Recent Articles By Andrew Orr [RSS]

Music App Deezer Adds Queue List Feature

· · Link

Music app Deezer is adding a new feature called Queue List for premium users. People can change devices in the middle of a song without having to restart it or search for it again.

Each user’s queue list is now stored in the cloud, making it effortless to switch between mobile, web, desktop, smart watches, autos, Android TV and Xbox.

Users can also edit and make changes to their queue list with all changes reflected across devices. Even if your queue list is set to Shuffle or Repeat, you can still enjoy your music on this setting after switching devices.

Def Con 2019 and Hacking iOS Contacts

· · Link

Another Apple hack shown off over the weekend at Def Con 2019 involves iOS Contacts and a SQLite vulnerability. But it’s not something we need to worry about. Emphasis mine:

Documented In a 4,000-word report seen by AppleInsider, the company’s hack involved replacing one part of Apple’s Contacts app and it also relied on a known bug that has hasn’t been fixed four years after it was discovered…

They replaced a specific component of the Contacts app and found that while apps and any executable code has to have gone through Apple’s startup checks, an SQLite database is not executable.

Basically, it sounds like the bug is only available if you specifically remove a key component of Contacts.

News+: Don't Give Money to Ransomware Scammers

· · Link

In the latest issue of PCMag, Max Eddy writes that you shouldn’t give money to ransomware attackers when they ask.

First, most cyberattacks—including ransomware—don’t last long. The command and control servers that issue the unlock commands and receive payment can be found and taken offline…In either case, anyone who has been infected and not paid the ransom can no longer get their system unlocked, even if they pay.

This is why keeping several backups is important, one online, one offline. And keep your operating system up to date with the latest security patches and improvements.

This is part of Andrew’s News+ series, where he shares a magazine every Friday to help people discover good content in Apple News+.

FBI to Monitor Social Media for Domestic Terrorism Threats

· · Link

The FBI wants to monitor Facebook, Twitter, and Instagram for domestic terrorism threats in real time.

The FBI ultimately wants an interactive tool that can be accessed by all headquarters division and field office personnel via web browsers and through multiple devices. Interested vendors should have the capabilities to offer the agency the ability to set filters around the specific content they see, send immediate and custom alerts and notifications around “mission-relevant” incidents, have broad international reach and a strong language translation capability and allow for real-time geolocation-based monitoring that can be refined as events develop.

Just ask the NSA.

iOS 13 Has an Important Bluetooth Privacy Feature

· · Link

Jared Newman writes about the iOS 13 Bluetooth privacy feature. When an app needs to access Bluetooth, iOS displays an alert so you can allow or deny the request. Bluetooth can be used to track you, which is why Apple added the feature. I’ve seen these alerts a couple of times running the iOS 13 public beta. I disagree with Mr. Newman though; I don’t think it’s too confusing. Just think about the app and whether it legitimately needs Bluetooth. For example, if you need to connect a device to your iPhone, you’ll need Bluetooth. But apps like Google Maps and YouTube don’t need Bluetooth (and I’ve seen alerts and denied them both).

Prior to iOS 13, apps could use Bluetooth to collect detailed location data from users without explicit permission, using tracking beacons in retail stores and other public locations. Even if users had denied an app access their location data, Bluetooth could have provided a workaround.

Low Credit Score? No Problem, You Could Still Get an Apple Card

· · Link

Goldman Sachs is accepting “subprime” applicants for Apple Card, meaning people with a low credit score.

While there is no standard definition for who qualifies as subprime, most fall under a FICO score of 660, and their loans often sour before borrowers with higher credit scores. Ten years ago, big lenders got into trouble when irresponsible loans made to subprime mortgage borrowers defaulted, helping create the worst excesses of the financial crisis.

I think this is great. Apple Card revolves around helping you pay off your credit as soon as possible, and tells you the minimum payment you need for a zero-interest payment. You might still get a high APR, but as long as you don’t carry a balance that won’t affect you. As we head into another school year, Apple Card could be a good choice for college students who may have low credit.

Online Payment Integrations Can Introduce Vulnerabilities

· · Link

At Black Hat 2019, researcher Joshua Maddux found that security vulnerabilities can arise when websites add online payment integrations like Apple Pay. To be clear, he says it’s not an issue with Apple Pay itself, but rather how websites add it. And other third-party integrations can be similarly affected.

The flaws fit into a well-known type of vulnerability called “server side request forgery,” which allow attackers to bypass protections like firewalls to directly send commands to web applications. These vulnerabilities pose a real threat, and are regularly exploited in the wild. Most recently, they played a role in last month’s massive Capital One breach. Similarly, flexibility in how a website integrates Apple Pay potentially exposes its own backend infrastructure to unauthorized access.

Researchers Spoof Face ID Using Tape and Glasses

· · Link

During the Black Hat 2019 conference, researchers demonstrated a way to spoof Face ID using nothing more than glasses and tape.

To launch the attack, researchers with Tencent tapped into a feature behind biometrics called “liveness” detection, which is part of the biometric authentication process that sifts through “real” versus “fake” features on people. It works by detecting background noise, response distortion or focus blur. One such biometrics tool that utilizes liveness detection is FaceID, which is designed and utilized by Apple for the iPhone and iPad Pro.

iOS 13 Will Prevent Location Tracking via SSID, BSSID

· · Link

During Apple’s WWDC 2019 developer session 713 titled, “Advances in Networking” revealed that iOS 13 will stop location tracking using your device’s SSID/BSSID using the CNCopyCurrentNetworkInfo API. Developers have reported getting an email from Apple that says:

Starting with iOS 13, the CNCopyCurrentNetworkInfo API will no longer return valid Wi-Fi SSID and BSSID information. Instead, the information returned by default will be:

SSID: “Wi-Fi” or “WLAN” (“WLAN” will be returned for the China SKU) BSSID: “00:00:00:00:00:00”

Genki Covert Dock for Nintendo Switch is Portable

· · Cool Stuff Found

Genki Covert Dock is a Nintendo Switch charger that also functions as a dock. Each Switch comes with a dock so you can hook it up to your TV. But it’s not very portable when you want to take your Switch on the go. It’s easy to use: Just plug your Switch into the charger, then plug the Switche’s HDMI cable from the charger to your TV. The Kickstarter campaign says it uses a chemical compound called Gallium Nitride (GaN). “By using the latest GaN technology, we get incredible efficiency gains that run cooler enabling us to surpass the limits of last generation silicon chargers.” Although it was designed for the Nintendo Switch, the campaign says it works with a variety of other USB-C devices. You can pledge US$59 or more to get the early bird special (81 left of 1,500 backers). Estimated delivery is December 2019.

Apple Locks New iPhone Batteries to Each Model

· · Link

With a special chip on the battery, Apple is locking down new iPhone batteries to prevent third-party repairs. Instead, you’ll have to go to an Apple store or an authorized repair center.

iFixit reports that replacing a battery in the iPhone XR, XS, or XS Max generates a “service” message saying the phone is “unable to verify this iPhone has a genuine Apple battery.” The phone will also not display any battery health readings.

The change is due to the chip on the battery itself. In addition to being able to relay information about battery cycles and temperature to the phone, the chips on the newer iPhone models also have an authentication feature for pairing with a specific phone.