iOS 8 App Password Security Issue Discovered

Users should be aware of iOS app password security issue discovered by researchers [learn how to report iOS 9 bugs to Apple if you are testing this beta firmware]. There is a report and it mentions over 100 popular iPhone application titles that require iOS app password protect actions from developers because their passwords can be easily cracked.

The news about issues with iPhone app secure password comes from AppBugs. The company tested the most popular, top App Store applications and states a lot of them lack this feature and require better security. Most of the programs let users input passwords without restrictions and this potentially allows hack the passcode with ease.

Secure tools must provide only a number of attempts for log-in and when a user fails to enter the correct password he or she has to be locked out or asked to create a new password tied to their account.

AppBugs chose 100 apps that were downloaded over 1 million times. Over 50 percent of these programs show passcode vulnerability and the list of applications has some popular titles as Walmart, CNN, AutoCAD 360, Pocket, Dictionary, Expedia and others. If you are using Wanderlist, Zillow, SoundCloud and WatchESPN you would also like to get better protection of your password.

iOS app crack WiFi passwords is not an issue here but hackers can possibly get hold of you app account if you are using the best apps with bad password protection. The security firm asked devs to solve the existing problems. Some developers were fast to respond and already fixed the bugs [for now in Pocket, Dictionary and Wunderlist only].

Since those App Store apps that are vulnerable to brute force attack can cause massive leaks and attacks on Apple services – password security flaw could be a big problem that must be fixed as soon as possible.


iPhone Touch ID Scanner Security Doubts: How Safe and Secure Is It?

Are you satisfied with your iPhone Touch ID scanner security? How can you be sure that no hacker accesses your personal information by using various methods that allow bypassing lockscreen? These questions arise in every Apple customer’s mind once in a while. Hackers also add their doubts assuring that this is not the type of security you can rely on completely.

How secure is iPhone fingerprint scanner? Hackers from the Chaos Computer Club also known as CCC shared some thoughts on this important topic. CCC know about security more than anyone can imagine because they have already hacked Apple’s Touch ID scanner and know for sure that it is possible to bypass this security option using an image of a fingerprint.

CCC is the biggest hacker association in Europe. They have proved that if you have a public photograph of a fingerprint of a person whose iPhone you can get in hands, you can also create a fake fingerprint and access this smartphone with ease.

Of course, chances that a hacker will get your iPhone and find a photograph of your fingerprint are low. Such method can work with famous people, celebs and politicians. For ordinary customers, there are other tools hackers can use. We’ve mentioned different black box tools that can use brute-force method to guess your passcode and bypass the scanner security by entering your real passcode. This is also the reality and Apple cannot deny that it is truly possible to hack its Touch ID security in multiple ways.

Even modern biometric security cannot be the one reliable tool that protects your iPhone or other smartphone from intruders. The companies have to think of other security methods as well. What do you think about this? Are you still sure that your Touch ID scanner is secured enough for you not to worry about anything?


CIA Made An Effort To Hack Apple Devices

CIA hack Apple devices spread all over news and shocked all users. Newly leaked documents reveal that the Central Intelligence Agency has been providing many-year effort to hack the Apple iPhones and iPads security.

They targeted the essential security keys that were used to encrypt data stored on Apple’s devices. The researchers have searched ways to prevent the company’s attempts to ensure iOS security to hundreds of millions of Apple customers around the world.

U.S. government-sponsored research was developed to study “physical” and “non-invasive” techniques to discover ways to decrypt and sink into Apple’s encrypted iOS firmware.

It gave the chance for spies to put malicious code inside Apple devices and find out all potential vulnerabilities different parts of the iPhone and iPad carefully masked them by encryption.

CIA security researchers introduced all their tactics and achievements at a secret annual meeting that is called the ‘Jamboree’. Strategies for exploiting security flaws in household and commercial electronics were discussed. The first secret meeting took place a year before the original iPhone was launched.

