Apple’s security as of late is as effective as a one-armed man clapping. Not only can anyone access a password-protected iPad if it has a Smart Cover, Apple’s new brainchild Siri can be used to pilfer personal information despite a passcode lock.
Damn You Siri
A fatal flaw in Siri was recently discovered, tarnishing the reputation of the iPhone’s newest claim to fame. The flaw allows anyone to access an iPhone via voice-activated commands despite screen and password locks, access that includes personal information. By hitting the home screen button a person, using Siri, could have access to texts, the calendar and other services — all without having to unlock the home screen.
Email luckily is not accessible, “the positive thing is that accessing some of the more sensitive services in this manner, such as email, is forbidden,” says Alan Goode of Goode Intelligence, a mobile security firm. “But I could still run up a pretty impressive and annoying phone bill if I had malicious intent and if Apple missed this pretty easy to find vulnerability then what other security threats are hiding in Apple’s latest mobile OS?”.
Users can protect themselves from Siri by manually disabling the option to enable Siri at the password lock. The default setting however makes users vulnerable and should never have been the default to begin with.
WatchMe 911 (iTunes Link) is a personal protection system, with four customizable alert modes, seven alarm sounds, a flashlight and GPS tracking available. With two taps, it can connect you to the people you trust when you need it most. The app was designed primarily for women, but some of the alert modes are valuable for hikers, runners, and cyclists, whether male or female. Currently, the app is limited to the United States.
In recent times, the ubiquity of RIM’s award winning smartphone BlackBerry has been shrinking, thanks to companies providing an option of allowing their employees to add third-party security applications to their own picked up or chosen smart phones. This certainly gives the employees the freedom to opt for their own smart phone and in addition they take on more responsibility for security. Companies offering such applications such as Good Technology and Mobile Iron are thus intruding Blackberry’s mainstay in the corporate market.
The USP of Blackberry has been Research In Motion’s top tier security and appealing management features helping the top notch Business Firms and IT managers to control the corporate information they share with their employees, thus helping to avoid any cyber attacks on their businesses. But, analysts at CCS Insight are of the opinion that the consumer market is repeating itself in the enterprise market. People tend to and want to use the technology in their work life they use in their daily personal lives.
If you’re a tech geek like me you undoubtedly follow Google – and you also probably know all the transformers by heart. By using Transformers as an allegory we can put Google’s transformation into context.
Google has been acquiring companies, technology and people — aggressively, and now they are joining them all together to build a super-powered Microsoft fighting machine. And they now have Microsoft’s Decepticons in their sights. In fact if you look at Google’s product line, you begin to see that Google is purposefully encroaching into Microsoft territory -gearing up for the battle Royale of the decade.
The private eye has discovered that Android devices are no longer a safe haven for your personal information. The private eye is a German University – University of Ulm, which claims that more than 99% of all smartphones that run Google’s Android operating system are susceptible to mobile hackers. An unencrypted Wi-Fi network is the little window needed by mobile hackers to gain access to everything that is important in your life.
Google Calendar, Twitter, Facebook et al are vulnerable to an impersonation attack. This discovery is a follow up to Rice University professor Dan Wallach’s blog post in February that mentioned the nature and magnanimity of this threat. Even though Android devices are being retracted or updated, the process will be a success only if all the devices are freed from this shortcoming, otherwise the catastrophe will be unimaginable. The bug has been fixed in Android 2.3.4 and 3.0 (for smartphones) – the latest version of the operating system – the bulk of mobile carriers and handset manufacturers have not yet issued an update. “We are aware of this issue, have already fixed it for calendar and contacts in the latest versions of Android, and we’re working on fixing it in Picasa”, said a Google representative in an e-mail statement. Another issue this raises is the need for better update practices in Android hardware vendors.
It is going to be a busy week for all the IT professionals since Microsoft is going to deliver a record patch that addresses 64 security vulnerabilities. There will be patches for bugs in Microsoft Windows, Microsoft Office, Internet Explorer, Visual Studio, GDI+ and .NET framework. In this update, the most frequently used office applications like Excel (2003-2010) and Powerpoint (2002-2010) will also be affected. There will be 17 bulletins, of which more than half, that is nine, are critical. The critical bulletins will affect all Windows systems including Server 2008 and Windows 7 and hence Microsoft urges system administrators to plan for a deployment.
Pete Voss, a senior response communication manager at Microsoft says that according to the assessment of Microsoft, the vulnerability could theoretically allow remote code execution. However, he adds that such an event is extremely unlikely and no evidence of attacks have been recorded so far. Apart from the 9 critical bulletins out of 17, the other 8 bulletins are marked to be important. Among those rated as important is a fix for the MHTML script injection vulnerability in Windows. The security bulletins will be released by Microsoft at about 1 pm EDT on 12th April.
If 90s hacker movies taught us anything it’s that hackers are benevolent human beings looking not to corporate espionage but solely for freedom of information. But — the 90s are over.
According to a new study (PDF) by security firm McAfee, hackers have resurfaced and are hacking into corporate networks to steal corporate information –private information that has been called the new Cybercrime currency. The “Underground Economies” report from McAfee stated that in 2010 attacks were focused mainly on industrial espionage and came primarily from the Stuxnet virus. The large majority of the 2011 attacks however, dubbed the Night Dragon attacks (which began in 2009), were focused on major oil companies. These multi-pronged attacks are well coordinated and aimed at stealing sensitive corporate information.
Yes — we have officially entered the age of the Textually Transmitted Disease. Last September a virus spread across China, infecting more than 1 million smartphones. This virus dubbed ‘Zombie‘ infiltrated phones and began sending spam messages using the phone’s address book. While this is still shy of being a full-blown TTD, we are well on our way.
Internet security companies expect these viruses to spike as smartphone sales and use increases. Top security firm McAfee has reported that mobile phone malware increased by 46% from 2009 to 2010. Other Internet security companies have noticed the spike as well and attribute much of it to the vulnerabilities in the apps and widgets. ViaForensics noted that even the more famous apps have security flaws including Groupon, Facebook and Mint.com. In fact a large number of the 11 billion+ apps downloaded last year put users information at risk, as do 10 out of the 12 email apps tested.
The newest patch from Microsoft appears to b a Mac vs. PC commercial in the making. Don’t be surprised if the next mocking ad from Mac addresses the 900 million people affected by Microsoft’s most recent security patch. The name of the release, Patch “Tuesday” which sounds more like an Irish celebration than a critical software patch, but then again maybe Microsoft was trying to lighten the mood.