Whenever you give iPhone apps permission to access your camera, the app can surreptitiously take pictures and videos of you as long as the app is in the foreground, a security researcher warned on Wednesday.
Felix Krause, who recently warned of the danger of malicious iPhone password popups, wrote a blog post as a sort of PSA for iPhone users. To be clear, this is not a bug, but likely intended behavior. What this means is that even if you don't see the camera "open" in the form of an on-screen viewfinder, an app can still take photos and videos. It is unknown how many apps currently do this, but Krause created a test app as a proof-of-concept.Read more
A Google security researcher has published proof-of-concept code for a vulnerability that can be exploited remotely via a WiFi connection to take over iPhone 7 handsets.
"The exploit gains code execution on the Wi-Fi firmware on the iPhone 7," says Gal Beniamini, a member of the Google Project Zero security team. "Upon successful execution of the exploit, a backdoor is inserted into the firmware, allowing remote read/write commands to be issued to the firmware via crafted action frames, thus allowing easy remote control over the Wi-Fi chip," Beniamini says.Read more
The new top-of-the-range iPhone does away with the home button and its built-in fingerprint reader in favor of a new biometric — called Face ID — which uses a 3D scan of the user’s face for authenticating and unlocking their device. It also replaces Touch ID for Apple Pay too.
Apple suggests this is an advancement over a fingerprint reader because it’s an easier and more natural action for the user to perform — you just look at the phone and it unlocks; no need to worry if you have wet fingers and so on. However offering to gate the smorgasbord of personal content that lives on a smartphone behind a face biometric inevitably raises lots of security questions.Read more
Apple is well-known for its maniacal approach to security, but it turns out not even the Cupertino heavyweight is safe from breaches: Popular YouTuber EverythingApplePro has stumbled upon a miniature hacking device that can crack the passcode of any iPhone 7 handset.
The device has a fairly compact size, but what is even more impressive is that, thanks to its three USB ports, it has the capacity to brute-force passcodes on three devices at the same time. To pull this off, EverythingApplePro says the creators of the tool exploited a loophole in the phone’s data recovery state that allows users to enter as many password attempts as they need.Read more
Apple Inc. is working on a feature that will let you unlock your iPhone using your face instead of a fingerprint. For its redesigned iPhone, set to go on sale later this year, Apple is testing an improved security system that allows users to log in, authenticate payments, and launch secure apps by scanning their face, according to people familiar with the product.
This is powered by a new 3-D sensor, added the people, who asked not to be identified discussing technology that’s still in development. The company is also testing eye scanning to augment the system, one of the people said. The sensor’s speed and accuracy are focal points of the feature.Read more
Donald Trump seems to have finally traded in his old and unsecured Android phone — for a new iPhone.
White House director of social media Dan Scavino Jr. tweeted tonight that Trump had switched to the Apple device, saying that he had been using it for "the past couple of weeks," and confirming that Twitter messages marked as coming from an iPhone were indeed from the president himself. Twitter users noticed that some of Trump's tweets appeared to be sent from an iPhone over the last few weeks, but it wasn't clear whether they were written by his own hand, or by staff members on secondary devices.Read more
Cellebrite, an Israel-based cybersecurity firm, announced on Thursday it has added the capability to crack a number of locked Apple devices running iOS, including the iPhone 6 and iPhone 6 Plus.
Word of the new ability came from Shahar Tal, the director of forensics research for Cellebrite, who announced the breakthrough on Twitter. “Proud of the team's continuous research achievements almost as much as I'm proud of the true justice we help serve around the world,” he wrote. “Seeing murder cases solved and child molesters jailed drives us and fills our day-to-day with immense cause. I'm thankful.”Read more
A three character-long text message can temporarily disable iPhones, a hacker has shown. On receiving the message, iPhones instantly freeze for around a minute, and sometimes users are forced to restart.
Besides blocking the number that the malicious messages come from the victim has no way of preventing the attack, although its effects are temporary and do not work on the most recent version of iOS. The bug is the latest in a series of strange text-message vulnerabilities that have affected iPhones in recent years. The offending message appears to contain just three characters - a white flag emoji, a “0” and a rainbow emoji.Read more
A lock is only good at protecting things if it actually stays locked. The activation lock in iOS, for example, makes it very hard for someone other than the owner to wipe an iPhone or iPad and set it up as a new device. Very hard, but not impossible.
Two different bugs have recently been discovered that could allow someone to bypass Apple’s activation lock. One impacts devices running iOS 10.1 and another on the most current version of the software, iOS 10.1.1. Expert workaround exploited a weakness in the iOS device setup process, and he tested it on a locked iPad he purchased from eBay.Read more
A corrupted video being shared online will crash any iPhone or iPad it is played on, and in some cases causes the device to switch off and become unresponsive. The video is a file which can be played in the iOS Safari web browser, but quickly slows the device to a crawl, before causing it to lock up and freeze.
The flaw is being described as "completely crazy" and will crash any iOS device. It comes a year after a certain text message was discovered to crash and reboot iPhones whenever it was received. But where the text bug caused the iPhone to reboot, the newly discovered video file crashes the phone to such an extent that only a hard reset will bring the phone back to life.Read more