Archive for Apple

New iOS Phishing Attack Could Trick You Into Giving Away Your Apple ID Password

Posted in Commentary with tags on October 11, 2017 by itnerd

Here’s something that all iOS users need to pay attention to. A new blog post from developer Felix Krause explains how the popup which iOS users are familiar with to enter their password could be used to easily trick someone into handing over their Apple ID and password. It’s apparently easy to emulate and while he hasn’t published code that allows one to do this, it is likely going to be in the wild in short order. Now he’s filed a bug report with Apple, but here’s what you should do to protect yourself. From his post:

  • Hit the home button, and see if the app quits:
    • If it closes the app, and with it the dialog, then this was a phishing attack
    • If the dialog and the app are still visible, then it’s a system dialog. The reason for that is that the system dialogs run on a different process, and not as part of any iOS app.
  • Don’t enter your credentials into a popup, instead, dismiss it, and open the Settings app manually. This is the same concept, like you should never click on links on emails, but instead open the website manually
  • If you hit the Cancel button on a dialog, the app still gets access to the content of the password field. Even after entering the first characters, the app probably already has your password.

I recommend reading Krause’s full explanation of this phishing method on his blog. Hopefully Apple reads it too and does something about this in short order.

Advertisements

White House Chief Of Staff May Have Used Pwned iPhone For Months

Posted in Commentary with tags on October 6, 2017 by itnerd

White House officials believe that chief of staff John Kelly may have been using a personal phone for months which may have been pwned by hackers. And reading this story about this is absolutely mind blowing:

The discovery raises concerns that hackers or foreign governments may have had access to data on Kelly’s phone while he was secretary of Homeland Security and after he joined the West Wing.

Tech support staff discovered the suspected breach after Kelly turned his phone in to White House tech support this summer complaining that it wasn’t working or updating software properly.

Kelly told the staffers the phone hadn’t been working properly for months, according to the officials.

White House aides prepared a one-page September memo summarizing the incident, which was circulated throughout the administration.

Oh boy. That’s bad. Really bad. Various governments buy 0-day exploits. And these type of exploits on iOS are extremely valuable. We’ve already seen that the NSA and CIA both developed and stockpiled their own Thus it seems reasonable that foreign governments would be doing the same thing. You have to wonder if there’s more of these sorts of revelations to come.

macOS High Sierra Vulnerability Exposes Passwords of Encrypted APFS Volumes in Plain Text [UPDATE: Fixed]

Posted in Commentary with tags on October 5, 2017 by itnerd

Apple, you have a problem. And it’s a big one. A guy named Matheus Mariano appears to have discovered a significant macOS High Sierra vulnerability that exposes the passwords of encrypted Apple File System volumes in plain text in Disk Utility. The article that I linked to will walk you through how to reproduce it and the fact that is trivially easy to reproduce shows that Apple truly dropped the ball here. I say that because this is a bug, and this sort of bug that should never, ever make it out the door. It should have been caught by Apple’s QA department. But clearly that didn’t happen and here we are talking about it.

Now the bug has been reported to Apple, thus I wonder how long they will take to fix something this serious. If they were smart, they’d fix this ASAP if they value their credibility.

UPDATE: This appears to have just been fixed via the release of a update from Apple. High Sierra users should run to Software Update to get this fix. There is also a support document that has been posted that discusses this issue. That I have to say is insanely quick work by Apple.

UPDATE #2: Another issue has been fixed in this update.  The issue where someone could steal the usernames and passwords of accounts stored in Keychain using a malicious third-party app has been fixed as well. This document has more details and confirms the fix for the APFS issue.

One Reason For Mac Users To Upgrade To High Sierra: Security At The Firmware Level

Posted in Commentary with tags on September 29, 2017 by itnerd

research paper from Duo Security is recommending that if you want to keep your Mac safe from certain types of pwnage, you should always be up to date with your OS. That’s because according to new research Pre-boot software on Macs is often outdated, leaving Apple fans at a greater risk of being pwned. For example, users would be vulnerable to exploits such as Thunderstrike and attacks originally developed by the NSA and exposed in the WikiLeaks Vault 7 data dumps as they rely on out-of-date firmware. This of course ignores the other security fixes that come with OS upgrades such as the recently released High Sierra.

Now how does High Sierra fix this? It automatically checks and updates the firmware if required when it installs. Not only that, it also checks said firmware on a regular basis to make sure that it hasn’t been pwned by a hacker. Further info on this can be found in a related blog post where Duo Security said that users should not only upgrade to High Sierra, but users should also check if they are running the latest version of firmon their Macs, and it has released a tool to help them to do that.

#PSA: Stop iOS Apps From Asking You To Do A Review In iOS 11

Posted in Tips with tags on September 28, 2017 by itnerd

Something that has annoyed me for a very long time is apps prompting me to review them. Sure I can click the option to not ask me again every time the prompt appears. But that becomes tiresome after a while. But you can stop apps from asking you for reviews in iOS 11 by doing the following:

  1. Go to Settings
  2. Go to iTunes & App Store and look for this option

IMG_0843

The In-App Ratings & Reviews was turned on in my case. I turned it off and I stopped getting prompted for reviews. At least thus far. Give it a try and see if it works for you. If it does, please leave a comment and let me know.

Poll: Does iOS 11’s Do Not Disturb While Driving Have A Bit Of A Problem With It?

