Apple now allows users to see whether a device has Activation Lock enabled from the web

Screen Shot 2014-10-01 at 9.40.52 PM

Apple has unveiled a new tool for users to help determine whether an iPhone, iPad, or iPod touch is configured to use Activation Lock. The page works much like the tools used by carriers such as AT&T to determine whether a potential trade-in device was protected with the feature. You enter the IMEI or serial number of the device, fill in a CAPTCHA, and press “Continue” to get your results (via iDownloadblog).

If the device is protected, you’ll find instructions for disabling the security measure before selling it. You’ll also find help for removing a used device from another user’s account, in the event that you were sold a phone and the original owner had not disabled it (of course, all of those options involve contacting the previous owner and having them do it, for security purposes).

Read more

Apple woes continue: Some reporting iCloud down across iOS, Mac, and web

icloud

Update: Apple says all is good.

It was less than an hour ago that we told you about a newly-discovered bug within iOS that could potentially delete your iWork files. But now, according to a variety of internet reports, Apple’s month of misadventure continues as iCloud is currently experiencing an outage of some kind. Most notably, it seems as if many are being prompted over and over to enter their iCloud credentials within iOS. Apple has acknowledged the outage on its system status page:

2014-09-29 18_42_48-Apple - Support - System Status Read more

Apple aware of iCloud brute-force vulnerability six months before ‘Celebgate’

celebgate

The software developer credited by Apple for discovering last year’s developer center flaw says that he informed Apple of an iCloud weakness that may have been used to obtain celebrity nudes more than six months before the photos were accessed.

The Daily Dot reports that Ibrahim Balic advised Apple in March of a Find My Phone weakness that would allow brute-force attacks on iCloud accounts. It has been suggested that this may have been one of the methods used to access the accounts – or even complete iPhone backups – of celebrities …  Read more

Can’t wait for Photos for OS X? Photos app likely coming to iCloud.com for desktop viewing

S0007_ChangeApp

With Photos for OS X not being released until early next year, it seemed like there would be no way to view your photos backed up in iCloud Photo Library away from an iOS device for Mac customers. However, screenshots and error messages from iCloud.com show that a Photos app is in development for the website, so that users could access their pictures in some fashion on a computer. This will likely act as a stopgap before the official native client is ready.

The above screenshot is captured from an Apple help page, clearly showing a Photos app in the menu, which is currently absent from the public site. The app features the same icon as the Photos app, but its unclear what exact functionality it will bring. Poking around a bit, we discovered something that means it is unlikely the screenshot is simply a Photoshop mistake.

Read more

Getting Ready for iOS 8: How to backup your device and set up the new iPhone & iPad OS

Screenshot 2014-09-17 10.28.01

With iOS 8 launching later today, it’s worth taking a look at how you should prepare your device for the new operating system. Before installing the update, it is recommended that you have a backup of your data. This how-to is going to walk you through backing up your iOS 7 device and transitioning it over to iOS 8:

Read more

Apple now sending email notifications when users sign in to iCloud.com

Screen Shot 2014-09-08 at 15.39.22

Apple is now sending emails to users when they log in to iCloud.com. This is part of Apple’s latest security upgrades to iCloud, which Tim Cook announced late last week. In the interview, Cook said Apple planned to launch the feature within two weeks, but obviously it has been deployed much sooner. The notification is supposed to act as a warning for users, to detect account infiltrations as early as possible. Supposedly, these emails will only be sent once, the first time an account logs in to a particular device, so it shouldn’t spam your inbox with login notifications.

Read more

One third of Americans have improved their online security since the iCloud hacks

image002

A YouGov survey of more than 1,000 American consumers commissioned by security company Tresorit found that just over a third of them have taken steps to beef-up their online security in response to the iCloud hacks.

The most common response was to change passwords for stronger ones, with 13 percent creating different passwords for each online service and 6 percent enabling two-step verification …  Read more

Apple’s digital stores face second outage this week across all platforms (update: resolved)

Screen Shot 2014-09-04 at 7.22.22 PM

Earlier this week, iOS users discovered that the App Store was experiencing some technical issues that caused every item for sale to become unavailable. Now, only two days later, the company’s status page indicates that the App Store on Mac and iOS, iBooks Store, and various iTunes services such as the music store and Radio, are all suffering from even more downtime.

According to the status page, the issues first cropped up around 4:30 PM and have persisted for about three hours so far. A notice on the page states that only “some users” are having difficulty accessing the store, but there’s no mention of exactly how many users could be impacted.

