| Cult of Mac

CIA spends years trying to break Apple’s security

By

The CIA is gunning for Apple's security. Photo: Spy vs. Spy
The CIA is gunning for Apple's security. Photo: Spy vs. Spy

The CIA has been been involved in a multi-year effort to crack iOS security, according to new information provided to The Intercept by whistleblower Edward Snowden. The attempts have been the focal point of multiple yearly CIA conferences called “The Jamboree.”

Among the possible solutions proposed include a means of “whacking” Xcode, the software used to create apps for iOS and Macs. Researchers claimed they had discovered a means by which Xcode could be manipulated to allow devices to be infected, so as to allow for the extraction of private data — thereby creating a “remote backdoor” that would disable core security features and allow undetected access to Apple devices.

Apple is working on fix for newly discovered ‘FREAK’ security bug

By

This login screen for a Quanta Computer database led to sensitive documents containing details on upcoming Apple products. Photo: Jim Merithew/Cult of Mac
The Freak bug went unnoticed for over a decade. Photo: Jim Merithew/Cult of Mac

A newly discovered security bug has secretly left Safari users on both iOS and OS X vulnerable to attacks on hundreds of thousands of websites for years.

The ‘FREAK’ security flaw was exposed today by a group of nine researchers who discovered web browsers could be forced to use an intentionally-weakened form of encryption. FREAK effects iPhones, Macs, and Android browsers, but Apple’s spokesman says the company will release a fix next week.

Maybe the NSA hasn’t hacked your iPhone after all?

By

The NSA has just hacked 2 billion SIM cards around the globe, but Gemalto says it isn't that bad.  Photo: Wikicommons
The NSA has just hacked 2 billion SIM cards around the globe, but Gemalto says it isn't that bad. Photo: Wikicommons

Late last week, we reported on the newest leak from Edward Snowden, indicating that the NSA had hacked the SIM cards of pretty much every smartphone on Earth. iPhones included.

It looked bad. The hack allowed the NSA to tap into your phone without a court order. But today, the Dutch company responsible for 2 billion SIM cards released a statement, saying that as far as they can tell, fears of a massive NSA invasion are overblown.

iSpy: Snowden leak shows how the UK tracked iPhone users

By

post-309337-image-c828d653e41bcb766bb2102941adb7a2-png
iPhone_UDID
UDID identifiers could be used to link iPhones to their users. Photo: Cult of Mac

Apple has long been outspoken about the measures it goes to to keep your iPhone secure, but new documents leaked by whistleblower Edward Snowden demonstrate how the British spy agency GCHQ was able to carry out “realtime tracking of target iPhones” — by compromising users’ computers.

Rather than directly targeting the iPhones, GCHQ agents focused their attack on the computers with which the iPhones were synchronised, enabling them to access much of the data stored on the handset. The method took advantage of flaws in Apple’s UDID (unique device identifier) system, which issued a unique code for every iPhone, linking it with its owner.

The iPhone tracking report was handed over by Snowden to a group of nine journalists — including Laura Poitras, the filmmaker behind the acclaimed documentary Citizenfour.

Tim Cook, tech leaders urge Senate to curb government surveillance

By

reg34rg
reg34rg

 

Congress has dropped the ball on surveillance reform, according to Tim Cook and a host of other top tech CEOs throughout the country.

In a full-page ad printed in today’s Washington Times, the tech companies tell the Senate it’s been a year since revelations on the NSA’s over reach were made known to citizens, but Congress has failed to pass a version of the  USA Freedom Act that would restore the confidence of internet users.

Here’s the full ad:

Coders grapple with good and evil at WWDC’s indie spinoff

By

Bill Atkinson, left and Andrew Stone chat each other up at AltConf in San Francisco June 3, 2014. Photo: Jim Merithew/Cult of Mac
Apple legend Bill Atkinson, left, and Andrew Stone talk Steve Jobs, drugs and the Internet at AltConf 2014 in San Francisco. Photo: Jim Merithew/Cult of Mac

SAN FRANCISCO — At Apple’s WWDC developer conference, there are talks about interface design, writing code and fixing bugs.

