Archive for Apple

Apple Releases iOS 12.5.5 To Patch The Vulnerabilities That Are Used By The NSO Group

Posted in Commentary with tags on September 23, 2021 by itnerd

Recently, Apple released iOS 14.8 to address the vulnerabilities that allowed The NSO Group to pwn iPhones with their Pegasus spyware. Now it appears that the same fixes have been brought down to iOS 12 users who could not update to iOS 13, 14 or iOS 15. Devices that are unable to update to iOS 13 or 14 include the iPhone 5s, ‌iPhone‌ 6, ‌iPhone‌ 6 Plus, iPod touch 6, original iPad Air, iPad mini 2, and ‌iPad mini‌ 3.

If you go to the Settings app, tapping on “General,” and selecting the “Software Update”, you should see that iOS 12.5.5 was released, and in Apple’s security information, it mentions three exploits that “may have been actively exploited” with one of them found by The University Of Toronto’s Citizen Lab. That’s the same people who have been tracking the exploits that are used by The NSO Group and brought them to Apple’s attention. Thus based on that, this is something that you should install ASAP.

UPDATE: Apple also released Security Update 2021-006 for macOS Catalina. The security notes say that it fixes one of the three exploits mentioned above. You should likely update to that as well to protect yourself.

How To Fix Some Of The “Quirks” Of iOS/iPadOS 15, watchOS 8, And Safari 15

Posted in Tips with tags on September 22, 2021 by itnerd

On Monday, Apple released a ton of software to the world. And that as is typical for me caused my phone to ring and my inbox to fill up from people who had minor “quirks” in terms of how the software looked and functioned that annoyed them. I’ve collected the common “quirks” into this article along with how to fix them. I’ll start with Safari 15. It has a feature that colors the Tab Bar. If that annoys you, here’s how to turn it off:

  1. Go to the “Safari” menu, then “Preferences”
  2. Go to “Tabs”
  3. Uncheck “Show color in tab bar”

Now this same feature exists in iOS/iPadOS 15. Here’s how you disable this same feature in those OSes:

  1. Go to “Settings” then “Safari”
  2. Under the “Tabs” section turn off “Website Tinting”. Note: On iPadOS the option is called “Show Color in Tab Bar”

Safari on iOS and iPadOS 15 also moved the address bar to the bottom of the screen by default. Based on what my clients are saying, it’s not a popular change. But you can change it back to the top easily:

  1. Go to “Settings” then “Safari”
  2. Under the “Tabs” section, select “Single Tab”

watchOS 8 removed the dedicated bed icon for activating sleep mode. That caused a few calls from clients of mine who used Apple’s sleep tracking feature. In watchOS 7, you simply had to swipe up from the bottom and click on the bed icon to activate sleep mode. Now in watchOS 8, it’s tied to the new Focus Mode feature which Apple defines as “A powerful new set of tools gives you more control over how you prioritize your time and attention. So you can find balance and stay focused on whatever you’re doing in the moment.” The problem is that this change is confusing lots of users. To save you stress of figuring it out when you’re going to bed, here’s how you activate sleep mode:

  1. Swipe up from the bottom to display Control Center.

2. Find the moon icon, press and hold it to get the menu pictured below.

3. Choose Sleep.

Finally, some of you might have issues with iOS 15 where you might have problems with Bluetooth devices (Bluetooth headsets specifically) and WiFi. The solution could be classified as a “nuclear option.” But it seems to fix most things that have been reported to me.

  1. Go to Settings
  2. Go to General
  3. Go to Transfer or Reset iPhone
  4. Go To Reset
  5. Click on Reset Network Settings

The reason why I call this the “nuclear option” is that you will have to re-join any WiFi networks that the phone was paired with after you do this. Which by extension means that you will need to know the passwords of said networks before you go down this path. It also seems to reset some cellular options like roaming preferences and WiFi calling. But it seems to clear up strange Bluetooth and WiFi issues. Thus it’s worth trying.

