Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Apple. Show all posts
Technology
Apple Internet Internet Complexity Tech Outage Technology

Tech Outages: Exposing the Web’s Fragile Threads

Tech Outages: Exposing the Web’s Fragile Threads

Today, technology outages have become more than mere inconveniences—they’re disruptions that ripple across industries, affecting businesses, individuals, and even our daily routines. Over 1.75 million user-reported issues flooded in from across the globe.  From WhatsApp to Greggs (the UK’s popular sausage roll maker), and even tech giants like Apple and Meta, all have recently faced service disruptions due to IT outages. Let’s explore the reasons behind this trend.

Downdetector

This platform monitors web outages and provides insights into the extent of problems faced by companies. On April 3, 2024, more than 1.75 million user-reported issues were flagged worldwide for WhatsApp, with tens of thousands also reported for the App Store and Apple TV. Neither firm responded to inquiries about the cause of their outages.

Internet Complexity

The internet, like software, comprises multiple layers. Regulatory changes, consumer demands for seamless data access, and the integration of new features (such as AI chatbots) add layers and complexity. Unfortunately, more layers mean a higher risk of things going wrong. Companies are pushing for innovation, but it comes with the potential of breaking existing systems.

Moving Parts and Cloud Services

Various factors can cause internet services to fail, including typos in code, hardware faults, power outages, and cyberattacks. Severe weather conditions can also impact data centers housing powerful servers. Additionally, many companies have shifted from managing their infrastructure in-house to using cloud services. While this enables faster development, a single outage at the cloud service provider can affect multiple platforms and technologies.

Tech Giants

Glitches in services provided by major cloud providers like Amazon Web Services (AWS), Microsoft Azure, and Google Cloud have previously led to downtime for thousands of customers.

The internet's complexity, rapid innovation, and reliance on cloud services contribute to the increased occurrence of tech outages. As companies strive for progress, maintaining stability remains a challenge.

The Quest for Progress

We crave seamless experiences. We want our apps to load instantly, our streaming services to buffer flawlessly, and our online orders to arrive yesterday. But progress is a hungry beast. It devours stability, chews on reliability, and spits out error messages. The quest for innovation pushes boundaries, but it also tests the limits of our digital infrastructure.

Read more »
Spyware Alert
Apple Cyber Security Cyberattacks CyberCrime CyberThreat Mercenary Social Media Spyware Alert

Apple Steps Up Spyware Alerts Amid Rising Mercenary Threats

 


It has been reported that Apple sent notifications on April 10 to its Indian and 91 other users letting them know they might have been a victim of a possible mercenary spyware attack. As stated in the company's notification to the affected users, these spyware attacks were intended to 'remotely compromise the iPhone associated with the users' Apple IDs,' suggesting the attackers might have targeted them specifically as a result of who they are or what they do, and that they were most likely to be a target. 

A threat notification has been issued to users worldwide after fears were raised that sophisticated spyware attacks could be targeting high-profile Apple customers. There had been a similar warning sent out to Indian Apple users back in October last year, in which members of the Indian Parliament and journalists were alerted about potential ‘state-sponsored attacks'. 

People who had been alerted last year were able to use social media in response to the alerts, but this time around, the same has not been the case. After the Pegasus surveillance issue, Apple introduced this feature in 2021. When these alerts are received, they will be sent to users when they see activity that is consistent with a state-sponsored attack. 

It has recently released an alert highlighting the dangers and rarities of mercenary spyware, like the famous Pegasus from NSO Group, highlighting how complex and rare these types of viruses can be. According to the company's warning email, the spyware was designed to secretly infiltrate iPhones associated with particular Apple IDs. 

There has been a lot of speculation surrounding this issue, with Apple indicating that attackers may select their targets depending on their identity or profession to gain access to their systems. Mercenary spyware refers to sophisticated malware that has been developed and deployed primarily by private entities that may be guided by national authorities. 

In a message issued by the company, users were warned that advanced spyware may attempt to remotely access their iPhones, indicating that they may be at risk. The attacks, according to Apple, are both “exceptionally rare” and “vastly more sophisticated” than the usual cybercrime activities or consumer malware. 

In addition to stressing the unique characteristics of threats such as Pegasus spyware from NSO Group, the company also pointed out that such attacks are individually tailored and cost millions of dollars to launch, and only a very small percentage of customers are affected by such attacks. Moreover, as evidenced by the fact that a coalition of countries, including the United States, is currently working to create safeguards against the misuse of commercial spy software, these efforts are in line with global efforts to combat the misuse of commercial spyware. 

Furthermore, a recent report released by Google's Threat Analysis Group (TAG) and Mandiant shed light on the exploitation of zero-day vulnerabilities in the year 2023, revealing a significant portion of these exploits would be attributed to commercial surveillance vendors. It is widely known that web browser vulnerabilities and mobile device vulnerabilities are a major source of threat actors' evasion and persistence strategies, an indication of how reliant they are on zero-day exploits. 

Among the most concerning issues was that, in India, opposition politicians had raised concerns about possible government involvement in attacks against mobile phones in October, citing Apple's earlier alert about state-sponsored attacks from October that appeared to indicate such an involvement. There has been a high-risk warning issued by CERT-In, India's national cybersecurity watchdog, about vulnerabilities in Apple products that are affecting the entire Apple ecosystem. 

There may be vulnerabilities in these systems which will enable attackers to access sensitive information, execute unauthorized code, bypass security measures, and spoof systems to perform identity theft and other attacks against them. Several Apple devices and software are the subject of this advisory, including iOS, iPadOS, macOS, tvOS, watchOS, and Safari, as well as a wide range of Apple devices and computer software.

Apple also recommends that users remain vigilant regarding suspicious links and attachments, as some attacks might be exploiting the power of social engineering to mislead users into clicking on malicious links. When users suspect that they are being targeted, even in the absence of a threat notification, precautions should be taken to avoid exposing themselves to security threats. 

These precautions include changing passwords and speaking with experts in the field of digital security. As a result of these evolving threats, Apple emphasizes that to mitigate the risks effectively, users must work together with security professionals. Proactive measures and an increased awareness of cyber threats must become increasingly important in helping combat malicious cyber activity in the era of growing digital privacy concerns. 

There may be vulnerabilities in these systems which will enable attackers to access sensitive information, execute unauthorized code, bypass security measures, and spoof systems to perform identity theft and other attacks against them. Several Apple devices and software are the subject of this advisory, including iOS, iPadOS, macOS, tvOS, watchOS, and Safari, as well as a wide range of Apple devices and computer software. 

Apple also recommends that users remain vigilant regarding suspicious links and attachments, as some attacks might be exploiting the power of social engineering to mislead users into clicking on malicious links. When users suspect that they are being targeted, even in the absence of a threat notification, precautions should be taken to avoid exposing themselves to security threats. These precautions include changing passwords and speaking with experts in the field of digital security. 

As a result of these evolving threats, Apple emphasizes that to mitigate the risks effectively, users must work together with security professionals. Proactive measures and an increased awareness of cyber threats must become increasingly important in helping combat malicious cyber activity in the era of growing digital privacy concerns. It is recommended that users when clicking on links or opening attachments from unknown sources, be cautious. 

