Will Strafach Stories August 21

AAPL: 157.21

-0.29

Update #2: AccuWeather has released a joint statement with Reveal Mobile. From the statement:

Despite stories to the contrary from sources not connected to the actual information, if a user opts out of location tracking on AccuWeather, no GPS coordinates are collected or passed without further opt-in permission from the user.

Other data, such as Wi-Fi network information that is not user information, was for a short period available on the Reveal SDK, but was unused by AccuWeather. In fact, AccuWeather was unaware the data was available to it. Accordingly, at no point was the data used by AccuWeather for any purpose.

Update: Reveal Mobile has issued the following statement to 9to5Mac in response to Strafach’s audit:

We don’t attempt to reverse engineer a device’s location if someone opts out of location services, regardless of the data signal it comes from. In looking at our current SDK’s behavior, we see how that can be misconstrued. In response to that, we’re releasing a new version of our SDK today which will no longer send any data points which could be used to infer location when someone opts out of location sharing.

AccuWeather on iOS may be violating Apple’s developer agreement as well as user trust, a new security audit reveals. Will Strafach, a security researcher, discovered that the iOS weather app is potentially sending out the identifiable user and device information to a third-party company even when location data sharing is denied.

expand full story

Will Strafach Stories March 8, 2016

AAPL: 101.03

-0.84

Users of third-party Snapchat apps may want to delete them and change their passwords on the social media platform as soon as possible. New discoveries revealed today point to the fact that multiple third-party Snapchat apps are sending copies of user credentials over non-secure connections to their own servers. expand full story

Will Strafach Stories January 17, 2016

AAPL: 97.13

-2.39

For nearly half a decade, teams of hackers and programmers have worked tirelessly to crack Apple’s iOS software code in order to inject new features, themes, and applications. Now, a team led by noted former jailbreak developers Will Strafach, otherwise known as “Chronic”, and Joshua Hill, known as P0sixninja, is working to secure Apple’s mobile platform. The duo, along with a list of unnamed former jailbreak developers, has been working on a new comprehensive platform to secure iOS devices for both enterprises and consumers. Strafach provided us with a preview of the platform known as “Apollo,” the first security product from his new company Sudo Security Group.

expand full story

Will Strafach Stories April 2, 2012

Late last month, we reported Swedish security firm Micro Systemation claimed its “XRY” application was capable of cracking an iOS device’s passcode, logging keystrokes, and accessing data like GPS, call logs, contacts, and messages. The video showing the app in action is now removed, but the firm’s claims are coming under scrutiny by at least one fellow hacker. Will Strafach, better known in the jailbreaking community as “@chronic,” just posted his summary of what is really happening with the software to clarify the issue.

While explaining XRY does not use exploits similar to jailbreak programs, as claimed by many covering the story, Strafach clarified the tool is “simply loading a custom ramdisk by utilizing the publicly available ‘limera1n’ exploit by George Hotz. The ramdisk is not even very special, because anyone could put together their own using open source tools.” He continued by explaining the “two-minute” claim of Micro Systemation is only true if a passcode is “0000.” The time increases when a more complex passcode is set.

Chronic also noted XRY cannot be used on iPhone 4S, iPad 2, and third-gen iPads, something most publications are not reporting. Here is his explanation:

 

expand full story

Powered by WordPress.com VIP