Do you have an “quirks” in watchOS 8, iOS/iPadOS 15 and Safari 15 that you’ve come across and fixed? Please leave a comment below and share your wisdom. Alternately, if you have a “quirk” that you need help with, leave a comment below and I will try and assist you.

UPDATE: Someone emailed me asking where Private Browsing Mode was in Safari on iOS/iPad OS 15. I am not sure why Apple did this, but it is buried in the tab menu:

If you click on it, you’ll be given the Private option:

Click on it and you’ll be in Private Browsing Mode.

Choose done. To get out of Private Browsing Mode, simply follow these steps and choose “x Tabs” where “x” is the number of tabs that you have open.

On iPhone 13 Launch Day In Canada, Apple’s Financing Provider Can’t Handle The Volume 

Posted in Commentary with tags on September 17, 2021 by itnerd

Early this morning I got up early to order my wife an iPhone 13. Product Red and 256 GB for the record with AppleCare+. By 8:08 AM EST, I posted this Tweet:

I had no issues. But the same can’t be said for my fellow Canadians who tried to finance their iPhones. Now I can understand why they would want to do that. The options ranged from just six months to 24 months with 0 percent APR. That’s a great deal to get into a new iPhone. Except that Apple’s finance partner which is Paybright by Affirm have had issues processing the financing requests due to the load that typically happens when pre-orders open for new iPhones. Some people saw ‘502 bad gateway’ errors. Then later this morning Paybright’s website has an error message that read “There is a bit of a traffic jam. Please go back and try again.”

Here’s what I saw on Twitter:

What also doesn’t help is this. Paybright has a Twitter account that is no longer monitored:

Top tip for companies out there. If you have a Twitter account that you no longer monitor and use, delete it. Because having a bunch of people Tweet your unused account is a bad look for you.

Clearly Apple got wind of this and did something about the situation:

What that sounds like to me is that if you are trying to finance an iPhone in Canada, you should just keep trying as it sounds like the issues are being addressed. Or at least mitigated. Though it is unclear when Apple and Paybright will fix this issue outright. Watch this space more updates as I will be watching this situation as the day goes on.

Now this isn’t the first time a new iPhone has been released on planet Earth. Thus Paybright had to have known that whatever server infrastructure they had needed to be seriously beefed up and load balanced to the extreme so that it didn’t melt under the strain of people eager to get the iPhone 13. The fact that they either didn’t beef it up at all or didn’t beef it up enough is a bad reflection on Paybright. And by extension this is a bad reflection on Apple as well who chose Paybright to manage their financing program. My guess is that a bunch of Apple execs are having a conversation with a bunch of Paybright execs to ask “WTF?” and said Paybright execs are about to make a bunch of IT people’s lives a living hell as a result. Because you know what tends to flow downhill.

UPDATE: It’s currently 3PM EST and from my look at Twitter, some people have had success starting again and doing another order. Though I will note that people who have had success had to refresh a ton of times to get an opening for pickup or delivery. Others continue to have no success no matter what they do. Thus if you really want an iPhone 13, you may have to rethink how you pay for it. The bottom line that this is a colossal #EpicFail for both Paybright and Apple, and both have some explaining to do.

The iPhone 13 & iPhone 13 Pro Are Now Available For Pre-Order From TELUS

Posted in Commentary with tags , on September 17, 2021 by itnerd

TELUS will offer the best-ever lineup of iPhone and iPad, including the innovative and elegant iPhone 13 Pro, iPhone 13 Pro Max, iPhone 13, and iPhone 13 mini, on the fastest network in Canada. Redesigned inside and out, iPhone 13 Pro and iPhone 13 Pro Max introduce the most advanced pro camera system ever on iPhone, Super Retina XDR display with ProMotion, improved battery life, the Apple-designed A15 Bionic chip with 5-core GPU, and an advanced 5G experience. iPhone 13 and iPhone 13 mini feature the most advanced dual camera system ever in iPhone and powerhouse A15 Bionic chip in a sleek and durable design. Customers will be able to pre-order the iPhone 13 lineup on September 17, with availability on September 24. For complete pricing and availability details, please visit telus.com/iphone13.

