iOS hackers are some of the most sought after individuals in the security research community. Geniuses like Comex who come up with jailbreaks used by millions of iPhone and iPad users are offered incredible sums of money to sell their exploits to powerful and high profile clients.
Sure, you could win a decent amount of cash at a security conference for showing off the exploits you’ve uncovered, but why not make $250,000 and secretly sell your stuff to say, an entity like the U.S. government?
Sure, iCloud’s convenient, but how safe is your data? No need to be alarmed: it’s actually about as well secured as it can possibly be, as long as you’re not an idiot.
Apple uses digital certificates and code signing in various ways to help keep Macs secure. One common example is that apps sold through the Mac App Store are digitally signed, which allows an individual Mac to know that it’s getting the genuine article when a user launches the App Store app. It also allows a Mac to ensure that an application hasn’t been tampered with by a malicious user or a piece of malware each time that app is launched (Mountain Lion’s Gatekeeper feature will be based on the same technology).
The same process is used with Apple’s Software Update servers. Each update from Apple is digitally signed using a certificate that let’s each Mac know that they’re getting genuine updates from Apple.
Digital certificates are designed to expire periodically and tomorrow, March 23, 2012, the certificate associated with Apple’s Software Update functionality will be expiring. Apple already has a new certificate ready that won’t expire for seven more years (2019). The transition to the certificate will be transparent for almost all Mac users, but it may create problems with some OS X Server installations.
One of the immediate associations that most people have when they think about the iPad in business is the iPad as a sales tool. Not surprising given its form factor and the ease with which it can display presentations, offer up a portfolio, and generate quotes on the fly.
Do those abilities really add up to increased sales over binders of information, colorful brochures, and canned presentations on DVD? For home security giant ADT, the answer is an emphatic yes.
One of the feature on the new iPad is its dictation capabilities, a feature also available on the iPhone 4S (which also boasts Apple’s Siri virtual assistant feature). There are quite a few ways that high quality dictation and other speech to text capabilities could useful to professionals in many fields.
The problem is that in order to get that high quality dictation functionality, the new iPad and the iPhone 4S rely on Apple’s servers to do much of the work in turning your speech into text. More importantly, it isn’t just snippets of voice recordings that get sent to Apple. Personal data from your iPad or iPhone 4S gets uploaded as well and much of it remains associated with you and your device. That’s a general concern for most of us, but for professionals in regulated industries like healthcare or fields that require confidentiality like finance and legal professions, it becomes a critical privacy concern and may even break the law.
When we think about security for our mobile devices, we’re usually protecting it from nefarious individuals. Well guess what? It apparently works both ways. In a story straight out of James Brown’s diary, the FBI is having a hard time busting a notorious San Diego pimp thanks to Android’s pattern lock feature.
Sources for Cult of Mac have discovered yet another security flaw in Apple’s iOS 5 operating system that provides unauthorized access to your iPhone’s camera roll without the need to enter your passcode. It has been tested on the iPhone 4, but could also affect other iOS devices.
Securing business data on employee-owned devices like the iPhone and iPad is one of the biggest challenges for IT departments when it comes to operating bring your own device (BYOD) programs. The mobile device management (MDM) approach taken by most companies is an excellent starting point because it aims to make devices themselves more secure. Unfortunately, it also tends to impose limits on what workers can do with an iPhone or iPad that they bought and paid for out of their own pockets.
Another approach to the challenge is to carve out a specific niche of secure storage on each employee-owned devices. Good Technology has always offered this mechanism for securing business emails and related technologies like shared contacts and calendars. This week, Good took that concept and made it available to iOS developers in a product called Good Dynamics.
Apple has informed Mac developers that the deadline for sandboxing apps has been extended to June 1st. The date was postponed last November and set to take place on March 1st. Apple has been working on technical specifications for third-party developers since.
