Texas Rangers issue warrant to decrypt iPhone SE following Southerland Springs shooting

Posted by:
Date: Monday, November 20th, 2017, 03:08
Category: iCloud, iPhone, Legal, News, security, Touch ID

Similar to the San Bernadino shooting of almost two years ago, Apple has officially been served with a search warrant for access to the iPhone SE used by the man responsible for the Sutherland Springs, Texas shooting. The move comes after an earlier fumble that saw the Texas Rangers and FBI fail to act within 48 hours to unlock the device in question with Touch ID…

The Texas Rangers served Apple with a warrant to access both David Kelley’s iPhone SE and iCloud account. The Rangers have also expressed interest in a second phone used by Kelley made by LG. Apple stated earlier this month that it contacted law enforcement officials roughly 48 hours after the shooting to see if it could be of any help. During that first 48 hours, when Touch ID would have still been enabled, law enforcement made no efforts to ask Apple for help or to use Touch ID to unlock the phone. Instead, it shipped the device off to a crime lab in Quantico, Virginia.

(more…)

Hacker group claims iPhone X Face ID feature can be fooled with mask technique

Posted by:
Date: Tuesday, November 14th, 2017, 03:16
Category: Face ID, Hack, Hardware, iPhone, News, security

It’s been noted that Apple’s the iPhone X’s Face ID feature can be fooled by an identical twin. Now it looks like a mask might do the trick as well.

On Friday, Vietnamese security firm Bkav released a blog post and video showing that—by all appearances—they’d cracked Face ID with a composite mask of 3-D-printed plastic, silicone, makeup, and simple paper cutouts, which in combination tricked an iPhone X into unlocking. That demonstration, which has yet to be confirmed publicly by other security researchers, could poke a hole in the expensive security of the iPhone X, particularly given that the researchers say their mask cost just $150 to make.

The hack stands as a proof-of-concept for the time being, so the average iPhone owner isn’t at grave risk.

Bkav, offered the following comments:

“Apple has done this not so well. Face ID can be fooled by mask, which means it is not an effective security measure.”

(more…)

Security researchers hack iOS 11.1 at Pwn2Own event

Posted by:
Date: Friday, November 3rd, 2017, 03:17
Category: Google, Hack, iOS, iPhone, News, Samsung, security

Trend Micro’s annual Pwn2Own has kicked off over at the PacSec Security conference in Tokyo, complete with security researchers spending the day attempting to hack into the iPhone 7, the Samsung Galaxy S8, the Google Pixel, and the Huawei Mate 9 Pro in an effort to win prizes totaling more than $500,000.

And, for better or worse, Apple’s iPhone 7, running the newly-released iOS 11.1, was successfully breached twice Tencent Keen Security Lab. The first hack targeted a Wi-Fi bug and won the team $110,000 and 11 Master of Pwn points, while the second hack targeted the Safari Browser and earned Tencent Keen Security Lab $45,000 and 12 Master of Pwn points.

The group used a total of four bugs to both gain code execution and escalate their user privileges to allow their rogue application to install via a reboot. In addition, the group snagged $60,000 for the WiFi exploit and added $50,000 for the persistence bonus, thereby totaling $110,000 and 11 Master of Pwn points.

(more…)

Apple releases security updates for KRACK, other exploits in macOS High Sierra 10.13.1 update, Security Update 2017-004

Posted by:
Date: Thursday, November 2nd, 2017, 03:10
Category: Hack, High Sierra, macOS, News, security, Sierra, Software

A few critical security updates also shipped out with Tuesday’s macOS High Sierra 10.13.1 update.

Apple also released Security Update 2017-004 and Security Update 2017-001 macOS Sierra, which address the KRACK security exploit.

KRACK is a vulnerability in the WPA2 encryption standard for Wi-Fi networks that lets attackers decrypt the data passing to and from a specific device. The vulnerability exists in most any device capable of using WPA2 on Wi-Fi networks and once it was publicly disclosed product manufacturers started scrambling to release patches.

(more…)

FBI director reveals that 6,900 devices have yet to be unlocked/decrypted

Posted by:
Date: Tuesday, October 24th, 2017, 05:18
Category: iOS, iPad, iPhone, News, security

If you were looking to live in an era of digital privacy, it may have just arrived.

