Tag Archives: Apple

Posted on Author Atlantic Computer Services Categories Blog

New Charging Cables Could Hack Your Devices

A security researcher known as “_MG_” on Twitter has invented a modified Apple Lightning cable that could allow a hacker to remotely access any Mac computer using them.  He demonstrated his new invention, dubbed the “OM.G Cable” at the Def Con hacking conference in Las Vegas recently. The Lightning Cable is used by Apple owners to charge their devices and sync data.

The OM.G cable is indistinguishable from a legitimate Lightning Cable. According to tests conducted by Motherboard, it allows a hacker to type in the IP address of the fake cable on his own device and gain access to a variety of tools on the victim’s computer or phone, via a simple menu-driven system.

The cable comes with a wireless implant that allows the hack to occur.  Once it’s plugged into the victim’s device, it creates a Wi-Fi hotspot that allows it to wirelessly transmit malicious payloads, scripts, and commands on the victim’s device. Even worse, it has an impressive range of 300 feet.

In an interview with Motherboard, MG had this to say about his invention: “It looks like a legitimate cable and works just like one.  Not even your computer will notice a difference – until I, as an attacker, wirelessly take control of the cable.”

MG sold his home brew cables to Def Con attendees for $200 each, so there are a small number of these devices in the wild now, and the number is growing steadily.  For their part, Apple has responded to the event by advising their customers to avoid buying cables from untrusted vendors and to only use the cable contained in your iPhone box.

They also explained how to spot a counterfeit cable, as follows:

“To identify counterfeit or uncertified cables and accessories, look carefully at the accessory’s packaging and at the accessory itself.  Certified third-party accessories have the MFi badge on their packaging.  An Apple Lightning to USB cable has ‘Designed by Apple in California,” and either ‘Assembled in China,’ or ‘Assembled in Vietnam’ or ‘Industria Brasilerira’ on the cable about seven inches from the USB connector.”

It’s good information and something to keep a close watch on.  This kind of hack is very hard to counter.

0
Posted on Author Atlantic Computer Services Categories Blog

Apple Will Stop Listening To Siri Recordings For Now

Not long ago, both Google and Apple found themselves in hot water when it came to light that both companies had been making use of third-party partners to review Siri recordings.

As the companies explained at the time, their goal was to make their voice recognition software more efficient and more effective.

After they found themselves at the center of a controversy over it, Apple has announced that they have formally suspended the program worldwide while they conduct a review.

A company spokesman had this to say:

“We are committed to delivering a great Siri experience while protecting user privacy. While we conduct a thorough review, we are suspending Siri grading globally.  Additionally, as part of a future software update, users will have the ability to choose to participate in grading.”

In a similar vein, Google announced that it was putting its evaluation program on hold in Europe only for three months.

Johannes Casper, the Hamburg Commissioner for Data Protection and Freedom of Information, had this to say with regards to Google’s current policy and a possible conflict with Europe’s GDPR data-protection laws:

“The use of language-assistance systems in the EU must follow the data-protection requirements of the GDPR.  In the case of the Google Assistant, there are currently significant doubts. The use of language-assistance systems must be done in a transparent way, so that an informed consent of the users is possible.  In particular, this involves providing sufficient information and transparently informing those affected about the processing of voice commands, but also about the frequency and risks of mal-activation.”

Kudos to the EU for making a big enough deal about this to rein Apple and Google in.  Here’s hoping that pro-privacy forces ultimately prevail worldwide.  As good as Google Assistant and Siri are, it’s important that safeguards are put in place to help preserve privacy.

0
Posted on Author Atlantic Computer Services Categories Blog

Apple Is Launching Their Own Credit Card Soon

Apple has partnered with Goldman Sachs and their long-awaited “Apple Card” begins rolling out in limited fashion. The card becomes available to all iPhone owners in the United States toward the end of August.

According to CEO Tim Cook, a random selection of people who signed up to be notified about the Apple Card are getting an early-access sneak peek.

However, the company has been tight-lipped about exactly how many people are being invited into the preview group.

