Security

1,166 'Security' stories July 2011 - January 2019

See All Stories

Powerful iPhone spy tool allowed UAE to view photos, emails, texts, locations and passwords

Ben Lovejoy Jan 30 2019 - 5:35 am PT

iPhone spy tool

A spy tool developed by former U.S. government intelligence operatives reportedly allowed the United Arab Emirates government to remotely hack the iPhones of diplomats, activists and even foreign leaders.

The tool apparently didn’t require the victim to click a link, but could somehow be activated simply by loading in the phone numbers or email addresses of the intended targets …

Expand
Expanding
Close

Apple faces lawsuit over FaceTime bug as lawyer says someone eavesdropped on a sworn testimony

Chance Miller Jan 29 2019 - 7:02 pm PT

Group FaceTime macOS Mojave

Apple is being hit with its first lawsuit over the FaceTime eavesdropping bug that we first reported on yesterday. As reported by Bloomberg, a Houston, Texas-based lawyer is suing Apple, alleging that the FaceTime flaw allowed an unknown person to listen in on a private conversation with a client.

Expand
Expanding
Close

Comment: Apple’s own privacy standards make FaceTime bug massively damaging

Ben Lovejoy Jan 29 2019 - 5:22 am PT

The revelation that a major FaceTime bug can effectively turn your Apple devices into a hot mic, allowing a caller to hear or even see you before you pick up, would be a massive embarrassment no matter which company was involved. It’s an absolutely crazy security fail.

But when that company is Apple – which has been ceaselessly pushing privacy of late – it becomes so cringeworthy we’re going to have to invent a whole new scale just to measure it …

Expand
Expanding
Close

Major iPhone FaceTime bug lets you hear the audio of the person you are calling … before they pick up

Benjamin Mayo Jan 28 2019 - 3:41 pm PT

UPDATE: Apple has taken Group FaceTime offline in an attempt to address the issue in the interim.

A significant bug has been discovered in FaceTime and is currently spreading virally over social media. The bug lets you call anyone with FaceTime, and immediately hear the audio coming from their phone — before the person on the other end has accepted or rejected the incoming call. Apple says the issue will be addressed in a software update “later this week”.

Naturally, this poses a pretty big privacy problem as you can essentially listen in on any iOS user, although it still rings like normal, so you can’t be 100% covert about it. Nevertheless, there is no indication on the recipient’s side that you could hear any of their audio. There’s a second part to this which can expose video too …

Expand
Expanding
Close

Security

Two-factor authentication: Why do I need it? What are the best apps?

Bradley C Jan 27 2019 - 6:00 am PT

two-factor authentication

Security on the internet has become more important with each passing year. It seems like every other month there is a major data breach from major retailers or online properties. One of the key things that you can do to minimize the effect these breaches will have on you is to set up and use two-factor (or multi-factor) authentication. Two-factor authentication can be explained as something you know (your password) and something you have (a smartphone or another authorized device). With most implementations, you will log in to a website using your normal login, and you will then prompted to input a secondary code. The secondary code can be generated in multiple ways (more on that later) and changes every thirty seconds. By enabling two-factor authentication on websites that support it, a hacker wouldn’t be able to log in just using your username and password. They’d need access to your two-factor authentication database in order to access the current code.
Expand
Expanding
Close

773M emails

Security

PSA: 773M email addresses and 21M passwords exposed by hackers, check yours here

Ben Lovejoy Jan 17 2019 - 6:51 am PT

Some 773M email addresses have been exposed by hackers in what is the largest ever breach. Alongside the email addresses are 21M passwords …

Expand
Expanding
Close

Apple privacy

T-Mobile and Sprint promise to stop selling user location data to third-parties, for real this time

Michael Potuck Jan 10 2019 - 9:54 am PT

Update: AT&T now says it will also stop selling user location to aggregation services, according to CNET.

