Security

1,176 'Security' stories July 2011 - January 2020

See All Stories

Here’s what a $10 million lab dedicated to cracking iPhones looks like

Michael Potuck Jan 21 2020 - 12:56 pm PT

10 million dollar iPhone cracking lab

Kicking off 2020, security and privacy is a hot topic between the latest standoff between Apple and the FBI over the Pensacola incident as well as Apple reportedly abandoning its plan to bring end-to-end encryption to iCloud backups. With an in-depth report on what a robust iPhone cracking operation looks like from the inside, Fast Company shares some fascinating details and photos of NYC’s $10 million cyber lab.

Expand
Expanding
Close

Apple publishes new transparency report detailing govt data requests and App Store removals

Chance Miller Jan 18 2020 - 6:13 am PT

Huawei says Chinese retaliation against Apple would be wrong

Amid its ongoing encryption battle with the FBI, Apple has published its latest biannual transparency report. This report reveals how many requests were made for user data by governments around the world, and how many with which Apple could comply.

Expand
Expanding
Close

iPhone 11 Pro

Apple addresses location privacy issue with iPhone 11 chip in second iOS 13.3.1 beta

Michael Potuck Jan 17 2020 - 1:45 pm PT

After a little privacy snafu last month around the iPhone 11 and 11 Pro still tracking location data even when users had turned off location services, Apple has added a toggle specifically for the UWB chip in the latest iOS 13.3.1 beta.

Expand
Expanding
Close

Review: SecureDrive BT, the encrypted external SSD you can unlock with Face ID

Ben Lovejoy Jan 15 2020 - 7:30 am PT

SecureDrive BT encrypted external SSD

If you’re looking for a secure external drive that meets both US military and government security standards, there are a number of encrypted external SSD options around. I reviewed one approach a couple of years ago, the iStorage diskAshur 2, which has a built-in PIN pad for entering a seven- to 15-digit code to unlock the drive.

The SecureDrive BT is a similar idea, but instead of a PIN pad, you unlock it via Bluetooth. Specifically, when you plug the drive into your Mac, you can use Face ID on your iPhone to unlock it…

Expand
Expanding
Close

MacBook Pro

Mac
Security

Cellebrite expands to computers with $33M acquisition of BlackBag Technologies forensics firm

Chance Miller Jan 14 2020 - 10:13 am PT

The Israeli forensics firm Cellebrite has announced a $33 million acquisition that it says will help it expand its forensics capabilities beyond smartphones. The company has acquired BlackBag Technologies, which is a separate forensics firm with a focus on computer forensics.

Expand
Expanding
Close

Security

Alarming test shows US carriers fail to protect you against SIM-swap attacks

Ben Lovejoy Jan 13 2020 - 4:51 am PT

US carriers make SIM-swap attacks easy

An alarming test carried out by Princeton shows that the five largest US carriers fail to properly protect their customers against so-called SIM-swap attacks.

They were able to persuade the carriers to assign phone numbers to new SIMs without successfully answering any of the standard security questions. Once a phone number has been reassigned to a SIM in the possession of an attacker, they can reset passwords even on accounts protected by two-factor authentication (2FA)…

Expand
Expanding
Close

Update Firefox now

PSA: Update Firefox now, says Homeland Security, to block real-life attacks

Ben Lovejoy Jan 10 2020 - 5:36 am PT

If you’re using Mozilla’s browser on your Mac, you’ll want to Update Firefox now. It’s not just the developer urging you to do so: a vulnerability found in older versions is so critical that the Department of Homeland Security has issued an advisory too…

Expand
Expanding
Close

Wyze camera security breach

Wyze camera security breach: 2.4M users have personal data exposed

Ben Lovejoy Dec 30 2019 - 3:57 am PT

A Wyze camera security breach has seen a large amount of personal data leaked for more than 2.4 million users…

Expand
Expanding
Close

Apple removes popular chat app ToTok after reports that it’s a govt spy tool

Ben Lovejoy Dec 23 2019 - 3:59 am PT

Aldar Building where ToTok and UAE intelligence agency were both based

Apple has removed ToTok from the App Store after a classified intelligence assessment and a New York Times investigation said that the app was a spy tool used by the United Arab Emirates.

The chat app, which last week became one of the most downloaded social apps in the US, was revealed to be feeding highly sensitive personal data to the UAE government…

Expand
Expanding
Close

Email usernames and passwords can be extracted from locked iPhones on iOS 13.3

Ben Lovejoy Dec 20 2019 - 6:30 am PT

Elcomsoft can access some data from locked iPhones

Elcomsoft, a company which sells tools to law enforcement agencies to access locked iPhones, says that it is now able to extract some data from devices running any version of iOS from 12.0 to 13.3.

It relies on the checkm8 exploit of a vulnerability present in most A-series chips, which made possible the Checkra1n jailbreak.

Crucially, Elcomsoft says that the $1,495 tool works even when the iPhone is in its most secure state, known as BFU…

Expand
Expanding
Close

Facebook user names exposed

267 million Facebook user names and phone numbers exposed online

Ben Lovejoy Dec 20 2019 - 4:43 am PT

More than 267 million Facebook user names and phone numbers have been exposed in a database sitting on the web without any password protection…

Expand
Expanding
Close

Security

Apple’s bug bounty program now open to all; pays up to $1.5M

Ben Lovejoy Dec 20 2019 - 4:11 am PT

Apple's bug bounty program now open to all

As first promised back in August, Apple’s bug bounty program is now open to all.

