Tag Archives: Apple

iPhone 6. The fingerprint reader security

Being the leading technology brand can have its downsides. And if you don’t believe it, ask Apple. Every time the firm from Cupertino introduces a new product, the same thing happens: there is great anticipation, with seemingly half the world awaiting, long queues of tech disciples… and an army of people looking for bugs in the new devices.

In the end, vulnerabilities emerge and obviously their impact is far greater than with other brands (especially if it is a new device). Apple has already suffered a few embarrassing errors discovered by users. You don’t have to go too far back to see: the aluminum case of the iPhone 6 Plus was said to be too flexible, meaning that the phone can even bend under certain conditions.

A secure iPhone?

While the tech world looked on in amazement at this problem in the new Apple device, a second rather more difficult issue emerged: Apple’s ‘Touch ID’ fingerprint identification system is not entirely secure.

Apple-security

This technology has already been used in iPhone 5s and as with iPhone 6, a few days after the launch an error was discovered: there was a relatively simple way to get past Apple’s fingerprint ID system.

“A fingerprint of the phone user, photographed from a glass surface, was enough to create a fake finger that could unlock an iPhone 5s secured with TouchID,” claimed the European hacker group, Chaos Computer Club, a year ago. This was something that could be performed by anyone with a bit of skill and patience.

So despite the company’s claims that with the new biometric system your fingerprint is one of the strongest passwords in the world, once again such claims might be premature.

History has repeated itself, and this time surprisingly, it has done so quite literally. Even though the Touch ID flaw was discovered a year ago, Apple has launched two new iPhones with the same problem.

This is confirmed by security expert Marc Rogers. “Sadly there has been little in the way of measurable improvement in the sensor between these two devices,” he claims. Although he underlines that the same fake prints that could deceive the Touch ID in iPhone 5s are no longer viable in the latest Apple device.

iPhone-fingerprint

According to Rogers, the difference is that the company has improved the scan resolution to improve the reliability of the system. However, this doesn’t mean that the same technique used to unlock the iPhone 5s couldn’t be used for iPhone 6. The difference is that the fake print would need to be a better quality.

This new flaw in Apple’s security system is serious, and even more so given the launch of Apple Pay, the company’s new mobile device payment system.

Thanks to NFC technology, users of this service can pay for things simply by waving their iPhone at the point of sale (POS) terminal. Indeed, the tool used by Apple to secure the payment service is none other than the Touch ID technology which, as Rogers explains, is easily hacked.

Nevertheless, Rogers does point out that using fingerprints is an effective form of user authentication, though Apple should include two-factor verification to give users complete peace of mind.

What do you think? Would you activate this type of payment?

The post iPhone 6. The fingerprint reader security appeared first on MediaCenter Panda Security.

Twitter has joined the Bounty Programs. Now only Apple remains.

In the technology world, it is now quite common for companies to reward the efforts of those advanced users who dedicate some of their time to uncovering security holes in their programs or platforms.

Although there are still some who are yet to be convinced of the effectiveness of such ‘bounty programs’, many firms apparently see them as being extremely useful, not just to discover new bugs that have gone undetected, but also to get these expert users on their side.

bounty programs - hackers

Such is the value of what is at stake, that most technology companies now have bounty programs in place. A while back, we described the world of bounty programs, and how rewards can fluctuate depending on the company and the importance of the security hole.

Twitter was still among those that had yet to take up the idea. The social network seemed reluctant to put its hand in its pocket to encourage experts to find bugs in its service. Now the company has announced that it’s offering a minimum reward of $140 (get it?) for those who find security holes in Twitter.com, ads.twitter, mobile Twitter, TweetDeck, apps.twitter, as well as in the apps for iOS and Android.

This sum is still way off what others are offering. Bounty programs at firms like Facebook or Google reward users that uncover vulnerabilities with amounts upwards of $500 and$1000 respectively.

bounty programs - facebook

And it’s not only the money that’s different, Twitter’s bounty program also uses a new platform which offers information to anyone who wants to see what each company is offering.

This platform, called HackerOne, is a kind of notice board on which companies announce new features of their bounty programs and where those looking to profit from their ability to sniff out vulnerabilities can easily discover whether it’s worth their while, depending on the money on offer.

