Pokemon Go updated, adds experimental new Tracker feature among changes

Posted by:
Date: Tuesday, August 9th, 2016, 07:18
Category: iOS, News, privacy, security, Software

Pokemon-GO-Icon

The good news is that Pokemon Go just received a hefty update and is now up to version 1.3.0.

The bad news is that this game seems to be tracking its players in impressive new ways.

A series of leaked screenshots from the new experimental “Tracker” program seems to be showing Pokemon Go players near specific PokeStops.

(more…)

Apple to launch Bug Bounty program, will pay up to $200,000 to hackers, cryptographers and researchers depending on bugs found

Posted by:
Date: Friday, August 5th, 2016, 07:27
Category: Developer, Hacks, iOS, macOS, News, security, Software, TvOS, Watch OS

apple-bug-bounty-program

Ok, this is pretty neat.

Yesterday at the Black Hat conference, an annual event designed for the global InfoSec community, Apple’s head of security engineering Ivan Krstic announced the launch of a bug bounty program that will see Apple paying money to individuals who discover major bugs and security flaws in the company’s software.

Many major technology companies like Google and Microsoft offer bug bounty programs to encourage people to discover and report major vulnerabilities, but until now, Apple has declined to provide a similar program.

The new program is part of an effort to open Apple’s software up to hackers, researchers and cryptographers who want to improve upon it and Apple will be offering up to $200,000 to researchers depending on the bug discovered. Secure boot firmware components will earn $200,000 at the high end, while smaller vulnerabilities, like access from a sandboxed process to user data outside of the sandbox, will earn $25,000.

(more…)

iOS researcher finds WhatsApp leaves traces of conversations behind

Posted by:
Date: Friday, July 29th, 2016, 16:05
Category: iOS, News, privacy, security, Software

whatsappicon

Well, at least the world of tech security isn’t boring.

Upon examining disk images taken from the most recent version of the app, iOS researcher Jonathan Zdiarski discovered that the software retains and stores a forensic trace of the chat logs even after the chats have been deleted, creating a potential treasure trove of information for anyone with physical access to the device. The same data could also be recoverable through any remote backup systems in place.

In most cases, the data is marked as deleted by the app itself — but because it has not been overwritten, it is still recoverable through forensic tools. Zdziarski attributed the problem to the SQLite library used in coding the app, which does not overwrite by default.

(more…)

Edward Snowden announces forthcoming prototype of device to prevent iPhone radio transmission

Posted by:
Date: Friday, July 22nd, 2016, 12:36
Category: Hack, Hardware, iPhone, News, security

snowdenprototype

Edward Snowden may be in exile from the U.S., but that doesn’t seem to be slowing him down.

Snowden, who once met with reporters in a Hong Kong hotel room to spill the NSA’s secrets and famously asked them put their phones in the fridge to block any radio signals that might be used to silently activate the devices’ microphones or cameras, has released plans to announce a prototype for a device that could stop this kind of surveillance.

On Thursday at the MIT Media Lab, Snowden and well-known hardware hacker Andrew “Bunnie” Huang plan to present designs for a case-like device that wires into your iPhone’s guts to monitor the electrical signals sent to its internal antennas and they say it could offer a constant check on whether your phone’s radios are transmitting. They say it’s an infinitely more trustworthy method of knowing your phone’s radios are off than “airplane mode,” which people have shown can be hacked and spoofed.

In short, this could stop the transmission and thus better protect the user’s privacy.

(more…)

Apple releases iOS 9.3.3, watchOS 2.2.2 and tvOS 9.2.1 updates

Posted by:
Date: Tuesday, July 19th, 2016, 12:51
Category: iOS, iPhone, News, security, Software, TvOS, Watch OS

applelogo1

In addition to Apple’s OS X 10.11.6 El Capitan update on Monday, Apple also released updates for iOS, watchOS and tvOS.

While Apple users are looking forward to the next major operating system updates, Apple is still working on the currently released products. On Monday, the company released OS updates for iOS, OS X, watchOS, and tvOS.

