Tag Archives: iPhone

Posted on Author Atlantic Computer Services Categories Blog

iPhone Now Works As A Security Key For Google

Google continues to improve security and its user experience in the Apple ecosystem.

The most recent update to the company’s Smart Lock app on iOS allows users to use their iPhone as a physical security key (if and where two factor authentication technology is enabled).

Once it’s set up, it works like this:

If you log on to a Google service (such as Gmail) on your computer and 2FA is enabled, make sure your phone is set up as the authentication method. The app will generate a notification and send it to your iPhone, giving you a limited window of time to respond to the message.

Of interest, since this is accomplished via Bluetooth, the phone needs to be in close proximity to the computer for the notification to be received. That means that it’s an incredibly effective security measure. A hacker would need to steal both your computer and your phone in order to bypass the security and crack your accounts open.

Physical security keys are simply better than randomly generated numeric codes, which can be gotten past using brute force methods and intercepted almost as easily as passwords themselves.

As cool as the new feature is, it’s nothing new in the Android ecosystem. Android device owners have been able to use their phones as physical security keys for a while now, but kudos to Google for extending that experience and including iPhones too.

Two factor authentication (2FA) is by no means perfect, but enabling it anywhere you’re able to will go a long way toward preventing all but the most determined attacks against you. If you can use a physical security key as part of the authentication process, so much the better. It’s not a magic bullet that will keep you absolutely safe, but it will keep more than 90 percent of the attacks made against most users from succeeding, and that’s a fantastic start.

0
Posted on Author Atlantic Computer Services Categories Blog

Another WhatsApp Vulnerability Has Been Found

WhatsApp is the most popular messaging platform in the world.

Unfortunately, that means it’s got a giant bullseye on it where hackers are concerned.

In recent months, the company has faced no end of troubles as a raft of vulnerabilities have been exposed and exploited by hackers from every corner of the globe.

The company is still reeling from the blowback associated with these various issues, but their troubles don’t seem to be over yet.  Just last month, WhatsApp quietly found and patched another vulnerability.  This one is tracked as CVE-2019-11931. It is a stack-based buffer overflow issue relating to the way that older WhatsApp versions parsed MP4 metadata, allowing attackers to launch denial-of-service or remote code execution attacks.

All a hacker needed in order to exploit the flaw was a target’s phone number and a specially crafted MP4 file. It just had to be constructed in such a way that it installed a backdoor upon opening.  From there, a wide range of malware could be installed at the hackers’ leisure.  Worse, this vulnerability was found in both the consumer and Enterprise versions of WhatsApp for all major platforms, including Windows, iOS, and Android.

An advisory bulletin was recently published by WhatsApp’s parent company, Facebook. See the list of versions they provided below.

The list of affected versions are as follows:

  • Business for iOS versions prior to 2.19.100
  • Business for Android versions prior to 2.19.104
  • Windows Phone versions prior to and including 3.18.368
  • Enterprise Client versions prior to 2.25.3
  • iOS versions prior to 2.19.100
  • Android versions prior to 2.19.274

If there’s a silver lining here, it is that the company has confirmed that there have been no instances of this exploit having been used ‘in the wild’ and the company has already issued a patch.  If you’re one of WhatsApp’s legions of users, check to be sure you’re running the latest version. If not, update immediately to be on the safe side.

0
Posted on Author Atlantic Computer Services Categories Blog

Several New Issues Being Seen With Apple’s Latest iOS

Apple is the largest tech company in the world.

Their iPhones are in the hands of legions of loyal, faithful users all across the globe.

Unfortunately, the latest build of the iPhone’s operating system, iOS 13.1.2, has been plagued with serious issues that render their vaunted smartphones virtually useless.

Even more problematic, the company seems to be their own worst enemy in recent weeks.  For every bug they fix with their latest update, they’ve been introducing at least two more and they can’t seem to get out of their own way.

In the wake of the company’s most recent update, 13.1.2, users around the world are complaining that their phones will inexplicably drop calls after about a minute of being placed.  In addition, although reports are not widespread, there are reports in Apple’s support forum with more complaints. The users state that the new update is causing (or contributing to) rapid battery drain and even some cases of batteries overheating.