After Motherboard published details about a concerning investigation into how US wireless carriers are selling user location data to third-parties, T-Mobile and Sprint have made some fresh promises. They say they will end the practice of selling users’ data to third-party aggregators that often have little to no oversight.

Expand
Expanding
Close

Package tracking app turns users’ devices into a bot farm, violates user privacy

Guilherme Rambo Jan 7 2019 - 6:38 am PT

package tracking app bot farm

We’ve been seeing a lot of scam apps in the App Store lately, which try to trick users into purchasing expensive subscriptions or products, we’ve also seen apps that track and transmit the user’s location without their consent. Today, I want to talk about an app that’s using iOS devices to perform work for other users, without the device owner’s consent.

Expand
Expanding
Close

Security

Cyber researcher cancels Black Hat conference appearance claiming to ’bypass Face ID’

9to5 Staff Jan 3 2019 - 3:04 pm PT

disable face id

A Chinese cyber researcher has told Reuters that he has canceled an upcoming appearance at the prestigious Black Hat Asia hacking conference at the request of his employer. The researcher, Wish Wu, was preparing a presentation entitled “Bypass Strong Face ID: Everyone Can Deceive Depth and IR Camera and Algorithms”.

Expand
Expanding
Close

USB-C upgrade allows cryptography to authenticate connected devices

Ben Lovejoy Jan 2 2019 - 7:45 am PT

USB-C cryptography

An upgrade to the USB-C standard allows cryptography to be used to authenticate connected devices. It will ensure that devices are properly certified, but can also be used to enhance security …

Expand
Expanding
Close

Security

Viral ‘Twinning’ app from Popsugar matches selfies with celebrities … and exposed personal photos

Chance Miller Dec 31 2018 - 9:33 am PT

Twinning app

Over the last few days, a Twining app from Popsugar has gone viral across various social media platforms. Essentially, the service allows you to snap a selfie of yourself and get an instant result showing which celebrity you look like most. As it turns out, somewhat unsurprisingly, privacy wasn’t necessarily a focus for Popsugar when developing the Twinning app…

Expand
Expanding
Close

celebrity Twitter accounts

Security researchers hijack celebrity Twitter accounts, and prove claimed fix failed

Ben Lovejoy Dec 31 2018 - 7:25 am PT

Security researchers have hijacked a number of celebrity Twitter accounts – including that of Louis Theroux – to post unauthorized tweets. They have also demonstrated that Twitter’s claimed fix for the problem didn’t work …

Expand
Expanding
Close

Twitter support flaw possibly exploited by state-sponsored groups to access user data

Michael Potuck Dec 17 2018 - 11:24 am PT

A recent bug with one of Twitter’s support forms has exposed user details such as phone number country code and whether accounts had been locked by Twitter. The company believes the flaw was likely used by state-sponsored actors to gain information about Twitter accounts.

Expand
Expanding
Close

Facebook admits unshared photos from 6.8 million users affected by latest privacy flaw

Michael Potuck Dec 14 2018 - 8:05 am PT

Facebook security

The latest Facebook security blunder involves photos from 6.8 million users. The company shared in an update on its developer page today that a bug allowed third-parties to see photos from Facebook users who had uploaded, but chose to not post them to the social media service.

Expand
Expanding
Close

Security

2018 saw people use eleven new dumb passwords – including ‘Donald’

Ben Lovejoy Dec 14 2018 - 5:54 am PT

dumb passwords

Each year, SplashData carries out an analysis of leaked passwords to find the top 25 dumb passwords. This year, the company had five million passwords to work from, most of them from hacks in the US and Europe.

There are plenty of old favorites – including ‘password’ – but this year eleven new ones made the list …

Expand
Expanding
Close

Apple enterprise & Mac marketing leads talk T2 chip & Apple’s role in business on ‘Mac Admins Podcast’

Chance Miller Dec 12 2018 - 9:41 pm PT

A pair of Apple marketing team members joined the Mac Admins Podcast this week to talk about Apple’s role in enterprise and business, the T2 chip found in recent Macs, and more. Topics included Apple Business Manager, adoption of Apple hardware by companies like SAP and IBM, and more.