The agency has developed a modified version of Xcode. It is used almost by every developer that submit applications to the Apple App Store. Researchers states that this modified Xcode could force all iOS applications to send embedded data to a listening post. CIA researchers also modified the OS X updater program used to deliver software updates.

It was also rumors that companies give the government access to data on devices through a “back door” due to the CIA hack Apple devices fact. Apple CEO Tim Cook recently spoke at a White House Summit on Cybersecurity and Consumer Protection protecting the company’s encryption usage. Cook has said that the threat of terrorism should not terrify citizens into giving up their privacy.


New Apple Software Security Flaw ‘Freak’ Discovered by Researchers

Once in a while hackers report about different security flaws in iOS 8. This firmware is not perfect, but recently researchers from computer science lab INRIA [France] have found a new flaw they called ‘Freak’ and Apple promises that the fix should come soon [remember that NSA can hack your iPhone SIM card]. The report states that Apple software security flaw has a big potential for risk and it also exists in software created by the likes of Google.

As researchers believe [they came across the problem while testing encryption systems], a big number of gadgets can be open to hacking through security issues in browser. The danger can come from outside source. Its name ‘Freak’ stands for Factoring Attack on RSA-EXPORT Keys. It could have been built into American software.

The story goes back in past. There were times when companies followed the archaic rules and didn’t use strong encryption when developing and manufacturing their goods. All the devices that are ‘export-grade’ used to be weaker than the gadgets protected by strong encryption protocols. Shipping them to different countries was ok as long as inside U.S. you could purchase a better protected model.

The problem can surface inside the United States, too. But it wasn’t noticed until 2015 when researchers discovered that they were able to hack browsers using lower-grade 512-bit encryption. It took them seven hours to hack the export-grade encryption key.

In other words, security flaws in browsers can be possibly used by hackers but the weakened-encryption browsers can cause danger to big websites and entities in the future.

Not all websites that are encrypted are vulnerable, only those they are still using the old encryption systems that are ‘zombies from the ‘90s.’


Edward Snowden Talks About iPhone UDID Security

In documents published today there were very important theme said Edward Snowden about iPhone security. These documents give new insight into the British GCHQ’s efforts to track targets using their iPhones.

Previously leaked information stated that specific NSA exploits used to compromise the famously malware-resistant iPhone software controls. But the fresh documents introduces that even when the iOS device itself hasn’t been compromised, any data stored on the phone can be pulled when the device syncs with a tired computer. Other techniques also let GCHQ researchers to chase and utilizy targets by following a device’s UDID across different services.

By searching for the target’s UDID hack, the GCHQ could chase the aimed iOS device as it synced with a compromised appliance, sent data to a broader tracking system as AdMob or use the web (exposing it to the agency’s Safari exploit).

In every case, the device’s UDID would be exposed, helping researchers utilizing it to identify the personality. Previous leaks data have shown that the NSA using similar methods, compromising ad cookie networks as a way of tracking users across the web, effectively cooping any user-identification method as a surveillance tool.

Analyzing the reports, dated to November of 2010 reports, before Cupertino giant began deprecating the UDID system, although the documents introduce how useful the system, while it was still operational, was for surveillance.

The published documents Edward Snowden about iPhone security carries a serious worry. Happily, for users who own iPhone, Cupertino company has already recognized the UDID potential dangers and started to use more privacy-friendly methods.


Dropbox Passwords Were Stolen

Dropbox administration announced that the cloud service became the victim of spammers who stole usernames and passwords of its users. As reported by CNet, starting mid-July Dropbox account holders have begun to complain about getting emails with advertising of casinos and gambling sites. Most of the complaints came from Germany, the Netherlands and the UK. Service management has responded to complaints and promised to solve the problem as soon as possible.


