Followup Bluetooth permissions on iOS A nice article explaining some of the most common legitimate reasons apps me request BlueTooth access: Here’s why so many apps are asking to use Bluetooth on iOS 13 — www.theverge.com/… CloudFlare’s Warp VPN has Finally been Released — blog.cloudflare.com/…, nakedsecurity.sophos.com/… & www.imore.com/… Note that VPNs can provide encryption and […]
Continue readingMore TagCategory: Security Bits
Security Bits – 21 September 2019
Security Medium 1 — SimJacker A remotely exploitable vulnerability has been found in the firmware running on billions of SIM cards around the world. The vulnerability can be triggered by sending a malicious SMS message to the phone number served by the victim SIM card. Once the SIM card is infected it can then reach […]
Continue readingMore TagSecurity Bits – 8 September 2019
Followup Apple draws a line under the ‘Siri Grading’ kerfuffle with a a public letter apologising for not reaching their own high standards, explaining how Siri protects user privacy, and outline some changes to how grading will be carried out in future — www.apple.com/… Apple send as little as possible data to Siri, using on-device […]
Continue readingMore TagSecurity Bits – 27 August 2019
Followups GitHub joins WebAuthn club — nakedsecurity.sophos.com/… Human Review of Voice Assistant Recordings: Facebook got humans to listen in on some Messenger voice chats — nakedsecurity.sophos.com/… Microsoft have humans review your conversations, and they’re not up for changing that fact: Microsoft won’t shift on AI recordings policy — nakedsecurity.sophos.com/… Humans may have been listening to […]
Continue readingMore TagSecurity Bits – 10 August 2019
Security Medium 1 — Human Review of Voice Assistant Recordings The Guardian newspaper started what turned out to be a far-ranging controversy be reporting that when Apple said they kept anonymised Siri recordings for analysis, that analysis included grading by human beings. Specifically, by outside contractors.
Continue readingMore TagSecurity Bits – 25 July 2019
Followups The Zoom webcam/webserver issue We now have confirmation that the vulnerability was also present in the RingCentral and Zhumu apps — www.imore.com/… Apple have rolled out an additional automatic security update to address the issues with these apps — www.macobserver.com/… Related Opinion: John Gruber addresses the question Isn’t [Apple’s response] “nonconsensual technology” too? in […]
Continue readingMore TagSecurity Bits – 14 July 2019
Security Medium 0 (more of a Followup) — 3rd-party Parental Control Apps Return to iOS Editorial by Bart: I’ve seen some very lazy reporting on this story, and I think the context and nuance are important, hence giving this apparently simple story the ‘Security Medium’ treatment. To understand what happened this week, it’s important to […]
Continue readingMore TagSecurity Bits – 30 June 2019
Followups Facebook has replaced the infamous study app that breached Apple’s Enterprise Developer Program rules and got them into so much trouble a few months ago with a new app that is not side-loaded, is explicit in what it does, and is Android only (Editorial by Bart: I’m guessing they couldn’t get a useful spying […]
Continue readingMore TagSecurity Bits – 15 June 2019
Followups 🇺🇸 🇮🇳 Thanks to a letter sent to Facebook by US Senator Richard Blumenthal we now know that Facebook’s controversial VPN tracking app collected data on 187K users, and that 31K of those were in the US, and 4.3K of those were teens. The remaining users were in India — nakedsecurity.sophos.com/… Security Medium — […]
Continue readingMore TagSecurity Bits – 1 June 2019
Followups Andrew Orr at TMO got a bit of a sneak-peak at Cloudflare’s soon-to-be released Warp VPN (Editorial by Bart: support for a split tunnel is a nice touch) — www.macobserver.com/… Security researchers have found that there are still nearly a million devices out there on the internet vulnerable to the BlueKeep RDP vulnerability Microsoft […]
Continue readingMore Tag