A Bluetooth LE security flaw could let malicious actors discover people’s iPhone numbers using Apple’s file-sharing AirDrop feature.
An attacker would need to create a phone number database for a specific region. Using a special script, they then could collect information on users who tried to AirDrop a file.
Apple shares recordings made by Siri with third-party contractors, according to a recent report. The goal is to improve Siri’s responses, but the fact is, you probably didn’t know that this was happening — and almost certainly want it to stop.
Today, I will show you how to prevent these diagnostic recordings from going to Apple. The good news? You can do it using only Apple’s tools. The bad news is that you’ll have to get your hands dirty in the process.
Lockdown Apps is a new firewall app for iOS. Like Guardian Firewall, which we covered last month, Lockdown uses iOS’ VPN framework to intercept all incoming and outgoing network traffic, and allows you to block connections to any address.
Unlike Guardian Firewall, Lockdown operates entirely on your device. It is also open source.
DuckDuckGo is a private search engine. Unlike Google, it doesn’t track your internet use, save your searches, or track your location. DuckDuckGo’s reason for existing is to protect your privacy on the internet, but it’s also a great search engine. And when it doesn’t find the results you want, it’s easy to run that search in Google.
Today we’ll see how to switch all your searches to DuckDuckGo, and how to add a one-tap Google backup search.
The good news is that you don’t have to do anything weird or difficult to switch to DuckDuckGo. Both iOS and macOS offer it as a default option in their settings. On the Mac, this setting is in Safari. On the iPhone and iPad, you’ll find it under Safari in the Settings app.
These silent updates are security patches that Apple can apply to your Mac automatically, without asking you first. They’re relatively rare, and are a great way for Apple to patch security holes almost instantly. They prove especially helpful for the kind of user that never, ever bothers to run software updates.
But what if you are a Mac nerd? Maybe you want to have a say over this kind of thing. Or perhaps you run IT for a company, and don’t want anything being installed on the business Macs without you checking it first. Can you switch off Apple’s silent updates? Yes, you can. Here’s how.
Security researches have discovered new malware that targets macOS users and evades popular antivirus tools.
“CrescentCore” is distributed as a DMG package that’s disguised as Adobe Flash Player. It can now be found on multiple websites — one of which is “a high-ranking Google search result,” according to Intego.
Apple security chief Ivan Krstic will be returning to the Black Hat security conference this summer to discuss iOS 13 and macOS Catalina — as well as the security protections in Apple’s new Find My service.
The 50-minute talk, titled “Behind the scene of iOS and Mac Security,” will take place on August 8. Krstic describes it as the “first public discussion of several key technologies new to iOS 13 and the Mac.”
You can now ask the Google app on iOS to automatically wipe your location and activity history.
The new feature, which was showcased during Google I/O in late May, takes the hassle out of covering your tracks. You only have to set it up once and it will take care of itself going forward. Here’s how to get started.
Apple discontinued the AirPort line of wireless routers last year but continues to support them, including efforts to keep out hackers. The US government’s Cybersecurity and Infrastructure Security Agency (CISA) released a statement urging users of networking equipment to install a new firmware patch to block attacks.
USB is dirty. Just like you’d never stick your body parts into a mysterious public hole, neither should you plug your iPhone into a public charging station. iOS is pretty good at rejecting unknown connections from USB, but why take the risk?
There are a few ways to make public iPhone charging safe. One is to plug into a power outlet using your own plug and cable. But what about on a plane or train, or other public spot where only USB outlets are available? Or a friend’s computer, one that might be riddled with malware? Then you need a custom USB cable, one that only passes power, and not data. The good news is that, if you have an old Lightning USB cable laying around, you can easily fashion your own, just by yanking out two pins from inside the USB plug.
UPDATE: See the statement received from Google at the bottom of this story.
You might want to think twice about buying used Nest security cameras.
A new report reveals that secondhand models can allow previous owners to spy on new users — even if they correctly follow Nest’s instructions on resetting the device. There’s currently no fix for the security flaw.
