Whenever you give iPhone apps permission to access your camera, the app can surreptitiously take pictures and videos of you as long as the app is in the foreground, a security researcher warned on Wednesday.
Felix Krause, who recently warned of the danger of malicious iPhone password popups, wrote a blog post as a sort of PSA for iPhone users. To be clear, this is not a bug, but likely intended behavior. What this means is that even if you don't see the camera "open" in the form of an on-screen viewfinder, an app can still take photos and videos. It is unknown how many apps currently do this, but Krause created a test app as a proof-of-concept.Read more
A Google security researcher has published proof-of-concept code for a vulnerability that can be exploited remotely via a WiFi connection to take over iPhone 7 handsets.
"The exploit gains code execution on the Wi-Fi firmware on the iPhone 7," says Gal Beniamini, a member of the Google Project Zero security team. "Upon successful execution of the exploit, a backdoor is inserted into the firmware, allowing remote read/write commands to be issued to the firmware via crafted action frames, thus allowing easy remote control over the Wi-Fi chip," Beniamini says.Read more
The new top-of-the-range iPhone does away with the home button and its built-in fingerprint reader in favor of a new biometric — called Face ID — which uses a 3D scan of the user’s face for authenticating and unlocking their device. It also replaces Touch ID for Apple Pay too.
Apple suggests this is an advancement over a fingerprint reader because it’s an easier and more natural action for the user to perform — you just look at the phone and it unlocks; no need to worry if you have wet fingers and so on. However offering to gate the smorgasbord of personal content that lives on a smartphone behind a face biometric inevitably raises lots of security questions.Read more
Apple is well-known for its maniacal approach to security, but it turns out not even the Cupertino heavyweight is safe from breaches: Popular YouTuber EverythingApplePro has stumbled upon a miniature hacking device that can crack the passcode of any iPhone 7 handset.
The device has a fairly compact size, but what is even more impressive is that, thanks to its three USB ports, it has the capacity to brute-force passcodes on three devices at the same time. To pull this off, EverythingApplePro says the creators of the tool exploited a loophole in the phone’s data recovery state that allows users to enter as many password attempts as they need.Read more
Donald Trump seems to have finally traded in his old and unsecured Android phone — for a new iPhone.
White House director of social media Dan Scavino Jr. tweeted tonight that Trump had switched to the Apple device, saying that he had been using it for "the past couple of weeks," and confirming that Twitter messages marked as coming from an iPhone were indeed from the president himself. Twitter users noticed that some of Trump's tweets appeared to be sent from an iPhone over the last few weeks, but it wasn't clear whether they were written by his own hand, or by staff members on secondary devices.Read more
Mobile devices have without a doubt brought convenience to the masses, but that benefit comes at a high price for journalists, activists, and human rights workers who work in war-torn regions or other high-risk environments.
Now, NSA whistleblower Edward Snowden has designed an iPhone accessory that could one day be used to prevent the devices from leaking their whereabouts. Working with renowned hardware hacker Andrew “Bunnie” Huang, Snowden has devised the design for what the team is calling the "Introspection Engine." For now, it's aimed only at iPhone 6 models, but eventually the pair hopes to create specifications for a large line of devices.Read more
Do you own an iPhone? Mac? Or any Apple device? Just one specially crafted message can expose your personal information, including your authentication credentials stored in your device's memory, to a hacker.
The vulnerability is quite similar to the Stagefright vulnerabilities, discovered a year ago in Android, that allowed hackers to silently spy on almost a Billion phones with just one specially-crafted text message. Cisco Talos senior researcher Tyler Bohan, who discovered this critical Stagefright-type bug in iOS, described the flaw as "an extremely critical bug, comparable to the Android Stagefright as far as exposure goes."Read more
Apple iPhone users are notorious for their slight indulgence towards those who prefer alternative platforms. Android is constantly under attack by malware and Trojans, they say, while iOS is immune to threats. Is it really that secure as Apple fans see it?
The answer is: no, it isn’t. In this article we will discuss several types of attacks which are as bad for the iPhones as they are for other devices. Phishing attacks target ‘what’s between a chair and a keyboard,’ meaning the users themselves. Phishers typically prey on human carelessness or a lack of overall awareness of security issues. It might seem as if the attributes of a phishing attack are known to everyone.Read more
Federal Bureau of Investigation Director James Comey said on Thursday the agency paid more to get into the iPhone of one of the San Bernardino shooters than he will make in the remaining seven years and four months he has in his job.
According to figures from the FBI and the U.S. Office of Management and Budget, Comey's annual salary as of January 2015 was $183,300. Without a raise or bonus, Comey will make $1.34 million over the remainder of his job. That suggests the FBI paid the largest ever publicized fee for a hacking job, easily surpassing the $1 million paid by U.S. information security company Zerodium to break into phones.Read more
If you think your phones are super-secure, you're probably wrong. A Chinese start-up demonstrated this week how it could unlock an Apple iPhone via the fingerprint sensor using Play-Doh.
President of mobile security firm Vkansee created a mold of his fingerprint. He then took the modeling clay Play-Doh, pressed it on to the mold and created a replica. He touched the Play-Doh on an iPhone's fingerprint scanner and the device unlocked. It's not expected that we're going to see a rise of criminals creating moulds of people's fingerprints, but expert did the demonstration to highlight the lack of sophistication in today's biometric solutions.Read more