This platform was set up in 2012 by several experts who had previously worked in IT security for companies like Facebook, Google or Microsoft. In their previous jobs they had been responsible for coordinating the implementation of bounty programs, so they had first-hand knowledge of the issue. They decided to offer different technology companies, no matter how big or small, the option to delegate the coordination of their bounty programs.

Companies that have taken up the offer include Yahoo!, Square, Automattic and 4chan. So even without offering the same amounts as other firms, there are many companies who, while saving on the costs of running bounty programs, are also addressing the concerns of users who want reassurance that there are no holes in the security of the companies’ platforms. Something that users have been demanding of Twitter for some time.

bounty programs - reward

Apple, still reluctant

The only leading technology company still to launch its own bounty program is none other than Apple. The company has so far taken no steps in this direction, despite the scandals that threatened to tarnish its image in early September when users, including celebrities, had leaked photos, which were hosted in iCloud, published on the Internet. Had there been a program for rewarding hackers that find security holes, perhaps one of those that did find the vulnerability might have warned security officials of the problem and enabled them to act in time. 

They say money can’t buy happiness, but it helps. That’s why, perhaps as a lesson to Apple, the Russian hacker who discovered such a hole in the company’s iCloud was quick to boast of his discovery. As Alexey Troshichev admitted, he would have warned the company about the flaw in the platform if there was a reward. But as there wasn’t, he decided to share the information on Github, where many other experts were able to exploit the hole maliciously, thereby highlighting the importance of bounty programs.

The post Twitter has joined the Bounty Programs. Now only Apple remains. appeared first on MediaCenter Panda Security.

“The new iPhone 6 recharges with two minutes in the microwave”: A new urban myth about Apple

Remember when some Apple users ‘lost’ their phones after believing stories about the iOS7 making the iPhone waterproof?

After the presentation of the latest new features in Apple devices and the new iOS8 operating system, the Internet is full of articles either in praise of or criticizing the company’s latest efforts. Users, eager to find all the latest information and the best tips on how to get the most from the new iPhone 6, scour forums and blogs to stay up-to-speed with everything about these new releases.

That’s why it’s no surprise to find these types of practical jokes doing the rounds on the Web, or to encounter some poor unsuspecting user, who perhaps expecting more than is reasonable from the new device, falls for the trick.

This story took the form of an advert, similar in style to the one launched by Apple on 4chan, announcing the new ‘Wave’ feature of iPhone, which could supposedly recharge the phone in the microwave.

wave iphone 6 apple

So do you believe everything you read on the Internet?

More | iOS 8. Apple increases user privacy

The post “The new iPhone 6 recharges with two minutes in the microwave”: A new urban myth about Apple appeared first on MediaCenter Panda Security.

iOS 8. Apple increases user privacy

ios 8 privacy

 

No doubt if you have an Apple device, you’ll know that the new iOS 8 operating system is now available. What you might not know is that installing it will prevent Apple from accessing users’ devices without their consent.

This has been announced by the company, which says that “unlike their competitors” they will not access users’ systems without their permission. They claim that it is therefore not technically possible for them to comply with government orders to retrieve data from devices running iOS 8.

So how is privacy enhanced with iOS 8? To prevent itself from accessing these devices, Apple has modified its encryption system which is applied automatically when users select their password.

This way, Apple’s new operating system has taken a step forward in increasing privacy, as all the information stored on users’ iPads or iPhones (photos, emails, files, etc.) will be protected not only from Apple, but also from governments.

This is clearly how Apple has responded to accusations of collaboration with the National Security Agency (NSA) by handing over its customers personal data. Similarly, the company has also assured that it only provided the data of “less than 0.00385%” of Apple device users. ”

We remind you that it’s important to scan your iPhone or iPad for malware that could affect the functionality of your device. For your peace of mind, try our antivirus for Mac.

More | Cyber-espionage. Can you avoid it?

The post iOS 8. Apple increases user privacy appeared first on MediaCenter Panda Security.

How to change Safari’s default search engine in iOS 8 for greater privacy

With iOS 8, you can – for the first time – switch your Safari browser’s search engine to alternatives such as DuckDuckGo. Find out why you might want to and, in fairness, why you might NOT want to…

The post How to change Safari’s default search engine in iOS 8 for greater privacy appeared first on We Live Security.