Just getting started with your new iOS device? That’s great, and we don’t want to be a buzzkill, but we strongly urge you to devote some time to adjusting the privacy settings in your new gadget.
Location tracking and data collection are powerful features that could place your personal information in the hands of people and services you’d rather shut out. Take advantage of these tips to keep your personal data to yourself. To be clear: experts do not recommend turning off all tracking — that would mean discarding a bunch of extremely useful features. But each of these useful features comes at a price.Read more
Gamers who have downloaded the Pokémon Go augmented reality game were given a scare on Monday, after noticing that the app had apparently been granted “full access” to their Google accounts.
Taken at face value, the permissions would have represented a major security vulnerability, albeit one that only appeared to affect players who signed up to play the game using their Google account on Apple devices. The discovery sparked a wave of fear that playing the game might allow its developers, Niantic Labs, to read and send email, access, edit and delete documents in Google Drive and Google Photos, and access browser and maps histories.Read more
Security firm FireEye has discovered a malicious version of the Vpon advertising SDK that provides support for intrusive commands that can allow a remote third-party to manipulate iOS devices. Vpon is the name of an advertising SDK provided for Chinese and Taiwanese developers.
According to FireEye, the Vpon SDK contains functions that allow a malicious party to record audio or video, take screenshots on an iOS device, get device geolocation data, access the address book, interact with apps, and even steal and then upload data from the device to a remote server.Read more
Apple has yet to patch a vulnerability disclosed during last week’s Hack in the Box hacker conference in Amsterdam that allows an attacker with physical access — even on the latest versions of iOS — to swap out legitimate apps with malicious versions undetected on the device.
Researcher of mobile security company Mi3 Security disclosed last week during his talk at the show that an iOS mitigation for a previous attack he’d developed was incomplete and with a modification, he could still infect non-jailbroken iOS devices with malicious or misbehaving apps.Read more
Federal Bureau of Investigation Director James Comey said on Thursday the agency paid more to get into the iPhone of one of the San Bernardino shooters than he will make in the remaining seven years and four months he has in his job.
According to figures from the FBI and the U.S. Office of Management and Budget, Comey's annual salary as of January 2015 was $183,300. Without a raise or bonus, Comey will make $1.34 million over the remainder of his job. That suggests the FBI paid the largest ever publicized fee for a hacking job, easily surpassing the $1 million paid by U.S. information security company Zerodium to break into phones.Read more
A couple of security experts demonstrated that iOS date bug was still present in iOS devices and it was exploitable by spoofing an Apple NTP server. Do you remember the Apple iOS date bug?
In February, the security community highlighted the existence of the embarrassing problem for Apple iOS mobile devices running 64-bit iOS 8 or higher, the issue affects the Apple iOS date and time system and could be triggered by setting the date to January 1, 1970. The news appeared in Reddit discussions warning users about a flaw that could brick iPhone forever. When connected to public Wi-Fi, iPhone calibrates its time settings with an NTP server.Read more
Computer security researchers warn security shortcomings in Android/Playstore undermine the security offered by all SMS-based two-factor authentication. The issue - first reported to Google more than a year ago - revolves around an alleged security weakness rather than a straightforward software vulnerability.
In the BAndroid microsite, the Dutch researchers explain the cause and scope of the alleged vulnerability. If attackers have control over the browser on the PC of a user using Google services, they can push any app with any permission on any of the user's Android devices, and activate it - allowing one to bypass 2-factor authentication via the phone.Read more
A security flaw with the iPhone 6S and 6S Plus will let anyone bypass the phone lock and access personal information without having to know the passcode. The bug, discovered by Jose Rodriguez, who found a similar security hole last year, requires Siri but unlike many other iPhone hacks is relatively easy to execute.
All an attacker needs to do is fire up Siri from the lockscreen and prompt it to search Twitter for any email address. Once one is found, 3D Touching the email address will bring up a context menu from which you can create a new contact or add to an existing contact. That gives the attacker complete access to your contacts.Read more
Apple’s security concessions in corporate devices may have created a loophole in an otherwise secure system, according to new research from Check Point Software Technologies, a company that sells internet security hardware and software.
When successful, this "SideStepper" attack gives perpetrators access to victims’ devices, including their data, as well as the power to install malicious apps. The new attack takes advantage of less rigorous software controls for corporate device users, particularly those who use Mobile Device Management solutions to get apps delivered to their phones.Read more
A researcher discovered an unprotected database storing the details of 198,000 users who had signed up for a now-defunct iOS application. A misconfigured MongoDB database associated with the iPhone app Kinotopic was discovered by a researcher who currently works at Kromtech, the company behind MacKeeper.
Kinotopic, which allowed users to create and share animated pictures and cinemagraphs, was discontinued sometime in 2013. However, the database storing the accounts of people who used the app has not been deleted. The database stores the details of 198,000 former Kinotopic users, including their username, email address and password hash.Read more