security - page 13

The CIA has been been involved in a multi-year effort to crack iOS security, according to new information provided to The Intercept by whistleblower Edward Snowden. The attempts have been the focal point of multiple yearly CIA conferences called “The Jamboree.”

Among the possible solutions proposed include a means of “whacking” Xcode, the software used to create apps for iOS and Macs. Researchers claimed they had discovered a means by which Xcode could be manipulated to allow devices to be infected, so as to allow for the extraction of private data — thereby creating a “remote backdoor” that would disable core security features and allow undetected access to Apple devices.

That iPhone in your hands? It’s been compromised by the National Security Agency through its SIM card, and government spies can access your phone through a backdoor installed on it without even needing a court order.

Sound scary? It is, and it’s the latest bombshell to be dropped by American whistleblower Edward Snowden.

Apple is making iMessage and FaceTime harder to hack by turning on two-step verification for both services in an effort to tighten security for iOS and Mac users.

The extra security goes into effect today and gives users an extra layer of protection against hackers or anyone else trying to log in to your iMessage account to either impersonate you or steal data.

One of the great things about iMessage and FaceTime is that it encrypts your messages automatically, making it very, very difficult for hackers to spy on the messages you send.

But guess what? If U.K. Prime Minister David Cameron gets his way, iMessage and FaceTime encryption might soon be a thing of the past.

Apple is normally pretty hot on security, but a new glitch discovered in OS X Yosemite’s search threatens to expose the private details of Apple Mail users — including IP addresses, and more —  to online spammers and phishers.

The privacy risk occurs when people use Spotlight Search, which also indexes emails received with the Apple Mail email client. When performing searches on a Mac, Spotlight shows previews of emails and automatically loads external images in the HTML email.

So why is this dangerous?

We all make compromises daily when it comes to online security. Everybody wants to be safe and secure when making purchases online, but practically none of us do everything necessary to keep our data secure.

“People, myself included, are basically lazy,” web developer Joe Tortuga told Cult of Mac, “and ease of use is inversely related to security. If it’s too difficult, then people just won’t do it.”

With all the recent hacks into private as well as corporate data — like the credit card grab from Home Depot and the hack into Sony’s files, there’s no better time to learn some of the things we all can do to protect ourselves. We spoke to some online security experts to get their advice.

This post is brought to you by IdeaSolutions, creator of KYMS.

What better way to keep your media safe than to encrypt your files and hide them behind an iOS app that appears to be nothing more than a stylish calculator? KYMS (Keep Your Media Safe) encrypts all your multimedia files, photos, documents, passwords and much more, then stashes them inside a military-grade vault that’s hiding in plain sight.

Google has launched a new online tool that allows users to see all the devices that have logged into their account in the last 28 days. If you have suspicions that someone may be logging into your Google account without your permission, you can log in and quickly identify any unauthorized access from computers and mobile devices.

We’re all concerned about our privacy lately. Using a different strong password for all our banking and website activities is the best way to keep malicious hackers from getting all up into our grill.

Rapper MC Safesearch, though, needs to remember not to post his passwords in the music video he’s doing about privacy and security.

Check out how this socially-conscious musician gets totally hacked during his own music video.

Recent reports of iCloud phishing attempts in China illustrate just how important it is always verify that you’re logging into legitimate websites before you enter your precious passwords.

To help, Apple today outlined how users can protect themselves from phishing attacks, in which bad guys pose as legitimate entities in an attempt to gain sensitive data on the web. Apple’s simple PSA page shows how web surfers can verify the authenticity of any website.

iCloud passwords and security passwords can be guessed using social networking and various phishing techniques, and complex passwords and two-step verification are not as intuitive as they should be.

In a delightfully complete article over at TidBITS, author Rich Mogul lays out the facts behind the current spate of Apple security problems – most of which boil down to this: People are the weakest link in the chain.

As anyone who’s worked with technology in the past decade can tell you, the thorniest technical challenges aren’t typically those that deal directly with hardware and software. No, in most cases, the toughest things to troubleshoot and fix lie along the human spectrum. System administrators have long known this, coming up with acronyms like PEBCAK and ID-10T errors.

The same goes for security, which in Apple’s case affects an ever-increasing number of people who not be savvy to the ways of information security.

Almost everyone is happy about iOS 8’s recent privacy upgrade, which means that Apple can’t unlock your phone as part of an investigation. Almost everyone, that is, except for the FBI.

Speaking with reporters Thursday, FBI director James Comey described himself as “very concerned” by steps tech companies like Apple are taking to strengthen privacy on mobile devices.

“I am a huge believer in the rule of law, but I am also a believer that no one in this country is beyond the law,” Comey said. “What concerns me about this is companies marketing something expressly to allow people to place themselves above the law.”

Apple was aware of the iCloud vulnerability which resulted in dozens of nude celebrity images being leaked earlier this month.

