Apple & IBM announce first batch of MobileFirst iOS apps for enterprise

apple-ibm

Following an announcement earlier this year that Apple was teaming up with IBM to deliver a number of enterprise solutions, today Apple has officially announced the first wave of iOS apps being released through the partnership. As part of IBM’s “MobileFirst for iOS,” Apple and IBM today announced 10 new apps designed specifically for businesses including banking, retail, insurance, financial services, telecommunications and for governments and airlines.

“This is a big step for iPhone and iPad in the enterprise, and we can’t wait to see the exciting new ways organizations will put iOS devices to work,” said Philip Schiller, Apple’s senior vice president of Worldwide Marketing. “The business world has gone mobile, and Apple and IBM are bringing together the world’s best technology with the smartest data and analytics to help businesses redefine how work gets done.”

The apps launching today through the partnership include Plan Flight and Passenger+ for the travel industry, Advise & Grow and Trusted Advice for the banking and financial industries, Retention (insurance), Case Advice and Incident Aware for government, Sales Assist and Pick & Pack for retail, and Expert Tech for telecommunications industries. Apple notes that the apps offer customizable experiences and are “managed and upgraded via cloud services from IBM specifically for iOS devices.”

In addition to the new apps, which Apple described in more detail in its press release below, Apple noted other services that will go hand-in-hand with the apps. Those include integration with IBM’s Mobile Platform and Enterprise solutions as well as AppleCare for the Enterprise, Apple’s new business specific tech support service introduced as part of the IBM deal.

Apple’s full press release is below:

Read more

Dashlane password manager can now automatically change your password on 50 top US websites

dashlane

Password managers are a great way to have strong, unique passwords for each website you access – but vital as it is these days, there’s no denying that it’s a chore to change them. Dashlane, a Mac and Windows password manager app, aims to take away the pain by doing it for you automatically across 50 top US websites like Apple, Amazon, Dropbox, Facebook, PayPal, WordPress and Twitter.

Importantly, the app can even cope with sites that employ two-factor authentication to login or change a password, prompting you for the code when required …  Read more

Apple pushes Flash Player update to address security issues

Screen Shot 2014-11-20 at 8.32.58 PM

Apple has issued a new update for Adobe’s Flash Player browser plugin. The update fixes “a recently-identified Adobe Flash Player web plug-in vulnerability,” according to Apple’s website. Users will be automatically prompted to install the update when visiting a page that uses Flash Player.

The prompt in Safari will take users to the Flash Player download page on Adobe’s website. Users who haven’t yet seen the prompt can also go there to download the update now.

Department of Justice: iPhone encryption will lead to the death of a child

SMS Relay Text Message Forwarding iOS 8.1

Apple and the government have long been engaged in a bitter war of words over encryption and security practices employed in Apple’s iOS devices, but a new Wall Street Journal report indicates that the Department of Justice is really starting to take the rhetoric to the next level.

According to the Journal, a DOJ official actually told Apple executives during a meeting last month that in the future the Cupertino company could eventually be directly responsible for the death of a child. Read more

Major iOS security flaw ‘Masque Attack’ reportedly uncovered, found to ‘pose much bigger threat’ than WireLurker

Masque Attack

Last week, it was reported that Mac and iOS users in China were the target of new malware called WireLurker that resulted in Apple confirming the security issue and blocking the affected malware apps. Just days later, mobile security research firm FireEye reports it has uncovered a major iOS security flaw that it claims poses a much bigger threat to Apple users than WireLurker. Read more

Passcode vs. Touch ID: A Legal Analysis

US_Immigration_and_Customs_Enforcement_arrest

[Ed. note: Jason Stern is a Criminal Defense Attorney in private practice in New York City]

8:34 am. A college professor receives a text message threatening to blow up the history building. The professor immediately contacts law enforcement, who trace the origin of the call to a student who lives off-campus.

When FBI agents arrive at the student’s residence, they arrest the student and seize his smartphone. In an attempt to search the device to recover evidence of the crime (and perhaps stop other related crimes), they find the smartphone is protected by fingerprint security measures.

With the suspect in handcuffs, the agent swipes the student’s finger across the phone to access his call history and messages. Once the FBI swipes the suspect’s finger and bypasses the biometric security, the phone asks for the student’s passcode. The FBI agent asks for his password but the student refuses to speak. How can the FBI agent access the phone? Whereas a fictional Federal Agent like Jack Bauer would simply pull out his gun, jam it in the suspect’s mouth and scream, “WHERE IS THE BOMB?”, in our example, the FBI agent would hit the proverbial brick wall.

