Tag Archives: Apple

The best camera phones of 2017

The best camera phones of 2017 - cameraphones, camera phone, Fotohandys, Téléphones-appareils photo

2017 rocked the smartphone market, introducing increased photo-taking capabilities as never seen before. Here are the models to keep in mind. If you once used to go crazy trying to take a decent photo with your cell phone, today that is no longer an issue. Actually, for a few years now, a few hundred dollars […]

The post The best camera phones of 2017 appeared first on Avira Blog.

Read More

Apple iPhone X’s Face ID Hacked (Unlocked) Using 3D-Printed Mask


Just a week after Apple released its brand new iPhone X on November 3, a team of hackers has claimed to successfully hack Apple’s Face ID facial recognition technology with a mask that costs less than $150.

Yes, Apple’s “ultra-secure” Face ID security for the iPhone X is not as secure as the company claimed during its launch event in September this year.

“Apple engineering teams have even gone and worked with professional mask makers and makeup artists in Hollywood to protect against these attempts to beat Face ID,” Apple’s senior VP of worldwide marketing Phil Schiller said about Face ID system during the event.

“These are actual masks used by the engineering team to train the neural network to protect against them in Face ID.”

However, the bad news is that researchers from Vietnamese cybersecurity firm Bkav were able to unlock the iPhone X using a mask.

Yes, Bkav researchers have a better option than holding it up to your face while you sleep.

Bkav researchers re-created the owner’s face through a combination of 3D printed mask, makeup, and 2D images with some “special processing done on the cheeks and around the face, where there are large skin areas” and the nose is created from silicone.

The researchers have also published a proof-of-concept video, showing the brand-new iPhone X first being unlocked using the specially constructed mask, and then using the Bkav researcher’s face, in just one go.

“Many people in the world have tried different kinds of masks but all failed. It is because we understand how AI of Face ID works and how to bypass it,” an FAQ on the Bkav website said.

“You can try it out with your own iPhone X, the phone shall recognize you even when you cover a half of your face. It means the recognition mechanism is not as strict as you think, Apple seems to rely too much on Face ID’s AI. We just need a half face to create the mask. It was even simpler than we ourselves had thought.”

Researchers explain that their “proof-of-concept” demo took about five days after they got iPhone X on November 5th. They also said the demo was performed against one of their team member’s face without training iPhone X to recognize any components of the mask.

“We used a popular 3D printer. The nose was made by a handmade artist. We use 2D printing for other parts (similar to how we tricked Face Recognition 9 years ago). The skin was also hand-made to trick Apple’s AI,” the firm said.

The security firm said it cost the company around $150 for parts (which did not include a 3D printer), though it did not specify how many attempts its researchers took them to bypass the security of Apple’s Face ID.

It should be noted that creating such a mask to unlock someone’s iPhone is a time-consuming process and it is not possible to hack into a random person’s iPhone.

However, if you prefer privacy and security over convenience, we highly recommend you to use a passcode instead of fingerprint or Face ID to unlock your phone.

Apple iOS and Wifi – more open to the world than you might think

Apple iOS and Wifi - more open to the world than you might think

The Apple iOS has a new unpatched vulnerability – and we’re not just talking about the KRACK vulnerability that hit about everyone using WiFi. The latest vulnerability was uncovered during a Tokyo hackathon by a team from Tencent’s Keen Lab. What’s this Apple iOS vulnerability all about? Their hack of the latest iOS used WiFi […]

The post Apple iOS and Wifi – more open to the world than you might think appeared first on Avira Blog.

Read More

Judge: FBI Doesn’t Have to Reveal How It Unlocked iPhone Used by San Bernardino Terrorist


Remember the infamous encryption fight between the FBI and Apple for unlocking an iPhone belonging to terrorist Syed Farook behind the San Bernardino 2015 mass shooting that killed 14 people?