Since they feared the spyware might help attackers plan for a stealth attack, they decided not to share any more details about it. Additionally, Apple incorporated new advice for users who might be impacted by mercenary spyware attacks into its support page for those who might have been affected. The page explained how these threats are tailored to each individual and their particular device, which means they are difficult to detect and hard to eliminate.
Read more »
security alerts
Apple Cyber Threats Data Breach Digital Security iPhone mercenary spyware attack remote targeting security alerts

Apple Alerts iPhone Users of 'Mercenary Attack' Threat

 

Apple issued security alerts to individuals in 92 nations on Wednesday, cautioning them that their iPhones had been targeted in a remote spyware attack linked to mercenaries.

The company sent out threat notification emails, informing recipients, "Apple has detected that you are being targeted by a mercenary spyware attack," suggesting that the attack might be aimed at specific individuals based on their identity or activities. 

These types of attacks, termed as "mercenary attacks," are distinct due to their rarity and sophistication, involving substantial financial resources and focusing on a select group of targets. Apple emphasized that this targeting is ongoing and widespread.

The notification warned recipients that if their device falls victim to such an attack, the attacker could potentially access sensitive data, communications, or even control the camera and microphone remotely.

While it was reported that India was among the affected countries, it remained uncertain whether iPhone users in the US were also targeted. Apple refrained from providing further comments beyond the details shared in the notification email.

In response to the threat, Apple advised recipients to seek expert assistance, such as the Digital Security Helpline provided by the nonprofit Access Now, which offers emergency security support around the clock.

Furthermore, Apple referenced Pegasus, a sophisticated spyware created by Israel's NSO Group, in its notification regarding the recent mercenary attack. Apple had previously filed a lawsuit against the NSO Group in November 2021, seeking accountability for the surveillance and targeting of Apple users using Pegasus. This spyware has historically infiltrated victims' devices, including iPhones, without their knowledge. Since 2016, instances have surfaced of Pegasus being employed by various entities to monitor journalists, lawyers, political dissidents, and human rights activists.
Read more »
Vulnerabilites and Exploits
Apple CISA iOS iPad Vulnerabilites and Exploits

Apple iOS and iPadOS Memory Corruption Vulnerabilities: A Critical Alert


The U.S. Cybersecurity and Infrastructure Security Agency (CISA) raised the alarm by adding two such vulnerabilities in Apple’s iOS and iPad to its Known Exploited Vulnerabilities catalog. These vulnerabilities are actively exploited, posing significant risks to users’ privacy, data, and device security.

The Vulnerabilities

CVE-2024-23225: This vulnerability targets the kernel of both Apple iOS and iPadOS. A flaw in memory handling allows malicious actors to corrupt critical system memory, potentially leading to unauthorized access, privilege escalation, or even remote code execution. Exploiting this vulnerability can have severe consequences, compromising the integrity of the entire operating system.

CVE-2024-23296: Another memory corruption vulnerability affecting Apple iOS and iPadOS, CVE-2024-23296, has also been identified. While specific technical details are not publicly disclosed, it is evident that attackers are leveraging this flaw to gain unauthorized access to sensitive data or execute arbitrary code on affected devices.

The Impact

These vulnerabilities are not merely theoretical concerns; they are actively being exploited in the wild. Cybercriminals are capitalizing on them to compromise iPhones and iPads, potentially gaining access to personal information, financial data, and corporate secrets. The impact extends beyond individual users to organizations, government agencies, and enterprises relying on Apple devices for daily operations.

Immediate Action Required

CISA’s Binding Operational Directive (BOD) 22-01 specifically targets Federal Civilian Executive Branch (FCEB) agencies, urging them to take immediate action to remediate these vulnerabilities. However, the urgency extends beyond the federal sector. All organizations, regardless of their affiliation, should prioritize the following steps:

Patch Management: Ensure that all iOS and iPadOS devices are updated to the latest available versions. Apple has released security patches addressing these vulnerabilities, and users must apply them promptly.

Security Awareness: Educate users about the risks associated with memory corruption vulnerabilities. Encourage them to be cautious while clicking on suspicious links, downloading unverified apps, or interacting with unfamiliar content.

Monitoring and Detection: Implement robust monitoring mechanisms to detect any signs of exploitation. Anomalies in system behavior, unexpected crashes, or unusual network traffic patterns may indicate an active attack.

Incident Response: Develop and test incident response plans. In case of successful exploitation, organizations should be prepared to isolate affected devices, investigate the breach, and remediate the impact swiftly.

Beyond the Technical Realm

The addition of Apple iOS and iPadOS memory corruption vulnerabilities to CISA’s Known Exploited Vulnerabilities catalog serves as a wake-up call. It reminds us that threats are real, and proactive measures are essential to protect our devices, data, and digital lives.

Read more »
WhatsApp
Apple Cyber Crime Cyberattacks CyberCrime DMA Compliant E2EE iMessage Messenger Meta Privacy Protocol Technology Fusion TikTok WhatsApp

Signal Protocol Links WhatsApp, Messenger in DMA-Compliant Fusion

 


As part of the launch of the new EU regulations governing the use of digital "gatekeepers," Meta is ready to answer all of your questions about WhatsApp and Messenger providing end-to-end encryption (E2EE), while also complying with the requirements outlined in the Digital Markets Act (DMA). A blog post by Meta on Wednesday detailed how it plans to enable interoperability with Facebook Messenger and WhatsApp in the EU, which means users can message each other if they also use Signal's underlying encryption protocol when communicating with third-party messaging platforms. 

As the Digital Markets Act of Europe becomes more and more enforced, big tech companies are getting ready to comply with it. In response to the new competition rules that took effect on March 6, Google, Meta, and other companies have begun making plans to comply and what will happen to end users. 

There is no doubt that the change was not entirely the result of WhatsApp's decision. It is known that European lawmakers have designated WhatsApp parent company Meta as one of the six influential "gatekeeper" companies under their sweeping Digital Markets Act, giving it six months to allow others to enter its walled garden. 

Even though it's just a few weeks until the deadline for WhatsApp interoperability with other apps approaches, the company is describing its plans. As part of the first year of the regulation, the requirements were designed to support one-to-one chats and file sharing like images, videos, or voice messages, with plans for these requirements to be expanded in the coming years to include group chats and calls as well. 

In December, Meta decided to stop allowing Instagram to communicate with Messenger, presumably to implement a DMA strategy. In addition to Apple's iMessage app and Microsoft's Edge web browser, the EU has also made clear that the four parent companies of Facebook, Google, and TikTok are "gatekeepers," although Apple's parent company Alphabet and TikTok's parent company ByteDance are excluded. 

ETA stated that before the company can work with third-party providers to implement the service, they need to sign an agreement for interoperability between Messenger and WhatsApp. To ensure that other providers use the same security standards as WhatsApp, the company requires them to use the Signal protocol. 

However, if they can be found to meet these standards, they will accept others. As soon as another service sends a request for interoperability, Meta is given a window of three months in which to do so. The organization warns, however, that functionality may not be available for the general public to access immediately. 

