Have you used a friend's laptop to charge your iPhone and gotten a prompt that says, "Trust This Computer?" Say yes, and the computer will be able to access your phone settings and data while they're connected.
And while it doesn't feel like your answer really matters—your phone will charge either way—researchers from Symantec warn that this seemingly minor decision has much higher stakes than you'd think. In fact, the Symantec team has found that hacks exploiting that misplaced "Trust" comprise a whole class of iOS attacks they call "trustjacking." Once a user authorizes a device, they open themselves to serious and persistent attacks.Read more
In what appears to be a major breakthrough for law enforcement, and a possible privacy problem for Apple customers, a major U.S. government contractor claims to have found a way to unlock pretty much every iPhone on the market.
Cellebrite, a Petah Tikva, Israel-based vendor that's become the U.S. government's company of choice when it comes to unlocking mobile devices, is this month telling customers its engineers currently have the ability to get around the security of devices running iOS 11. That includes the iPhone X.Read more
Someone just posted what experts say is the source code for a core component of the iPhone’s operating system on GitHub, which could pave the way for hackers and security researchers to find vulnerabilities in iOS and make iPhone jailbreaks easier to achieve.
The GitHub code is labeled “iBoot,” which is the part of iOS that is responsible for ensuring a trusted boot of the operating system. In other words, it’s the program that loads iOS, the very first process that runs when you turn on your iPhone. It loads and verifies the kernel is properly signed by Apple and then executes it—it’s like the iPhone’s BIOS.Read more
A French prosecutor has launched a preliminary investigation of U.S. tech giant Apple over alleged deception and planned obsolescence of its products following a complaint by a consumer organization, a judicial source said on Monday.
The investigation, opened on Friday, will be led by French consumer fraud watchdog DGCCRF, part of the Economy Ministry, the source said. Apple acknowledged last month that it takes some measures to reduce power demands - which can have the effect of slowing the processor - in some older iPhone models when a phone’s battery is having trouble supplying the peak current that the processor demands.Read more
Whenever you give iPhone apps permission to access your camera, the app can surreptitiously take pictures and videos of you as long as the app is in the foreground, a security researcher warned on Wednesday.
Felix Krause, who recently warned of the danger of malicious iPhone password popups, wrote a blog post as a sort of PSA for iPhone users. To be clear, this is not a bug, but likely intended behavior. What this means is that even if you don't see the camera "open" in the form of an on-screen viewfinder, an app can still take photos and videos. It is unknown how many apps currently do this, but Krause created a test app as a proof-of-concept.Read more
A Google security researcher has published proof-of-concept code for a vulnerability that can be exploited remotely via a WiFi connection to take over iPhone 7 handsets.
"The exploit gains code execution on the Wi-Fi firmware on the iPhone 7," says Gal Beniamini, a member of the Google Project Zero security team. "Upon successful execution of the exploit, a backdoor is inserted into the firmware, allowing remote read/write commands to be issued to the firmware via crafted action frames, thus allowing easy remote control over the Wi-Fi chip," Beniamini says.Read more
The new top-of-the-range iPhone does away with the home button and its built-in fingerprint reader in favor of a new biometric — called Face ID — which uses a 3D scan of the user’s face for authenticating and unlocking their device. It also replaces Touch ID for Apple Pay too.
Apple suggests this is an advancement over a fingerprint reader because it’s an easier and more natural action for the user to perform — you just look at the phone and it unlocks; no need to worry if you have wet fingers and so on. However offering to gate the smorgasbord of personal content that lives on a smartphone behind a face biometric inevitably raises lots of security questions.Read more
Apple is well-known for its maniacal approach to security, but it turns out not even the Cupertino heavyweight is safe from breaches: Popular YouTuber EverythingApplePro has stumbled upon a miniature hacking device that can crack the passcode of any iPhone 7 handset.
The device has a fairly compact size, but what is even more impressive is that, thanks to its three USB ports, it has the capacity to brute-force passcodes on three devices at the same time. To pull this off, EverythingApplePro says the creators of the tool exploited a loophole in the phone’s data recovery state that allows users to enter as many password attempts as they need.Read more
Apple Inc. is working on a feature that will let you unlock your iPhone using your face instead of a fingerprint. For its redesigned iPhone, set to go on sale later this year, Apple is testing an improved security system that allows users to log in, authenticate payments, and launch secure apps by scanning their face, according to people familiar with the product.
This is powered by a new 3-D sensor, added the people, who asked not to be identified discussing technology that’s still in development. The company is also testing eye scanning to augment the system, one of the people said. The sensor’s speed and accuracy are focal points of the feature.Read more
HipChat, a communications platform for businesses, warned users Monday it experienced a database breach, which may have compromised the names, email addresses and passwords of its users. In additional to user information, HipChat warned users that metadata from company “rooms” or groups also may have been accessed.
Worse yet, in a small number of instances, messages from a room may have been stolen. HipChat chief security officer assured users in a blog post that less than 0.05 percent of instances included user messages, and passwords were “hashed.”Read more