Justice Department looking to have Apple help extract data from 12 additional iPhones

Posted by:
Date: Tuesday, February 23rd, 2016, 07:12
Category: iPhone, Legal, News, security

lockediphone5c

The plot thickens.

In the midst of the controversy between Apple and the Department of Justice regarding the unlocking of the San Bernadino shooter’s iPhone, the U.S. Department of Justice is pursuing additional court orders that would force Apple to help federal investigators extract data from twelve other encrypted iPhones that may contain crime-related evidence.

The revelation comes nearly one week after a U.S. federal judge ordered Apple to assist the FBI with unlocking an iPhone belonging to suspected San Bernardino terrorist Syed Rizwan Farook. Apple strongly opposed the court order last week in an open letter to customers.

(more…)

Apple working with FBI on San Bernadino shooter’s iPhone, still refusing to create backdoor to allow entry

Posted by:
Date: Monday, February 22nd, 2016, 07:20
Category: iPhone, Legal, News, security, Software

lockediphone5c

Following up on last week’s coverage of Apple, the FBI, the Department of Justice, Donald Trump screaming about things and the San Bernadino shooter’s locked iPhone, it turns out that Apple has apparently offered the FBI four different options for recovering data on the iPhone 5c used by Syed Rizwan Farook. None of those methods involved Apple creating a backdoor into iOS as ordered by a federal court this week, and at least one of those methods might have been thwarted because a San Bernardino Health Department employee changed the password on the iTunes account tied to the iPhone.

According to unnamed company executives, Apple has been working with the FBI since “early January” to access data on the device. One of the methods proposed involved allowing the device to auto-connect to a trusted Wi-Fi network, where Apple hoped the device would auto-backup to iCloud. Apple would then be able to copy the data on iCloud for controlled retrieval.

(more…)

Apple iOS encryption battle could escalate to the Supreme Court

Posted by:
Date: Friday, February 19th, 2016, 07:48
Category: iOS, iPhone, Legal, News, security

lockediphone5c

Apple’s cryptography fight could go all the way to the tippy top.

Following tim Cook’s reply to the court order instructing the company to assist the FBI in breaking into an iPhone left any room for doubt about Apple’s determination to fight the matter all the way to the U.S. Supreme Court, that doubt appears to be removed by further background emerging today.

It’s been reported that Apple plans to press ahead with plans to increase its use of strong encryption.

Cook has since told colleagues that he plans to stand by Apple’s current encryption policies.

(more…)

Apple releases updated iOS 9.2.1 variant to make amends for handsets affected by Error 53

Posted by:
Date: Thursday, February 18th, 2016, 13:00
Category: Hardware, iOS, iPhone, News, security

error53

A bit of an apology from Apple following the “Error 53” controversy.

Apple on Thursday released an updated version of iOS 9.2.1, bypassing what the company has admitted to be a factory test of the Home button during start up.

Apple released an updated version of iOS 9.2.1 to restore newer iPhones that were disabled by Error 53. This iOS update will prevent future iPhones from experiencing Error 53 if they have their Home buttons repaired by a third-party repair shop. This update can only be installed by connecting the iPhone to iTunes on a Mac or PC, not over the air.

(more…)

Federal judge orders Apple to help FBI unlock San Bernadino shooter’s iPhone 5c

Posted by:
Date: Wednesday, February 17th, 2016, 08:19
Category: iOS, Legal, News, security, Software

lockediphone5c

A few months after the San Bernadino shootings, Apple was ordered by a U.S. federal judge on Tuesday to help the FBI unlock the iPhone 5c used by shooter Syed Farook. According to court papers, Apple “declined to provide [assistance] voluntarily.”

The judge ruled Tuesday that Apple had to provide “reasonable technical assistance” to the government in recovering data from the iPhone 5c, including bypassing the auto-erase function and allowing investigators to submit an unlimited number of passwords in their attempts to unlock the phone. Apple has five days to respond to the court if it believes that compliance would be “unreasonably burdensome.”

Prosecutors have argued that the “government was unable to complete the search because it cannot access the iPhone’s encrypted content.” The FBI argued that Apple has the “technical means” to assist the government and, in a statement, U.S. attorney Eileen M. Decker said that the order was a “potentially important step” in finding out “everything we possibly can” about the San Bernardino attack.

(more…)

Proposed bipartisan bill would prevent individual states from mandating backdoor access to encryption protocols

Posted by:
Date: Thursday, February 11th, 2016, 09:42
Category: iOS, iPhone, Legal, News, security, Software

encryption

The plot may yet become even more intricate when it comes to states require backdoors into encryption.

