apple – Page 5 – SSL and internet security news

Security Analysis of Apple’s “Find My…” Protocol

March 15, 2021 infossl

academic papers, apple, bluetooth, crowdsourcing, de-anonymization, privacy, reverse engineering, security analysis, Security technology, tracking, Uncategorized

Interesting research: “Who Can Find My Devices? Security and Privacy of Apple’s Crowd-Sourced Bluetooth Location Tracking System“: Abstract: Overnight, Apple has turned its hundreds-of-million-device ecosystem into the world’s largest crowd-sourced location tracking network called offline finding (OF). OF leverages online finder devices to detect the presence of missing offline devices using Bluetooth and report an … Read More “Security Analysis of Apple’s “Find My…” Protocol” »

Mysterious Macintosh Malware

March 2, 2021 infossl

apple, computer security, malware, Security technology, Uncategorized

This is weird: Once an hour, infected Macs check a control server to see if there are any new commands the malware should run or binaries to execute. So far, however, researchers have yet to observe delivery of any payload on any of the infected 30,000 machines, leaving the malware’s ultimate goal unknown. The lack … Read More “Mysterious Macintosh Malware” »

ThiefQuest Ransomware for the Mac

July 6, 2020 infossl

apple, malware, ransomware, Security technology

There’s a new ransomware for the Mac called ThiefQuest or EvilQuest. It’s hard to get infected: For your Mac to become infected, you would need to torrent a compromised installer and then dismiss a series of warnings from Apple in order to run it. It’s a good reminder to get your software from trustworthy sources, … Read More “ThiefQuest Ransomware for the Mac” »

iPhone Apps Stealing Clipboard Data

June 29, 2020 infossl

apple, dataloss, eavesdropping, ios, Security technology, video

iOS apps are repeatedly reading clipboard data, which can include all sorts of sensitive information. While Haj Bakry and Mysk published their research in March, the invasive apps made headlines again this week with the developer beta release of iOS 14. A novel feature Apple added provides a banner warning every time an app reads … Read More “iPhone Apps Stealing Clipboard Data” »

“Sign in with Apple” Vulnerability

June 2, 2020 infossl

apple, hacking, Security technology, securityengineering, vulnerabilities, zeroday

Researcher Bhavuk Jain discovered a vulnerability in the “Sign in with Apple” feature, and received a $100,000 bug bounty from Apple. Basically, forged tokens could gain access to pretty much any account. It is fixed. EDITED TO ADD (6/2): Another story. Powered by WPeMatico

Contact Tracing COVID-19 Infections via Smartphone Apps

April 13, 2020 infossl

apple, covid19, epidemiology, google, privacy, Security technology, tracing, tracking

Google and Apple have announced a joint project to create a privacy-preserving COVID-19 contact tracing app. (Details, such as we have them, are here.) It’s similar to the app being developed at MIT, and similar to others being described and developed elsewhere. It’s nice seeing the privacy protections; they’re well thought out. I was going … Read More “Contact Tracing COVID-19 Infections via Smartphone Apps” »

Hacking Voice Assistants with Ultrasonic Waves

March 23, 2020 infossl

academicpapers, android, apple, google, hacking, iphone, Security technology, sidechannelattacks, smartphones, video

I previously wrote about hacking voice assistants with lasers. Turns you can do much the same thing with ultrasonic waves: Voice assistants — the demo targeted Siri, Google Assistant, and Bixby — are designed to respond when they detect the owner’s voice after noticing a trigger phrase such as ‘Ok, Google’. Ultimately, commands are just … Read More “Hacking Voice Assistants with Ultrasonic Waves” »

Companies that Scrape Your Email

February 12, 2020 infossl

apple, datamining, email, espionage, marketing, Security technology, surveillance

Motherboard has a long article on apps — Edison, Slice, and Cleanfox — that spy on your email by scraping your screen, and then sell that information to others: Some of the companies listed in the J.P. Morgan document sell data sourced from “personal inboxes,” the document adds. A spokesperson for J.P. Morgan Research, the … Read More “Companies that Scrape Your Email” »

Apple’s Tracking-Prevention Feature in Safari has a Privacy Bug

February 10, 2020 infossl

apple, leaks, privacy, Security technology, surveillance, tracking, vulnerabilities

Last month, engineers at Google published a very curious privacy bug in Apple’s Safari web browser. Apple’s Intelligent Tracking Prevention, a feature designed to reduce user tracking, has vulnerabilities that themselves allow user tracking. Some details: ITP detects and blocks tracking on the web. When you visit a few websites that happen to load the … Read More “Apple’s Tracking-Prevention Feature in Safari has a Privacy Bug” »

Apple Abandoned Plans for Encrypted iCloud Backup after FBI Complained

January 23, 2020 infossl

apple, backups, cloudcomputing, cybercrime, encryption, fbi, Security technology

This is new from Reuters: More than two years ago, Apple told the FBI that it planned to offer users end-to-end encryption when storing their phone data on iCloud, according to one current and three former FBI officials and one current and one former Apple employee. Under that plan, primarily designed to thwart hackers, Apple … Read More “Apple Abandoned Plans for Encrypted iCloud Backup after FBI Complained” »