A lock is only good at protecting things if it actually stays locked. The activation lock in iOS, for example, makes it very hard for someone other than the owner to wipe an iPhone or iPad and set it up as a new device. Very hard, but not impossible.
Two different bugs have recently been discovered that could allow someone to bypass Apple’s activation lock. One impacts devices running iOS 10.1 and another on the most current version of the software, iOS 10.1.1. Expert workaround exploited a weakness in the iOS device setup process, and he tested it on a locked iPad he purchased from eBay.Read more
A team of computer hackers have demonstrated how the Tesla Model S can be located, unlocked and driven away without the key. By compromising the car's companion smartphone application, they used a laptop to remotely unlock the doors, start the electric car and 'steal' it from a colleague.
The hack exposes the internet weaknesses of products which can be accessed via apps and the internet. The Tesla app is commonly used by owners to check the battery level and charging status, see the location of their car, as well as set the climate control before getting in, and flash the lights to help find the car in a car park.Read more
A corrupted video being shared online will crash any iPhone or iPad it is played on, and in some cases causes the device to switch off and become unresponsive. The video is a file which can be played in the iOS Safari web browser, but quickly slows the device to a crawl, before causing it to lock up and freeze.
The flaw is being described as "completely crazy" and will crash any iOS device. It comes a year after a certain text message was discovered to crash and reboot iPhones whenever it was received. But where the text bug caused the iPhone to reboot, the newly discovered video file crashes the phone to such an extent that only a hard reset will bring the phone back to life.Read more
Setting a passcode on your iPhone is the first line of defense to help prevent other people from accessing your personal details. However, it's pretty much easy for anyone with access to your iPhone to bypass the passcode protection and access your personal photos and messages.
A new critical security flaw discovered in iOS 8 and newer, including 10.2 beta 3, allows anyone to bypass iPhone's passcode and gain access to personal information using the benevolent nature of Apple's personal assistant Siri. The security glitch has been discovered by EverythingApplePro and iDeviceHelps and now that they have gone public with a video.Read more
Security researchers have discovered a way to target a huge number of Android and iOS apps that could allow them to remotely sign into any victim's mobile app account without any knowledge of the victim.
A group of three researchers – Ronghai Yang, Wing Cheong Lau, and Tianyu Liu – from the Chinese University of Hong Kong has found that most of the popular mobile apps that support single sign-on (SSO) service have insecurely implemented OAuth 2.0. It is an open standard for authorization that allows users to sign in for other third-party services by verifying existing identity of their Google, Facebook, or Chinese firm Sina accounts.Read more
An analysis of transactions originating from devices protected by Zscaler security products reveals that iOS applications leak private user information in more situations than Android apps.
The result of this study shows that the generally accepted theory of iOS being more secure than Android doesn't necessarily apply to the apps running on these two platforms. According to data gathered in the last quarter, Zscaler says it detected around 200,000 transactions from a total of 45 million, where an app has leaked user data. The type of leaked information includes personally identifiable information, geo-location data, and device metadata.Read more
Professional iPhone hackers say that Apple has dropped the ball on password security with its latest iPhone operating system, making the task of cracking the logins for backups stored on a Mac or PC considerably easier.
The claim comes from Elcomsoft whose kit was thought to have been used by hackers who exposed celebrities’ nude pictures in 2014. Like market leader Cellebrite, it makes its money selling kit that can break into iPhones for the purpose of rooting around a target’s device. As soon as iOS 10 was out, the company started probing its security, and found Apple was using a weaker password protection mechanism for manual backups via iTunes than it had done previously.Read more
China-based third-party app store called Haima has been found infecting millions of iOS users with malicious adware by repackaging popular apps and circulating them through its site. Haima, which is currently only available in the Chinese market, uses a technique called app side-loading to deliver adware to users.
According toTrend Micro security researchers, who analysed Haima, Haima operators trick users into installing apps from outside the official iOS app store by luring users via aggressive social media advertising and relying on the popularity of apps like Minecraft, Instagram and Terraria in achieving successful downloads.Read more
As you probably know, modern apps often spy on users — at least to the extent of tracking their locations. If your privacy matters to you and you use an iOS device you can easily forbid applications to track your movement. But do you know that iOS has a bunch of special Apple services that track you as well?
By the way, unlike the apps you install, these services are always on. Therefore, you may want to thin out this lengthy list — because you value your privacy, or because you value your battery life, or both. The good news is that the services can be easily adjusted. The bad news is that not all of them are explained at all in your iPhone or iPad settings.Read more
At least two smishing campaigns have hit iOS users in the past week, with over 7,500 users clicking the malicious links and ending up on phishing pages designed to con them out of their Apple login credentials.
Intel McAfee security experts first discovered something was wrong, when their security products started picking up suspicious SMS messages from a US number. These messages had the format of an email. Researchers say that users who clicked on this link ended up on a hacked website, where a message was displayed, telling them they had to verify their account as soon as possible, or Apple would lock it.Read more