Featuring an advanced 5G experience with more 5G bands, the iPhone 13 lineup works in more places on 5G for greater coverage and performance. Available in four stunning finishes — graphite, gold, silver, and the all-new sierra blue — iPhone 13 Pro and iPhone 13 Pro Max introduce an all-new Super Retina XDR display with ProMotion featuring an adaptive refresh rate up to 120Hz, making the touch experience even faster and more responsive. They also introduce the best battery life ever on iPhone with iPhone 13 Pro Max, lasting up to two and a half hours longer in a day than iPhone 12 Pro Max, a new storage capacity of 1TB, and are protected by the Ceramic Shield front cover, tougher than any smartphone glass. With new Ultra Wide, Wide, and Telephoto cameras, the pro camera system gets its biggest advancement ever capturing stunning photos and video, powered by the Apple-designed A15 Bionic. These technologies enable impressive new photo capabilities like macro photography on the new Ultra Wide camera and up to 2.2x improved low-light performance on the new Wide camera, and new computational photography features like Photographic Styles to personalize the look of images in the Camera app, and Night mode on all cameras. Video takes a huge leap forward, offering Cinematic mode for beautiful depth-of-field transitions, macro video, Time-lapse and Slo-mo, and even better low-light performance. Both models also offer end-to-end pro workflows in Dolby Vision, and for the first time, ProRes, only available on iPhone.

The next generation iPhone 13 and iPhone 13 mini feature a beautiful design with sleek flat edges in five gorgeous new colors — pink, blue, midnight, starlight, and (PRODUCT)RED. Both models feature major innovations including the most advanced dual-camera system ever on iPhone — with a new Wide camera with bigger pixels and sensor-shift optical image stabilization offering improvements in low light photos and videos, a new way to personalize the camera with Photographic Styles, and Cinematic mode, which brings a new dimension to video storytelling. Equipped with the Apple designed A15 Bionic, iPhone 13 and iPhone 13 mini also boast super-fast performance and power efficiency, longer battery life, a brighter Super Retina XDR display that brings content to life, incredible durability with the Ceramic Shield front cover, double the entry-level storage at 128GB, an industry-leading IP68 rating for water resistance, and an advanced 5G experience.

By the end of the year, more than 70% of the Canadian population will experience TELUS’ blazing fast 5G network. In Opensignal’s first Canada 5G User Experience Report 2021, which analyzed Canada’s next-generation networks, TELUS took home six awards including Fastest 5G Download and Upload Speeds, Best 5G Video Experience, Best Voice App Experience and Best 5G Availability nationwide. Additionally, TELUS recently earned the top spot in Ookla’s 2021 Fastest Mobile Network Speedtest Awards for the fifth year in a row, inclusive of both download and upload speeds. These achievements, along with the numerous, sustained accolades TELUS has earned over the years, showcase the strength and speed of TELUS’ global-leading mobile network. 

TELUS and Koodo customers who purchase an iPhone 13 are eligible to receive up to six months free of Apple TV+ and Apple Arcade. This offer is only available at TELUS to new customers as well as existing customers who upgrade their device. 

TELUS customers can also take advantage of our Bring-It-Back program and receive up to $810 off depending on the device, when they agree to return it in good working condition to TELUS at the end of their two-year term. To save even more, customers can sign up for TELUS’ Trade-In Program, where customers will receive a credit for their old device, up to $825.

For more details on pricing and data plans, please visit telus.com/iphone13. The iPhone 13 lineup will also be available at Koodo on 4G LTE. 