The approach Meta has taken to interoperability is designed to meet the DMA requirements while also providing a feasible option for third-party providers looking to maximize security and privacy for their customers. For privacy and security, Meta will use the Signal Protocol to ensure end-to-end encrypted communication. This protocol is currently widely considered the gold standard for end-to-end encryption in E2EE.
Read more »
Phishing Attacks
Android Apple cryptocurrency Cyberattacks CyberCrime Cybersecurity Data Breach Threat FCC iOS Phishing Attacks

Sophisticated Phishing Tactics Unveiled in Targeted FCC Cybersecurity Breach

 


Several phishing campaigns targeting employees of cryptocurrency platforms such as Binance and Coinbase and the Federal Communications Commission (FCC) have been discovered, including one dubbed CryptoChameleon, which targets cryptocurrency platforms and employees. Based on an analysis from Lookout, the victims of this attack primarily use Apple iOS and Google Android devices with SSO solutions, such as Okta, Outlook, and Google, with their Apple and Google accounts with single sign-on. 

Several days ago, Lookout, a company focused on cloud security, announced that it had discovered an "advanced phishing kit" that targeted cryptocurrency exchanges, revealing techniques similar to what was expected. The phishing kit, which has been dubbed CryptoChameleon, can also be used to cheat the Federal Communications Commission (FCC) by using mobile devices. 

Most of the intended targets are crypto traders, single sign-on (SSO) services in the U.S., Binance staff, and Coinbase employees, with a small minority being Bitcoin traders and SSO service users. The kit seeks to trick victims into sharing sensitive information, including usernames, passwords, password reset URLs, and photo IDs, by sending carbon copies of SSO pages, phishing emails, SMS messages, and call-in scams via email, SMS, and voice mail, mainly aimed at US users.  

A suspicious new domain registration for the domain fcc-oktacom led researchers to discover a suspicious phishing kit. Cryptocurrency platforms and SSO services, including Coinbase, are most commonly targeted by this phishing kit, which is capable of impersonating a variety of company brands, with Coinbase being the most frequently targeted service.

Other websites were using the kit, and the majority of these websites used a subdomain of official-servercom as their C2 instead of their main domain. A recent blog post by Lookout states that the attack has been successful in phishing over a hundred people, many of whom remain active today. It is noteworthy that the C2 server URL, the client-side logic, and the style sheets were included in the kit. 

Most cybercriminals host their sites on RetnNet hosting. To prevent automated analysis tools from identifying the site, victims must first complete a captcha, known as hCaptcha, which provides the site with credibility. It appears CryptoChameleon is replicating the fashions used by Scattered Spider, specifically through its impersonation of Okta and the use of domain names previously assumed to be associated with the organization by Lookout. 

It is important to remember that the phishing kit has significantly different capabilities and C2 infrastructure than the phishing kit, even though the URL and spoofed pages look similar to what Scattered Spider might create. It is common for threat actors to copy one another's tactics and procedures when the tactic or procedure has been so publicized that it has become widely accepted. 

Furthermore, it remains unclear if this is the work of a single threat actor or a tool that is being used by many different groups at the same time. This is what has made the threat actors so successful in stealing high-quality data, according to Lookout, as high-quality phishing URLs, login pages that perfectly match the look and feel of legitimate websites, a sense of urgency, and consistent communication via SMS and voice calls have enabled them to steal data so efficiently. 

As soon as the attackers get access to the victim, they use their credentials to log in, and based on information that has been provided by the MFA service, they direct them to the appropriate page.  In addition to employees of the Federal Communications Commission (FCC), this phishing kit targets cryptocurrency users of Binance, Coinbase, and various other platforms that provide cryptocurrency services like Binance, Coinbase, Gemini, Kraken, ShakePay, Caleb & Brown, and Trezor. 

There have been over 100 successful phishing attacks on victims so far. As a result, automated analysis tools are not able to flag the sites because the fake login screen is displayed only after the victim completes a CAPTCHA test using hCaptcha, thus preventing them from being flagged. 

By mimicking a company's customer service team with the pretence that it is protecting a person's account after a purported hack, these pages can be distributed via unsolicited phone calls and text messages. As a result, the victim's phone number and the choice of six- or seven-digit code can be customized on the phishing page. 

Cryptocurrency platforms and Single Sign-On services are the most frequently targeted services by phishing kits that impersonate various company brands, with Coinbase being the most commonly targeted.  

Further, victims are also lured through phone calls, emails, and text messages, when phishing emails are disguised as legitimate messages from cryptocurrency platforms or the Federal Communications Commission (FCC) with malicious links, while SMS messages are disguised as legitimate notifications from cryptocurrency platforms or the FCC. 

Lookout customers have been protected against these phishing sites since the beginning of January 2024 due to the similarity of infrastructure and the similarity of previous attacks.
Read more »
Technology
AI Apple Artificial Intelligence Cyber Hackers Cyberattacks CyberCrime Google Technology

Google's 'Woke' AI Troubles: Charting a Pragmatic Course

 


As Google CEO Sundar Pichai informed employees in a note on Tuesday, he is working to fix the AI tool Gemini that was implemented last year. The note stated that some of the text and image responses reported by the model were "biased" and "completely unacceptable". 

Following inaccuracies found in some historical depictions generated by its application, the company was forced to suspend its use of its tool for creating images of people last week. After being hammered for almost a week last week over supposedly coming out with a chatbot that could be used at work, Google finally apologised for missing the mark and apologized for getting it wrong. 

Despite the momentum of the criticism, the focus is shifting: This week, the barbs were aimed at Google for what appeared to be a reluctance to generate images of white people via its Gemini chatbot, when it came to images of white people. It appears that Gemini's text responses have been subjected to a similar criticism. 

In recent years, Google's artificial intelligence (AI) tool Gemini has been subjected to intense criticism and scrutiny, especially as a result of ongoing cultural clashes between those of left-leaning and right-leaning perspectives. In contrast to the viral chatbot ChatGPT, Gemini has faced significant backlash as a Google counterpart, demonstrating the difficulties associated with navigating AI biases. 

As a result of the controversy surrounding Gemini, images that depict historical figures inaccurately were generated, and responses to text prompts that were deemed overly politically correct or absurd by some users, escalated the controversy. It was quickly acknowledged by Google that the tool had been "missing the mark" and the tool was halted. 

However, the fallout from the incident continued as Gemini's decisions continued to fuel controversies. There has been a sense of disempowerment among Googlers on the ethical AI team during the past year, as the company increased the pace at which it rolled out AI products to keep up with its rivals, such as OpenAI, who have been rolling out AI products at a record pace. 

Gemini images included people of colour as a demonstration that the company was considering diversity, but it was also clear that the company failed to take into account all possible scenarios in which users might wish to create images. 

In her view, Margaret Mitchell, former co-head of Google's Ethical AI research group and chief ethics scientist for Hugging Face AI, has done a wonderful job of understanding the ethical challenges faced by users. As a company that had just been established four years ago, Google had been paying lip service to increasing its awareness of skin tone diversity, but it has made great strides since then.

As Mitchell put it, it is kind of like taking two steps forward and taking one step backwards." he said. There should be recognition given to them for taking the time to pay attention to this stuff. In a general opinion, Google employees should be concerned that the social media pile-on will make it even harder for internal teams who are responsible for mitigating the real-world harms that their artificial intelligence products are causing, such as whether the technology can hide systemic prejudices. 

The employees worry that Google employees should not be able to accomplish this task by themselves. A Google employee said that the outrage that was generated by the AI tool for unintentionally sidelining a group that is already overrepresented in the majority of training datasets could spur some at Google to argue for fewer protections or guardrails on the AI’s outputs — something that, if taken to an extreme, could hurt society in the end. 

