Wednesday, February 26, 2014

New flaw found in iOS 7 devices

A new flaw in iOS 7 has been found on the heels of Apple's recent encryption issue. This new flaw could be used to log everything a user does on their phone. The flaw was discovered by FireEye, a security firm, who is now working with Apple to fix the issue. 

FireEye has stated that this was possible by making an app that recorded any and all keystrokes used on an iOS 7 device. The app would then send all recorded keystrokes to a remote server. Any app using this malicious code could run in the background without the user being aware. The readout of the screen presses could then be used to reconstruct what the user was accessing making it possible to obtain passwords, bank information, or anything else input into the phone by the user.

Until Apple releases a patch for the vulnerability, the only way to prevent attacks is to open the iOS task manager and stop questionable apps from running in the background. Users can open the task manager by pressing the home button twice. You can read more about the issue on ArsTechnica.

Monday, February 24, 2014

Massive Security Flaw Found in iOS and OS X 10.9 Mavericks

There is a newly discovered security flaw present in Apple's iOS and OS X 10.9 (Mavericks) that has many people concerned. The flaw is believed to be caused by a single repeated line of code and effectively leaves hundreds of millions iOS and OS X Mavericks devices open to hackers. 

The flaw allows for a man-in-the-middle attack to be executed on anyone connected to the same wifi hotspot an attacker might be using. These kinds of attacks occur when an attacker intercepts the 

information being sent between two parties - you to your bank's website for example - and then impersonates each party to the other.  This allows the attacker to access any and all information
you're sending out. Banking information, credit cards, social media postings, email, and any website login information are all able to be intercepted while connected to the same wifi hotspot. 

This effectively makes public wifi hotspots a perfect location to perform the attacks. A stranger can sit in a busy coffee shop, run the attack, and gather information without any of the victims ever knowing anything was amiss. This is the kind of scenario where a VPN service like GoTrusted becomes invaluable. Anyone connected to our service would be protected from such an attack. Our encryption would make it impossible for the attacker to read any of the information coming over the connection. Making sure your your personal information is kept personal.

It's not entirely clear how long the flaw has been present. It could date back to when the iPhone 4 was released in 2010 or may have been introduced with past software updates. All iOS are urged to not use any public Wifi until they update their iOS version with the new patch. Apple has not released a timeline for the OS X Mavericks to be patched so users should make sure their GoTrusted is running if connecting to any public networks. You can read more about the security flaw here and a more detailed rundown on the flaw on Krebs on Security.

Wednesday, February 5, 2014

Sochi Olympics Visitor's Devices Being Hacked

Visitors visiting Sochi for this year's Winter Olympics are facing a huge privacy concern according to a new report by NBC.

In the report they tested how long it would take their two new devices (a Mac and an Android phone) to be hacked when they accessed public Wifi while in Sochi. The first connection was made at a local coffee shop. Within minutes the phone was being probed by hackers. Intrusion attempts followed and eventually the device was compromised. Once compromised hackers were able to take any data they wanted off of the phone as well as setting up a tap to listen to conversations, follow the internet traffic of the phone, and read emails. When the laptop was hooked up to the hotel's Wifi they had a similar outcome in a similar amount of time.

The U.S. State Department has also rung in on the issue saying Americans visiting Sochi should have "no expectation of privacy." Sochi is expected to receive tens of thousands of visitors with the Olympics. The influx of high traffic and weak law enforcement, in regards to hacking, has privacy advocates on edge.

Anyone hoping to maintain their privacy is urged to use a VPN service like GoTrusted as well as making sure their devices are encrypted and password protected. Storing sensitive information in a non-internet connected device (like an external hard drive or USB stick) is also a good idea.