My Thoughts On What Was Announced During Today’s Apple Event

Posted in Commentary with tags on September 14, 2021 by itnerd

Every time Apple does one of their events, people ask me about what I think about what was announced. Thus I took a deep dive on everything that was announced so that you can make the best purchasing decision possible. So let’s have a look at what was announced:

iPad: Well, there’s not much to see here. On the surface this seems to be a decent upgrade. Apple did cut some corners with Bluetooth support as it “only” supports Bluetooth 4.2 in an era where Bluetooth 5.x is a thing. Ditto for the fact that it also comes with 802.11ac WiFi instead of 802.11ax WiFi as that is the new hotness. But other than that, it’s the same iPad that’s been around for a while now. Only faster. And the fact that it works with accessories that you may already have if you’re upgrading from an older iPad is a big plus. One thing that I will note is that you have a choice of 64GB and 256GB storage options. There’s nothing in the middle which is a bit of a #Fail as it forces you to spend more than you may want to if you need more storage.

iPad Mini: Apple didn’t cut corners here as it’s pretty up to date with USB-C, 802.11ax WiFi, Bluetooth 5.0 and second generation Apple Pencil support. Though like the iPad above, you again only get 64GB and 256GB storage options. Other than that, this new iPad Mini seems pretty solid at first glance.

Apple Watch Series 7: This at first glance looks like Apple addressed a bunch of things that have been irritants for Apple Watch owners. It has IP6X dust resistance for the first time which to be frank Apple should have done years ago. It also has a screen that is more durables it offers better shatter resistance. That’s important as the ION-X glass isn’t that durable, and you have to spend a lot of money to get the Sapphire glass which is more durable. But it doesn’t seems to be any more scratch resistant which is a #Fail. Said screen is bigger now and it allows you to have a full keyboard which makes responding to text messages or emails something that is practical for the first time. It charges faster as they’ve moved to USB-C for the charging. But that via reading the fine print requires the Apple 20W USB-C Power Adapter for it to work. Which is handy as it still has 18 hours of battery life which is another #Fail. Tech specs are not available so it makes it a bit hard to judge what changes were made under the hood. But I can say that there are no health sensors that have been added. Thus as it stands, I find no compelling reasons to upgrade if you have a Series 6. But if you have a Series 5 or earlier, you might have a reason to upgrade.

UPDATE: 9to5Mac has evidence that the internals of the Apple Watch Series 7 are basically the Series 6 internals. Another reason that the Series 7 is not a compelling upgrade.

iPhone 13/13 Mini: The big news is the battery life improvements. Apple now promises “all day battery life” with the Mini. That’s huge as the battery life on the iPhone 12 Mini wasn’t very good. Storage starts at 128GB and goes as high as 512GB. The display notch at the top of the screen is slightly smaller in width. Apple says about 20% smaller for those who care about the size of the notch. It’s faster as usual. The iPhone 13 and iPhone 13 camera system is better. The lenses now take in more light, with 46% more light gathering capability at a f/1.6 aperture on the main wide camera. Sensor shift optical image stabilization is now available for the first time on the entry-models. For video, Apple has added a rack focus effect that they call ‘Cinematic Mode’, somewhat similar to Portrait mode photos but for video. Cinematic Mode focuses on a subject and adjusts focus as they move around the frame. 5G support on iPhone has been expanded with upgraded radios in the iPhone 13. Apple will double 5G compatibility to more than 200 carries across 60 countries. This makes the iPhone 13 and 13 Mini the phone that most users should get.

iPhone 13 Pro/Pro Max: The big news is that Apple finally has ProMotion display technology that can refresh from 10Hz to 120Hz. Thus Apple catches up to pretty much every Android phone. The cameras have of course improved:

  • 77mm telephoto camera with 3x optical camera
  • Ultra Wide camera with 92% boost in low light , f/1.8 aperture, auto-focus, 6-element lens
  • Wide camera: f/1.5 aperture, up to 2.2x improvement in low light
  • New macro photography features for the iPhone 13 Pro and iPhone 13 Pro Max
  • Night mode available across all three lenses 
  • New camera filter options, “Photographic Styles” will be available on iPhone 13 and iPhone 13 Pro
  • iPhone 13 Pro features Cinematic Mode for video, which is basically the same thing as Portrait Mode but for video. Other features include focus tracking and the ability to adjust the focus after recording
  • Macro slow mo video recording on ultra wide camera
  • ProRes video coming to iPhone 13 Pro later this year

If you care about photography, this will be the iPhone to get. iPhone 13 Pro offers 1.5 hours longer battery life than iPhone 12 Pro, while iPhone 13 Pro Max offers 2.5 hours longer battery life than iPhone 12 Pro Max. And there’s a 1TB option. This may entice me to upgrade from my iPhone 12 Pro.

