Security Stories May 21

Facebook Messenger will now warn you about scams and impersonators

Facebook Messenger will now warn you about scams when you receive a suspicious message from someone you don’t know — or when someone appears to be attempting to impersonate one of your Facebook friends…

Security Stories May 20

Analysis of the source code for the UK contact tracing app has revealed no fewer than seven security flaws.

One of these is that the random code assigned to users is only changed once a day, making it much easier to de-anonymize individuals …

expand full story

Security Stories May 19

Some iPhones, iPads, and Macs are vulnerable to short-range attacks via Bluetooth which could fool them into thinking they are connected to a trusted device. That would then enable an attacker to both send and request data via Bluetooth.

The same security vulnerability is found in a wide range of chips from Intel, Qualcomm, and Samsung, meaning that a large number of non-Apple devices are also affected …

expand full story

Security Stories May 18

It looks like the most recent contention between the FBI and Apple over device encryption has come to an end as the agency has unlocked the two iPhones belonging to the Pensacola shooter with “no thanks to Apple.” Going further, AG William Barr has again called for the government to force Apple and others to create backdoors into their devices.

Update: We’ve got an official response from Apple on the matter that highlights all the ways it helped the FBI and that it’s precisely because it takes security and privacy so seriously that it doesn’t believe in creating a backdoor:

The terrorist attack on members of the US armed services at the Naval Air Station in Pensacola, Florida was a devastating and heinous act. Apple responded to the FBI’s first requests for information just hours after the attack on December 6, 2019 and continued to support law enforcement during their investigation. We provided every piece of information available to us, including iCloud backups, account information and transactional data for multiple accounts, and we lent continuous and ongoing technical and investigative support to FBI offices in Jacksonville, Pensacola and New York over the months since.

On this and many thousands of other cases, we continue to work around-the-clock with the FBI and other investigators who keep Americans safe and bring criminals to justice. As a proud American company, we consider supporting law enforcement’s important work our responsibility. The false claims made about our company are an excuse to weaken encryption and other security measures that protect millions of users and our national security.

It is because we take our responsibility to national security so seriously that we do not believe in the creation of a backdoor — one which will make every device vulnerable to bad actors who threaten our national security and the data security of our customers. There is no such thing as a backdoor just for the good guys, and the American people do not have to choose between weakening encryption and effective investigations.

Customers count on Apple to keep their information secure and one of the ways in which we do so is by using strong encryption across our devices and servers. We sell the same iPhone everywhere, we don’t store customers’ passcodes and we don’t have the capacity to unlock passcode-protected devices. In data centers, we deploy strong hardware and software security protections to keep information safe and to ensure there are no backdoors into our systems. All of these practices apply equally to our operations in every country in the world.

expand full story

Security Stories May 15

‘Mystery’ data breach dubbed db8151dd exposes records of 22M people

A massive data breach dubbed db8151dd has exposed the records of 22M people – including addresses, phone numbers, and social media links. But the source of the data is a mystery …

Security Stories May 14

Zerodium says it has too many iOS and Safari exploits, pauses submissions

Exploit acquisition platform Zerodium has shared that it has an oversupply of a few types of iOS and Safari flaws, to the point that it has stopped taking submissions from researchers for the “next 2 to 3 months.”

Powered by WordPress.com VIP