Setting a passcode on your iPhone is the first line of defense to help prevent other people from accessing your personal details. However, it's pretty much easy for anyone with access to your iPhone to bypass the passcode protection and access your personal photos and messages.
A new critical security flaw discovered in iOS 8 and newer, including 10.2 beta 3, allows anyone to bypass iPhone's passcode and gain access to personal information using the benevolent nature of Apple's personal assistant Siri. The security glitch has been discovered by EverythingApplePro and iDeviceHelps and now that they have gone public with a video.Read more
Security researchers have discovered a way to target a huge number of Android and iOS apps that could allow them to remotely sign into any victim's mobile app account without any knowledge of the victim.
A group of three researchers – Ronghai Yang, Wing Cheong Lau, and Tianyu Liu – from the Chinese University of Hong Kong has found that most of the popular mobile apps that support single sign-on (SSO) service have insecurely implemented OAuth 2.0. It is an open standard for authorization that allows users to sign in for other third-party services by verifying existing identity of their Google, Facebook, or Chinese firm Sina accounts.Read more
An analysis of transactions originating from devices protected by Zscaler security products reveals that iOS applications leak private user information in more situations than Android apps.
The result of this study shows that the generally accepted theory of iOS being more secure than Android doesn't necessarily apply to the apps running on these two platforms. According to data gathered in the last quarter, Zscaler says it detected around 200,000 transactions from a total of 45 million, where an app has leaked user data. The type of leaked information includes personally identifiable information, geo-location data, and device metadata.Read more
Just getting started with your new iOS device? That’s great, and we don’t want to be a buzzkill, but we strongly urge you to devote some time to adjusting the privacy settings in your new gadget.
Location tracking and data collection are powerful features that could place your personal information in the hands of people and services you’d rather shut out. Take advantage of these tips to keep your personal data to yourself. To be clear: experts do not recommend turning off all tracking — that would mean discarding a bunch of extremely useful features. But each of these useful features comes at a price.Read more
Gamers who have downloaded the Pokémon Go augmented reality game were given a scare on Monday, after noticing that the app had apparently been granted “full access” to their Google accounts.
Taken at face value, the permissions would have represented a major security vulnerability, albeit one that only appeared to affect players who signed up to play the game using their Google account on Apple devices. The discovery sparked a wave of fear that playing the game might allow its developers, Niantic Labs, to read and send email, access, edit and delete documents in Google Drive and Google Photos, and access browser and maps histories.Read more
Federal Bureau of Investigation Director James Comey said on Thursday the agency paid more to get into the iPhone of one of the San Bernardino shooters than he will make in the remaining seven years and four months he has in his job.
According to figures from the FBI and the U.S. Office of Management and Budget, Comey's annual salary as of January 2015 was $183,300. Without a raise or bonus, Comey will make $1.34 million over the remainder of his job. That suggests the FBI paid the largest ever publicized fee for a hacking job, easily surpassing the $1 million paid by U.S. information security company Zerodium to break into phones.Read more
Computer security researchers warn security shortcomings in Android/Playstore undermine the security offered by all SMS-based two-factor authentication. The issue - first reported to Google more than a year ago - revolves around an alleged security weakness rather than a straightforward software vulnerability.
In the BAndroid microsite, the Dutch researchers explain the cause and scope of the alleged vulnerability. If attackers have control over the browser on the PC of a user using Google services, they can push any app with any permission on any of the user's Android devices, and activate it - allowing one to bypass 2-factor authentication via the phone.Read more
A security flaw with the iPhone 6S and 6S Plus will let anyone bypass the phone lock and access personal information without having to know the passcode. The bug, discovered by Jose Rodriguez, who found a similar security hole last year, requires Siri but unlike many other iPhone hacks is relatively easy to execute.
All an attacker needs to do is fire up Siri from the lockscreen and prompt it to search Twitter for any email address. Once one is found, 3D Touching the email address will bring up a context menu from which you can create a new contact or add to an existing contact. That gives the attacker complete access to your contacts.Read more
A researcher discovered an unprotected database storing the details of 198,000 users who had signed up for a now-defunct iOS application. A misconfigured MongoDB database associated with the iPhone app Kinotopic was discovered by a researcher who currently works at Kromtech, the company behind MacKeeper.
Kinotopic, which allowed users to create and share animated pictures and cinemagraphs, was discontinued sometime in 2013. However, the database storing the accounts of people who used the app has not been deleted. The database stores the details of 198,000 former Kinotopic users, including their username, email address and password hash.Read more
Apple CEO Tim Cook denounced a federal judge's order to crack open an iPhone used by a terrorist, calling the situation "chilling" and saying it would deal a major setback to online privacy for all.
To hack the phone, the FBI wants Apple to build a new version of its iOS software that Cook claims bypasses the iPhone's security features and creates "the potential to unlock any iPhone in someone's physical possession." "The US government has asked us for something we simply do not have, and something we consider too dangerous to create," Cook wrote in an open letter posted on Apple's website. "They have asked us to build a backdoor to the iPhone."Read more