For those that are unfamiliar, “sandboxing” is essentially confining an app’s system access to its specific functions or entitlements, thereby hindering the possibility of an app behaving maliciously on a system level. Developers now have more time to appropriately implement sandboxing into their apps for the Mac App Store.
The SmartGuard iPhone case might guard you, but it definitely isn’t smart. The iPhone 4/S compatible case will deliver a dose of pepper spray to U.C Davis students or violent attackers alike.
Apple’s iOS devices has suffered a number of passcode flaws in recent years, which have allowed anyone to circumvent their security and access features within the device. The company has always been fairly quick to address these issues, but they continue to crop up.
The latest allows anyone with knowledge of the exploit to access your contacts list, your recent calls, your voicemail, your text messages, and more.
Mountain Lion’s GateKeeper feature is designed to improve Mac security by harnessing the power of the Mac App Store and through a new developer program in which Apple will offer Developer IDs to members of its Mac Developer Program. Those IDs will let developers digitally sign their applications so that Mountain Lion Macs can verify an app’s authenticity and security before running it.
While this may seem like a new approach and an extension of the Mac App Store model, it’s actually based on technology that has been part of OS X since the release of Leopard.
One of the big headline features in Apple’s new Mountain Lion OS is Gatekeeper, designed to keep malware and other nasties away from your computer. So is this another step towards App Store-only software on Macs?
The short answer is yes, it is. But it doesn’t have to be. Gatekeeper gives you the choice: do you want to stick to App Store-only apps, or be able to install anything from anywhere?
A Scottish School is prepping its iPads for exam season. Cedars School of Excellence in Greenock, Inverclyde, was the first school in the world to deploy an iPad to every one of its pupils. Now it may become the first school to try to stop its pupils from iCheating in exams.
One of the challenges of BYOD programs is the need secure corporate data on an employee’s personal device. That usually includes locking down the device and applying varying management profiles to it. This can be as non-intrusive as requiring a passcode meeting certain criteria or it can be very restrictive and limit core features and services like iCloud or Siri on the iPhone 4S.
While there’s a technical challenge to securing employee-owned devices, there’s also a personal challenge. It’s not a small demand to ask for someone’s brand new iPhone or iPad and impose limits on what they can do with it, even if that means something as trivial as enforcing a passcode policy. It shouldn’t come as a huge surprise that employees sometimes object to that intrusion, particularly when it comes to more severe management requirements.
The question is: how does IT respond to this situation?
Last week, the web exploded with the news that social iOS app Path was uploading your entire address book to its servers, and then keeping it there. Worse, it was sending and storing them in plain text (although the connection was at least SSL-encrypted). Clearly, having Path notify you when your friends join the service is handy, but is there a way to do this without compromising your privacy? According to Edinburgh iOS supremo Matt Gemmell, there is.
There’s no doubt that iCloud offers some great value to Mac and iOS users. It even has some potential as a business tool. Unfortunately, like many other personal cloud services, iCloud presents some major securtiy concerns when it comes into the workplace – either on a user’s iOS device or on a business Mac or PC. Those concerns stem from the ability to sync business data to outside devices and computers as well as its capacity to archive some of that data on Apple’s iCloud servers.
Unlike most personal cloud products, which can be difficult to effectively disable in corporate or business settings, iCloud use can be restricted or blocked. That leaves IT departments with the question of whether or not iCloud access should be managed or disabled. It’s a tricky question, particularly in BYOD settings where the device belongs to a user and not the company. It’s made even trickier because the choices involved in managing iCloud are rather blunt in approach and don’t offer much in the way of fine tuning to specific needs.
As if Foxconn didn’t have enough to worry about with the protests today and labor conditions controversies of the past few weeks, it looks like their network servers suffered a huge security breach last night by a mischievous hacker group called SwaggSec that exposed the usernames and passwords of Foxconn’s clients and employees. What motivated the group to expose Foxconn’s vulnerabilities? Were they looking to make a statement on labor conditions?