The search engine giant is currently focused on damage control as a means to mitigate the damage. It was reported that Demis Hassabis, the director of Google DeepMind's research division, said on Feb. 26 that the company plans to bring the Gemini feature back online within the next few weeks. 

However, over the weekend, conservative personalities continued their attack against Google, specifically in light of the text responses Gemini provides to users. There is no doubt that Google is leading the AI race on paper, with a considerable lead. 

The company makes and supplies its artificial intelligence chips, has its cloud network, which is one of the requisites for AI computation, can access enormous amounts of data, and has an enormous base of customers. Google recruits top-tier AI talent, and its work in artificial intelligence enjoys widespread acclaim. A senior executive from a competing technology giant expressed to me the sentiment that witnessing the missteps of Gemini feels akin to observing a defeat taken from the brink of victory.
Read more »
Yahoo
Android Apple CIA Cyberattacks CyberCrime Cybersecurity Data Theft Yahoo

Ex-CIA Developer Faces 40-Year Sentence for Leaking Classified Data to WikiLeaks

 


In a multi-charged case that involved the disclosure of classified documents to WikiLeaks, Joshua A Schulte, a former CIA software engineer, was sentenced to 40 years for multiple counts of espionage and computer hacking, as well as one count of lying to FBI agents after handing over classified materials to WikiLeaks in 2022, he was found guilty of four counts of espionage and computer hacking in 2022. 

According to US authorities, Schulte was the cause of the largest breach in CIA history, because his alleged contributions to WikiLeaks have been regarded as one of the largest unauthorized disclosures of classified information ever made by the United States. 

Approximately eight thousand classified documents detailing CIA hacking tools were released on WikiLeaks in 2017 as part of an incident dubbed Vault 7, in which 8761 classified documents were made available. 

The trial on March 9, 2020, July 13, 2022, and September 13, 2023, led Schulte to become the prime suspect and face multiple convictions at trials that concluded on that date. US spies used the leak, which the CIA dubbed a “digital Pearl Harbor,” to hack Apple and Android smartphones, as well as to hack internet-connected television sets and turn them into listening devices, the CIA dubbed a “digital Pearl Harbor.” 

There has been a discussion about whether the Wikileaks founder Julian Assange should be kidnapped or assassinated after the security breach, Yahoo News reported, citing anonymous officials. As a result of the security breach, US officials have been planning to wage an "all-out war" against Wikileaks, including a potential kidnapping or assassination of its founder. 

Despite being indicted in 2019 on charges of espionage and criticized by press freedom organizations, Assange is currently fighting extradition to the US government in Britain. Additionally, the US authorities claim that Schulte's personal computer also contained tens of thousands of videos and images of child sexual abuse material. 

The Independent reports that Schulte denied the allegations and claimed that the CIA and FBI had used him as a scapegoat for the leak of CIA documents. Several brazen, heinous crimes of espionage committed by Joshua Schulte, one of the most brazen, and horrendous of all times, were committed by Schulte, the lawyer for the US. 

In his quest for revenge against the CIA, Schulte caused untold damage to the national security of our country based on how the CIA responded to Schulte's security breaches while employed by the agency. Schulte intended to cause even more harm to this nation after he was caught by the FBI, as he launched what he called an “information war,” releasing top secret information from behind bars to cause more harm to the nation.” 

Schulte received his sentence based on convictions for espionage, computer hacking, contempt of court, lying to the FBI, and having CSAM, among other charges. Additionally, he received a life sentence of supervised release alongside his prison sentence as well as his prison sentence. The CIA spying tools leak that was published last week included some shocking claims, including that hackers could gain access to Apple iPhones, 

Android devices made by Google and Samsung, and Samsung TVs made by Samsung to spy on their users. As presented in court documents, Schulte's theft "immediately and profoundly" affected the CIA's ability to gather foreign intelligence against U.S. adversaries; placed CIA personnel, programs, and assets directly at risk; and resulted in hundreds of millions of dollars of losses to the Agency.

Schulte repeatedly denied responsibility for the leak of the WikiLeaks documents during interrogations conducted by the FBI following the WikiLeaks disclosures. Schulte wrote in his journal in his detention pending trial that he intended to "break diplomatic relations, close embassies, and end US occupation across the globe." 

In the course of searching his apartment in New York, the FBI found that Schulte had hidden thousands of videos and images of horrific and disturbing child sexual abuse under layers of encryption. The FBI uncovered the servers and computers where Schulte had hidden the videos. Following his move to New York, according to the investigation, he continued to store child pornography from Russian websites and the dark web that he collected during his employment with the CIA and began to store it after moving to the city. It was from March 2020 until September 2023 that Schulte faced three separate trials in which he was tried for different crimes.
Read more »
Passwords
Apple Cyber Security Cyberattacks CyberCrime CyberThreat iOS iPhone Passwords

Apple's Shield Shattered: The Critical Flaw in iPhone Theft Defense

 


Several weeks ago, Joanna Stern from the Wall Street Journal reported that an increasing number of iPhone thieves have been stealing their devices from restaurants and bars and that one criminal was earning up to $300,000. 

During these attacks, it was common for thieves to observe their victims entering their passcodes before stealing their devices, changing their Apple ID passwords, and disabling Find My iPhone so that they could not be tracked or wiped remotely. With the help of this Keychain password manager, a thief can easily lock victims out of accounts (such as Venmo, CashApp, other banking apps, etc.) by using their passwords. 

However, Stolen Device Protection helps protect users against this vulnerability in two main ways. Users must use Face ID or Touch ID authentication (with no fallback for the passcode) to change important security settings such as Apple ID passwords or device passcodes when the feature is enabled. In addition to this, it also introduces a one-hour security delay before users can adjust any of these security settings. 

Essentially, this is intended to give victims enough time to mark their iPhones as lost before a thief can change them crucially. With the release of iOS 17.3 last week, Apple made sure that it included much anticipated features such as Collaborative Apple Music Playlists and AirPlay hotel integration. 

The biggest highlight of iOS 17.3 was the Stolen Device Protection, but we found that it was not as secure as we originally thought it would be. This is a new feature of iOS 17.3 called Stolen Device Protection that prevents bad actors from completing crucial actions such as changing your Apple ID password if they have your passcode. The purpose of this is to prevent bad actors from completing critical operations such as changing your passcode. Thus, you are unable to track the iPhone or mark it as stolen if someone stole it. 

In familiar locations such as your home and workplace, the iPhone Stolen Device Protection feature is turned off by default. However, there is a fatal flaw here. It is difficult for users to set familiar locations manually on the iPhone, as it learns your habits and automatically marks familiar locations as familiar locations. 

As a result, if you frequent the same bar or cafe over and over again, the Stolen Device Protection feature might not work, and it will be marked as a familiar place. There are two ways in which you can fix this problem. For example, the new feature automatically detects when an iPhone has been stolen, secures the device by using Face ID or Touch ID authentication, and then allows the user to change or modify any passwords stored on the device. Also, it would be necessary to wait for one hour with a mandatory time delay before any of the changes would be locked in. 

As a result of the cool-down period, users can report or mark the iPhone as lost before making any changes to it before making any changes to the devices. As ThioJoe pointed out in the post, users who have Significant Locations enabled will not be able to call upon the increased security layers if they have Significant Locations enabled on their devices. 

