News  Apple
News  Apple
Apples iMessage security busted

Keys cracked

Using brute force with a little extra know-how, a team from Johns Hopkins University led by professor Matthew Green has cracked an iOS flaw and retrieved the encryption key used.

iOS 9.3 beta is not affected, which is great news for users as the stable version is due for release any time now. Green quietly tipped off Apple in good time for this release, and although the current version is vulnerable, it's only with the use of a "nation-grade" level of cryptographers and equipment.

Green said "Even Apple, with all their skills - and they have terrific cryptographers - wasn’t able to quite get this right. So it scares me that we’re having this conversation about adding backdoors to encryption when we can’t even get basic encryption right."

News  Apple
AceDeceiver infects Apples App Store

This one infects non-jailbroken iOS devices

For 7 months from July 2015, three apps were lurking in Apples App store which were infected with the AceDeceiver malware. They posed as innocent-looking wallpaper apps which provided the attacker with a fake authorization code to use in their exploits.

A Windows app called "Aisi Helper" claimed to help users with various routine functions such as optimization and backups, in fact was a trojan which went on to infect connected iOS devices. The malware was able to harvest the users Apple IDs and passwords, forwarding them onto their servers.

Once the attackers obtained the fake ID credentials, even though Apple became aware of the problem and removed the original infected Apps fro their App Store, it was too late because the credentials were being used to  install fake apps on iOS devices. This usually needed them to be jailbroken, but as far as the device was concerned the credentials were valid, so non-jailbroken devices are vulnerable.

News  Apple
You're repairing it wrong

"Error 53" bricks iPhones not officially repaired

There's no warning and no fix for users who get the "Error 53" message. This is caused by Apples latest iOS update detecting the handset has been repaired by someone other than Apple.

Users who have had the home button repaired, which contains the fingerprint recognition system, by a "non-official" repair shop, or who have been unlucky enough to get it damaged but still be able to use the phone, are reporting this after the update. 

Reports have surfaced of  the phone working perfectly for weeks, even months before this update, so users are certain it was caused by a recent change by Apple.

News  Apple
Apple liked the security disclosure company so much it bought them

That's one way to do it

Years ago there was a famous shaver advert where the guy proudly declared he liked the product so much he bought the company. Often in sports you see something similar, but not quite with the same intent - a player on another team is so good he's bought and never fielded, in effect taking him out of the league all together.

When news of Thunderstrike 2  broke, Mac users went into a panic fearing the worm could silently modify their firmware, which meant even a full OS reinstall couldn't remove it. However, the developers behaved responsibly and it turns out that didn't go unnoticed by Apple. Just  two months after this news, their security firm - LegbaCore - has been bought by them and the team is working on hardening Apple firmware against exactly this kind of attack.