After scanning through the binary codes of applications in the iOS App Store, Will Strafach’s verify.ly service has detected that 76 popular apps in the store are currently vulnerable to data interception. The interception is possible regardless if App Store developers are using App Transport Security or not. A few months ago, similar vulnerabilities were discovered with Experian and myFICO Mobile’s iOS apps.
Security Stories February 6
Security Stories February 2
When Apple refused to compromise iOS security last year and unlock the iPhone 5c belonging to the San Bernardino shooter, the FBI turned to an Israeli mobile forensics firm called Cellebrite to find a way in to the encrypted iPhone. Now Motherboard reports that a hacker has released files allegedly from Cellebrite that demonstrate how cracking tools can’t be kept private.
Security Stories January 13
Update: Updated with a response from WhatsApp, below.
A security researcher has found a backdoor in the end-to-end encryption system used by the WhatsApp messaging service. The vulnerability would allow Facebook to read messages sent through the supposedly-secure system, as well as making it possible for the company to comply with court orders to make messages available to government bodies.
While end-to-end encryption would normally mean that not even the company operating the service can decrypt messages, only the intended recipient, the specific implementation used in WhatsApp includes a major security hole …
Security Stories December 21, 2016
Security Stories December 14, 2016
Yahoo today has announced its second large hack in a matter of 3 months. In a post on the company’s Tumblr account, Yahoo’s chief information security officer Bob Lord announced that, in 2013, data from more than 1 billion user accounts was accessed by an unauthorized third-party. This revelation comes after Yahoo confirmed in September that 500 million user accounts were affected by a separate data breach.