Andrew Orr and John Martellaro join host Kelly Guimont to discuss sharing photos (but not their location data), and Apple’s OS security.
Security
iOS 13: How to Add a Second Person to Face ID
You can add a second person to Face ID on iOS devices. This is great for people who share their devices. Here’s how to do it.
Cloudflare Releases Warp VPN for Everyone
Cloudflare announced its Warp VPN earlier this year and created a waiting list for it to be rolled out. Although the company had technical difficulties, the list is gone and Warp VPN is available for everyone today.
Let me start with the apology. We are sorry making WARP available took far longer than we ever intended. As a way of hopefully making amends, for everyone who was on the waitlist before today, we’re giving 10 GB of WARP Plus — the even faster version of WARP that uses Cloudflare’s Argo network — to those of you who have been patiently waiting.
This Friday I intend to publish a list of five VPN apps for iOS, and Warp will be included.
Russian Confesses to JPMorgan Chase Hack
Russian national Adrei Tyurin confessed to the 2014 hacking of JPMorgan Chase which stole the data of over 80 million customers.
Tyurin carried out the hacks at the direction of co-conspirator Gery Shalon, who used the stolen data to further a variety of schemes, including securities fraud. One scheme involved artificially inflating the price of certain publicly traded stocks by marketing them in a deceptive and misleading manner to customers of companies Tyurin had hacked.
Legislation and Tech Conflicts, iPhone Battery Life – TMO Daily Observations 2019-09-18
Andrew Orr and Bryan Chaffin join host Kelly Guimont to discuss tech and legislation colliding in unfortunate ways, and iPhone battery life.
Your X-Ray Images and Medical Data Are Available on the Internet
A ProPublica investigation revealed that medical images and health data are often stored in insecure servers that are easily accessible to anyone with a bit of computer knowledge.
We identified 187 servers — computers that are used to store and retrieve medical data — in the U.S. that were unprotected by passwords or basic security precautions. The computer systems, from Florida to California, are used in doctors’ offices, medical-imaging centers and mobile X-ray services.
All told, medical data from more than 16 million scans worldwide was available online, including names, birthdates and, in some cases, Social Security numbers.
LastPass 4.33.0 Fixes Bug That Leaked User Data
Google’s Project Zero security team found a LastPass bug that exposed user credentials on a website they previously visited.
iPhones Can Now Use Yubico NFC Security Keys
Apple is expanding NFC capabilities with iOS 13, and you’ll be able to use Yubico NFC keys or other brands with your iPhone.
SimJacker is a Newly-Discovered SIM Card Vulnerability
SimJacker is a newly-discovered vulnerability in SIM cards that lets an attacker hack your smartphone just by sending an SMS message.
Apple Card 3% Club, NSA in NYT – TMO Daily Observations 2019-09-12
Andrew Orr and Bryan Chaffin join host Kelly Guimont to discuss the latest 3% back offers on Apple Card, & a letter from the NSA in the NYT.
New Exploit Shows We Should Just Skip to iOS 13.1
A contacts exploit was discovered in iOS 13 that lets a person bypass Face ID / Touch ID to see an iPhone’s contacts.
Relatively little is at stake with this exploit. Beyond the inherent danger of an assailant having your iPhone, this method only allows someone to view the contacts within the target iPhone, provided that they have physical access to the target phone and can complete the VoiceOver exploit.
Little is at stake, but there have been so my iOS exploits in the news lately that we might as well go straight to iOS 13.1.
The (In)Security Behind Trump's Twitter Account
According to an investigation of President Trump’s Twitter security, his account might be vulnerable to being hacked, although some disagree.
The source who shared information about Trump’s Twitter security said they don’t believe the account will be hacked, but that the risk should be kept in perspective. “Remember we are talking about access to a Twitter account, not access to the nuclear launch codes,” they said. “While the optics would be bad if the account were ever hacked, it would not be a national crisis.”
iMessage and Safari Make iPhones Less Secure
Andy Greenberg writes about security problems in iMessage and Safari, saying that these products make iPhone less secure.
“If you want to compromise an iPhone, these are the best ways to do it,” says independent security researcher Linus Henze of the two apps…He and other iOS researchers argue that when it comes to the security of both iMessage and WebKit—the browser engine that serves as the foundation not just of Safari but all iOS browsers—iOS suffers from Apple’s preference for its own code above that of other companies.
Apple is in a tough position. If a company isn’t great at security, they could get a third-party to audit its software. But that would create a huge target.
Weaponizing security flaws, Apple Watch Slow Burn – TMO Daily Observations 2019-09-09
Charlotte Henry and Bryan Chaffin join host Kelly Guimont to discuss iOS vulnerabilities as weapons, and the slow success of Watch.
Researchers Test Phones to See if They're Secretly Listening
Researchers put an iPhone and a Samsung phone into a room, playing cat and dog food advertising for 30 minutes.
The security specialists kept apps open for Facebook, Instagram, Chrome, SnapChat, YouTube, and Amazon with full permissions granted to each platform…They repeated the experiment at the same time for three days, and noted no relevant pet food adverts on the “audio room” phones and no significant spike in data or battery usage.
The results won’t surprise those in the information security industry who’ve known for years that the truth is that tech giants know so much about us that they don’t actually need to listen to our conversations to serve us targeted adverts.
For some people, maybe the belief that phones secretly spy on us is less terrifying than learning how much data these corporations actually have on us.
Password-Less Server Leaked Facebook IDs and Phone Numbers
A server found without a password contained over 419 million database records of Facebook users in the U.S., U.K. and Vietnam.
Botnet Takedown, Apple's AR Plans – TMO Daily Observations 2019-09-03
Bryan Chaffin and Andrew Orr join host Kelly Guimont to discuss the latest botnet takedown and the new wave of Apple “headset” speculation.
French Police Defeat Retadup Botnet Infecting 850,000 Computers
French police have defeated a botnet that infected over 850,000 computers. It was created with the Retadup malware. With the help of a web host, they cloned the command & control server and used it to disinfect the zombie computers.
“The malware authors were mostly distributing cryptocurrency miners, making for a very good passive income,” the security company said. “But if they realized that we were about to take down Retadup in its entirety, they might’ve pushed ransomware to hundreds of thousands of computers while trying to milk their malware for some last profits.”
Review: Yubico 5Ci is the iPhone's First Security Key
Launched last week, the Yubico 5Ci is the first security key with a Lightning connector. The company sent Andrew one for review.
iPhone Hacks, Python, Particle Debris – TMO Daily Observations 2019-08-30
John Martellaro and Andrew Orr join host Kelly Guimont to discuss an iOS vulnerability, the future of Python on macOS, and Particle Debris.
Malicious Websites Have Been Hacking iPhones
Google’s Project Zero security team recently announced that some malicious websites have been hacking iPhones.
Ruby 11 Libraries Found to Contain Backdoors
The RubyGems package repository removed 18 backdoors from Ruby 11 software libraries meant to launch secret cryptocurrency mining.
MoviePass Breach Exposed Unencrypted Credit Card Numbers
Movie ticket subscription service MoviePass store customer credit card numbers in plain text on an exposed server.
Apple Accident iPhone Leads to iOS 12.4 Jailbreak
Apple accidentally unpatched a vulnerability first patched in iOS 12.3, and researchers used it to create an iOS 12.4 jailbreak.
