Security

Biometric facial recognition security coming to iPhone via Cydia mod [Jailbreak]

By Andrew Wray, Tuesday, May 17, 2011 a 9:04 pm

Ever wanted to unlock your iPhone simply by having it look at you and recognize who you are? A jailbreak mod called RecognizeMe will be hitting Cydia soon and promises to bring biometric facial recognition security to the iPhone 4. The mod will allow you to unlock your iPhone by scanning your facial features with the front-facing camera and verifying who you are before giving you access.

The tweak offers settings for dialing up the level of security (facial matching), which we're assuming requires a bit more processing time, but the app definitely appears to deliver on its promise of facial recognition security for the iPhone 4. The mod looks a little slow at the moment, but hopefully the developers are able to optimize the code before an official release.

Check out the video after the jump, and let us know what you think in the comments!

[Thanks @adamelter]

Security researchers: iPhone Keychain circumvented, data stolen in 6 minutes

By Rene Ritchie, Thursday, Feb 10, 2011 a 1:37 pm

If someone manages to take physical possession of your iPhone and keep it long enough to Jailbreak it, enable SSH, and get access to the root, they can compromise Apple's Keychain password management system and get to your data in roughly 6 minutes.

The attack works because the cryptographic key on current iOS devices is based on material available within the device and is independent of the passcode, the researchers said. This means attackers with access to the phone can create the key from the phone in their possession without having to hack the encrypted and secret passcode.

Apple hires David Rice as new Global Security Director

By Rene Ritchie, Sunday, Jan 23, 2011 a 10:06 am

According to AllThingsD Apple has hired David Rice as their new Global Security Director. A 1994 graduate of the US Naval Academy with a masters in Warfare and Systems engineering, he's worked for the NSA, the US Cyber Consequences Unit, and Neohapsis. He's also the author of the book Geekonomics:

In it he argues that software is modern infrastructure–just like a bridge (hence, the picture on the cover)– and if it’s poorly made or insecure, it constitutes a public hazard.

Skype video calls, iOS IM clients, Game Center games, iOS security, - From the Forums

By Jeremy, Friday, Dec 31, 2010 a 10:23 am

The TiPb forums are naturally a great place to talk, commiserate, celebrate, get help, and offer advice to your fellow iPhone users. In order to create a new thread of your own or reply to any of the existing threads, you must be a registered member. Becoming a member is easy and free so if you haven’t already, head on over and register now!

Skype recently released an update to support video calls via 3G. Have you used this feature and do you think it spells doom for Apple's FaceTime?

ASLR security coming to jailbroken iPhones with Antid0te

By Farbod, Friday, Dec 10, 2010 a 9:23 am

In an effort to make your iPhone more secure, security analyst and jailbreak developer Stefan Esser is releasing Antid0te on December 14th. Address Space Layout Randomization (ASLR) is a security technique which involves randomly arranging the positions of key data areas. This usually includes rearranging the base of the executable and position of libraries, heap, and stack, in a process' address space. This makes it difficult for someone trying to execute shellcode injection on the stack by requiring them to have to first find the stack. Many of the most popular and sophisticated Operating Systems already use ASLR, including Windows, Linux, and Mac OSX (10.5+).

iOS 4.1 security flaw allows calls to be made on passcode locked iPhone

By Staff, Monday, Oct 25, 2010 a 7:51 pm

It looks as if there's yet another Phone.app security hole, this time in iOS 4.1 that allows someone to get around a passcode locked iPhone, gain access to the owner's contact list, make calls and send emails to anyone in said contact list. From MacStories:

Apple to patch Jailbreakme.com, PDF font exploit in upcoming software update

By Rene Ritchie, Thursday, Aug 5, 2010 a 10:53 am

I think we all generally assumed this, but it's nice to see Apple going on record as saying they'll patch the PDF font exploit that currently allows Jailbreakme.com -- and potentially any malicious hacker out there -- to run code on an iPhone with just the tap of a web button. CNET scored the quote from an Apple spokeswoman:

"We're aware of this reported issue, we have already developed a fix and it will be available to customers in an upcoming software update."

Apple investigating web-based exploit used for iOS 4, iPhone 4 Jailbreak

By Rene Ritchie, Wednesday, Aug 4, 2010 a 6:17 am

Apple is aware of the web-based exploit used to Jailbreak iOS 4 and iPhone 4, but also potentially able to allow malicious access to any iPhone -- Jailbroken or not -- and are investigating it.

While many users were thrilled at the rapidity and simplicity with which Comex et. al. delivered an iOS 4 and iPhone 4 Jailbreak, that same exploit could just as rapidly and simply be used to hack any iPhone for any reason -- including malicious ones like stealing your data.

AT&T accounts compromised during iPhone 4 pre-orders?

By Leanna Lofte, Tuesday, Jun 15, 2010 a 5:25 pm

UPDATE: An insider from AT&T has contacted Gizmodo with information in regards to accounts being compromised when customers login to pre-order the iPhone 4. It turns out that AT&T updated their systems over the weekend and it's likely the cause of the security issue.

AT&T hacked, iPad 3G owners email addresses harvested

By Rene Ritchie, Thursday, Jun 10, 2010 a 2:16 am

Hackers found a way in to AT&T's iPad 3G registry and, using a brute-force attack based on unique ICC-ID numbers, managed to pull down corresponding email addresses for those users -- who include members of the US military, executive branch, and media companies.

AT&T has since closed the vulnerability and issued the following statement:

"AT&T was informed by a business customer on Monday of the potential exposure of their iPad ICC IDS. The only information that can be derived from the ICC IDS is the e-mail address attached to that device.