ios

Smashing Security #132: CBP cyber attack, an iPhone privacy boost, and Twitter list abuse

United States Customs and Border Protection had sensitive data stolen, but the hackers didn’t have to breach its network. Apple has ambitious plans to make iPhone users safer online. And trolls are using Twitter lists to target their victims.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.


1 min read

bitdefender.com

Popular family tracking app exposed real-time location data onto the internet – no password required

More than 238,000 individuals users have had their family’s real-time location exposed for weeks on end after an app developer left sensitive data exposed on the internet, without a password.

Read more in my article on the Hot for Security blog.


0 sec read

The man suing Apple over two-factor authentication has ‘previous’

Many have been baffled by Jay Brodsky’s legal action against Apple, including his claim that it takes between two and five minutes for him to pass the 2FA security check.

But things began to fall a little more into place when you discover it’s not the first time he has sued Apple.


1 min read

Apple sued because two-factor authentication… oh, I give up

An American man is bringing a class action against Apple, complaining that two-factor authentication (2FA) on an iPhone or Mac takes too much time.


34 sec read

bitdefender.com

Update your iOS devices now against the FaceTime eavesdropping bug

Apple has finally issued an update to iOS, iOS 12.1.4, which fixes the high profile problem which allowed FaceTime callers to listen and even see you *before* you answered an incoming call.

Read more in my article on the Hot for Security blog.


0 sec read

Smashing Security #113: FaceTime, Facebook, faceplant

FaceTime bug allows callers to see and hear you *before* you answer the phone, Facebook’s Nick Clegg tries to convince us the social network is changing its ways, and IoT hacking is big in Japan.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by John Hawes from AMTSO.


1 min read

Exposed! Facebook pays teenagers to install app that harvests personal data

Since 2016 Facebook has been paying users aged 13-35 up to $20 per month to install an app which has almost unlimited limitless access to their smartphones and most sensitive data.


1 min read

Apple races to fix FaceTime bug that lets you spy on someone *before* they pick up your call

Don’t panic, but a bug has been found in FaceTime that could allow someone to spy on your conversation – and even see through your iPhone’s front-facing camera – before you answer an incoming call.


1 min read

Earn $2,000,000 by remotely jailbreaking an iPhone

Will anyone come up with a zero-day remote exploitation of iOS 12.x without user interaction?

The sad truth is that we may never know for sure… but intelligence agencies might.


2 min read

tripwire.com

Unlocking Android phones with a 3D-printed head

Forbes journalist Thomas Brewster wanted to find out just how well a variety of Android phones and a top-of-the-range Apple iPhone would fare against a determined attempt to break facial recognition. And he did that by having a 3D-model printed of his head.

Read more in my article on the Tripwire State of Security blog.


0 sec read

Smashing Security #107: Sextorting the US army, and a Touch ID scam

Fitness apps exploit TouchID through a sneaky user interface trick, tech giants claim to have a plan to banish passwords, and you won’t believe who was behind a sextortion scam that targeted over 400 members of the US military.

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by ferret-loving ethical hacker Zoë Rose.


1 min read

Fitness-tracking apps caught misusing Touch ID to steal money from iPhone users

Two iOS fitness apps have been found exploiting a sneaky user interface trick to fool users into making unwanted in-app purchases with Touch ID.


1 min read

bitdefender.com

Yes, you should update your iPhone to iOS 12.1, but its lock screen is *still* unsafe

The latest iOS passcode bypass bug appears to have been introduced by Apple’s new Group Facetime feature.

Read more in my article on the Hot for Security blog.


0 sec read

000000 is Kanye West’s iPhone passcode

You can bet mischievous hackers are right now trying to crack into Kanye West’s online accounts with equally diabolical passwords.


1 min read

bitdefender.com

Even with the latest iOS 12 update, your iPhone’s lockscreen is unsafe

Once again, a way of bypassing the iPhone’s passcode lock to expose users’ photos and contacts has been discovered.

Read more in my article on the Hot for Security blog.


0 sec read

bitdefender.com

How to crash and restart an iPhone with a CSS-based web attack

A security researcher has revealed a method of crashing and restarting iPhones and iPads, with just a few lines of code that could be added to any webpage.

Read more in my article on the Hot for Security blog.


0 sec read