The same Apple vs. FBI case where Apple refused to help feds access data on the locked iPhone and, later the Federal Bureau of Investigation reportedly paid over a million dollars to a vendor for unlocking the shooter’s iPhone.

For keeping the iPhone hack secret, three news organizations—The Associated Press, USA Today, and Vice Media—sued the FBI last year under the Freedom of Information Act (FOIA) and forced the agency to reveal the name of the company and the amount it was paid to unlock the iPhone.

However, unfortunately, they failed.

A US federal judge ruled Saturday that the FBI does not have to disclose the name of or how much it paid a private company for an iPhone hacking tool that unlocked Farook’s iPhone.

Apple vs. FBI was one of the biggest legal battles in which Apple was being forced to build a backdoored version of its iOS that could have helped the agency unlock Farook’s iPhone, but the company refused.

After weeks of arguments, the US government withdrew its motion and announced it had obtained an alternative method to unlock the iPhone from an “outside party.”

A few months later, The Associated Press, USA Today, and Vice Media sued the FBI, arguing that the public have a right to know how the government spent taxpayer funds for the iPhone hack.

The news organisations also claimed the existence of a serious vulnerability in the iPhone could be a danger to the public.

However, U.S. District Judge Tanya S. Chutkan of the District of Columbia ruled this weekend that the information on vendor and hacking tool used is exempt from mandatory disclosure under the government transparency law.

“It is logical and plausible that the vendor may be less capable than the FBI of protecting its proprietary information in the face of a cyber attack,” the judge said.

“The FBI’s conclusion that releasing the name of the vendor to the general public could put the vendor’s systems, and thereby crucial information about the technology, at risk of incursion is a reasonable one.”

Regarding the cost of the hacking tool, the federal judge also agreed with the US government that revealing the price the government paid for unlocking iPhone could harm national security.

“Releasing the purchase price would designate a finite value for the technology and help adversaries determine whether the FBI can broadly utilise the technology to access their encrypted devices,” Chutkan said.

“Since the release of this information might ‘reduce the effectiveness of a critical classified source and method’, it is reasonable to expect that disclosure could endanger national security.”

Last year, former FBI Director James Comey indirectly disclosed that the agency reportedly paid around $1.3 Million for the hacking tool that helped the agency break into Farook’s iPhone 5C.

Although Comey said the hacking tool the FBI bought was only effective against an iPhone 5C running iOS 9 and not on later versions of iPhone such as the 5S, 6 and 6S, the agency could theoretically find a way to expand the tool’s effort or build a similar implementation to hack higher models.

Powered by WPeMatico

Apple macOS High Sierra Exploit Lets Hackers Steal Keychain Passwords in Plaintext


Apple yesterday rolled out a new version of its macOS operating system, dubbed High Sierra 10.13—a few hours before an ex-NSA hacker publicly disclosed the details of a critical vulnerability that affects High Sierra as well as all earlier versions of macOS.

Patrick Wardle, an ex-NSA hacker and now head of research at security firm Synack, found a critical zero-day vulnerability in macOS that could allow any installed application to steal usernames and plaintext passwords of online accounts stored in the Mac Keychain.

The macOS Keychain is a built-in password management system that helps Apple users securely store passwords for applications, servers, websites, cryptographic keys and credit card numbers—which can be accessed using only a user-defined master password.

Typically no application can access the contents of Keychain unless the user enters the master password.

“I discovered a flaw where malicious non-privileged code (or apps) could programmatically access the keychain and dump all this data …. including your plain text passwords. This is not something that is supposed to happen!,” Wardle said.

The security flaw actually resides in macOS’s kernel extension SKEL (Secure Kernel Extension Loading) security feature, which was disclosed earlier this month, allowing an attacker to run any third-party at kernel level extension without requiring user approval.

Wardle yesterday posted a proof-of-concept video of the exploit, demonstrating how the hack can be used to exfiltrate every single plaintext password from Keychain without requiring the user to enter the master password.