It was previously an invitation-only initiative, which attracted criticism as it incentivized non-invitees to sell vulnerability details to companies and governments who would exploit them to gain unauthorized access to Apple devices…

Expand
Expanding
Close

2019 Apple Platform Security guide shows what it is doing to ‘push the boundaries’ of security and privacy

Michael Potuck Dec 19 2019 - 9:35 am PT

Apple security

Apple has released its 2019 Security guide that covers the company’s efforts across a variety of levels including hardware security and biometrics, encryption and data protection, as well as app, services, and network security.

Expand
Expanding
Close

Update WhatsApp

PSA: Update WhatsApp as a single message can wipe out your group chats

Ben Lovejoy Dec 17 2019 - 4:01 am PT

All users are advised to update WhatsApp, as older versions have a vulnerability that could see a single message wipe out your group chats…

Expand
Expanding
Close

Apple defends iPhone encryption against Senate Judiciary Committee threats

Ben Lovejoy Dec 12 2019 - 4:52 am PT

iPhone encryption under threat

Apple has defended its policy of using strong iPhone encryption such that not even the company can gain access to the personal data stored on devices.

The company struck to its privacy guns despite the Senate Judiciary Committee chairman issuing a threat against Apple and other tech giants…

Expand
Expanding
Close

Apple responds to iPhone 11 Pro location sharing controversy, iOS update will add new toggle

Michael Potuck Dec 5 2019 - 10:07 am PT

iPhone 11 Pro location controversy

This week we learned that the iPhone 11 Pro still tracks location data even when users have turned the features off. Apple gave a limited response saying that “We do not see any actual security implications,” and that it was working as intended. However, now Apple has followed up with more details about why the iPhone 11 Pro is doing this and that it will include a toggle in an iOS update to stop location tracking totally.

Expand
Expanding
Close

Intel chip security flaws remain, say security researchers, despite claims

Ben Lovejoy Nov 13 2019 - 4:33 am PT

Intel chip security flaws remain

Intel chip security flaws that affect all Macs, as well as Windows and Linux machines, still exist, say security researchers – despite the chipmaker’s claims to have fixed them. Similar flaws were found and patched in ARM processors, but there is no suggestion at this stage that further issues remain in these.

The ‘fundamental design flaw’ in Intel’s CPUs came to light last year, with the security vulnerabilities dubbed Spectre and Meltdown. They would allow an attacker to view data in kernel memory, which could span anything from cached documents to passwords …

Expand
Expanding
Close

Lightning security key iPhone iPad YubiKey 5Ci

iOS 13.3. beta 2 brings Safari support for NFC, USB, and Lightning FIDO2 security keys

Michael Potuck Nov 12 2019 - 12:07 pm PT

Apple released the second developer beta of iOS 13.3 today and one of the changes includes Safari support for NFC, USB, and Lightning FIDO2-compliant security keys.

Expand
Expanding
Close

iOS Facebook app ‘secretly using camera’ while scrolling feed; likely a bug

Ben Lovejoy Nov 12 2019 - 4:22 am PT

Facebook camera 'secretly activating'

Web designer Joshua Maddux has found the iOS Facebook app activating the iPhone camera while scrolling his feed. He found the same issue on five separate devices, with others able to replicate. The same issue does not appear to be present in the Android app.

Maddux posted a video (below) showing the behavior…

Expand
Expanding
Close

Apple working on fix for encrypted email bug caused by Siri, here are some workarounds

Michael Potuck Nov 8 2019 - 10:55 am PT

Siri and other IAs are female by default

A recently discovered vulnerability in the macOS Mail app caused by Siri that currently affects Catalina and the previous three releases means that users’ encrypted emails actually aren’t. While Apple is working on a fix for the bug, read on for more details about the issue and a couple of workarounds to solve the problem now.

Expand
Expanding
Close

iPhone and HomePod vulnerable to line of sight attacks using lasers

Michael Potuck Nov 4 2019 - 12:45 pm PT

Light commands iPhone HomePod vulnerability

A new laser-based hack discovered for devices with MEMS (micro-electro-mechanical systems) microphones makes iPhone, HomePod, Google Home, Amazon Echo, and more vulnerable to line of sight attacks from up to several hundred feet away.

Expand
Expanding
Close

WhatsApp hack sees Facebook sue; company pays Cambridge Analytica fine

Ben Lovejoy Oct 30 2019 - 6:20 am PT

WhatsApp hack sees Facebook sue

Facebook is suing an Israeli company for a WhatsApp hack which allowed various governments to spy on more than 1,000 users, reports Reuters. The attack was made possible by a security vulnerability in the app, later fixed.

WhatsApp sued Israeli surveillance firm NSO Group on Tuesday, accusing it of helping government spies break into the phones of roughly 1,400 users across four continents in a hacking spree whose targets included diplomats, political dissidents, journalists and senior government officials…

Expand
Expanding
Close

Adobe Creative Cloud accounts exposed

Security

PSA: Watch for phishing attempts as 7.5M Adobe Creative Cloud accounts exposed

Ben Lovejoy Oct 28 2019 - 7:34 am PT

If you receive an email purporting to be from Adobe, be careful even if it does contain information which only you and Adobe should know. Millions of Creative Cloud accounts had their details exposed for around a week…

Expand
Expanding
Close

17 malware iPhone apps removed from App Store after evading Apple’s review

Ben Lovejoy Oct 25 2019 - 4:16 am PT

17 malware iPhone apps found in App Store

Apple has confirmed that 17 malware iPhone apps were removed from the App Store after successfully hiding from the company’s app review process.

The apps were all from a single developer but covered a wide range of areas, including a restaurant finder, internet radio, BMI calculator, video compressor, and GPS speedometer …

Expand
Expanding
Close