The Freak bug went unnoticed for over a decade. Photo: Jim Merithew/Cult of Mac
A newly discovered security bug has secretly left Safari users on both iOS and OS X vulnerable to attacks on hundreds of thousands of websites for years.
The ‘FREAK’ security flaw was exposed today by a group of nine researchers who discovered web browsers could be forced to use an intentionally-weakened form of encryption. FREAK effects iPhones, Macs, and Android browsers, but Apple’s spokesman says the company will release a fix next week.
The NSA has just hacked 2 billion SIM cards around the globe, but Gemalto says it isn’t that bad. Photo: Wikicommons
Late last week, we reported on the newest leak from Edward Snowden, indicating that the NSA had hacked the SIM cards of pretty much every smartphone on Earth. iPhones included.
It looked bad. The hack allowed the NSA to tap into your phone without a court order. But today, the Dutch company responsible for 2 billion SIM cards released a statement, saying that as far as they can tell, fears of a massive NSA invasion are overblown.
UDID identifiers could be used to link iPhones to their users. Photo: Cult of Mac
Apple has long been outspoken about the measures it goes to to keep your iPhone secure, but new documents leaked by whistleblower Edward Snowden demonstrate how the British spy agency GCHQ was able to carry out “realtime tracking of target iPhones” — by compromising users’ computers.
Rather than directly targeting the iPhones, GCHQ agents focused their attack on the computers with which the iPhones were synchronised, enabling them to access much of the data stored on the handset. The method took advantage of flaws in Apple’s UDID (unique device identifier) system, which issued a unique code for every iPhone, linking it with its owner.
The iPhone tracking report was handed over by Snowden to a group of nine journalists — including Laura Poitras, the filmmaker behind the acclaimed documentary Citizenfour.
Congress has dropped the ball on surveillance reform, according to Tim Cook and a host of other top tech CEOs throughout the country.
In a full-page ad printed in today’s Washington Times, the tech companies tell the Senate it’s been a year since revelations on the NSA’s over reach were made known to citizens, but Congress has failed to pass a version of the USA Freedom Act that would restore the confidence of internet users.
Apple legend Bill Atkinson, left, and Andrew Stone talk Steve Jobs, drugs and the Internet at AltConf 2014 in San Francisco. Photo: Jim Merithew/Cult of Mac
SAN FRANCISCO — At Apple’s WWDC developer conference, there are talks about interface design, writing code and fixing bugs.
Across the street at indie spinoff AltConf, the talks are concerned with spying on users and making choices between good and evil.
“We have had a hand in creating one of the most dystopian and undesirable societies imaginable,” said Andrew Stone, a veteran programmer who once worked with Steve Jobs, during a talk entitled “What Have We Built Here?”
It’s not the kind of stuff you’d expect to hear at a developer’s conference, but in an age of widespread government spying and cynicism about corporate slogans like “Don’t be evil,” AltConf highlights that programmers are often presented with moral choices. There’s a growing awareness in the coding community that although the activity of programming is benign, what’s created can be used for evil. Take Maciej Cegłowski’s talk last month in Germany, which has been widely discussed on the Web. Cegłowski argues — convincingly — that the utopian ideals of the early internet have been thoroughly corrupted, and the entire industry is “rotten.”
This time on The CultCast: No, those rumored new EarPods won’t measure your pulse. Last week’s biggest Apple rumor was a fake made up by a guy on a toilet! Plus, why you shouldn’t expect new hardware at June’s WWDC; iPhone warns you when the NSA wants you for drug trafficking; Apple’s newest executive gets a HUGE payday; Katie Cotton, Apple’s long time PR lead and Steve Jobs confidant, calls it quits; Cupertino will take on Samsung with more Guerrilla-style marketing; and since you asked, we reveal the jobs we’ve always wanted on an all-new Get To Know Your Cultist.
Have a few LOLs while we catch you up on each week’s best Apple stories! Stream or download new and past episodes of The CultCast now on your Mac or iDevice by subscribing on iTunes, or hit play below and let the audio adventure begin!
Our thanks to Smile Software for supporting this episode! If you haven’t tried TextExpander from Smile software, you’re missing out on one of the most useful apps available for the Mac. With TextExpander, you’ll save time and effort by expanding short abbreviations into frequently-used text and pictures. Try it out yourself for free at smilesoftware.com/cultcast.
The data-hungry tentacles of the NSA have managed to choke America’s top tech firms into silent submission on data requests, but after months of demanding more transparency, Apple is ready to defy authorities and let you know when the NSA wants your data.
Prosecutors warn that such a move will undermine investigations by tipping off criminals and allowing them to destroy sensitive data, but according to the Washington Post, Apple and others have already changed their policies.
While accusations about NSA backdoors to Apple devices have been doing the rounds for a while now, yesterday’s revelations about spying agencies using so-called “leaky apps” to capture user data has reignited the debate. Below is a Q&A covering everything we’ve learned so far:
Q) What is a leaky app?
A) An app that transmits private user information across the Internet. While apps have come under fire for collecting private user information before, the current outcry follows revelations leaked by Edward Snowden, suggesting that leaky apps have been the focus of spying organizations such as the NSA and its UK counterpart, GCHQ (Government Communications HQ). The NSA has cumulatively spent more than $1 billion in its phone targeting efforts. A 2010 NSA presentation cites poor secured apps as a “golden nugget” for gathering user information — including, but not limited to, address books and friend lists.
Today the U.S. Department of Justice gave permission to companies like Apple, Google, and Microsoft to share previously classified details regarding requests for customer data from the government.
Tim Cook recently said in an interview that Apple has a gag order preventing it from disclosing what exact information it has given over to the NSA. Now Apple and other companies that have fought for greater transparency from the government can share more about what they’ve had to share. Apple has posted a revised list of the information requests it received between January and June of 2013.