According to emails between Apple and noted security expert Ibrahim Balic, Cupertino was given information of a similar security flaw as early as March of this year. In an email from that month, Balic informed an Apple official that he had successfully bypassed the feature designed to stop a so-called “brute-force” attack taking place.

If you regularly use an iPhone or iPad app that uses a built-in browser, you could be vulnerable to a major vulnerability in iOS that allows unscrupulous app developers to spy on your typing.

Today Apple quietly expanded its use of two-factor authentication to protect iCloud users. Now those who have enabled the added security measure will be asked to verify their identity with a secondary device when logging into iCloud.com.

PayPal is feeling threatened. After Apple announced its new mobile payment platform Apple Pay last week, PayPal took out a full-page ad in The New York Times, blasting Apple’s security record in the wake of the celebrity nude scandal.

Tim Cook may have been on the receiving end of welcoming notes from other watchmakers now the Apple Watch has been announced, but not every note has been so friendly.

On Monday, the office of Connecticut attorney general George Jepsen revealed that he had sent an open letter to Tim Cook noting concerns about the privacy implications of Apple Watch, particularly related to the handling of health data.

Particularly on the back of the recent iCloud account hacking scandal, smartphone security is something a lot of people are paying more attention to.

With that in mind, a London-based designer recently launched an intriguing Kickstarter campaign, to create a clothing label aimed at raising awareness about high-tech security.

The clothes are all cleverly constructed around a removable waterproof stealth pocket, made from police-grade shielding fabrics, designed to securely block all Cell, WiFi, GPS and RFID signals to ~100 dB.

It was only a matter of time before Apple spoke out more publicly about the controversy surrounding the compromised iCloud accounts of numerous celebrities.

In an interview with The Wall Street Journal, Tim Cook revealed that Apple is adding new security measures to iCloud in the coming weeks. Users will be notified by email and a push notification for account activity, including whenever an iCloud backup is accessed. Two-step verification will also be strengthened to cover more aspects of iCloud.

Cook also said that Apple plans to raise more “awareness” about internet security.

By now you’ve probably heard about the avalanche of celebrity nude photos that slammed the Web on Labor Day. But amid the chaos of FBI investigations, celeb denials and Apple PR releases that say basically nothing, understanding how the attackers executed the hack — and how to prevent it from happening to you — hasn’t been so clear.

Apple recommended that all users enable two-step verification “to protect against this type of attack,” but the truth about iCloud’s two-step security is a little more complicated than Apple’s letting on, and turning it on probably wouldn’t have prevented the celebrities’ pics from getting hacked in the first place.

To help sort through the confusing mess, we’ve broken down everything you need to know about iCloud’s security and how you can use two-factor authentication and other security steps to keep some perv named 4chan from blasting your nips all over the Internet.

If you make something private, obviously you want it to stay that way. But with hackers trying to get at your data, you need to be prepared. Following the recent iCloud hacking that leaked tons of private celebrity photos, there’s a renewed focus on security.

In today’s video, we show you how to enable two-step verification on all your Apple devices so you’ll have a better chance of keeping everything that’s near and dear to you private and secure.

Subscribe to Cult of Mac TV on YouTube to catch all our latest videos.

It may dominate 80 percent of China’s high-end smartphone market, but one place Apple’s not racking up supporters or sales is in the Chinese government.

In fact, according to a new list drawn up by the country’s National Development and Reform Commission and Ministry of Finance, Apple products are persona non grata when it comes to high tech devices that public money is allowed to be spent on.

The reason is security concerns, in the wake of increased fears about hacking and cyberspying. “When the government stops the procurement of products, it sends a signal to corporates and semi-government bodies,” says Mark Po, an analyst with UOB Kay Hian Ltd. in Hong Kong. “The Chinese government wants to make sure that overseas companies shouldn’t have too much influence in China.”

According to findings by researchers Karsten Nohl and Jakob Lell, USB security may be profoundly broken, with no way around it.

Nohl and Lell have highlighted a flaw in USB devices which potentially offer hackers the ability to sidestep all currently known security measures used by a computer. Called the BadUSB exploit, the vulnerability allows hackers to meddle with the firmware which controls the functions of various USB plug-ins, such as mice, keyboards and thumb drives.

Earlier this week, forensic data scientist Jonathan Zdziarski made a bold claim: iOS may be vulnerable to government snooping by design. According to Zdziarski, iOS had multiple backdoors installed that made any device running the OS “almost always at risk of spilling all data,” which in turn made for some “tasty attack points for .gov and criminals.”

Apple, of course, denied having ever worked with the government to install any backdoors. But that didn’t change the fact that these unsecured services do exist, and worse, have gone entirely undocumented. But thankfully, Apple has rectified at least that last problem, penning a new support document that explains what each of Zdziarski’s snoopsome services actually does.

Is iOS spying on you for Apple?

According to forensic scientist Jonathan Zdziarski, quite possibly: Several undocumented services run regularly in the background on over 600 million iOS devices, which could be sending data to Apple.