Tag Archives: iPhone

[Infographic] The ultimate student app guide

Study Medicine Europe and Avira: The ultimate student app guide

If you would like to be efficient, it is all about organization. There are a lot of apps which can help you to organize yourself – but what apps do you need to succeed in your studies? This student app guide provides you with the best possibilities to organize yourself. Starting your life as a student […]

The post [Infographic] The ultimate student app guide appeared first on Avira Blog.

It Did What? The Dirty Secrets About Digital Assistants

Are Siri and Other Digital Assistants Actually a Security Risk?

People started fearing digital assistants before they even became a reality. Before computers were even a household commodity, Stanley Kubrick was terrifying cinemagoers with HAL, 2001: A Space Odyssey’s rogue AI assistant.

Today though, our intelligent personal assistants form an important part of our lives. As AI technology advances they will become even more prevalent.

While the dangers imagined in Sci-fi movies of the 60’s and 70’s are thankfully far from being around the corner, it’s important to look at the real security risks that digital assistants could pose.

Despite being the most popular intelligent personal assistants, Siri and Cortana are not the only iterations of this growing technology on the market. Amazon, for example, now offers it’s Echo device, while Facebook has recently released its own digital assistant called M.

So what are the dangers?

Not to sound too ominous, but IBM has banned the use of Siri for its employees. The rule was set by IBM Chief Technology Officer Jeanette Horan, who cited security concerns.

You know those large license agreements you have to agree to when you first start using a device, the ones most people don’t bother reading?

Well, Apple’s iPhone Software License Agreement, quite vaguely, shows how voice commands are used after being submitted to Siri. “When you use Siri or Dictation, the things you say will be recorded and sent to Apple in order to convert what you say into text.

What’s more, “by using Siri or Dictation, you agree and consent to Apple’s and its subsidiaries’ and agents’ transmission, collection, maintenance, processing, and use of this information, including your voice input and User Data, to provide and improve Siri, Dictation, and other Apple products and services.

Sounds like jargon? The convoluted styles in these agreements often help to gloss over important information that most companies know their user’s will be glancing over at best.

Siri may not literally be watching you, but the fact is that everything you say to her is sent to a big data center in Maiden, North Carolina. IBM’s Horan decided to ban Siri because it could be storing sensitive information for an unspecified amount of time.

If Apple were breached, hackers could intercept that data. And perhaps just as alarmingly, a lot of the data is sent to third party companies. Besides the fact that you’ll receive an onslaught of targeted ads, the more companies this information is sent to the less private it becomes.

This is far from being solely an Apple issue though.

Amazon Echo, A Criminal Witness?

In a case that has seen Amazon largely mirror Apple’s resolve on handing over encrypted data to the FBI, the Amazon Echo may have been a key witness to a murder.

James Andrew Bates is suspected of having killed Victor Collins in his apartment. No one else was present at the scene of the crime, except that is, Alexa, who was being used to stream music throughout the night.

Amazon, much like Apple, have abstained from giving police the data on Alexa, saying it would set an unwanted precedent. This shows though, at the very least, that police in Bentonville, Arkansas, where the crime took place, believe Alexa may be capable of storing sensitive information. So much so, they believe it could incriminate a suspect in a murder case.

Whilst this is obviously an extreme example of a data privacy issue, what implications does it have in a regular home?

The biggest all-round concern for cybersecurity experts is that these devices are constantly programmed to listen. Amazon’s Echo device is called to action by the command “Alexa”. This seems like an obvious vulnerability that could be used by hackers to listen into conversations taking place in the home.

Aside from this, the Echo cannot differentiate between different voices, so anyone who comes into your home potentially has access to every account linked to Alexa.

Other Risks

So, whilst it is yet to have happened, or to have been allowed by any of the big tech companies, lawyers or the police could potentially subpoena sensitive information. This is, of course, if law enforcement gets their way.

If they do, they’ll have the key to a huge amount of information, Apple, Amazon and Google being amongst a growing list of companies that keeps an archive of commands.

The problem, however, goes beyond the mere use of digital assistants. As the use of integrated devices and smart homes increases, more and more devices will have the ability to store potentially sensitive information. A Smart TV, for example could easily have the capability of storing recorded information. Whilst this would seemingly be primed towards targeted ads, there is again the possibility that sensitive information could be stored unbeknownst to its users.