UPDATE: The iPhone 13 Pro and Pro Max with 128GB of storage do not work with ProRes video at 4K resolution. This is found on Apple’s tech specs page:

That makes the 128GB models a must pass if you’re interested in ProRes at 4K resolution.

Now, what did you not see in the presentation? Here’s a list:

  • The leather loop Apple Watch bands are dead.
  • There’s a new Apple Wallet for MagSafe that has FindMy functionality.
  • iPhone 13/13 Pro has Dual eSIM support for the first time.
  • AirTag accessories have been refreshed with new colors
  • There are new silicon and leather cases for the iPhone 13/13 Pro
  • An Apple Watch Magnetic Fast Charger to USB-C Cable with a max length of 1M is now available.
  • iPad Pro & Air also gain ‘English lavender’ smart folios

A replay of the entire event is now available below:

Apple Releases Updates To Stop NSO Group Exploits That You Should Install Immediately

Posted in Commentary with tags on September 14, 2021 by itnerd

Yesterday Apple dropped an series of updates to stop exploits that were being used by the NSO Group to spy on targets such as human rights activists. If you value your security, you should ensure that you’re running the following Apple Software:

  • iOS/iPadOS 14.8
  • watchOS 7.6.2
  • macOS 11.6

Those versions fix one or both of these vulnerabilities. This is taken from the iOS/iPadOS security page:

One of these exploits was discovered by The Citizen Lab at the University Of Toronto who has found other exploits used by the NSO Group in the past. They have a very detailed write up on these exploits. It’s very much worth reading. But the key thing that you need to know about these exploits is that they allow the NSO Group to install their Pegasus spyware without user interaction. Meaning that it’s a “zero click” exploit which is the most dangerous type of exploit that’s out there as you don’t have to do anything to get pwned.

Now, while it is very unlikely that you’re a target of the NSO Group, installing these updates ensures that bad actors can’t threaten your security. I say that because now that these updates are out there, it is highly likely that bad actors will try to exploit these vulnerabilities on older versions of Apple’s software. Assuming that they haven’t already. Thus it’s once again time to patch all the things.

UPDATE: Toby Lewis, Global Head of Threat Analysis, Darktrace had these comments: 

How Pegasus is getting inside the phones:

Pegasus will use a range of exploits to gain access to a device and can be somewhat tailored to the target or attack campaign. Fundamentally, they have access to a range of iOS (Apple) and Android vulnerabilities that would allow them to exploit a range of native applications (i.e., applications that came pre-installed on the devices), often by just trying to open a file sent in an email or over text message; or clicking on a link that opens in Safari (for example). The exploits allow them to jailbreak the device, give them elevated privileges to install additional applications, or configure the device however the attacker wants – including installing the spyware component of Pegasus.Pegasus spyware can record texts, emails, and phone calls and share them with the NSO Group’s clients. It can also turn on devices’ cameras and microphones. Exploits like these are highly sophisticated and often target specific individuals like intelligence agents, reporters, etc., who have highly classified or confidential information. For high-priority targets, hackers will always find a way. While these attacks are not a threat to most Apple users, increased cyber-criminal adoption could be a severe issue. For example, criminal attackers could use the access to steal personal data for bigger campaigns, fraud, theft, and potentially even mass user lockout to ask for payment. Once bad actors make spyware, it can be sold and proliferate quickly globally. If it gets into the wrong hands, it will absolutely be used nefariously and potentially to a broader group of targets.There are also some good details on the “FORCEDENTRY” exploit directly from the researchers: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/

Thoughts on Apple’s history of protecting users against spyware: Why do you think it’s something that’s still a problem? How do they compare to similar companies such as Google (Android) in terms of cybersecurity and privacy?

