or even on Mac OS. All you need to do is stealthily capture a video of a users key presses with your chosen device. The software can then get to work and reveal the password. In fact it gets even worse than that, the software can even be used with surveillance cameras or long distance lenses; making it even easier to capture the information without being spotted!

When a user types on an iPad’s touchscreen, each key glows blue for a fraction of a second after it’s struck, a helpful bit of feedback for any virtual keyboard. ShoulderPad’s image recognition algorithms, based on Open CV’s open source image recognition software, look for that flash of blue. “At any distance, if the blue is distinguishable, shoulderPad can detect that keystroke.

Of course software providers always protect a users password entry by showing asterisks on screen rather than the actual letters. If this sort of software gets in the wrong hands, that measure would not stop your passwords from being stolen and could open up a whole new phase of online crime! There is a short video demo after the break!

[thinkst via Forbes]

Apple preparing patch for JailbreakMe.com PDF exploit

By Rene Ritchie, Thursday, Jul 7, 2011 a 9:54 am

As expected, Apple is preparing a software update -- likely iOS 4.3.4 for most devices, iOS 4.2.9 for the Verizon iPhone -- to close the PDF exploit behind JailbreakMe.com. While JailbreakMe.com uses the exploit to Jailbreak current iOS firmware and install the Cydia app store, the same exploit could be used by a hacker to easily gain access to a user's device for malicious purposes.

iPhone patent applications reveal better Find My iPhone, social matching, and a way to stop users from recording concerts(?!) [Patent Roundup]

By Andrew Wray, Thursday, Jun 16, 2011 a 4:21 pm

A few interesting patent applications from Apple have recently surfaced, showing they have some bold ideas surrounding Find My iPhone, social-matching, and a way to lock the camera so we can't make bootleg concert recordings and plaster them on YouTube (?!).

Reminder: Apple, like any big company, routinely patents just about anything and everything they dream up, and there's no way to know when, or if, they'll use any them in actual, shipping products. Still, it's interesting to see what they're working on deep inside the secret Cupertino labs...

Follow on after the break for the roundup!