Nah, they just wanted to screw with Foxconn for laughs.
Today BYOD and the consumerization of IT aren’t just buzzwords on the horizon, they’re fact of business life and have begun transforming the workplace for millions of professionals. Many solutions exist to deal with managing user-owned mobile devices and integrating them to varying degrees with corporate resources and shared data – something that the explosion of cloud products is helping to drive. Many enterprise cloud solutions (public and private) exist to meet these demands while ensuring data management and security.
Unfortauntely, cloud solutions aren’t limited to the workplace and consumer cloud products including Apple’s iCloud, Dropbox, Box.net, Google Docs and many others have become staple parts of our daily lives. That’s great news for all of as consumers. It gives us access to our files and data anywhere at anytime on almost any device. But consumer cloud technologies pose a big headache for IT professionals who are responsible with keeping business and workplace data both readily available and appropriately secured.
Social networking app Path hit the headlines yesterday after it turned out the company was taking users’ entire address books and uploading them to their servers.
It’s a big privacy violation, but Path’s hardly the only one doing this. In fact, computer engineering professor Mark Chang has just discovered that Hipster, the popular photo-filter postcards app, does the exact same thing as Path: sucks up your contacts and squirts them into their servers.
We told you yesterday that Path was secretly uploading your iPhone’s entire address book to its servers. Users of the inclusive social network voiced concern, and many decided to remove the app entirely until Path addresses the issue in an upcoming update.
It’s common practice for third-party apps to access and even store your contacts elsewhere. The problem with Path is that there was no indication that this activity was taking place. Path’s CEO stated that the app would make the activity opt-in when the next update is pushed out.
Thanks to a brand new jailbreak tweak, you’ll never have to worry about an app silently stealing your personal contacts data again.
In what can only be considered the very definition of irony, it has been discovered that Path 2 for iPhone secretly uploads and stores your entire address book to its servers. In case you didn’t know, Path is a hot iOS app that offers an exclusive, confined social network experience with a limited number of people. Unlike Facebook, Path only lets you accept 150 friends, indicating the intimate, safe environment that the app creators want users to feel at home in.
Developer Arun Thampi has uncovered that Path’s current iPhone app sends all of your contacts to its servers without notifying you. Oops.
Haliburton’s decision to choose iOS as its new mobile platform was made after “significant research” indicated that iOS “offered the best capabilities, controls and security for application development,” according to a leaked memo published by AppleInsider. These capabilities, collectively known as mobile device management (MDM) features offer a solid framework that can be used to apply a number of security policies like complex passcode requirements and that a device’s data be encrypted. MDM features also include the ability to IT departments to restrict access to iOS features (say installing apps or taking photos) and to monitor devices remotely. Of course, they also include the ability to remotely wipe a device if it’s lost or stolen.
One excellent facet of MDM in iOS 4 and iOS 5 is the ability to monitor a device. There are a wide range of states that management software, including the Profile Manager service in Lion Server, can collect about managed devices. This includes seeing what apps have been installed, ensuring OS updates are rolled out, and being able to tell if a device has been jailbroken.
While all this may sound a bit like big brother, if you’re a major energy company with operations in dozens of countries, security can be a major issue. Of course, I could say the same thing about a medical practice needing to maintain privacy compliance.
In what appears to be a watershed moment for Apple’s iOS, a leaked memo published at AppleInsider indicates the one of the world’s largest energy companies, Haliburton, will be transitioning to the iPhone as its exclusive smartphone of choice. That comes as a huge opportunity for Apple and iOS, and a huge blow to RIM.
According to the memo, the move will take place over the course of the next two years, but will be a complete transition from one platform to another with no plans to continues to support BlackBerry devices once the transition has been completed.
O2, once Apple’s exclusive cell phone company reseller of iPhones in the UK, has been caught exposing user phone numbers in the headers sent to websites its customers visit while using its 3G network.
