Security | Page 8 | iMore

Give me some space!

Turn your Nintendo Switch into the ultimate console with a microSD card!

A closer look

Everything you need to know about the AT&T Unlimited plan

Users Guide

The third public beta for iOS 10.3 is here! This is how you get it

User Guide

Apple releases third public beta of macOS Sierra 10.12.4

iMore Offers

Get a lifetime of unlimited mobile backup from iDrive for $19.99

Beta time!

Apple releases third developer beta of iOS 10.3

Everything you need to know!

iPhone 8 will reportedly feature 3D-sensing FaceTime camera

Developers only!

tvOS 10.2 beta 3 now ready for developers

Developers only!

Apple releases third beta of watchOS 3.2 to developers

What you need to know

Four new iPad Pro models could be coming in March

Enter now!

We're giving away the new full-grain leather slim wallets from Pad & Quill

From 'OW' to 'WOW'

Hi, I'm an iPad Pro! β€” 'We hear you' brings classic feel to new ads

Touch ID for all!

Why Touch ID makes the MacBook Pro the best Mac ever

🐣 + 🍍 + πŸ’Ž = πŸ‰

PokΓ©mon Go Gen 2 Guide β€” New info!

Click. Swoon.

Billboard's cover: Shot on iPhone 7 Plus Portrait Mode

bye bye birdie

How to delete your Twitter account 🚫πŸ₯

SWITCH IT UP

Nintendo Switch FAQ: Everything you need to know!

iOS Gaming Weekly

Here are the best new iPhone games out and on sale now!

Mastering AirPods

How to use your AirPods when you're offline

ALL EYES ON HOME

Why you might (and might not) want an indoor security camera in your home

< >

Order: BeatsX | AirPods | MacBook Pro | Order iPhone 7: Apple | Verizon | T-Mobile

Security

'BadUSB' malware highlights the danger of plugging random mystery drives into your computer

Another day, another apocalyptic prognostication of computer security doom, this time focusing on the omnipresent USB connection. It's called 'BadUSB', and it's a malware proof-of-concept created by security researchers Karsten Nohl and Jakob Lell that exploits a flaw in and resides in the firmware that controls the basic function of USB devices. The researchers claim that it's not a problem that can be patched, saying that they're "exploiting the very way that USB is designed," but in the end all they've done is highlight that you shouldn't go around plugging USB drives, devices, or whatnot that you don't trust into your computer.

More →


Russia wants Apple's source code to prove it's not used for spying

The Russian government has asked for security cooperation from Apple and enterprise services firm SAP. The proposal would see Apple handing over the source code for their products so Russia could inspect them for backdoors or defects that could be exploited by spy agencies like the NSA. Apple has repeatedly denied working with the NSA or other government agency to create such backdoors, but the Russian government, well, they're not wanting to take any chances.

More →


On iOS, 'backdoors', and the eternal war between security and convenience

Earlier this week forensic researcher Jonathan Zdziarski's work on security exploits in iOS pairing records and potential data leaks in diagnostic services went viral. Unfortunately, it was his slides, which used more provocative language and lacked the context of his talk, and not his pay-walled yet far more understandable journal article, that made the rounds. Tragically, many in the media pounced on the attention-getting potential, posting alarming articles that did nothing but spread fear, uncertainty, and doubt (FUD) to a mainstream customer-base that deserves much, much better. Apple responded with comments to iMore on Monday, and with a Knowledge Base (KB) article on Tuesday. However, there's been no word yet on whether or not the exploits and potential data leaks will be closed and, if they will be, how soon. So, what does it all mean?

More →


iOS diagnostic services, their uses and protections, outlined by Apple in response to 'backdoor' allegations

Earlier this week Apple reaffirmed to iMore that it had never worked with any government agency to create a backdoor in any product or service. That was in answer to questions raised by Jonathan Zdziarski concerning iOS privacy and security. Apple has now published a new support page titled iOS: About diagnostic capabilities which elaborates on the services Zdziarski called out as data leaks. It does not, however, address vulnerabilities in passcode, pairing keys, or trusted device, though Apple typically does not address those types of things until they've pushed out patches. Here's Apple's full support article on the services:

More →


Apple reaffirms it has never worked with any government agency to create a backdoor in any product or service

On July 18, Jonathan Zdziarski, a former iOS jailbreaker and current iOS forensic scientist and law enforcement consultant, gave a talk at the HOPE X conference in New York City. Zdziarski's talk was on backdoors, attack points and surveillance mechanisms in iOS. In the talk he alleged that there are a number of ways for government agencies, including law-enforcement, to get at the personal data you store on your iPhone, iPod touch, and/or iPad. Zdziarski posted slides from the talk, based on an earlier journal publishing, on his website a couple of days ago. They've since been shared via other websites and social networks, and a lot of confusion and concern has arisen.

When reached for comment, Apple reiterated to iMore that it has never worked with any government agency to create a backdoor in any product or service:

"We have designed iOS so that its diagnostic functions do not compromise user privacy and security, but still provides needed information to enterprise IT departments, developers and Apple for troubleshooting technical issues," Apple told iMore. "A user must have unlocked their device and agreed to trust another computer before that computer is able to access this limited diagnostic data. The user must agree to share this information, and data is never transferred without their consent."

As we have said before, Apple has never worked with any government agency from any country to create a backdoor in any of our products or services."

So, what's going on here?

More →


Apple blocking older versions of Flash after yet another security exploit

Apple is now blocking older versions of the Adobe Flash web plugin, advising users to upgrade to the latest version in order to continue using it. This is due to a recent vulnerability that could cause user data to be lost to attackers exploiting the issue on a number of vulnerable sites.

More →


UK government set to rush through emergency surveillance legislation

The UK government is looking to reinforce powers of security services to require internet and phone providers to maintain records of customer email and calls. Emergency laws are to be introduced into the Commons next Monday, following private talks and gaining support of both Labour and the Liberal Democrats on the basis that there will be new board to oversee the functioning of new powers. The move is an effort to continue protecting UK citizens from external threats.

More →


UK officials follow US counterparts by banning electronics with no charge from boarding flights

The UK government's Department of Transport has now joined with the U.S. in requiring that passengers on some international flights coming in and out of the country must show that their electronic devices can be powered up, in an effort to improve security.

More →


Apple's security lock adapter will chain your Mac Pro to your desk

Apple has released a new tool to increase the security of your Mac Pro, a security lock adapter. This allows you to attach one of several Kensington computer locks to the Mac Pro, securing it to your desk. It also prevents the Mac Pro from being opened, blocking access to the internal components while a lock is engaged.

More →


Not only is Yo stupid, it's now also a security risk

Yo! Remember the hit new app that managed $1 million in funding we covered yesterday, which enables smartphone owners to send "Yo" alerts to contacts? The service has been hacked by a student and two roommates. Yo has confirmed they're investigating the hack and expect to have the security vulnerability patched in the "next few hours". The hackers have been able to access any Yo user's mobile number with the ability spam any user with multiple Yo messages.

More →


Pages