Read more

Opinion: After the celebrity hacks, the vulnerability that still exists and what needs to be done

main

There are still many unknowns surrounding the leaked celebrity nudes. While Apple appears to have ruled out a theory that a Find My iPhone vulnerability allowed easy brute-force password attacks, some commentators are suggesting that the wording was sufficiently vague that this may indeed have been one route in. (Apple might be arguing that it’s not a breach if the correct password was required.)

But one thing does now appear clear: rather than a single hacker gaining wide access to iCloud, the photos were instead amassed over time by a number of different individuals likely using several different approaches. Phishing was doubtless one of them – some of the claimed emails from Apple are reasonably convincing to a non-techy person – but another was almost certainly to exploit one of the greatest weaknesses found in just about every online service, including iCloud: security questions.

[Update: Tim Cook has confirmed these were the two methods used] 

Read more

Metadata analysis of leaked photos suggest complete iPhone backups obtained

eppb

A forensics consult and security researcher who analyzed metadata from leaked photos of Kate Upton said that the photos appear to have been obtained using software intended for use by law enforcement officials, reports Wired. The software, Elcomsoft Phone Password Breaker (EPPB), allows users to download a complete backup of all data on an iPhone once the iCloud ID and password have been obtained.

If a hacker can obtain a user’s iCloud username and password with iBrute, he or she can log in to the victim’s iCloud.com account to steal photos. But if attackers instead impersonate the user’s device with Elcomsoft’s tool, the desktop application allows them to download the entire iPhone or iPad backup as a single folder, says Jonathan Zdziarski, a forensics consult and security researcher. That gives the intruders access to far more data, he says, including videos, application data, contacts, and text messages …

Read more

Apple sets developer rules for HealthKit, HomeKit, TestFlight, and Extensions ahead of iOS 8 launch

Screenshot 2014-09-02 22.39.30

Today, Apple has updated its official App Store developers Review Guidelines to outline the requirements for iOS 8 applications that will make use of the new HealthKit, HomeKit, TestFlight, and Extensions services. Today’s update indicates that Apple is nearing the release of iOS 8, the next-generation mobile operating system for the iPhone, iPad, and iPod touch ahead of the September 9th Apple media event. Apple will provide developers with a golden master seed of iOS 8 on the day of the event, according to sources with knowledge of the plans. The review guidelines are a “living document” that list reasons that App Store apps could be rejected. Below are the full lists for HealthKit, HomeKit, TestFlight, and Extensions, but here are some of the more significant points:

  • “Apps using the HealthKit framework that store users’ health information in iCloud will be rejected.” This point should reduce fears of intruders being able to access a user’s health data, especially after the scandal surrounding the leak of celebrity photos potentially stored in iCloud.
  • “Apps that share user data acquired via the HealthKit API with third parties without user consent will be rejected.”
  • “Apps that provide diagnoses, treatment advice, or control hardware designed to diagnose or treat medical conditions that do not provide written regulatory approval upon request will be rejected.” This point is crucial in that these fine print allows Apple to work around the FDA’s regulatory guidelines for mobile health applications.
  • “Apps using the HealthKit framework must provide a privacy policy or they will be rejected.”
  • “Apps must not use data gathered from the HomeKit APIs for advertising or other use-based data mining.” Same deal with HealthKit, as we noted earlier this week.
  • There are also a number of third party keyboard guidelines that will be critical for developers to follow.

In addition to those four new sections, Apple has also updated the guidelines to say that “if your app is plain creepy, it may not be accepted.” You can read all of the new bullet points below:

Read more

Apple denies iCloud/Find my iPhone breach, says ‘very targeted attack’ hit certain celebrities

icloud

Apple has responded to this week’s hackings of celebrity iCloud accounts, which resulted in postings of private photographs. Here’s Apple’s statement in full:

CUPERTINO, Calif.–(BUSINESS WIRE)–We wanted to provide an update to our investigation into the theft of photos of certain celebrities. When we learned of the theft, we were outraged and immediately mobilized Apple’s engineers to discover the source. Our customers’ privacy and security are of utmost importance to us. After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud® or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.

To protect against this type of attack, we advise all users to always use a strong password and enable two-step verification. Both of these are addressed on our website at http://support.apple.com/kb/ht4232.

Apple says that it conducted an investigation for more than 40 hours, and denies that iCloud or Find my iPhone was actually breached. Apple is presenting this as a very targeted username, password, and security questions hack on “certain celebrity accounts.” Apple recommends that users utilize the 2-step verification service for Apple IDs/iCloud. The company also says it is continuing to work with law enforcement on finding the hackers involved.

Read more