If you’re one of the lucky winners, know that the sign-up process will involve upgrading to iOS 12.4 and entering your address, your birthday, income level and the last four digits of your Social Security number.  That information is sent on to Goldman Sachs, which will approve or deny your credit application in real time and in under a minute.

Note that part of the approval process also involves a TransUnion credit check, so if you have that information locked, you’ll need to unlock it (at least long enough to get approval).

Once you’ve been approved, your card will show up in your Apple Wallet immediately and be available for use.  If you want one, you can request a physical card from Apple for free during the setup and it will arrive in the mail in a few days.

The cool thing about the physical card is the fact that it has an NFC tag on it, so you can activate it simply by tapping the phone against it.

Also note that you’ll have three different credit card numbers associated with your Apple Card:

  • The number assigned to your phone
  • The number assigned to the physical card
  • A virtual number you can access in the app for online purchases where the vendor doesn’t accept Apple Pay.

Also note that unlike the other credit cards in your wallet, this one has no expiration date or security code. You can lock the card at any time from the app, though.  Welcome to Apple’s Brave New World!

0
Posted on Author Atlantic Computer Services Categories Blog

Update Your iPhone To Avoid Latest iMessage Security Vulnerability

If you own an iPhone, be aware that a new iMessage vulnerability has been recently found and patched by Apple. This was part of the iOS 12.4 update.

The flaw allowed hackers to access and read the contents of files stored on iOS devices remotely. They could access files the same way as the device owner with no sandbox, and with no user interaction needed.

The issue was discovered by Natalie Silvanovich, who is a security research with Google’s Project Zero.  As a proof of concept, she created a demo that only works on devices running iOS 12 or later. She describes it as “a simple example to demonstrate the reach-ability of the class in Springboard. The actual consequences of the bug are likely more serious.”

In describing the issue itself, Silvanovich had this to say:

“First, it could potentially allow undesired access to local files if the code deserializing the buffer ever shares it (this is more likely to cause problems in components that use serialized objects to communicate locally than in iMessage).  Second, it allows an NSData object to be created with a length that is different than the length of its byte array.  This violates a very basic property that should always be true of NSData objects.  This can allow out of bounds reads, and could also potentially lead to out-of-bounds writes, as it is now possible to create NSData objects with very large sizes that would not be possible if the buffer was backed.”

As mentioned, this bug has already been patched, along with two other iMessage vulnerabilities that Silvanovich recently discovered. All of them were addressed in Apple’s most recent (12.4) update. If you’re not in the habit of installing security updates automatically, then you’ll need to grab this one and install it manually at your earliest convenience.

0
Posted on Author Atlantic Computer Services Categories Blog

Update iPhone to Avoid Possible iMessage Bug

People like and tend to gravitate to Apple products because the company has gone to great lengths to make their products are highly secure.

Sure, you pay more for them, but most people justify the added expense because a) they look better and are better designed than competing products and b) they’ve got a reputation for being more secure.

Unfortunately, even the most secure technology isn’t immune to hacking and other problems.  In the not so distant past, we’ve seen reports of clever hackers finding ways of bricking Apple smartphones and causing other types of mayhem.  One of the more recent iterations of this involved a bug in Apple’s iMessage system. The bug allowed hackers to send a carefully crafted message that made heavy use of special characters that could turn an expensive iPhone into a paperweight.

Sadly, a similar problem has recently surfaced, and once again, it centers around the iMessage service.  The issue was discovered by Natalie Silvanovich, a Google Project Zero researcher, who had this to say about her discovery:

“On a Mac, this (specially crafted message) causes soagent to crash and respawn, but on an iPhone, this code is in Springboard.  Receiving this message will cause Springboard to crash and respawn repeatedly, causing the UI not to be displayed and the phone to stop responding to input.”

If you receive a message like this, the only way to get your phone back is to do a factory reset, which of course, results in all data on your phone being wiped (unless you’ve made a backup).

The good news is that Apple has already issued a fix for this issue, in iOS 12.3, released on May 13 of this year.  If you aren’t regularly in the habit of downloading the latest updates, you’ll want to make an exception in this case.

0
1 14 15 16 17 18