Archive for September 16, 2015

Critical Bug In iOS & OS X Allows AirDrop To Write Files Anywhere

Posted in Commentary with tags on September 16, 2015 by itnerd

This isn’t good.

ThreatPost is reporting that there’s a bug in iOS and OS X that allows AirDrop which is Apple’s ad-hoc file transfer system to write files anywhere on the filesystem of the receiving devices. And they don’t have to agree to accept the file transfer for bad stuff to happen. Here’s the details:

The vulnerability lies in a library in both iOS and OS X, and Mark Dowd, the security researcher who discovered it, said he’s been able to exploit the flaw over AirDrop, the feature in OS X and iOS that enables users to send files directly to other devices. If a user has AirDrop set to allow connections from anyone—not just her contacts—an attacker could exploit the vulnerability on a default locked iOS device.

In fact, an attacker can exploit the vulnerability even if the victim doesn’t agree to accept the file sent over AirDrop.

Dowd, founder and director of Azimuth Security, was able to use the vulnerability, along with some other tactics to bypass the code-signing protections on iOS. To do this, he used his own Apple enterprise certificate to create a profile for his test app that allowed the app to run on any device. Under normal circumstances, when the app is first installed on a new device, the device would throw up a dialog asking the user if she trusts the app. However, Dowd is able to suppress this prompt by installing an enterprise provisioning profile on the device and marking it as trusted.

Lovely, This attack is apparently mitigated – but not fixed in iOS 9 which is going to hit the streets shortly. But there’s apparently no fix in OS X at present.

My suggestion. Turn off AirDrop and only turn it on when you need it. That should provide some degree of protection. Plus it will give you back a few minutes of battery life too as the device isn’t constantly scanning for devices that it could AirDrop to. In the meantime, let’s hop that Apple comes out with a real fix sooner rather than later.

Leave a comment »

BREAKING: watchOS 2 Will Not Be Released Today

Posted in Commentary with tags on September 16, 2015 by itnerd

During Apple’s event last week, it was announced that watchOS 2 would be released alongside iOS 9 today. That’s apparently changed according to Tech Crunch who has a statement from Apple that says that the OS for the Apple Watch family is delayed due to a bug:

Apple has delayed the release of watchOS 2, which was expected to be available today to owners of the Apple Watch.

“We have discovered a bug in development of watchOS 2 that is taking a bit longer to fix than we expected,” an Apple spokesperson told TechCrunch. “We will not release watchOS 2 today but will shortly.”

I actually like this. After the gong show that was iOS 8 and OS X Yosemite which were both clearly kicked out to the world before they were ready for prime time, Apple clearly has learned from that and made the decision to hold the software back until it is actually ready. Kudos to them for doing what’s right.

I’ll posting a story on iOS 9 when that hits the streets, which should be around 1PM Eastern based on Apple’s recent track record.

Leave a comment »

Review: Jackery Mini

Posted in Products with tags on September 16, 2015 by itnerd

I seem to be getting a lot of external batteries lately to review. The latest one is the Jackery Mini which is a lipstick sized 3200 mAh battery that is meant to give your smartphone a charge of juice when you need it. Here’s what it looks like:

 IMG_1600

It is a lightweight battery made of aluminum. It has a blue light that has four dots where four means that it is fully charged and each dot is worth 25%. It also has a button that you need to press to start charging a device.

IMG_1601

It has a Micro USB port as well as a full sized USB port. Plug the cable of your choice (USB, Lightning, etc) in the latter port to charge your smartphone and charge the Jackery Mini with the former port using the supplied Micro USB cable. You can use a USB to AC adapter or plug it into your computer, but you’ll have to bring your own adapter if you choose the former method to charge the Jackery Mini.

It’s really, really light which means it will not weigh you down. Plus it doesn’t occupy a lot of space. That means you can fit it in your pocket or a purse. But the question is if how much can it charge? To find out, I charged it for four hours and then I performed this experiment:

  • I took an iPhone 6 that was 58% charged and charged it until it was full. It took 1 hour and 25 minutes and at the end I had two dots which implied 25% – 50% charge was remaining.
  • I took an iPhone 6 that was 61% charged and charged it until it was full. It took 1 hour and 17 minutes and at the end I had one blinking dot which implied less than 10% of a charge.

So in short, this experiment implies that if I had an iPhone 6 that has 20% charge, I can use the Jackery Mini to get it up to a full charge and maybe have some charge to spare in case I need a few extra minutes of power. That’s handy if you need to top off your phone after a day’s usage so that you can use it in the evening without having to look for an AC outlet. That I suspect will make the Jackery Mini a valuable piece of kit for many. It has a MSRP of $29.99 USD, but it is on sale for $12.99 – $14.99 USD at the moment depending on the color that you want as you get four to choose from. Of interest, you get a 18 month warranty which is longer than I am used to. Get your Jackery Mini direct from Jackery or on Amazon.

1 Comment »