Researchers cracked iCloud Keychain and bypassed App Store approval processes.
A group of six university researchers claim to have successfully bypassed Apple’s tight App Store approval processes to publish Mac and iOS malware apps. According to the report, the team presented the zero-day vulnerability to Apple back in October 2014 and were told to keep quiet about it for at least six months.
Luyi Xing, a security researcher who helped expose the zero day vulnerability, still has yet to hear back from Apple on a possible fix.
As anyone who’s worked with technology in the past decade can tell you, the thorniest technical challenges aren’t typically those that deal directly with hardware and software. No, in most cases, the toughest things to troubleshoot and fix lie along the human spectrum. System administrators have long known this, coming up with acronyms like PEBCAK and ID-10T errors.
The same goes for security, which in Apple’s case affects an ever-increasing number of people who not be savvy to the ways of information security.
Brazenly calling itself the “ultimate defense” for protecting passwords, documents, credit cards and all your other private stuff, FaceCrypt is being advertised as one of the most secure ways of controlling access to your iOS device.
Instead of asking for an alphanumeric password — or even Touch ID — FaceCrypt requests that users take a “selfie” to prove they are really the person they say they are.
Just because you’re paranoid doesn’t mean they aren’t out to get you. But short of installing an air-gap, what can you really do to improve security on your iDevices?
The good news is that your iPhone is probably the safest phone you can use, but you would be correct not to trust any U.S-based company with your data, even Apple (which makes its money selling you shiny toys and may therefore be less interested in selling your data).
But if you want to move as much of your data as possible away from iCloud, here are some service and products to help you. You won’t find them as convenient as Apple’s built-in services, but they might keep your data a little safer.
Thanks to Apple’s tireless vetting of App Store apps, it’s tricky for an app to flat-out snoop on you. Then again, the behavior of some apps could be thought of as snooping if you squint and look at them the wrong way.
Foursquare is all about location, but that’s because it knows exactly where you are. And Facebook is… Well, Facebook likes to know things about you.
But you can keep earning Mayorships and tweeting your pictures without telling everyone where you live, or letting them post your location to Facebook. Just follow our handy guide to the privacy settings of various famous apps.
The safest way to use your iPhone is to switch it off, open it up and remove the battery. But this is clearly impractical if you want to do anything more than pretend you have an Android phone.
Some guides have shown us how to increase our security by switching off all manner of services, from iCloud to geotagging for our photos. But if you do that, why buy an iPhone in the first place? And even if you only want to make calls, no amount of on-phone hackery will help you if the folks from The Wire are on your tail.
That’s not to say you shouldn’t be aware of what your iPhone is up to, and with this in mind we bring you a guide to the hidden and not-so-hidden settings you’ll need in iOS 7.
It’s not clear whether this deliberately cagey language is done to comply with the unconstitutional and illegal FISA requirements or whether Apple chose to hide this information for its own purposes, but I suspect the former, and I’ll tell you why.
But first, let’s look at Apple’s constrained, disingenuous statement.
Apple announced its intention this week to buy AuthenTec for about $355 million.
If approved, the acquisition will bring several things to Apple, including the acceleration of its mobile wallet initiative; good technology for encrypting data and content, such as movies; and patent protection for several areas of mobile security.
The biggest thing Apple gets out of this is probably a strong play for using biometrics for identity in general — for online and brick-and-mortar purchases, for logging into web sites and even for digital signatures.
And it doesn’t hurt that taking AuthenTec out of the game as an independent company will be devastating to nearly all of Apple’s biggest competitors, including Google and its Android partners, and Microsoft and its OEM hardware partners.
You’ve heard the predictions. We’re quickly slouching toward a world in which your every move, every purchase, every act of “content consumption” will be meticulously and automatically monitored, tracked and captured. Algorithms will constantly profile you so advertisers can make their advertising specific to your location, preferences, personality, social group, income and education level and more.
Facebook’s future depends on this idea. This is one reason why Google launched Google+. This is why Microsoft launched Bing. This is why investors are bullish on location-based services like Foursquare. This is why Amazon.com created its own web browser.
Every major technology company, it seems, is scrambling to get into the user-data harvesting racket.
Everyone except Apple.
Why didn’t Apple buy Facebook or Twitter? Why didn’t Apple launch its own social network? What is Apple’s strategy for harvesting data about users?
I’ve been puzzled by these questions, and wondering out loud on this site exactly when and how Apple would reveal its strategy for competing on the personal-data collection battlefield.
But this week, something shocking happened that made me think: Maybe Apple isn’t going to get into the data-harvesting business at all. Maybe Apple is going to fight it!