According to Apple, once a user starts frequenting a certain location, that location will be deemed 'significant'. As well as using this data to suggest journals, store memories, and display photos, it uses other data too. Furthermore, Apple is now also utilizing this technology to protect stolen devices after they have been lost or stolen. 

Furthermore, ThioJoe explains that users have no control over Significant Locations, which, means that once your iPhone finds itself in a Significant Location, all the protection features of the device are nullified by that moment. According to Apple, the feature, which is buried in the iPhone's settings menu, will add an extra layer of security to the iOS operating system. 

The security update addresses a vulnerability that has been exploited by thieves, allowing them to lock victims out of their Apple accounts, delete their pictures and other files from their iCloud accounts, and empty their bank accounts by using the Keychain Password Manager passwords that they keep in their accounts. Anecdotal evidence suggests that phone thefts are on the rise due to Apple's introduction of this feature. 

Incidents of stolen phones are prevalent on online forums like Reddit and in news articles across various locations, ranging from Los Angeles to London. Common tactics employed by thieves include pickpocketing, "table surfing," and moped snatching, as reported by law enforcement. The Wall Street Journal previously highlighted criminal activities where perpetrators observed individuals entering passcodes on stolen phones to access personal information. 

To counteract such security concerns, Stolen Device Protection has been introduced, designed to monitor a user's "familiar locations," such as their home or workplace. When attempting certain actions on the device outside these recognized places, additional biometric security measures are enforced. This approach aims to reduce the reliance on passcodes, susceptible to theft through various means, in favour of more secure "biometric" features like facial recognition or fingerprints, which are significantly harder to replicate.

Currently, as Apple works on developing a more robust solution, a temporary workaround involves disabling the Significant Locations feature on your iPhone. This can be done by accessing the Settings app, navigating to Privacy & Security, and selecting Location Services > Significant Locations. This feature prompts the device to request Face or Touch ID authentication when Stolen Device Protection is active. Although this serves as a temporary resolution, it is anticipated that Apple will enhance and refine this feature in future updates to provide a more comprehensive and secure solution.
Read more »
Stolen Device
Apple Cyberattacks CyberCrime Cyberhackers Cybersecuirty iOS iPhone Privacy Stolen Device

Enhanced Security Alert: Setting Up Stolen Device Protection on iOS 17.3

 


It has been announced that Apple has released iOS 17.3, the latest version of its iPhone operating system. This new version has several important new features, including Stolen Device Protection, which provides users with additional security measures if their phone is stolen. 

As every iPhone user should know, this is one of the most important features users can enable, as it ensures that they have the best security without doing anything. In case any user's iPhone is stolen and they have turned on Stolen Device Protection, it will be able to place limits on certain settings changes when it is not at home or work, which makes it difficult for them to make changes. 

Once the user's phone has been unlocked, and if a thief wants to change these settings, they will first have to authenticate using Face ID or Touch ID. It is therefore near-impossible for them to modify protected settings if they also have their biometrics – a near-impossible procedure. 

A feature called Stolen Device Protection, when enabled, adds extra security steps to a range of other security measures. Currently, it is required to use biometric authentication (such as Face ID or Touch ID) to access things like stored credit card information or account passwords, which is not possible to do with a passcode. If, however, users lose their phone, only they can retrieve these items, even if someone knows their passcode and the user can't find it.

The second thing that needs to be done is to wait an hour before attempting a security-related action – such as changing the Apple ID password – and then to pass a second biometric authentication test. As a result, the user will have a lot more time to mark their device as lost or remotely erase it to prevent the wrong hands from getting to their data. This should make it harder for a trespasser to access a user's data. When the Stolen Device Protection feature is activated, it adds additional security measures to specific features and actions within a recognized area of the iPhone in case the iPhone leaves that area. 

To ensure that key changes to accounts or the device itself remain inaccessible even if a thief gains access to the device's passcode, this additional security layer guarantees that they will never be able to gain access to the device. The thief will need to authenticate themselves using either Face ID or Touch ID to change these settings after unlocking the stolen device. 

If a thief has access to a stolen passcode, he or she will still have to replicate the actual owner's biometrics to modify protected settings, which is a very difficult task to accomplish. In addition to limiting what information the owner's iPhone thief can access, Stolen Device Protection also requires biometric authentication, such as Face ID or Touch ID, to view saved passwords or to make changes to the stolen Apple savings account, depending on which iPhone it is. 

Having an unlocked iPhone will stop thieves from using it to steal users' money or open an Apple credit card in the actual owner's name under the false identity of the owner. Some of the changes may have been made as a result of reports of iPhone owners having their devices snatched by thieves after they observed them logging in with their PINs and scanning their phones.

When an iPhone is accessed and accessed by someone who is not authorized to do so, thieves can steal money from the device, open credit card accounts, and do many other things once they have gained access to the device. The thieves can also completely lock victims out of their accounts with Apple, which makes it very difficult for them to disable their iPhones or track their stolen phones with Apple's Find My feature to track and disable their phones. 

The victims can sometimes not be able to access the photos and files that have been saved in their iCloud accounts. With this new feature, hackers will find it harder to use stolen iPhones to ruin users' lives and ruin their reputations. Having this feature on may cause some inconvenience for users at times, but the fact remains that they should turn it on to save the day. 

As soon as users have installed iOS 17.3 and wish to enable Stolen Device Protection, go to the Settings section of iOS and choose Face ID & Passcode. If users swipe down when using the app, they will find the section on Stolen Device Protection, which they should tap, to enable the feature.
Read more »
user identification
AirDrop Apple Cyber Security Privacy Concerns Researchers tracking risks user identification

Researchers Claim Apple Was Aware of AirDrop User Identification and Tracking Risks Since 2019

Security researchers had reportedly alerted Apple about vulnerabilities in its AirDrop wireless sharing feature back in 2019. According to these researchers, Chinese authorities recently exploited these vulnerabilities to track users of the AirDrop function. This case has raised concerns about global privacy implications.

The Chinese government allegedly used the compromised AirDrop feature to identify users on the Beijing subway accused of sharing "inappropriate information." The exploit has prompted internet freedom advocates to urge Apple to address the issue promptly and transparently. Pro-democracy activists in Hong Kong have previously used AirDrop, leading to Chinese authorities cracking down on the feature.

Beijing-based Wangshendongjian Technology claimed to have compromised AirDrop, collecting basic identifying information such as device names, email addresses, and phone numbers. Despite Chinese officials presenting this as an effective law enforcement technique, there are calls for Apple to take swift action.

US lawmakers, including Florida Sen. Marco Rubio, have expressed concern about the security of Apple's AirDrop function, calling on the tech giant to act promptly. However, Apple has not responded to requests for comments on the matter.

Researchers from Germany's Technical University of Darmstadt, who identified the flaws in 2019, stated that Apple received their report but did not act on the findings. The researchers proposed a fix in 2021, which Apple has allegedly not implemented.

The Chinese claim has raised alarms among US lawmakers, emphasizing the need for Apple to address security issues promptly. Critics argue that Apple's inaction may be exploited by authoritarian regimes, highlighting the broader implications of tech companies' relationships with such governments.

