Popular weather app AccuWeather has been caught sending geolocation data to a third-party data monetization firm, even when the user has switched off location sharing. AccuWeather is one of the most popular weather apps in Apple's app store, with a near perfect four-star rating and millions of downloads to its name.
But what the app doesn't say is that it sends sensitive data to a firm designed to monetize user locations without users' explicit permission. Security researcher Will Strafach intercepted the traffic from an iPhone running the latest version of AccuWeather and its servers and found that even when the app didn't have permission to access the device's precise location.Read more
Android often makes the news for being the mobile platform that’s most susceptible to malware. But that doesn’t mean that iOS is completely safe. In fact, it turns out that hackers can take over your iPhone, iPad, or iPod touch and control it without your knowledge.
So you’d better update your device to the latest iOS version, which was just released. Even your brand new iPhone 7 is a potential target, so don’t think that just because it’s fresh hardware, it can’t be attacked by malicious individuals. Apple says on its support pages that iPhone 5 or later, iPad 4th generation or later and iPod touch 6th generation are all affected by this serious bug.Read more
Google has released its latest monthly security update for Android devices, including a serious bug in some Broadcom Wi-Fi chipsets that affects millions of Android devices, as well as some iPhone models.
Dubbed BroadPwn, the remote code execution vulnerability resides in Broadcom's BCM43xx family of WiFi chipsets, which can be triggered remotely without user interaction, allows a remote attacker to execute malicious code on targeted Android devices. "The most severe vulnerability in this section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process," Google describes.Read more
While going through the web browsing, annoying adverts get on your nerves and you are unable to do anything to get rid of them except closing them again and again. Sometimes, these advertisements are very useful in some context, but often, they are annoying and of course, you would like to find out a way to get rid of them.
Well! What you can do is to select an extension or app to block website ads. It is also necessary for you to get because, the appearance of these adverts can make your system slower down and thus, the website, you want to open will be also loaded slowly. It is incredibly irritating when you find yourself helpless before them.Read more
Cisco Talos today warned of a flaw in the X.509 certificate validation feature of Apple macOS and iOS that could let an attacker remotely execute code and steal information. X.509 security certificates are widely used and integral to many Internet protocols, including TLS/SSL, which is the basis for HTTPS, the secure web browsing protocol.
“For most people, securely connecting to a website seems as simple as checking to make sure the little padlock in the address bar is present. However, in the background there are many different steps that are taken to ensure you are safely and securely connecting to the websites that claim they are who they are.Read more
Last week, experts demonstrated a piece of Android malware that can remotely turn on a smartphone's microphone, track the user's location, and intercept phone calls. When buying similar spyware for iPhones, attackers typically need to jailbreak the device first so they can then install unauthorized apps — a technical barrier that may take some time.
But companies do offer monitoring solutions for iPhones that apparently work on iOS 10 devices and don't require a jailbreak. Instead, they take advantage of another aspect of Apple products that some users may overlook — iCloud backups.Read more
While developing a tool for evaluating mobile application security, researchers at Sudo Security Group Inc. found out something unexpected.
Seventy-six popular applications in Apple's iOS App Store, they discovered, had implemented encrypted communications with their back-end services in such a way that user information could be intercepted by a man-in-the-middle attack. The applications could be fooled by a forged certificate sent back by a proxy, allowing their Transport Layer Security to be unencrypted and examined as it is passed over the Internet. The discovery was initially the result of bulk analysis.Read more
The hacker says this demonstrates that when organizations make hacking tools, those techniques will eventually find their way to the public. In January, experts reported that a hacker had stolen 900GB of data from mobile phone forensics company Cellebrite.
The data suggested that Cellebrite had sold its phone cracking technology to oppressive regimes such as Turkey, the United Arab Emirates, and Russia. Now the hacker responsible has publicly released a cache of files allegedly stolen from Cellebrite relating to Android and BlackBerry devices, and older iPhones, some of which may have been copied from publicly available phone cracking tools.Read more
Apple is introducing a new analytics section to its iOS privacy settings where it will ask for permission to analyze iCloud account data to improve Siri and other smart features.
Apple has been critical of Silicon Valley's addiction to harvesting and monetizing user data for ads, but it appears Apple sees some sense in accessing user data and will be seeking to use more of it in the near future. An iOS 10.3 beta released last week contained a note under the title 'iCloud Analytics & Privacy', explaining that Apple wants to analyze iCloud account data to improve intelligent features such as Siri.Read more
A three character-long text message can temporarily disable iPhones, a hacker has shown. On receiving the message, iPhones instantly freeze for around a minute, and sometimes users are forced to restart.
Besides blocking the number that the malicious messages come from the victim has no way of preventing the attack, although its effects are temporary and do not work on the most recent version of iOS. The bug is the latest in a series of strange text-message vulnerabilities that have affected iPhones in recent years. The offending message appears to contain just three characters - a white flag emoji, a “0” and a rainbow emoji.Read more