A bipartisan bill introduced to the U.S. House of Represenatives on Wednesday would bar individual states and localities from requiring backdoors in encryption, something often demanded by law enforcement officials and intelligence agencies.

The ENCRYPT Act, sponsored Democrat Ted Lieu and Republican Blake Farenthold, was crafted in direct response to proposed rules in New York and California that would require companies to be able to decrypt smartphones.

< !-more-->
“It is completely technologically unworkable for individual states to mandate different encryption standards in consumer products,” said Lieu. “Apple can’t make a different smartphone for California and New York and the rest of the country.”

Support for the bill has been said to have originated from FBI Director James Comey, who has regularly stated that encryption could interfere with investigations and police observation. On Tuesday, Comey appeared in front of a Senate panel, where he said that investigators were still unable to access the contents of a phone belonging to one of the shooters responsible for the Dec. 2 massacre in San Bernardino, Calif.

Companies like Apple have put their own pressure on U.S. politicians, arguing that leaving holes in encryption would simply make intrusion easier for malicious hackers and/or government surveillance.

The encryption in iOS 8 and iOS 9 is so stringent that even when served with a warrant, Apple claims it can’t crack a passcode-protected device. Later versions of Google’s Android OS support similar levels of encryption, though it may sometimes have to be enabled manually.

Stay tuned for additional details as they become available.

Via AppleInsider and Reuters

Researcher finds Sparkle framework vulnerability, highlights popular apps that could be exploited

Posted by:
Date: Wednesday, February 10th, 2016, 08:31
Category: News, OS X, security, Software, Yosemite

trojanhorse

Well, this is a mess.

A “huge” number of third-party Mac apps are under threat of man-in-the-middle attacks due to a recently discovered vulnerability in Sparkle, an open source framework used to facilitate software updates.

The flaw, which centered around a flawed WebKit rendering engine implementation found in certain Sparkle builds, is to blame for the newly discovered attack that allows malicious users to insert and execute JavaScript code when affected app check for software updates.

Along with a flawed Sparkle version, vulnerable apps must also be running an unencrypted HTTP channel to receive software updates from offsite servers. This can allow other users to capture network traffic and thereby run malicious code on a target computer. The exploit has been cited by a software engineer called “Radek”, who confirmed the exploit affects apps running on the latest versions of OS X 10.11 El Capitan and OS X 10.10 Yosemite.

(more…)

Apple acquires security firm LegbaCore

Posted by:
Date: Wednesday, February 3rd, 2016, 08:10
Category: security, Uncategorized

legbacore

When in doubt, buy one of the best security firms you can get your hands on.

Back in November of 2015, Apple quietly acquired security consultancy firm LegbaCore. The acquisition was initially revealed back in December by security researcher Trammell Hudson during a presentation at the 32C3 conference. The acquisition was further corroborated by a series of tweets from founder Xeno Kovah and the company’s website, which states that it is “not accepting any new customer engagements.”

The specific details are unclear, although Kovah and his partner Corey Kallenberg are working full-time at Apple, although their specific roles are unclear. Kovah only stated that he and Kallenbeg would be working on “low level security” at the company.

(more…)

CrashSafari.com site spreads, points out bug in Safari web browser

Posted by:
Date: Wednesday, January 27th, 2016, 13:19
Category: Android, iOS, News, security, Software

Apple_Safari

You’re going to want to avoid this.

A recent link to CrashSafari.com has been circulating around Twitter and other web sites, the site itself doing what you thought it would do and crashing Apple’s Safari mobile web browser on your iOS device.

If you tap on the link on your iOS device, your iPhone will start rebooting right away. On a Mac, you’ll see the spinning wheel of death, but not a complete crash. Some links will point you to CrashChrome.com instead of CrashSafari, which will cause Chrome to crash on any device you use, including Android, but it won’t cause a reboot.

(more…)

Proposed bill in New York state could allow backdoor access for law enforcement, threatens fines for non-compliance

Posted by:
Date: Thursday, January 14th, 2016, 09:27
Category: Legal, News, security

Gay Marriage NY

Let the arguments begin.

A new bill proposed in New York could require that all phone manufacturers be required to implement a way for law enforcement agencies to access and decrypt user devices. This bill is somewhat similar to the Investigatory Powers Bill currently being debated in the UK, which Apple has voiced its opposition towards. Apple and Tim Cook have repeatedly stated that government agencies should not have any access to user devices or data, whether be through a built-in backdoor or other means.

The bill is currently making its way through the new York state assembly and specifically states that “any smartphone manufactured on or after January 1, 2016, and sold or leased in New York, shall be capable of being decrypted and unlocked by its manufacturer or its operating system provider.” Failure to meet such a requirement would impose a $2,500 on each infringing device.

(more…)