There’s no official fix for the call drop issue, although some users are claiming to have solved the issue by carrying out a network reset.  If you’ve been noticing that your iPhone isn’t good for actually making phone calls after you updated your OS, you can head to Settings > General> Reset, and Reset your network settings to see if it makes a difference in your case.

There’s also no formal fix for the rapid battery drain issues. However, the company has a whole host of tips and tricks to help you diagnose and fix battery issues, as well as a number of tips designed to help you extend the life of your battery.  These aren’t perfect, but they’ll at least help you milk more life out of each charge until the company can formally fix the problem.

Unfortunately, the beta version of Apple’s next update also seems to be plagued with the call drop function, so if you haven’t yet updated your iOS, you might want to hold off for the time being.

0
Posted on Author Atlantic Computer Services Categories Blog

New Charging Cables Could Hack Your Devices

A security researcher known as “_MG_” on Twitter has invented a modified Apple Lightning cable that could allow a hacker to remotely access any Mac computer using them.  He demonstrated his new invention, dubbed the “OM.G Cable” at the Def Con hacking conference in Las Vegas recently. The Lightning Cable is used by Apple owners to charge their devices and sync data.

The OM.G cable is indistinguishable from a legitimate Lightning Cable. According to tests conducted by Motherboard, it allows a hacker to type in the IP address of the fake cable on his own device and gain access to a variety of tools on the victim’s computer or phone, via a simple menu-driven system.

The cable comes with a wireless implant that allows the hack to occur.  Once it’s plugged into the victim’s device, it creates a Wi-Fi hotspot that allows it to wirelessly transmit malicious payloads, scripts, and commands on the victim’s device. Even worse, it has an impressive range of 300 feet.

In an interview with Motherboard, MG had this to say about his invention: “It looks like a legitimate cable and works just like one.  Not even your computer will notice a difference – until I, as an attacker, wirelessly take control of the cable.”

MG sold his home brew cables to Def Con attendees for $200 each, so there are a small number of these devices in the wild now, and the number is growing steadily.  For their part, Apple has responded to the event by advising their customers to avoid buying cables from untrusted vendors and to only use the cable contained in your iPhone box.

They also explained how to spot a counterfeit cable, as follows:

“To identify counterfeit or uncertified cables and accessories, look carefully at the accessory’s packaging and at the accessory itself.  Certified third-party accessories have the MFi badge on their packaging.  An Apple Lightning to USB cable has ‘Designed by Apple in California,” and either ‘Assembled in China,’ or ‘Assembled in Vietnam’ or ‘Industria Brasilerira’ on the cable about seven inches from the USB connector.”

It’s good information and something to keep a close watch on.  This kind of hack is very hard to counter.

0
Posted on Author Atlantic Computer Services Categories Blog

Apple Will Stop Listening To Siri Recordings For Now

Not long ago, both Google and Apple found themselves in hot water when it came to light that both companies had been making use of third-party partners to review Siri recordings.

As the companies explained at the time, their goal was to make their voice recognition software more efficient and more effective.

After they found themselves at the center of a controversy over it, Apple has announced that they have formally suspended the program worldwide while they conduct a review.

A company spokesman had this to say:

“We are committed to delivering a great Siri experience while protecting user privacy. While we conduct a thorough review, we are suspending Siri grading globally.  Additionally, as part of a future software update, users will have the ability to choose to participate in grading.”

In a similar vein, Google announced that it was putting its evaluation program on hold in Europe only for three months.

Johannes Casper, the Hamburg Commissioner for Data Protection and Freedom of Information, had this to say with regards to Google’s current policy and a possible conflict with Europe’s GDPR data-protection laws:

“The use of language-assistance systems in the EU must follow the data-protection requirements of the GDPR.  In the case of the Google Assistant, there are currently significant doubts. The use of language-assistance systems must be done in a transparent way, so that an informed consent of the users is possible.  In particular, this involves providing sufficient information and transparently informing those affected about the processing of voice commands, but also about the frequency and risks of mal-activation.”

Kudos to the EU for making a big enough deal about this to rein Apple and Google in.  Here’s hoping that pro-privacy forces ultimately prevail worldwide.  As good as Google Assistant and Siri are, it’s important that safeguards are put in place to help preserve privacy.

0
1 9 10 11 12 13