Posted in Commentary with tags on September 26, 2017 by itnerd

For the last couple of days, I’ve been driving a 2018 Mazda CX-3 so that I can write a review on it. But in the process of doing so, I have discovered a bit of an inconsistency with Apple’s new Do Not Disturb While Driving feature that showed up in iOS 11.

Now I have my iPhone connected to the infotainment system of the CX-3 via Bluetooth, and I have Do Not Disturb While Driving to only enable over Bluetooth. That works perfectly. But, I am also the owner of a Series 2 Apple Watch. I have found that while notifications other than VIP notifications appear to be suppressed on the Apple Watch, I can still use the Apple Watch to check my e-mail and read text messages. Not only that, I can use it to send text messages via dictation. That part is what got my attention when I thought about this because Siri doesn’t read back your text the way it does with Apple CarPlay. Thus you have to read what you dictated to ensure it picked everything up correctly. This means that if you do this while driving, you’re distracted (Though I will admit that while the Series 3 Apple Watch has Siri speaking to you, it doesn’t mean that this is any less distracting. If it is, it’s only marginally so). Yet you’re not touching your phone. I would think that Do Not Distrub While Driving should not only stop you from using your phone while driving, but it should stop you from using your Apple Watch while driving as well seeing as the watch is wirelessly tethered to the phone and many of the functions of the Apple Watch are driven by the phone. But perhaps I am looking at this wrong. Thus I am posting this to see what your thoughts are. Please take the poll below and let’s see what the wisdom of of the crowd is:

Continue reading

Review: Apple macOS High Sierra

Posted in Products with tags on September 26, 2017 by itnerd

Apple releases a new operating system every year. Sometimes the company makes massive changes. Other times it’s bug fixing and performance tweaking with only a handful of changes. macOS High Sierra is the latter. At least, that’s what Apple would have you believe. The fact is, that there are significant changes under the hood that make this worth installing.

The first reason to install macOS High Sierra is the new APFS (Apple File System) file system. It replaces the 20 or so year old HFS+ (Hierarchical File System) file system by bringing the following to the table:

  • Built-in encryption and support for full disk encryption
  • Snapshots, which used to record the state of your storage device based on points in time, helpful for backups
  • Space sharing, which makes it easier to resize and mange different partitions
  • Faster performance
  • The ability to better manage very large storage capacities and files

Here’s the catch. At present you need an SSD installed to leverage this feature (though support for Fusion Drives and spinning disks will be coming at some point in the future). And as I have noted previously, you’re going to get this new filesystem on your SSD whether you want it or not. Apple also says that the time to convert to APFS may vary based on the size and speed of your disk, the speed of your Mac, how much free space you have, and whether the volume is encrypted or not. In my case the total time to upgrade to High Sierra took almost five hours. Now I did check to see if I had any pre-existing issues with the SSD in my MacBook Pro which had about 230GB of data on it, or the OS, and there were none. Thus I am unable to explain this result. I will be running an upgrade on my wife’s MacBook Pro this weekend so I will get a chance to see if this was a fluke and I will update this post with the results. Once it was installed, here’s what I noticed:

  • I got 2.1GB in disk space back.
  • Opening applications felt a touch faster

So on the surface it seems that APFS does make a difference. Your mileage may vary.

The next difference that you’ll see is in Apple’s Safari web browser. It now stops videos from auto playing. Something I know that annoys a lot of you who are reading this. Second, is Intelligent Tracking Prevention. This stops sites from tracking you and displaying ads based on where you’ve been on the web. While advertisers won’t like this, you will. There’s a bunch of performance and functionality improvements that are along for the ride as well that make this a better browser overall.

Photos is the one app in High Sierra that gets the most changes. For starters it’s a better organization tool via tweaks to the sidebar and toolbar, drag-and-drop organization, imports history, improved accuracy with the People album, and more. The Edit mode is redesigned with better access to tools, Live Photo support, and there are also new filters. Photos also has new Project Extensions, so you can use third-party services to create websites, books, etc. There’s so many changes with Photos that I could do a separate review on Photos alone. So I will simply say that you should try it and I think you’ll love it.

There are other features that make this a worthwhile upgrade:

  • High Sierra now has support for VR headsets
  • Apple’s new Metal 2 API has support for external GPU hardware, which could mean you can boost your MacBook’s graphics performance by using Thunderbolt to hook up an external box with a top-end graphics card. Something that’s popular on the PC side of the fence. There’s also support for machine learning which should help Siri be a better virtual assistant.
  • Two new file formats that are now supported in High Sierra are High Efficiency Video Encoding (HEVC) for video and High Efficiency Image File Format (HEIF) for photos. In fact, an iPhone that is on the same iCloud account as a Mac running High Sierra will automatically use the latter by default.
  • Siri gets a new voice and some more intelligence.
  • There are tweaks to iCloud to support the new Family Sharing feature as well as sharing files to non-iCloud users. Something that iCloud desperately needed to compete against services like DropBox.

So is there a reason that you shouldn’t upgrade to High Sierra? Frankly, other than this security hole, if your Mac support High Sierra (which any Mac that ran Sierra will), then this is a worthwhile upgrade. Just take my advice on what to do before you upgrade and you too can leverage the performance tweaks that High Sierra brings to the table.

UPDATE: I installed macOS Sierra on my wife’s MacBook Pro which also has a Samsung SSD in it. While I did get it to install, it took three hours and the installer crashed right at the very end. That forced me to reboot it a couple of times to bring it back to life. That’s not something that I recommend, but I was left with very little choice. Everything worked properly and I will keep an eye on it over the next few days.