The iOS 9.3.3 update includes “bug fixes and improves the security” of your iOS device. The company’s online document details updates for Calendar, CoreGraphics, FaceTime, Safari, and more.

(more…)

Pokemon Go 1.0.1 update released, offers game fixes, limits Google account access scope

Posted by:
Date: Tuesday, July 12th, 2016, 12:48
Category: iOS, News, security, Software

pokemongo

In the wake of some controversy, Pokemon Go has just received an update for its iOS version that should hopefully calm the waters. The update works to fix the issues that have surfaced after it was revealed that the game holds full access to Google accounts and fixes the scope of this access. Users should also no longer have to re-enter their credentials after they’ve been forcefully logged out, and the some issues with crashes should be resolved as well.

The fixes come in the wake of the game having literally full access to a Google account upon login. Per the dialog, the application could “…see and modify nearly all information in your Google Account”. Today’s update remedies the situation when logging into the application with a Google account. Users are now presented with a view that clearly defines what enabling the account access does. The access requests the ability to know who the user is through their Google account, to view the email address, and nothing else. This should help alleviate some of the security concerns brought up in the past few days.

(more…)

Pokemon Go developer Niantic under fire for “full access” to Google accounts, states fixes coming soon

Posted by:
Date: Tuesday, July 12th, 2016, 08:05
Category: iOS, iPhone, News, security, Software

pokemongo

If you’re looking to install Pokémon Go on your iOS device, you might want to wait a few days.

Amid revelations that the popular Pokémon Go game for iPhone offers universal access to Google accounts, Google and Niantic have said that user emails and other sensitive data are not being harvested, and that a pair of fixes are incoming.

Early Monday, analytics firm architect Adam Reeve claimed that installing Pokémon Go and using a Google account to play the game granted full access to linked accounts on both Android and iOS, without informing the user. The apps, per the Google Play description, “can see and modify nearly all information in your Google Account” but “can’t change your password, delete your account, or pay with Google Wallet on your behalf.”

(more…)

Additional malware strains for Macs surface, GateKeeper still recommended as means of protection

Posted by:
Date: Thursday, July 7th, 2016, 11:43
Category: Hack, macOS, News, OS X, security, Software

trojanhorse

After a hiatus, a trio of three new discovered Mac malware strains have emerged.

The strains, once installed, have the potential to access Web cameras, password keychains, and pretty much every other resource on an infected machine.

The first one, as mentioned yesterday, has been dubbed “Elanor” by researchers at antivirus provider Bitdefender and is hidden inside EasyDoc Converter, a malicious app that is, or at least was, available on a software download site called MacUpdate. When double clicked, EasyDoc silently installs a backdoor that provides remote access to a Mac’s file system and webcam, making it possible for attackers to download files, install new apps, and watch users who are in front of an infected machine. Eleanor communicates with control servers over the Tor anonymity service to prevent them from being taken down or being used to identify the attackers.

(more…)

Backdoor.MAC.Elanor malware for Mac enters the wild, can steal data, execute remote code, operate webcam

Posted by:
Date: Wednesday, July 6th, 2016, 07:18
Category: News, security, Software

trojanhorse

Well, this’ll keep Apple’s security team busy for a while.

Recently, Bitdefender Labs found what might be the second example of true Mac malware to enter the wild. The application, dubbed “Backdoor.MAC.Elanor”, is available on a number of reputable download sites such as MacUpdate.

The backdoor is embedded into a fake file converter application that is accessible online on reputable sites offering Mac applications and software. The EasyDoc Converter.app poses as a drag-and-drop file converter, but has no real functionality – it simply downloads a malicious script.

(more…)

Apple leaves iOS 10 beta kernel unencrypted, opens door to white hat hackers, researchers

Posted by:
Date: Thursday, June 23rd, 2016, 08:41
Category: Hack, iOS, News, security, Software

ios10logo

This is interesting.

According to users who’ve been testing the iOS 10 beta, Apple apparently left the operating system’s kernel unencrypted. Apple confirmed this on Wednesday, citing that the move was performed to streamline system performance.

An Apple spokesperson stated that because iOS 10’s kernel cache does not contain sensitive information, it does not need to be encrypted.

(more…)