According to a statement shared by FBI Director Christopher Wray at the International Association of Chiefs of Police on Sunday, the FBI has been unable to retrieve data from 6,900 mobile devices that it attempted to access over the course of the last 11 months.

“To put it mildly, this is a huge, huge problem,” Wray said. “It impacts investigations across the board — narcotics, human trafficking, counterterrorism, counterintelligence, gangs, organized crime, child exploitation.”

(more…)

Chinese telecom companies cut Apple Watch Series 3 access to LTE, cite government security concerns

Posted by:
Date: Friday, October 20th, 2017, 05:56
Category: Apple Watch, Hardware, Legal, News, security, Wearables

China has terminated LTE access for the Apple Watch Series 3 without explanation. Per the Wall Street Journal, all three major carriers in China have closed off LTE access, apparently over the government’s security concerns over the device.

The WSJ reports that LTE functionality was available on China Unicom at launch, but new subscriptions were terminated just a few days later. Existing users are so far unaffected, it says.

It’s thought that the government was concerned about the fact that it could not track the new Apple Watch Series 3’s user base given its use of an eSIM device.

(more…)

Apple confirms fix against “KRACK Attack” WPA-2 exploit in macOS, iOS, tvOS, and watchOS betas, has yet to comment on AirPort firmware

Posted by:
Date: Tuesday, October 17th, 2017, 05:08
Category: Android, iOS, macOS, News, security, Software, TvOS, watchOS

Following the recent “KRACK Attack” Wi-Fi WPA-2 exploit, Apple has cited that it has addressed the issue in its macOS, iOS, tvOS and watchOS betas, but has yet to officially state as to whether a patch is en route for its AirPort series of routers.

Sources within the company have stated that the patch to remove hardware susceptibility was included in a “previous” beta of the current range of operating systems, indicating a release before Monday’s batch.

(more…)

Developer outlines possible attack that could trick iOS users into giving their Apple ID credentials away

Posted by:
Date: Wednesday, October 11th, 2017, 05:33
Category: Developer, iOS, News, security, Software

This might be worth watching out for.

Per developer Felix Krause, a popup technique could be used to easily trick someone into handing over their Apple ID and password on their iOS device.

The developer noted that it is incredibly easy for an iOS app maker to recreate the Apple ID password prompt. From there, the app could send that popup and subsequently log the Apple ID and password. It takes less than 30 lines of code and could seemingly be dropped in any legitimate iOS app and sneak past App Store review teams.

(more…)

Security researchers point out Apple-granted API that could have allowed Uber to monitor iPhone users’ activities

Posted by:
Date: Monday, October 9th, 2017, 05:55
Category: Apple Watch, Developer, iOS, News, security, Software, Wearables

Last week, a controversial background API given from Apple to Uber designed to improve performance of the Uber app on the Apple Watch made headlines when security researchers told stated that Uber could have used it to record a user’s iPhone screen even with the Uber app just running in the background.

In a statement, Uber said the entitlement was used for an old version of the Apple Watch app and was provided to Uber because the original Apple Watch couldn’t render maps.

The company offered the following statement regarding the situation:

(more…)

Apple releases macOS High Sierra 10.13 Supplemental Update, works to address security concerns, bugs

Posted by:
Date: Friday, October 6th, 2017, 05:39
Category: High Sierra, macOS, News, security, Software

Every so often after a major operating system update, Apple releases a supplemental update to sort things out.

This is one of those times.

On Thursday, Apple released macOS High Sierra 10.13 Supplemental Update. The update, a 915 megabyte download through the App Store’s “Update” tab, fixes two important security flaws, one of which was just recently publicized. It also addresses three relatively minor bugs in macOS High Sierra.

Per Apple’s patch notes, the macOS High Sierra 10.13 Supplemental Update offers the following fixes:

Improves installer robustness
Fixes a cursor graphic bug when using Adobe InDesign
Resolves an issue where email messages couldn’t be deleted from Yahoo accounts in Mail
Security patch notes for macOS High Sierra 10.13 Supplemental Update
StorageKit

(more…)