The Chinese tech firm's exploitation of AirDrop apparently utilized techniques identified by the German researchers in 2019. Experts point out that Apple's failure to add an extra layer of security, known as "salting," allowed the unauthorized access of device-identifying information.

Security experts emphasize that while AirDrop's device-to-device communication is generally secure, users may be vulnerable if they connect with a stranger or accept unsolicited connection requests. The lack of salting in the encryption process makes it easier for unauthorized parties to decipher the exchanged data.

Following the Chinese claim, Senator Ron Wyden criticized Apple for a "blatant failure" to protect users, emphasizing the four-year delay in addressing the security hole in AirDrop. The tech firm behind the AirDrop exploit has a history of collaboration with Chinese law enforcement and security authorities.

The intentional disclosure of the exploit by Chinese officials may serve various motives, including discouraging dissidents from using AirDrop. Experts suggest that Apple may now face challenges in fixing the issue due to potential retaliation from Chinese authorities, given the company's significant presence in the Chinese market. The hack revelation could also provide China with leverage to compel Apple's cooperation with security or intelligence demands.
Read more »
Technology
Apple Google GPT-4 Microsoft OpenAI Technology

OpenAI: Turning Into Healthcare Company?


GPT-4 for health?

Recently, OpenAI and WHOOP collaborated to launch a GPT-4-powered, individualized health and fitness coach. A multitude of questions about health and fitness can be answered by WHOOP Coach.

It can answer queries such as "What was my lowest resting heart rate ever?" or "What kind of weekly exercise routine would help me achieve my goal?" — all the while providing tailored advice based on each person's particular body and objectives.

In addition to WHOOP, Summer Health, a text-based pediatric care service available around the clock, has collaborated with OpenAI and is utilizing GPT-4 to support its physicians. Summer Health has developed and released a new tool that automatically creates visit notes from a doctor's thorough written observations using GPT-4. 

The pediatrician then swiftly goes over these notes before sending them to the parents. Summer Health and OpenAI worked together to thoroughly refine the model, establish a clinical review procedure to guarantee accuracy and applicability in medical settings, and further enhance the model based on input from experts. 

Other GPT-4 applications

GPT Vision has been used in radiography as well. A document titled "Exploring the Boundaries of GPT-4 in Radiology," released by Microsoft recently, evaluates the effectiveness of GPT-4 in text-based applications for radiology reports. 

The ability of GPT-4 to process and interpret medical pictures, such as MRIs and X-rays, is one of its main uses in radiology. According to the report, "GPT-4's radiological report summaries are equivalent, and in certain situations, even preferable than radiologists."a

Be My Eyes is improving its virtual assistant program by leveraging GPT-4's multimodal features, particularly the visual input function. Be My Eyes helps people who are blind or visually challenged with activities like item identification, text reading, and environment navigation.

Many people have tested ChatGPT as a therapist when it comes to mental health. Many people have found ChatGPT to be beneficial in that it offers human-like interaction and helpful counsel, making it a unique alternative for those who are unable or reluctant to seek professional treatment.

What are others doing?

Both Google and Apple have been employing LLMs to make major improvements in the healthcare business, even before OpenAI. 

Google unveiled MedLM, a collection of foundation models designed with a range of healthcare use cases in mind. There are now two models under MedLM, both based on Med-PaLM 2, giving healthcare organizations flexibility and meeting their various demands. 

In addition, Eli Lilly and Novartis, two of the biggest pharmaceutical companies in the world, have formed strategic alliances with Isomorphic Labs, a drug discovery spin-out of Google's AI R&D division based in London, to use AI to find novel treatments for illnesses.

Apple, on the other hand, intends to include more health-detecting features in their next line of watches, concentrating on ailments like apnea and hypertension, among others.


Read more »
Technology
Apple Browser Vulnerability Bug Fixes Google Microsoft Technology

Google Patches Around 100 Security Bugs


Updates were released in a frenzy in December as companies like Google and Apple scrambled to release patches in time for the holidays in order to address critical vulnerabilities in their devices.

Giants in enterprise software also released their fair share of fixes; in December, Atlassian and SAP fixed a number of serious bugs. What you should know about the significant updates you may have missed this month is provided here.

iOS for Apple

Apple launched iOS 17.2, a significant point update, in the middle of December. It included 12 security patches along with new features like the Journal app. CVE-2023-42890, a bug in the WebKit browser engine that could allow an attacker to execute code, is one of the issues patched in iOS 17.2.

According to Apple's support page, there is another vulnerability in the iPhone's kernel, identified as CVE-2023-4291, that might allow an app to escape its safe sandbox. In the meantime, code execution may result from two ImageIO vulnerabilities, CVE-2023-42898 and CVE-2023-42899.

According to tests conducted by ZDNET and 9to5Mac, the iOS 17.2 update also implemented a technique to stop a Bluetooth attack using a penetration testing tool called Flipper Zero. An iPhone may experience a barrage of pop-ups and eventually freeze up due to a bothersome denial of service cyberattack.

Along with these updates, Apple also launched tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2, and iOS 16.7.3.

Android by Google

With the fixes for around 100 security problems, the Google Android December Security Bulletin was quite extensive. Two serious Framework vulnerabilities are patched in this update; the most serious of them might result in remote privilege escalation without the requirement for additional privileges. According to Google, user engagement is not required for exploitation.

While CVE-2023-40078 is an elevation of privilege bug with a high impact rating, CVE-2023-40088 is a major hole in the system that could allow for remote code execution.

Additionally, Google has released an update to address CVE-2023-40094, an elevation of privilege vulnerability in its WearOS platform for smart devices. As of this writing, the Pixel Security Bulletin has not been published.

Chrome by Google

Google released an urgent patch for its Chrome browser to cap off a busy December of upgrades in style. The open source WebRTC component contains a heap buffer overflow vulnerability, or CVE-2023-7024, which is the ninth zero-day vulnerability affecting Chrome in 2024. In an advisory, Google stated that is "aware that an exploit for CVE-2023-7024 exists in the wild."

It was not the first update that Google made available in December. In mid-month, the software behemoth also released a Chrome patch to address nine security flaws. Five of the vulnerabilities that were found by outside researchers are classified as high severity. These include four use-after-free problems, a type misunderstanding flaw in V8, and CVE-2023-6702.

Microsoft

More than 30 vulnerabilities, including those that allow remote code execution (RCE), are fixed by Microsoft's December Patch Tuesday. CVE-2023-36019, a spoofing vulnerability in Microsoft Power Platform Connector with a CVSS score of 9.6, is one of the critical solutions. An attacker may be able to deceive the victim by manipulating a malicious link, software, or file. To be compromised, though, you would need to click on a URL that has been carefully constructed.

In the meantime, the Windows MSHTML Platform RCE issue CVE-2023-35628 has a CVSS score of 8.1, making it classified as critical. Microsoft stated that an attacker may take advantage of this vulnerability by sending a specially constructed email that would activate immediately when it is fetched and processed by the Outlook client. This might result in exploitation even before the email is seen in Preview  Pane.
Read more »
Technology News
Apple Apple Charging Cables. Apple Devices Cyber Safety Innovation iOS Technology Technology News

A Closer Look At The Future of MagSafe in Apple's Ecosystem

Apple is actively exploring ways to enhance MagSafe, aiming to enable wireless data transfer and seamless recognition and authentication of connected accessories. Currently, placing a MagSafe-compatible iPhone on a MagSafe charger allows for charging, even with an added MagSafe iPhone case. However, Apple acknowledges existing limitations, citing issues such as accessory devices unintentionally creating heat traps and increased heat generation with advancements in processor technology. A newly granted patent application, titled "Accessory Devices That Communicate With Electronic Devices," addresses these challenges and proposes intelligent solutions to refine MagSafe functionality. 