Guardian Firewall claims to be the first proper firewall app for iOS. It works by routing all the network connections from your iPhone or iPad through a VPN, and then filtering out privacy-invading trackers on Guardian’s own servers.
The idea is that all the heavy lifting is done on those servers, so you don’t have to worry about battery drain, or on the iOS security features that prevent an app from futzing with your internet connection.
Sounds good, but should you trust Guardian Firewall?
Background refresh is what lets your iPhone and iPad download your email while your iPhone is sleeping, to update your weather app while you are sleeping, and to grab all kinds of data so that it’s ready before you need it — news feeds, notes-app syncing, and pretty much anything else.
However, as revealed this week by the Washington Post, plenty of bad apps are abusing the background refresh mechanism. They are using it to send your private data — you location, your email address, your phone number, and much much more.
It’s likely that this is happening to you, because background refresh is enabled by default for newly-installed apps. Fortunately, it’s an easy problem to fix. Today we’ll see how.
Over 25% of phones can be cracked just by using one of the top 20 most used four digit PINs.
Cyber security expert Tarah Wheeler shared a list of the most popular PINs based on the findings of the folks at the SANS Institute, which is one of the largest cyber security organizations in the world. Some of the passcodes on the list aren’t surprising but there are a couple combinations that we didn’t expect to see.
Your Amazon Echo speaker can now keep an eye on your home while you’re away.
A new feature called Alexa Guard lets your speaker listen for signs of danger while you’re out. If your speaker has a built-in camera, it will also provide a direct video feed into your home.
Way back in iOS 9 days, Apple added “content blocking” to the iPhone and iPad. More commonly known as “ad-blockers,” this tech lets you use third-party apps to block ads, malware, trackers, comments, and more, in Mobile Safari. Apple itself doesn’t do any more than make blocking possible. To actual decide what to block, you need a third-party app.
Enabling ad-blocking is easy, once you know how, and you can set-and-forget it once done. Or you can keep on top of things, adding custom rules, and white-listing trusted websites. Here’s how.
Apple has responded to a New York Times report, claiming that it has removed various parental control apps from the App Store. Apple allegedly removed apps which offered similar features to its own Screen Time tool.
In response, Apple confirms that it did remove “several” such apps — but says that this was done due to privacy and security risks.
Apple has confirmed that all macOS apps will need to be notarized to be accepted by Gatekeeper after its Mojave 10.14.5 update.
The requirement applies to new and updated apps and all software from developers who are new to distributing with Developer ID. In a future version of macOS, notarization will be required by default.
Around 20 members of the Lighthouse team are now working at Apple, according to a new report.
The hires, which include two company co-founders, come after Apple acquired a bunch of Lighthouse’s home security patents earlier this month. An email sent to customers this week requested permission to transfer security camera data with Apple.
It’s time to change your Facebook and Instagram passwords again.
Facebook revealed today that it unknowingly stored hundreds of millions of passwords in a readable format on its internal storage systems. There’s no information yet that the passwords were accessed by any nefarious people, but you should probably update yours, just in case.
Apple is one of a larger number of big companies that has been inadvertently leaking sensitive data through Box, the cloud storage service.
Security researchers found that staff were exposing data by sharing public links to files and documents that can be easily discovered. It’s thought more than 90 companies, including Box itself, are affected.
Google’s Project Zero team has discovered a “high severity” flaw in the macOS kernel.
The issue, which potentially allows attackers to perform malicious actions on a mounted filesystem, was reported to Apple more than 90 days ago. No fix has been made available yet, but Apple has acknowledged the issue and is working with Project Zero on a patch.
A security researcher has decided to provide Apple with details — and a patch — for a serious Keychain flaw in macOS Mojave that allows anyone to access your saved usernames and passwords.
Linus Henze previously withheld the information in protest of Apple’s decision not to offer a macOS bug bounty program. He now believes the problem is too serious for the company to ignore.