Yes, the phone could be brought back to the lab for analysis and hacking by forensics personnel, but the suspect in this case could not be forced to disclose the password on the phone… Read more

MCX’s CurrentC, the infamous Apple Pay competitor, says its already been hacked

Screenshot 2014-10-29 11.47.09

CurrentC, the much discussed infamous competitor to the Apple Pay mobile payments platform, has some more bad press coming its way. According to an email sent out this morning to its pilot program customers, the MCX service has already been hacked. According to the notice, “unauthorized third parties” obtained email address information for an unannounced number of users:

Thank you for your interest in CurrentC. You are receiving this message because you are either a participant in our pilot program or requested information about CurrentC. Within the last 36 hours, we learned that unauthorized third parties obtained the e-mail addresses of some of you. Based on investigations conducted by MCX security personnel, only these e-mail addresses were involved and no other information.

In an abundance of caution, we wanted to make you aware of this incident and urge you not to open links or attachments from unknown third parties. Also know that neither CurrentC nor Merchant Customer Exchange (MCX) will ever send you emails asking for your financial account, social security number or other personally identifiable information. So if you are ever asked for this information in an email, you can be confident it is not from us and you should not respond.

MCX is continuing to investigate this situation and will provide updates as necessary. We take the security of your information extremely seriously, apologize for any inconvenience and thank you for your support of CurrentC.

For those not following the MCX vs. Apple Pay saga, MCX powers a payments platform utilized by key retailers such as WalMart, CVS, and RiteAid. After initially supporting NFC-based payments via Apple Pay and Google Wallet, those aforementioned retailers shut down their industry standard NFC-based payment processing systems in favor of the CurrentC app from MCX.

MCX has since responded to this controversy on its website, and Apple CEO Tim Cook referred to the entire situation as a “skirmish.” Meanwhile, reports have indicated that retailers are playing along with MCX in order to avoid fines discussed in early contractual agreements. Nonetheless, Apple Pay has already amassed over a million activations, becoming the most ubiquitous mobile payments platform in just about a week.

MCX has confirmed that the email to customers is legitimate and said the following:

Read more

Apple responds to iCloud network attacks with guide on verifying browser security

Screen Shot 2014-10-21 at 18.59.33

Following the recent attack by Chinese institutions on iCloud.com to attempt to steal account information, Apple has posted a new how-to article about verifying the page you visit when you type iCloud.com into your web browser is the genuine Apple site.

The page doesn’t offer a fix per se, but walks through how to check the certificates of the page in Safari, Chrome and Firefox.

Read more

Chinese government apparently phishing iCloud account info with man-in-the-middle attack (Update: Apple confirms)

B0UTDYfCYAAHPRK

 

Update: Apple is aware of the attack, via CNBC. As expected, Apple’s own servers were not compromised.

Although unconfirmed, GreatFire is reporting that Apple is now the subject of Chinese government hacking attempts. According to the report, the government is using the institutional firewall to redirect traffic directed at iCloud.com to a fake page that resembles the iCloud.com interface almost perfectly.

Like other phishing attacks, this page is pretending to be Apple’s portal but instead intercepts entered usernames and passwords for other means. Although some browsers in China are set up to warn users about these kind of man-in-the-middle attacks, many don’t and (assumedly) many citizens disregard the warnings as the site appears quite genuine otherwise.

Read more

More details on how iOS 8’s MAC address randomization feature works (and when it doesn’t)

Screen Shot 2014-09-26 at 5.57.54 PM

A few days ago Apple published a new privacy page on its website that detailed the various measures it has put in place to protect Mac and iOS users’ personal data. One of those features, which is new in iOS 8, is the automatic randomization of MAC addresses when the device is searching for a Wi-Fi network. This makes it much more difficult to track a device by seeing which Wi-Fi networks have spotted its unique identifier.

A new two-part study by AirTight Networks into how well this security feature works has turned up some interesting results, including several conditions that will stop the phone from randomizing a MAC address. Part one of the study breaks down what exactly needs to happen in order to start this function…

Read more

Apple aware of iCloud brute-force vulnerability six months before ‘Celebgate’

celebgate

The software developer credited by Apple for discovering last year’s developer center flaw says that he informed Apple of an iCloud weakness that may have been used to obtain celebrity nudes more than six months before the photos were accessed.

The Daily Dot reports that Ibrahim Balic advised Apple in March of a Find My Phone weakness that would allow brute-force attacks on iCloud accounts. It has been suggested that this may have been one of the methods used to access the accounts – or even complete iPhone backups – of celebrities …  Read more

App developer warns not to enter personal info using in-app browsers due to security issue

App developer Craig Hockenberry has published an article today titled “in-app browsers considered harmful” warning both devs and users of security issues related to apps that take advantage of the feature. “Would it surprise you to know that every one of those apps could eavesdrop on your typing? Even when it’s in a secure login screen with a password field?” Read more