Lock out
The Future of iPhone Security
13
The next major version of iOS could contain the most public and controversial security enhancements yet.
All Articles by Nick Arnott
The Network
OS X and iOS XARA attacks: An in-depth look
13
Does the Indiana University XARA whitepaper make your head hurt? Here's an in-depth look at what "cross-app resource attacks" actually mean for your iOS and OS X systems.
Experts
Apple's TestFlight: One year later
5
It's been almost a year since Apple re-launched TestFlight. Apple had acquired TestFlight in 2014, and the much-anticipated announcement at WWDC gave many in the industry hope that TestFlight would spell the end for the numerous headaches associated with development builds and beta distributions. So where does TestFlight stand a year later? Has it lived up to these hopes? UDIDs...
Masque unmasked
Don't panic but do pay attention
12
"Masque Attack" is the new name—given by security firm FireEye—to an old trick intended to fool you into installing malicious apps on your iPhone or iPad. Most recently detailed by security researcher Jonathan Zdziarski, tricks like Masque Attack won't affect most people, but it's worth understanding how it works and, in the event you are targeted, how to avoid it. Apple has a lot of...
Security
Why most of us don't have to worry about 'WireLurker'
10
There are once again some needlessly scary security articles going around, this time concerning malware dubbed "WireLurker". WireLurker hides inside pirated apps and tries to get people to install it on the Mac so it can transfer data to and from the iPhone or iPad over USB. it's important to point out almost no one reading this is in any danger from WireLurker, and anyone who is can...
Customer vs. product
Is CurrentC helping you buy, or selling you out?
38
Just as quickly as CurrentC popped into the limelight, questions arose around the companies intentions. Even though I don't have an invite for CurrentC's invite-only mobile payments and loyalty rewards system, I decided to take a look. I posted some initial findings on Twitter and a brief summary on iMore, but wanted to do a more in-depth technical post for anybody who was curious....
Privacy
Why is the CurrentC app collecting your device information?
29
Over the last few days, CVS and Rite Aid have disabled NFC technology at their retail outlets to prevent customers from using Apple Pay. It's been reported that this is due to an existing deal in place with a system called CurrentC, which involves the use of an app, QR codes, your bank account, and their servers. Walmart recently explained MCX's — the consortium behind CurrentC —...
Who's tracking who?
iOS 8 MAC address randomization and you
10
Normally when you're walking around with a WiFi-enabled device, if it's not connected to a network, it's broadcasting probes in order to try and find known networks. These probes would be sent using your phone's WiFi MAC address, which is a unique and normally persistent value. This means that anybody monitoring these probes, say in a department store for example, can persistently track...
Real Talk
Why bad bugs hit good people
53
Software is buggy. Humans write and test software and humans are imperfect; as a result, so is software. This is the reality of software and should come as a surprise to nobody. What can be surprising are the kind of bugs we actually see make their way out into the wild. We've seen two very prominent examples this week. The first was the release of iOS 8.0.1 on Wednesday which broke...
Locking down iOS 8
How Apple is keeping your iPhone and iPad safe!
3
Apple has posted a new version of their terrific white paper on iOS security, this one updated for iOS 8 an dated September, 2014. I haven't had time to read through it yet, but if last year's version is any indication, encryption enthusiasts should be in for a treat. The timing, immediately following iOS 8's release, and Tim Cook's letter on privacy, probably isn't a coincidence. Apple...
Apple Pay and security: What you need to know
23
Yesterday Apple announced Apple Pay, a payment mechanism that will be available on the iPhone 6, iPhone 6 Plus, and Apple Watch. While the convenience of such a feature is tempting, how do we know if we can trust it? To answer this, let's take a look at what we know about Apple Pay's security so far. NFC The iPhone 6, iPhone 6 Plus, and Apple Watch will all include NFC chips. NFC —...
Personal Security
What Apple's changes mean for us
5
Apple is responding to security concerns raised by many this past week as a result of massive release of stolen celebrity photos. While this is a good move by Apple that will increase security for users, it's important to understand what these changes do and don't mean for us. The more you know ≡≡≡★ Apple was heavily criticized this last week for its security around iCloud backups....
Location permissions in iOS 8: Explained
8
Every day our iPhones and iPads become a little more integrated in our lives. Every day they learn a little more about us and become more capable than they were before. And every day many of us make a choice to hand over more information about ourselves in exchange for features and convenience. One such piece of information is our location. There's a seemingly endless list of apps that...
TestFlight in iOS 8: Explained
17
Beta testing apps has long been a pain point for iOS developers. So it's no surprise that the announcement of TestFlight as part of iOS 8 was met with much fanfare at WWDC 2014. Since Apple's acquisition of Burstly (makers of TestFlight), there has been a lot of speculation and hope that Apple could finally release a more friendly solution for handling the distribution of beta apps....
Understanding Apple's SSL/TLS Bug
32
Yesterday Apple released updates for iOS 6, iOS 7, and Apple TV to squash a security bug that affected SSL/TLS connections. Often times, security patches can fix obscure bugs that could only occur under the strangest of circumstances, and they get rolled in to larger updates that address many other issues. However, this fix warranted its own updates, both for iOS 7 and for iOS 6. So...
Starbucks addresses security snafu with update to iOS app
6
Responding to a recent security bug, Starbucks released an update to their iPhone app addressing the issue late last night. Starbucks said in an update on their blog: As promised, we have released an updated version of Starbucks Mobile App for iOS which adds extra layers of protection. We encourage customers to download the update as an additional safeguard measure. The security...
What's really going on with the Starbucks mobile app information leak, and what you need to know
10
Earlier this week, security researcher Daniel Wood disclosed his findings on Starbucks' insecure handling of sensitive user information in their iPhone app. The sensitive information discovered includes usernames, passwords, emails, addresses, location data, and OAuth keys. While Wood's findings are valid, the interpretations of his findings have been inaccurate and exaggerated.
Coin wants to combine all of your cards into one, but how well will it work?
60
The Internet has been buzzing about Coin, a credit card replacement announced last Thursday. Currently taking pre-orders, and planning to launch Summer 2014, Coin is a credit card-sized device which is capable of storing and behaving as pretty much any card with a magnetic strip: credit cards, gift cards, membership cards, etc. Coin allows you to select which card you want to use, and...
Tired of waiting in the BBM for iOS line? Turns out there's a proxy-based skip for that!
26
After a failed attempt last month at rolling out BlackBerry Messenger (BBM) for iOS and Android, BlackBerry is giving the rollout another try. However, anybody who did not sign up previously is stuck waiting for their turn as BlackBerry slowly rolls out BBM to new users... unless you know how to skip the line.
Researcher continues exploring iCloud security, some media outlets continue to overreact
3
Russian security researcher Vladimir Katalov gave a talk last week at Hack in the Box security conference detailing his findings on Apple's iCloud protocols. Katalov's research highlights several shortcomings in iCloud's security model, including the fact that iCloud data is not protected by the two-step verification system Apple rolled out earlier this year.