Cyber-attackers will always target companies like Apple, given the proliferation of their technology and how critical it has become to everything we do. From navigating with maps to accesses our bank accounts, our lives depend on these devices. From a security architecture perspective, Apple has long operated a so-called “Walled Garden” where the underlying Operating System on the phone is completely inaccessible to any third-party applications, which can only be installed via the official App Store and are themselves installed and ran from a compartmentalized area of storage and processing. With the high degree of vetting for applications in the App Store, the only real way for malware to become installed on an Apple device is by exploiting the underlying operating system – the process known as Jailbreaking.Android’s architecture has been a much more open affair, on the one hand, given users greater freedom to install whatever applications they like, but without the protections afforded by Apple. Even via the official App Store (Google Play), there is only limited vetting and moderation, increasing the risk of malware being installed without the need for a clever exploit.Overall, Apple has a great track record of working with researchers to identify exploits so they can quickly patch. But that doesn’t mean the zero-day hadn’t already been exploited in the wild before it was identified. The research group who discovered the exploit found it in March while examining a Saudi activist’s phone. Apple issued a patch in September. 

Additional background/industry context:

It is crucial for everyone to immediately update their Apple devices, especially if you access proprietary information. While most people aren’t likely to be targeted, better to be safe than sorry. We must accept that all technology introduces security risks. At-risk sectors should take additional precautions to protect their communications through additional layers of defense. Self-learning AI has made leaps and bounds in allowing organizations to detect malware and spyware on employee devices before sensitive information leaks out of the organization.

Epic Games Might Be Looking To Appeal App Store Ruling…. While Apple Declares Victory

Posted in Commentary with tags , on September 10, 2021 by itnerd

Much as I assumed, Epic Games was not happy about today’s ruling in the App Store lawsuit. So much so that Epic Games CEO Tim Sweeney Tweeted this:

That sounds like an appeal is on the way from Epic Games. What precisely it would be appealing and on what grounds isn’t clear to me. But much as I figured, this is going to continue. Also, Sweeney makes it sound like it’s up to him as to when his games return to the App Store. It isn’t up to him. It’s up to Apple. And I am going to go out on a limb and to say that his games are not going to be welcome back into the App Store anytime soon.

Meanwhile over at Apple, they had this to say:

And in a statement to 9to5Mac, Apple also called it “a huge win for Apple” and “a resounding victory”. I guess that’s some great spin. But as I type this, this is Apple’s stock value:

It’s a safe bet that the value of their stock dropped because Apple will have to open things up to accept alternate payment methods will deprive them of the up to 30% cut of revenue that they currently get. And that’s making investors somewhat nervous. This is why I expect them to appeal.

Round 2 anyone?

UPDATE: This article on The Verge confirms that Epic Games is appealing today’s ruling.

BREAKING: Judge Rules ThatApple Is Not A Monopoly, But Must Allow Alternate Payment Methods For Apps… And That Epic Must Pay Up

Posted in Commentary with tags , on September 10, 2021 by itnerd

We have a decision in the Apple vs Epic legal battle. Here’s the highlights:

  • Apple must allow developers to include alternate purchase links in apps on the App Store. Apple has 90 days to comply with this order. On this count, Epic won.
  • Epic needs to pay damages equal to “30% of the $12,167,719 in revenue Epic games collected” through Epic Direct Payment, plus any revenue collected through November 1 to date of judgement, plus interest. That’s because the judge ruled that Epic was in breach of Apple’s contract clauses. Thus Apple won on this count.
  • The judge was clear that Apple is not a monopoly. The judge said that “success is not illegal” and that Epic could not demonstrate that Apple was engaging in monopolistic behavior. On this count, Apple won.

Back to the first point that I made. Apple had already announced that it will allow what it calls “Reader” apps (Netflix for example) to have alternate methods of payments because the Japanese investigated Apple and Apple cut a deal to make that go away. But the way that this order is written, it means Apple must allow developers of all applications to link out to third-party payment solutions. Most notably, this includes the highly lucrative games category. That will affect Apple’s bottom line. Thus I would not be surprised if Apple appeals this.

From the Epic standpoint, they can’t be happy. They have to cut a rather big cheque. Plus they couldn’t prove that Apple was a monopoly. The only thing that could be considered a win is that they can steer users to their payment system. But I am not sure if that is enough for them. Also, Apple doesn’t have to let them back onto the App Store as they violated their contract with Apple. That for sure will not make them happy.