Across the street at indie spinoff AltConf, the talks are concerned with spying on users and making choices between good and evil.

“We have had a hand in creating one of the most dystopian and undesirable societies imaginable,” said Andrew Stone, a veteran programmer who once worked with Steve Jobs, during a talk entitled “What Have We Built Here?”

It’s not the kind of stuff you’d expect to hear at a developer’s conference, but in an age of widespread government spying and cynicism about corporate slogans like “Don’t be evil,” AltConf highlights that programmers are often presented with moral choices. There’s a growing awareness in the coding community that although the activity of programming is benign, what’s created can be used for evil. Take Maciej Cegłowski’s talk last month in Germany, which has been widely discussed on the Web. Cegłowski argues — convincingly — that the utopian ideals of the early internet have been thoroughly corrupted, and the entire industry is “rotten.”

WWDC hardware expectations plus a big fake Apple rumor on our newest CultCast

By

cultcast-iPad-Mini-new-logo.jpg

This time on The CultCast: No, those rumored new EarPods won’t measure your pulse. Last week’s biggest Apple rumor was a fake made up by a guy on a toilet! Plus, why you shouldn’t expect new hardware at June’s WWDC; iPhone warns you when the NSA wants you for drug trafficking; Apple’s newest executive gets a HUGE payday; Katie Cotton, Apple’s long time PR lead and Steve Jobs confidant, calls it quits; Cupertino will take on Samsung with more Guerrilla-style marketing; and since you asked, we reveal the jobs we’ve always wanted on an all-new Get To Know Your Cultist.

Have a few LOLs while we catch you up on each week’s best Apple stories! Stream or download new and past episodes of The CultCast now on your Mac or iDevice by subscribing on iTunes, or hit play below and let the audio adventure begin!

Our thanks to Smile Software for supporting this episode! If you haven’t tried TextExpander from Smile software, you’re missing out on one of the most useful apps available for the Mac. With TextExpander, you’ll save time and effort by expanding short abbreviations into frequently-used text and pictures. Try it out yourself for free at smilesoftware.com/cultcast.

Click on for the show notes.

Apple publishes its guidelines for law enforcement data requests

By

Screen_Shot_2014-05-08_at_09

Ever since the Edward Snowden revelations, the question of how companies like Apple respond to law enforcement and government requests for user information has taken on a new level of importance.

In a new document added to its website, called Legal Process Guidelines U.S. Law Enforcement, Apple provides an overview of how it deals with such requests in North America.

Apple will now alert you when the NSA wants your data

By

iOS 8 is Apple's most privacy-conscious mobile OS yet.
iOS 8 is Apple's most privacy-conscious mobile OS yet.

The data-hungry tentacles of the NSA have managed to choke America’s top tech firms into silent submission on data requests, but after months of demanding more transparency, Apple is ready to defy authorities and let you know when the NSA wants your data.

Prosecutors warn that such a move will undermine investigations by tipping off criminals and allowing them to destroy sensitive data, but according to the Washington Post, Apple and others have already changed their policies.

Everything You Need To Know About The NSA’s Leaky Apps

By

Photo: Rovio
Photo: Rovio

While accusations about NSA backdoors to Apple devices have been doing the rounds for a while now, yesterday’s revelations about spying agencies using so-called “leaky apps” to capture user data has reignited the debate. Below is a Q&A covering everything we’ve learned so far:

Q) What is a leaky app?

A) An app that transmits private user information across the Internet. While apps have come under fire for collecting private user information before, the current outcry follows revelations leaked by Edward Snowden, suggesting that leaky apps have been the focus of spying organizations such as the NSA and its UK counterpart, GCHQ (Government Communications HQ). The NSA has cumulatively spent more than $1 billion in its phone targeting efforts. A 2010 NSA presentation cites poor secured apps as a “golden nugget” for gathering user information — including, but not limited to, address books and friend lists.