Apple's exploration of MagSafe goes beyond conventional boundaries. It includes more than just data transmission and user authentication. One of the anticipated innovations is the integration of augmented reality (AR) features. In theory, this development translates MagSafe as a platform where connected accessories seamlessly merge with a digital environment, promising users an immersive and interactive experience beyond the device's physical realm. Additionally, there are discussions surrounding MagSafe evolving into a dynamic power-sharing system, enabling wireless charging and effortless power distribution to compatible accessories. This multifaceted approach positions MagSafe as a transformative technology, poised to redefine user interactions and boost the overall functionality of Apple devices.  

In light of this, Apple recognizes that certain electronic devices employ thermal management mechanisms, slowing down processors or even shutting down when reaching specific temperatures. This dilemma forces users to choose between safeguarding their device with an accessory or allowing optimal processing capabilities.  

To address this, Apple proposes placing a magnetic sensor in devices like the iPhone. This sensor detects MagSafe accessories, allowing the device to distinguish between a charger and a case. Based on the type detected, it adjusts the charging process, considering temperature and setting different levels for cases and chargers. 

Apple is thinking of a two-step system. First, a basic identification without specific accessory data, assuming it's a case or charger. Second, a more advanced step where MagSafe accessories send data, authenticating and exchanging information with the device based on the magnetic field.  

To this end, Apple foresees a sophisticated level of recognition within the MagSafe ecosystem. At this advanced stage, MagSafe accessories are envisioned not only as functional components but also as data transmitters through the system. The transformative concept holds the potential for MagSafe accessories to communicate their specific tolerances directly to iOS. The focus of the patent is on data transmission, hinting at exciting possibilities. The significance lies in the prospect of these accessories evolving beyond their traditional roles to become intricate keys, unlocking enhanced functionality and integration with Apple devices. 

This innovation opens doors to a domain where MagSafe accessories go above and beyond, offering a nuanced and personalised interaction with iOS. As these accessories potentially evolve into multifaceted tools, users may experience a seamless integration of technology, where MagSafe becomes more than just a connector but a dynamic interface enriching the overall user experience. With the potential to transmit data via MagSafe, there's a prospect of authentication based on magnetic field vectors, turning MagSafe into an identification tool. For instance, picture an iPhone recognising a nearby MagSafe accessory and utilising its data. 

This innovation may not be exclusive to the iPhone, as there are rumours about the iPad adopting MagSafe. This alludes to a broader synthesis of these advanced features across various Apple devices, ensuring a unified end-user involvement. 

MagSafe's evolution promises more than just seamless connections; it foresees a dynamic relationship between devices and accessories. Envision a world where MagSafe transcends being a mere connector, providing enhanced experiences tailored to each user. Apple's commitment to innovation is paving the way for a new era in technology, where MagSafe is at the forefront of redefining how we interact with our devices. Exciting times lie ahead in the world of Apple technology and connectivity. 


Read more »
US law Enforcement
Apple Capitol riots Privacy Push notifications US Government US law Enforcement

Apple’s Push Notification Data Used to Investigate Capitol Rioters; Apple Sets Higher Legal bar


When it initially came to light that governments globally demanded push notification data from Apple and Google, suspicion mounted that the US government was doing the same. This has now been confirmed, with one use of it being the monitoring the Capitol riots, that will take place on January 6.

Previously, Apple was prohibited from disclosing that it was receiving legal demands for the information. However, now that it is permitted to do so, it has also raised the standard for compliance.

What is This All About? 

Last week, it was revealed that legal demands were being made to Apple and Google to provide details of the notifications that were sent to persons of interest in the legal investigations. While both companies were meeting the demands, they were not allowed to disclose that it was actually happening. 

The facts were then made public through an open letter by a senator. 

Push notifications can still disclose a lot of information, even though they prevent third parties from seeing the content of end-to-end encrypted conversations, such as those sent over iMessage.

Consider, for instance, a message exchange between a Chinese whistleblower and a US journalist exposing violations of human rights. The push data indicates that the source and journalist had a lengthy back-and-forth conversation yesterday, and a report on the abuses was released today. 

Apple swiftly verified the allegation and added these events to its transparency reporting once the open letter released them from legal constraints on publicizing the practice.

Push Notification Data Used by US Law Enforcement 

Although "foreign" countries were mentioned in the open letter, it was widely assumed that US law enforcement was also requesting the same information. The Washington Post has reported that the data aided in the investigation of Capitol riots, among other incidents, confirming this.

Apple Sets Higher Legal Bar 

Google held these demands to a higher legal standard than Apple did.

Apple provided the push notification data on the basis of a subpoena, whereas Google needed a court order to do so. Law enforcement agencies can issue subpoenas without judicial oversight; that is, they can demand data on their own, based only on their own determination that it is necessary. In contrast, a court order necessitates that a judge evaluate and accept the demand after reviewing the supporting documentation.

Apple has amended its instructions for law enforcement organizations to clarify that in order to obtain push notification data, a judge must approve a court order or search warrant.  

Read more »
Tech Giant
App Developers App Store Apple Data Breach Digital Services Epic Games Financial Exploit Fortnite Google Tech Giant

Epic Games Wins: Historic Decision Against Google in App Store Antitrust Case

The conflict between tech behemoths Google and Apple and Fortnite creator Epic Games is a ground-breaking antitrust lawsuit that has rocked the app ecosystem. An important turning point in the dispute occurred when a jury decided to support the gaming behemoth over Google after Epic Games had initially challenged the app store duopoly.

The core of the dispute lies in the exorbitant fees imposed by Google and Apple on app developers for in-app purchases. Epic Games argued that these fees, which can go as high as 30%, amount to monopolistic practices, stifling competition and innovation in the digital marketplace. The trial has illuminated the murky waters of app store policies, prompting a reevaluation of the power dynamics between tech behemoths and app developers.

One of the key turning points in the trial was the revelation of internal emails from Google, exposing discussions about the company's fear of losing app developers to rival platforms. These emails provided a rare glimpse into the inner workings of tech giants and fueled Epic Games' claims of anticompetitive behavior.

The verdict marks a significant blow to Google, with the jury finding in favor of Epic Games. The decision has broader implications for the tech industry, raising questions about the monopolistic practices of other app store operators. While Apple has not yet faced a verdict in its case with Epic Games, the outcome against Google sets a precedent that could reverberate across the entire digital ecosystem.

Legal experts speculate that the financial repercussions for Google could be substantial, potentially costing the company billions. The implications extend beyond financial penalties; the trial has ignited a conversation about the need for regulatory intervention to ensure a fair and competitive digital marketplace.

Industry observers and app developers are closely monitoring the fallout from this trial, anticipating potential changes in app store policies and fee structures. The ruling against Google serves as a wake-up call for tech giants, prompting a reassessment of their dominance in the digital economy.