I would recommend staying tuned as I am sure that this is not over. But in the meantime, here’s the relevant legal documents for your review:

BREAKING: Apple Delays CSAM Scanning Feature

Posted in Commentary with tags on September 3, 2021 by itnerd

Various news outlets including 9to5Mac, MacRumors, AppleInsider among others are reporting that Apple has backed down from rolling out their CSAM scanning feature. Apple had this to say to 9to5Mac:

“Last month we announced plans for features intended to help protect children from predators who use communication tools to recruit and exploit them, and limit the spread of Child Sexual Abuse Material. Based on feedback from customers, advocacy groups, researchers and others, we have decided to take additional time over the coming months to collect input and make improvements before releasing these critically important child safety features.”

I have to admit that I didn’t expect Apple to back down. Even though I said that they should. Hopefully Apple does really listen to its critics and come up with something that is much better. Because my fear is that Apple might have pulled this so that the negative press stops. They now have another opportunity to prove me wrong.

Oh, I should also note that other child safety features announced by Apple last month, and also now delayed, include communications safety features in Messages and updated knowledge information for Siri and Search. That tells you how controversial this was.

Man Steals 620K Photos From iCloud Accounts Via A Phishing Attack

Posted in Commentary with tags , on August 25, 2021 by itnerd

This is an example of why you need to be switched on to keep yourself from being a victim of a phishing attack. Let’s get the details about this particular attack that involves Apple’s iCloud:

A Los Angeles County man broke into thousands of Apple iCloud accounts and collected more than 620,000 private photos and videos in a plot to steal and share images of nude young women, federal authorities say. Hao Kuo Chi, 40, of La Puente, has agreed to plead guilty to four felonies, including conspiracy to gain unauthorized access to a computer, court records show. Chi, who goes by David, admitted that he impersonated Apple customer support staff in emails that tricked unsuspecting victims into providing him with their Apple IDs and passwords, according to court records. He gained unauthorized access to photos and videos of at least 306 victims across the nation, most of them young women, he acknowledged in his plea agreement with federal prosecutors in Tampa, Fla. 

Chi said he hacked into the accounts of about 200 of the victims at the request of people he met online. Using the moniker “icloudripper4you,” Chi marketed himself as capable of breaking into iCloud accounts to steal photos and videos, he admitted in court papers. Chi acknowledged in court papers that he and his unnamed co-conspirators used a foreign encrypted email service to communicate with each other anonymously. When they came across nude photos and videos stored in victims’ iCloud accounts, they called them “wins,” which they collected and shared with one another. “I don’t even know who was involved,” Chi said Thursday in a brief phone conversation. He expressed fear that public exposure of his crimes would “ruin my whole life.” 

The scam started to unravel In March 2018. A California company that specializes in removing celebrity photos from the internet notified an unnamed public figure in Tampa, Fla., that nude photos of the person had been posted on pornographic websites, according to [FBI agent Anthony Bossone]. The victim had stored the nude photos on an iPhone and backed them up to iCloud. Investigators soon discovered that a log-in to the victim’s iCloud account had come from an internet address at Chi’s house in La Puente, Bossone said. The FBI got a search warrant and raided the house May 19. By then, agents had already gathered a clear picture of Chi’s online life from a vast trove of records that they obtained from Dropbox, Google, Apple, Facebook and Charter Communications. On Aug. 5, Chi agreed to plead guilty to one count of conspiracy and three counts of gaining unauthorized access to a protected computer. He faces up to five years in prison for each of the four crimes.

I hope the authorities not only throw the book at this guy, but I also hope that his ” unnamed co-conspirators” are tracked down and face consequences as well. But at the same time, let me state this unequivocally. Apple Tech Support will never call you out of the blue to troubleshoot an issue. And you can substitute Apple for Google, Microsoft, or any other company. If you get a call like this, hang up. For additional tips in terms of avoiding this along with many other tech related scams, click here.