DEFCON Hacking Conference 2012 Has Started

The geeks all around the world are going to DEFCON Hacking Conference 2012 which has just started in Las Vegas, Nevada. That will be the 20-th annual conference and will be held  July 26 – 29th, 2012. It’s pretty similar to HITB conference for iOS hackers that is also annual and was held in May. One of the main surprises of it will be the appearance of the head of the U.S. National Security Agency. His name is General Keith Alexander and he is the spy agency director. He will hold his speech at the DEFCON 2012 and this performance will be the highest-level visit to the conference by the U.S. government officials by this time.

DEFCON Hacking Conference 2012

DEFCON (official site), also written as DEF CON or Defcon – the world’s largest collection of hackers taking place every year in Las Vegas, Nevada. The first DEF CON took place in June 1993. In 2006, DEFCON gathered about 6.500 visitors. This year’s conference expects to meet around 15.000 hackers and simple mortals from around the world.

Most listeners of DEFCON will be computer security professionals, journalists, lawyers, federal public servants and hackers with the main interest in computer programs and computer architecture. The event consists of various performances and lectures on computer topics related to hacking, as well as social events and competitions in everything from creating the longest Wi-Fi connection and cracking computer systems to who can cool the beer during the heat of Nevada most effectively. Other events include, the search for master keys, contests related to the robots, art, slogans, coffee wars, and Capture the Flag.

DEFCON Capture the Flag (CTF) is probably one of the most famous competitions. This is a hacking competition where teams compete in the attacks and protect computers and networks. It’s pretty similar to popular game mode in different shooters as Quake, Unreal Tournament etc. but instead of shooting each other hackers hacking the computer defense from one side and trying to protect it from the other side.

We’ll keep you informed about the flow of the conference during the next four days. Stay tuned.


Instaquotes App Store Virus Found Today

It seems that the problem with the Apple app store has not yet been completed. Today, there appeared information that Instaquote app included virus. App Store application contains malicious software for Windows. Instaquotes-Quotes Cards for Instagram contains a worm, designed for Windows operating system. That’s not the first time when malicious software is found in App Store, remember Find and Call virus?


Apple Black Hat Conference First Time Appearance

Many software manufacturers to send their representatives to the Black Hat Security Conference USA and Apple will appear there this year. Earlier the company openly ignored the event year after year .

This year, the first time after 15 years of the conference existence, experts will represent Apple at BlackHat in Las Vegas along with the results of their latest research in the field of security of the iPhone and iPad operating system.


iOS Apps Personal Data Access: Why Should You Care?

19% of iOS applications have access to your personal data without even asking you says the Bitdefender company which deals with anti-virus software. For example, address book is accessed without even notifying user. In addition, about 41% of the applications track your location. Bitdefender draws attention to the fact that about 40% of the applications that track your location do not encrypt the data collected, which, of course, is an unpleasant fact for the users. Sure, this data is collected without taking into account all of the existinп iOS 6 apps within the App Store but using 65 000 randomly selected applications.

Catalin Cosoi, chief researcher at the Bitdefender security company, said that statistics about iOS Apps personal data access is not very comforting. She states that encryption of data obtained by iOS applications occurs very rarely, and tracking information about the location is too common. The user is difficult to assess the level of information security because applications perform all actions hidden from the user. We are concerned because of the poor user data encryption , location and tracking of frequent uncontrolled access to the address book. This is kinda dangerous because such data can be used by hackers to harm your device or personal space.

Given that the situation around access to personal data by iOS apps is really disappointing, it will change with the advent of iOS 6. Once Apple has been criticized because of the scandal with the Path application, the company has gained much more serious attitude to the issues of confidentiality of user information. In iOS 6 when you first start the application you will always receive notification of whether you want an application to access your personal data, and if so – then to which exactly.

The only question that currently remains open – is the encryption of the information received. Users have no way of knowing whether it is encrypted personal data accessed by iOS apps, and Apple still does not require developers to provide this information.

Do you frequently allow iOS apps to use your personal data like location, contacts or want them to send you Pus notification. I personally do that if that’s really necessary. What about you? Share in the comments.