WikiLeaks releases 8,700+ CIA-related documents, show agency efforts towards hacking Android systems, iPhones, operating systems and smart TVs

Posted by:
Date: Wednesday, March 8th, 2017, 05:43
Category: Android, Google, Hack, Hardware, iOS, iPhone, macOS, News, privacy, Samsung, security

This is pretty much one for the ages.

WikiLeaks has released more than 8,700 documents that have apparently originated from the CIA’s Center for Cyber Intelligence, with some of the leaks saying the agency had 24 “weaponized” and previously undisclosed exploits for the Android operating system as of 2016.

Some of the Android-specific exploits were developed by the CIA, while others hailed from the U.S. National Security Agency, U.K. intelligence agency GCHQ, and cyber arms dealers.

Among the smartphone-related tools developed by the CIA were assets that allow the agency to bypass encryption found in WhatsApp, Confide and other applications known to use encryption. These tools, according to WikiLeaks analysis, capture audio and message traffic before encryption has a chance to be applied.

(more…)

Yahoo discloses third data breach in six months

Posted by:
Date: Thursday, March 2nd, 2017, 05:39
Category: Hack, News, security

The hits just keep on coming.

Yahoo today revealed a third major hack, wherein some 32 million accounts have been accessed by intruders over the past two years. These accounts are in addition to the accounts affected by the two data breaches the company had previously disclosed.

The accounts were apparently compromised via forged cookie files. Yahoo has stated that the accounts were accessed by the “same state-sponsored actor beloved to be responsible for the 2014 hack.” The 2014 hack was the one that affected at least 500 million accounts.

(more…)

1Password for Mac updated to 6.6.1, includes improved Touch Bar support, new subscription model

Posted by:
Date: Tuesday, February 28th, 2017, 05:28
Category: MacBook Pro, News, security, Software, Touch Bar

It’s a nifty program and it just got a little bit better.

1Password for Mac has just been updated to version 6.1.1. The new version includes enhanced Touch Bar support for the MacBook Pro as well as a new payment model that centers around subscriptions.

The software, which generally listed around $65, is being priced towards a more affordable number and now features free trials via the Mac App Store.

(more…)

Analyst predicts Apple will switch from Touch ID to facial recognition technology for next-gen iPhone

Posted by:
Date: Monday, February 20th, 2017, 05:40
Category: Hardware, iPhone, Rumor, security, Touch ID

It’s rumored that the next-gen iPhone will feature a front-facing 3D laser scanner for facial recognition according to JPMorgan analyst Rod Hall.

Hall has stated that the scanner will replace the Touch ID on the next-gen iPhone, as Apple is apparently looking to replace the Home button to allow for an edge-to-edge display. Hall’s note cites that the iPhone 7s and iPhone 7s Plus could also have a 3D laser scanner based on increased volume of the module within Apple’s supply chain.

The scanner component is said to add about $10 to $15 to the next-gen iPhone’s bill of materials, which coupled with the OLED display, glass casing, and other increased production costs, could make its retail price up to $100 more expensive than it would be without those features, if Apple looks to maintain a similar profit margin.

(more…)

Security researchers at Bitdefender find evidence of X-Agent malware variant for macOS

Posted by:
Date: Thursday, February 16th, 2017, 05:13
Category: Hack, News, security, Software

The malware that may have swung the U.S. presidential election could be on its way to a Mac near you.

Security researchers have discovered a macOS malware program that’s likely part of the arsenal used by the Russian cyberespionage group blamed for hacking into the U.S. Democratic National Committee last year.

The group, known under such names as “Fancy Bear”, “Pawn Storm” and “APT28”, has been active for almost a decade and is believed to be the sole user and likely developer of a Trojan program called Sofacy or X-Agent.

X-Agent variants for Windows, Linux, Android, and iOS have been found in the wild in the past, but researchers from Bitdefender have now come across what appears to be the first macOS version of the Trojan.

(more…)

Touch Bar-equipped MacBook Pro notebooks banned from some state bar exams, security concern cited

Posted by:
Date: Wednesday, February 1st, 2017, 05:53
Category: Legal, MacBook Pro, News, security, Touch Bar

If you have a new Touch Bar-equipped MacBook Pro notebook and are looking to take the bar exam, you might need to leave the notebook behind.

According to an announcement from testing software company ExamSoft, the Touch Bar’s predictive text feature could compromise “exam integrity.”

For law students looking to take the North Carolina bar exam, test proctors have been instructed to keep a look out for models with the Touch Bar and technicians will be on hand to ensure the feature is disabled. Test takers will be approved to use the laptops provided they followed ExamSoft’s helpful instructions for reverting the Touch Bar back to a row of standard function keys.

(more…)

Apple’s Activation Lock website could have played role in hack, thereby leading to its sudden closure

Posted by:
Date: Tuesday, January 31st, 2017, 05:44
Category: Hack, iOS, iPad, iPhone, iPod Touch, News, security, Software

Apple’s Activation Lock web site may have been involved in a hack, thus explaining its sudden removal and elimination.

As it turns out, the Activation Lock website was a vital part of a bypass hack used to unlock devices bricked by Activation Lock, perhaps hinting at why Apple shelved it.

The hack centered around the perpetrators changing one or two characters of an invalid serial number, thereby generating a valid serial number for an iOS device. The valid number could then be used to gain full access to the iPhone, iPad or iPod touch.

(more…)

Apple’s iCloud Activation Lock page removed without explanation

Posted by:
Date: Monday, January 30th, 2017, 05:48
Category: iOS, iPad, iPhone, iPod Touch, News, retail, security

Without hint or warning, Apple has removed the iCloud Activation Lock status page, which used to exist at iCloud.com/activationlock, but that URL now leads to a 404 error instead. The utility let anyone type in the IMEI or serial number of an iOS device to find out if Activation Lock had been turned off, something which proved to be useful to verify the authenticity of a seller when buying a used iPhone online.

References to the web page have been removed from Apple’s support documentation, indicating this is not a temporary issue and the page has been intentionally pulled from service.

A previous Apple support document recommended that users check the Activation Lock status of an iOS device before buying it to ensure that the product was ready to use. The text was removed on January 24th and the iCloud.com/activationlock URL stopped working not long afterwards.

(more…)

Apple releases iOS 10.2.1 update

Posted by:
Date: Tuesday, January 24th, 2017, 05:58
Category: iOS, iPad, iPhone, iPod Touch, News, security, Software

It’s been a day for updates and Apple just released iOS 10.2.1, the current version of its mobile operating system.

The update, which weighs in between 65 megabytes and over a gigabyte depending on whether you download it over the air or via iTunes, offers the following fixes and changes:

Auto Unlock
Impact: Auto Unlock may unlock when Apple Watch is off the user’s wrist.
Desription: A logic issue was addressed through improved state management.

Contacts
Impact: Processing a maliciously crafted contact card may lead to unexpected application termination.
Desription: An input validation issue existed in the parsing of contact cards. This issue was addressed through improved input validation.

(more…)

Meitu selfie app apparently collecting, transmitting user data back to Chinese source

Posted by:
Date: Monday, January 23rd, 2017, 05:11
Category: Android, iOS, iPhone, News, privacy, security, Software

The good news is that the Meitu app adds some cool selfie editing tools, allowing you to pretty much transform your selfie pictures into nifty anime characters.

The bad news is that the app is apparently sending back as much private information as it can to a Chinese source.

The MeituPic app, launched in 2013, soared to the top of the Chinese app charts. It was rebranded as “Meitu” in 2016 and works by taking a selfie, smoothing a person’s skin, adding virtual makeup and a number of other effects.

(more…)