
The Future of iPhone Security
The next major version of iOS could contain the most public and controversial security enhancements yet.
Catch Every Moment of UFC 245 Experience UFC PPV events like never before with ESPN+ and save over 25%!
The next major version of iOS could contain the most public and controversial security enhancements yet.
Does the Indiana University XARA whitepaper make your head hurt? Here's an in-depth look at what "cross-app resource attacks" actually mean for your iOS and OS X systems.
It's been almost a year since Apple re-launched TestFlight. Apple had acquired TestFlight in 2014, and the much-anticipated announcement at WWDC gave many in the industry hope that TestFlight would spell the end for the numerous headaches associated with development builds and beta distributions. So where does TestFlight stand a year later? Has it lived up to these hopes? UDIDs...
"Masque Attack" is the new name—given by security firm FireEye—to an old trick intended to fool you into installing malicious apps on your iPhone or iPad. Most recently detailed by security researcher Jonathan Zdziarski, tricks like Masque Attack won't affect most people, but it's worth understanding how it works and, in the event you are targeted, how to avoid it. Apple has a lot of...
There are once again some needlessly scary security articles going around, this time concerning malware dubbed "WireLurker". WireLurker hides inside pirated apps and tries to get people to install it on the Mac so it can transfer data to and from the iPhone or iPad over USB. it's important to point out almost no one reading this is in any danger from WireLurker, and anyone who is can...
Just as quickly as CurrentC popped into the limelight, questions arose around the companies intentions. Even though I don't have an invite for CurrentC's invite-only mobile payments and loyalty rewards system, I decided to take a look. I posted some initial findings on Twitter and a brief summary on iMore, but wanted to do a more in-depth technical post for anybody who was curious....
Over the last few days, CVS and Rite Aid have disabled NFC technology at their retail outlets to prevent customers from using Apple Pay. It's been reported that this is due to an existing deal in place with a system called CurrentC, which involves the use of an app, QR codes, your bank account, and their servers. Walmart recently explained MCX's — the consortium behind CurrentC —...
Normally when you're walking around with a WiFi-enabled device, if it's not connected to a network, it's broadcasting probes in order to try and find known networks. These probes would be sent using your phone's WiFi MAC address, which is a unique and normally persistent value. This means that anybody monitoring these probes, say in a department store for example, can persistently track...
Software is buggy. Humans write and test software and humans are imperfect; as a result, so is software. This is the reality of software and should come as a surprise to nobody. What can be surprising are the kind of bugs we actually see make their way out into the wild. We've seen two very prominent examples this week. The first was the release of iOS 8.0.1 on Wednesday which broke...
Apple has posted a new version of their terrific white paper on iOS security, this one updated for iOS 8 an dated September, 2014. I haven't had time to read through it yet, but if last year's version is any indication, encryption enthusiasts should be in for a treat. The timing, immediately following iOS 8's release, and Tim Cook's letter on privacy, probably isn't a coincidence. Apple...
Yesterday Apple announced Apple Pay, a payment mechanism that will be available on the iPhone 6, iPhone 6 Plus, and Apple Watch. While the convenience of such a feature is tempting, how do we know if we can trust it? To answer this, let's take a look at what we know about Apple Pay's security so far. NFC The iPhone 6, iPhone 6 Plus, and Apple Watch will all include NFC chips. NFC —...
Apple is responding to security concerns raised by many this past week as a result of massive release of stolen celebrity photos. While this is a good move by Apple that will increase security for users, it's important to understand what these changes do and don't mean for us. The more you know ≡≡≡★ Apple was heavily criticized this last week for its security around iCloud backups....
Every day our iPhones and iPads become a little more integrated in our lives. Every day they learn a little more about us and become more capable than they were before. And every day many of us make a choice to hand over more information about ourselves in exchange for features and convenience. One such piece of information is our location. There's a seemingly endless list of apps that...
Beta testing apps has long been a pain point for iOS developers. So it's no surprise that the announcement of TestFlight as part of iOS 8 was met with much fanfare at WWDC 2014. Since Apple's acquisition of Burstly (makers of TestFlight), there has been a lot of speculation and hope that Apple could finally release a more friendly solution for handling the distribution of beta apps....
Yesterday Apple released updates for iOS 6, iOS 7, and Apple TV to squash a security bug that affected SSL/TLS connections. Often times, security patches can fix obscure bugs that could only occur under the strangest of circumstances, and they get rolled in to larger updates that address many other issues. However, this fix warranted its own updates, both for iOS 7 and for iOS 6. So...
Responding to a recent security bug, Starbucks released an update to their iPhone app addressing the issue late last night. Starbucks said in an update on their blog: As promised, we have released an updated version of Starbucks Mobile App for iOS which adds extra layers of protection. We encourage customers to download the update as an additional safeguard measure. The security...
Earlier this week, security researcher Daniel Wood disclosed his findings on Starbucks' insecure handling of sensitive user information in their iPhone app. The sensitive information discovered includes usernames, passwords, emails, addresses, location data, and OAuth keys. While Wood's findings are valid, the interpretations of his findings have been inaccurate and exaggerated.
The Internet has been buzzing about Coin, a credit card replacement announced last Thursday. Currently taking pre-orders, and planning to launch Summer 2014, Coin is a credit card-sized device which is capable of storing and behaving as pretty much any card with a magnetic strip: credit cards, gift cards, membership cards, etc. Coin allows you to select which card you want to use, and...
After a failed attempt last month at rolling out BlackBerry Messenger (BBM) for iOS and Android, BlackBerry is giving the rollout another try. However, anybody who did not sign up previously is stuck waiting for their turn as BlackBerry slowly rolls out BBM to new users... unless you know how to skip the line.
Last week, researchers from QuarksLab gave a presentation at HITBSecConf2013 on the security of iMessage. The researchers sought to investigate claims made by Apple that nobody but the sender and receiver could read iMessage data thanks to their use of end-to-end encryption. While the researchers discovered that they were able to intercept and decrypt iMessages, Apple was quick to...