Expand
Expanding
Close

open source VPN

‘Confirmed VPN’ iOS/macOS update makes it the first open service with third-party audits, open source code, more

Michael Potuck Dec 12 2018 - 6:52 am PT

Confirmed VPN launched last year for iOS, macOS and more, but it has been working on something bigger than just another VPN service. Today, the company has made its apps openly operated with third-party audits, open source code, audit logs, and much more. It is also inviting other VPN services to join the platform called Openly Operated.

Expand
Expanding
Close

Super Micro audit complete, including servers supplied to Apple: no spy chips found

Ben Lovejoy Dec 11 2018 - 4:13 am PT

Super Micro

The tech news was dominated in October by a dramatic Bloomberg claim that Chinese spy chips had been embedded into the Super Micro motherboards of servers supplied to Apple, Amazon and others. The report claimed that Apple had discovered the chips, and reported the fact to the FBI.

All involved – Apple, Amazon and Super Micro – denied the claims, but the motherboard supplier decided the only way to lay this to rest was to commission an independent audit to investigate. That investigation has now been completed, and the firm says it found absolutely no evidence to support the story …

Expand
Expanding
Close

Apple among tech companies voicing opposition to new anti-encryption law in Australia

Chance Miller Dec 10 2018 - 5:55 pm PT

Apple Q2 2019

Last week, we reported that Australia had passed a new anti-encryption law that could force Apple and other tech companies to help law enforcement access encrypted messages. TechCrunch reports today, however, that Apple is among a handful of tech companies coming out against the legislation.

Expand
Expanding
Close

Mark Zuckerberg announces Meta lay

Sensitive internal Facebook emails published by UK parliament detail use of its free iOS ‘spyware’ VPN and more

Michael Potuck Dec 5 2018 - 7:45 am PT

The UK parliament has today publicly shared secret internal Facebook emails that cover a wide-range of the company’s tactics related to its free iOS VPN app that was used as spyware, recording users’ call and text message history, and much more.

Expand
Expanding
Close

Security expert Jon Callas makes second exit from Apple to join ACLU

Peter Cao Dec 4 2018 - 1:19 pm PT

Apple security

An Apple security expert, who was previously hired back in 2011, and then re-hired in 2016, is now leaving the company to join the American Civil Liberties Union. Apple often touts its security and privacy efforts, so having someone who worked on Apple’s security team leave the company is always interesting, let alone leaving the company twice…

Expand
Expanding
Close

Deputy Attorney General suggests Apple’s strong privacy position defeats ‘legitimate law enforcement’

Michael Potuck Nov 29 2018 - 12:20 pm PT

At a Georgetown Law and Department of Justice cybercrime conference today, Deputy Attorney General, Rod Rosenstein, made a strong statement that suggests Apple has a mission to “defeat legitimate law enforcement” efforts.

Expand
Expanding
Close

Mac
Security

PSA: If you’ve ever used a Sennheiser headset with your Mac, it is wide open to attack

Ben Lovejoy Nov 29 2018 - 3:58 am PT

HeadSetup

If you’ve ever used a Sennheiser headset or speakerphone device with your Mac (or Windows PC), the accompanying HeadSetup app has left your machine wide open to attack.

In what has been described as a ‘monumental security blunder,’ the app allows a bad actor to successfully impersonate any secure website on the Internet …

Expand
Expanding
Close

DriveSavers claims to offer first consumer service to unlock passcode protected iPhones

Michael Potuck Nov 27 2018 - 1:13 pm PT

DriveSavers is known for its data recovery services, and today the company announced what it claims to be the first iPhone “passcode lockout recovery service” for consumers.

Expand
Expanding
Close