Keep Safe

The obvious advice is easy to uphold, and is one that most people will already be practicing. Don’t say sensitive information, like passwords or credit cards details, out loud. It’s likely to become increasingly difficult to know who (or what’s) listening within your own home.

Meanwhile, whilst operating systems such as iOS do let you manage data collection by changing privacy settings, the only option the Amazon Echo gives you is to unplug the device when not in use. It’s important, therefore, to look at your privacy settings, whatever the device.

So aside from telling us tomorrow’s weather, where the best restaurants are, and the occasional bad joke, digital assistants do pose some real risks to our cybersecurity.

Whilst the technology undoubtedly makes us more seamlessly connected to our tech devices, in turn making our lives easier, it’s important to always take into account the issue of privacy; an issue that tech is increasingly making more tenuous within our own homes, for better or for worse.

The post It Did What? The Dirty Secrets About Digital Assistants appeared first on Panda Security Mediacenter.

What You Need To Know About The iMessage Security Flaw

With everything that’s gone down in 2016 it’s easy to forget Tim Cook’s and Apple’s battle with the FBI over data encryption laws. Apple took a strong stance though, and other tech giants followed suite leading to a victory of sorts for (the little guy in) online privacy. In this era of web exposure, it was a step in the right direction for those who feel our online identities are increasingly vulnerable on the web.

All of this stands for little though when a security flaw in your operating system allows carefully encrypted messages to be effectively decrypted offline. That’s what happened to Apple with its iOS 9.2 operating system. Though the patches that ensued largely fixed the problem, the whole issue has understandably left iOS users with questions. What really happened and are we at immediate risk?

What Is The iMessage Security Flaw?

A paper released in March by researchers at John Hopkins University exposed weaknesses in Apple’s iMessage encryption protocol. It was found that a determined hacker could intercept the encrypted messages between two iPhones and reveal the 64-digit key used to decrypt the messages.

As iMessage doesn’t use a Message Authentication Code (MAC) or authenticated encryption scheme, it’s possible for the raw encryption stream, or “ciphertext” to be tampered with. iMessage instead, uses an ECDSA signature which simulates the functionality. It’s still no easy feat exploiting the security flaw detailed by the researchers. The attacker would ultimately have to predict or know parts of the message they are decrypting in order to substitute these parts in the ciphertext.

Using this method, a hacker can gradually figure out the contents of a message by replacing words. If they figure out, for example, that they have successfully replaced the word “house” in the message for “flat” they know the message contains the word “house”. Knowing whether the substitution has been successful though, is a whole other process which may only be possible with attachment messages.

It may sound simple, but it really isn’t. The full details of the security flaw, and the complex way it can be exploited are detailed in the John Hopkins paper.
The paper includes the recommendation that, in the long run, “Apple should replace the entirety of iMessage with a messaging system that has been properly designed and formally verified.

Are iMessage Users At Immediate Risk?

Despite the recommendation, the answer is no. It is very unlikely. One thing that should be made clear is that these weaknesses were exposed as a result of months of investigation by an expert team of cryptologists. The type of hacker that would take advantage of these weaknesses would undeniably be a sophisticated attacker. That of course doesn’t mean that Apple shouldn’t take great measures to eradicate this vulnerability in their system.

Your messages, though, are not immediately at risk of being decrypted, and much less if you’ve installed the patches that came with iOS 9.3 and OS X 10.11.4 (though they don’t completely fix the problem). Tellingly, the flaws can’t be used to exploit numerous devices at the same time. As already mentioned, the process that was exposed by the John Hopskins paper is incredibly complex and relies on various steps that are by no means easy to complete successfully.

All of this means that it would take a very sophisticated attacker a complex and lengthy process (up to and beyond 70 hours) to decrypt one message. iMessage has a supported base of nearly one billion devices and handles more than 200,000 encrypted messages per second. We’ll let you do the math there but it seems highly unlikely that a hacker would try to exploit this weakness unless they’re trying to uncover very sensitive and important data.

A hacker would most likely carefully vet their target as someone who possesses valuable information that could then be contained within that person’s messages. If a hacker’s investing 70 hours of their time to uncover cat pics, the joke’s really on them.

Could this have any connection with the FBI encryption dispute?

Matthew D. Green, the well-known cryptographer and leader of the John Hopkins research team, has spoken with the Washington Post about the implications of his team’s research. “Even Apple, with all their skills -and they have terrific cryptographers- wasn’t able to quite get this right. So it scares me that we’re having this conversation about adding back doors to encryption when we can’t even get basic encryption right.