As the legal battle between Epic Games and Google unfolds, the final outcome remains years away. However, this trial has undeniably set in motion a reexamination of the app store landscape, sparking debates about antitrust regulations and the balance of power in the ever-evolving world of digital commerce.

Tim Sweeney, CEO of Epic Games, stated "this is a monumental step in the ongoing fight for fair competition in digital markets and for the basic rights of developers and creators." In the coming years, the legal structure controlling internet firms and app store regulations will probably be shaped by the fallout from this trial.

Read more »
Software
Android Apple Cyber Security Google Google Play Store iPhone Malicious actor Software

17 Risky Apps Threatening Your Smartphone Security

Users of Google Android and Apple iPhone smartphones have recently received a vital warning to immediately remove certain apps from their devices. The programs that were found to be potentially dangerous have been marked as posing serious concerns to the security and privacy of users.

The alarming revelation comes as experts uncover 17 dangerous apps that have infiltrated the Google Play Store and Apple App Store, putting millions of users at risk of malware and other malicious activities. These apps, primarily disguised as loan-related services, have been identified as major culprits in spreading harmful software.

The identified dangerous apps that demand immediate deletion include:

  1. AA Kredit
  2. Amor Cash
  3. GuayabaCash
  4. EasyCredit
  5. Cashwow
  6. CrediBus
  7. FlashLoan
  8. PréstamosCrédito
  9. Préstamos De Crédito-YumiCash
  10. Go Crédito
  11. Instantáneo Préstamo
  12. Cartera grande
  13. Rápido Crédito
  14. Finupp Lending
  15. 4S Cash
  16. TrueNaira
  17. EasyCash

According to a report by Forbes, the identified apps can compromise sensitive information and expose users to financial fraud. Financial Express also emphasizes the severity of the issue, urging users to take prompt action against these potential threats.

Google's Play Store, known for its extensive collection of applications, has been identified as the main distributor of these malicious apps. A study highlights the need for users to exercise caution while downloading apps from the platform. The study emphasizes the importance of app store policies in curbing the distribution of harmful software.

Apple, recognizing the gravity of the situation, has announced its intention to make changes to the App Store policies. In response to the evolving landscape of threats and the increasing sophistication of malicious actors, the tech giant aims to enhance its security measures and protect its user base.

The urgency of the situation cannot be overstated, as the identified apps can potentially compromise personal and financial information. Users must heed the warnings and take immediate action by deleting these apps from their devices.

The recent discovery of harmful programs penetrating well-known app shops serves as a sobering reminder of the constant dangers inherent in the digital world. Users need to prioritize their internet security and be on the lookout. In an increasingly linked world, it's critical to regularly check installed apps, remain aware of potential threats, and update device security settings.



Read more »
Privacy
Apple Data Spying Department of Justice Google Government Spying Privacy

Google and Apple Admit Government Spies On Users Via Push Notifications

Apple and Google admit governments spy on users through push notifications

Government spying through push notifications

Government authorities have been snooping on smartphone users via push notifications sent out by applications, wrote a US senator in a letter to the Department of Justice on December 6. 

Senator Ron Wyden of Oregon has requested that the Department of Justice relax any existing limits on concerns about push notification surveillance.

In the letter, Wyden wrote “I write to urge the Department of Justice (DOJ) to permit Apple and Google to inform their customers and the general public about demands for smartphone app notification records”

More about push alerts

Push alerts, he continues, are routed through a digital post office maintained by the phone's operating system suppliers. "Because Apple and Google deliver push notification data, they can be secretly compelled by governments to hand over this information," according to the letter. This might provide governments with information about how users engage with specific apps, give them a peek at the whole text of a notice, and reveal some exposed data.

Wyden petitioned the Justice Department to allow Apple and Google to be honest about government demands for push notification surveillance.

Google and Apple admit spying and praise the letter

Additionally, the two companies praised Wyden's letter and admitted that push notification spying has been going on for quite some time. Apple also stated that it was not permitted to publish government demands for push notification data, but that it would begin telling people about it immediately.

"In this case, the federal government prohibited us from sharing any information," Apple stated, according to a Reuters report. "Now that this method has become public, we are updating our transparency reporting to detail these kinds of requests."

Even Google admitted the problem and stated that it supported Wyden's "commitment to keeping users informed about these requests." Google's transparency report already includes documentation of government demands for push notification data from users.

The rising concerns about government surveillance

Raising his concern in the letter, Wyden said “As with all of the other information these companies store for or about their users, because Apple and Google deliver push notification data, they can be secretly compelled by governments to hand over this information. Importantly, app developers don't have many options; if they want their apps to reliably deliver push notifications on these platforms, they must use the service provided by Apple or Google, respectively.”

Many users ignore push notifications, but they have sometimes caught the interest of technologists due to the difficulties of delivering them without passing data to Google or Apple.

Earlier in 2023, French developer David Libeau said that users and developers often remained oblivious to how their apps sent data to U.S. web giants via push notifications, labelling them "a privacy nightmare."


Read more »
Vulnerabilities and Exploits
Android App Safety Apple Bluetooth GitHub Linux Linux Servers macOS Vulnerabilities and Exploits

Bluetooth Security Flaw Strikes Apple, Linux, and Android Devices

Vulnerabilities in the constantly changing technology landscape present serious risks to the safety of our online lives. A significant Bluetooth security weakness that affects Apple, Linux, and Android devices has recently come to light in the cybersecurity community, potentially putting millions of users at risk of hacking.

The flaw, identified as CVE-2023-45866, was first brought to light by security researchers who detected a potential loophole in the Bluetooth communication protocol. The severity of the issue lies in its capability to allow hackers to take control of the targeted devices, potentially leading to unauthorized access, data theft, and even remote manipulation.

Security experts from SkySafe, a renowned cybersecurity firm, delved into the intricacies of the vulnerability and disclosed their findings on GitHub. If successfully employed, the exploit could lead to a myriad of security breaches, prompting urgent attention from device manufacturers and software developers alike.

Apple, a prominent player in the tech industry, was not exempt from the repercussions of this Bluetooth bug. The flaw could potentially enable hackers to hijack Apple devices, raising concerns among millions of iPhone, iPad, and MacBook users. Apple, known for its commitment to user security, has been swift in acknowledging the issue and is actively working on a patch to mitigate the vulnerability.

Linux, an open-source operating system widely used across various platforms, also faced the brunt of this security loophole. With a significant user base relying on Linux for its robustness and versatility, the impact of the Bluetooth flaw extends to diverse systems, emphasizing the urgency of a comprehensive solution.

Android, the dominant mobile operating system, issued a security bulletin addressing the Bluetooth vulnerability. The Android Security Bulletin for December 2023 outlined the potential risks and provided guidance on necessary patches and updates. As the flaw could compromise the security of Android devices, users are strongly advised to implement the recommended measures promptly.

Cybersecurity experts stated, "The discovery of this Bluetooth vulnerability is a stark reminder of the constant vigilance required in the digital age. It underscores the importance of prompt action by manufacturers and users to ensure the security and integrity of personal and sensitive information."

This Bluetooth security issue serves as a grim reminder of the ongoing fight against new cyber threats as the tech world struggles with its implications. In order to strengthen its commitment to a secure digital future, the IT industry is working together with developers, manufacturers, and consumers to quickly identify and fix vulnerabilities.

Read more »
Subscribe to: Posts (Atom)