So you’d probably need the resources of say, the FBI, to pull off an attack exploiting the vulnerability exposed in the John Hopkins paper. It seems very unlikely that individuals would be targeted en masse. 2016 has been such a surreal year though, who are we to say what is and isn’t possible?

The post What You Need To Know About The iMessage Security Flaw appeared first on Panda Security Mediacenter.

How to have the safest phone in the world

Free Wi-Fi is great. It’s convenient when you are away from your home network and want to connect to the Internet using your mobile phone, and it saves money and data. But there is a dark side.

Avast SecureLine VPN keeps you safe when connected to an unsecured Wi-Fi

Avast SecureLine VPN keeps you safe when connected to an unsecured Wi-Fi

Unsecured networks can expose you to a hacker who can easily read your messages, steal your logins, passwords,  and credit card details. The danger is that you never know when it could happen, or where, so having a way to secure your device when connected to an unsecured Wi-Fi hotspot is the best protection.

How to avoid the dangers of open Wi-Fi

To avoid the potential of a snoop stealing your private information, you basically have two choices: Stop using unsecured Wi-Fi hotspots or make sure you always have a secure connection by using a VPN (virtual private network), like Avast SecureLine VPN.

A VPN sounds extremely techie, and it is, under the hood. Avast mobile security developers created SecureLine to give you a secure and reliable private connection for your data between computer networks over the Internet. Your outgoing and incoming data is encrypted and it travels in its own private “tunnel” and is decrypted at the other end.

When you use Avast SecureLine VPN, everything you do is anonymous. We don’t keep logs of your online activity, and thanks to SecureLine, no one else will either.

Get a 7-day free trial of Avast SecureLine VPN

Avast SecureLine VPN for Android and iOS takes all that tech goodness and puts it in a simple-to-use app. All you do is tap a connect button, and the app does the rest.

Install Avast SecureLine VPN on your iPhone or iPad and try it free for 7 days.

Install Avast SecureLine VPN on your Android smartphone or tablet and try it free for 7 days.

After you install Secureline, click connect and choose a server from 27 locations in 19 countries, or let SecureLine choose the closest one. You can turn the secure connection on and off with one click.

Bypass geo-restrictions

One of the benefits of connecting with a VPN, especially if you are travelling overseas, is that you can connect to a server back home. This way you can access your favorite entertainment portals without getting that annoying “content blocked” message.

Avast SecureLine is also available for PC and Mac. Visit the Avast Store for pricing information.

Avast SecureMe protects iPhones when connected to Wi-Fi

Avast SecureMe for iPhone

Your iPhone data may require a court order for the FBI to look into the contents, but if you log onto an unsecure Wi-Fi hotspot without protection, any old snoop can eavesdrop on what you’re doing.

That’s right, while you’re busily messaging, shopping, banking, and uploading a photo of your lunch to Instagram, a hacker with a little know-how can easily read your messages, steal your logins, passwords and credit card details.

How can hackers steal my data?

Even if you are connected to a recognizable Wi-Fi network, your device has no way of distinguishing a securely encrypted public Wi-Fi from one that is not.

Unsecured routers are susceptible to DNS hijacking, by which cybercriminals redirect web traffic to fake Internet sites. When users log in, for example, to a banking site, thieves can capture the login credentials. On unprotected Wi-Fi networks, thieves can also easily see emails, browsing history, and personal data if you do not use a secure or encrypted connection like a virtual private network (VPN).

Avast SecureMe solves the problem of unsecure Wi-Fi

Avast SecureMe is a free app for iPhones and iPads which protects you while connected to Wi-Fi. Avast SecureMe includes Wi-Fi Security, which scans Wi-Fi connections and notifies you of security issues. It also identifies threats and risks which include routers with weak passwords, unsecured wireless networks, and routers with vulnerabilities that could be exploited by hackers. This helps you make a better decision when choosing a Wi-Fi connection. Avast SecureMe also features Avast SecureLineVPN (a subscription fee is required) which you can use if there are no safe Wi-Fi networks available. Avast SecureMe is available in the Apple App Store.

Visit Avast at Mobile World Congress

If you are attending Mobile World Congress in Barcelona, February 22 – 25, please visit Avast to see the Avast SecureMe app in hall 8.1, booth H65.

Follow Avast on FacebookTwitterYouTube, and Google+ where we keep you updated on cybersecurity news every day.