The video shows how a malicious installed application, signed or unsigned, allowed an attacker to remotely steal all the passwords stored in the keychain and does not notify the user of the attack either.

“macOS is designed to be secure by default, and Gatekeeper warns users against installing unsigned apps, like the one shown in this proof of concept, and prevents them from launching the app without explicit approval,” said Apple in a statement released today.

“We encourage users to download software only from trusted sources like the Mac App Store and to pay careful attention to security dialogs that macOS presents.”

Wardle claimed that he reported the issue to Apple last month, and made the public disclosure when the company planned to release High Sierra without fixing the vulnerability, which not only affects the newest version but also older versions of macOS.

Powered by WPeMatico

In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementation of LEAP (Low Energy Audio Protocol), a large aud

CVE-2017-14315 : In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementation of LEAP (Low Energy Audio Protocol), a large aud

CVEdetails.com the ultimate security vulnerability data source

In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementation of LEAP (Low Energy Audio Protocol), a large audio command can be sent to a targeted device and lead to a heap overflow with attacker-controlled data. Since the audio commands sent via LEAP are not properly validated, an attacker can use this overflow to gain full control of the device through the relatively high privileges of the Bluetooth stack in iOS. The attack bypasses Bluetooth access control; however, the default “Bluetooth On” value must be present in Settings.

Publish Date : 2017-09-12 Last Update Date : 2017-09-21

CVSS Scores & Vulnerability Types

CVSS Score


Confidentiality Impact Complete
(There is total information disclosure, resulting in all system files being revealed.)
Integrity Impact Complete
(There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised.)
Availability Impact Complete
(There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.)
Access Complexity Medium
(The access conditions are somewhat specialized. Some preconditions must be satistified to exploit)
Authentication Not required
(Authentication is not required to exploit the vulnerability.)
Gained Access None
Vulnerability Type(s) OverflowGain privilegesBypass a restriction or similar
CWE ID 119

Products Affected By CVE-2017-14315

Number Of Affected Versions By Product

References For CVE-2017-14315

Metasploit Modules Related To CVE-2017-14315

CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is
MITRE’s CVE web site.

CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is
MITRE’s CWE web site.

OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is
MITRE’s OVAL web site.

Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties, implied or otherwise, with regard to this information or its use.
Any use of this information is at the user’s risk.
It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.
EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site.
INDIRECT or any other kind of loss.

Powered by WPeMatico

Apple removes VPN Apps from the China App Store


In order to comply with Chinese censorship law, Apple has started removing all virtual private network (VPN) apps from the App Store in China, making it harder for internet users to bypass its Great Firewall.

VPN service providers that provide services in China has accused the United States tech giant of complying with Chinese stringent cyberspace regulations.

In a blog post, the developers of ExpressVPN reported that Apple informed them that their VPN app had been pulled from the company’s Chinese App Store, and it seems all major VPN clients have received the same notice from Apple.

China has strict Internet censorship laws through the Great Firewall of China – the country’s Golden Shield project that employs a variety of tricks to censor Internet and block access to major foreign websites in the country.

The Great Firewall is already blocking some 171 out of the world’s 1,000 top websites, including Google, Facebook, Twitter, Dropbox, Tumblr, and The Pirate Bay in the country.

Therefore, to thwart these restrictions and access these websites, hundreds of millions of Chinese citizens use virtual private networks (VPNs) that encrypt their online traffic and route it through a distant connection.

However, earlier this year, China announced a crackdown on VPNs and proxy services in the country and made it mandatory for all VPN service providers and leased cable lines operators to have a license from the government to use such services.

This 14-month-long crackdown on the use of unsupervised internet connections, including VPNs was launched by the country’s Ministry of Industry and Information Technology, who called it a “clean-up” of China’s Internet connections.

Now, ExpressVPN received a notice from Apple that its app would be removed from the China-based App Store “because it includes content that is illegal in China.”

“We’re disappointed in this development, as it represents the most drastic measure the Chinese government has taken to block the use of VPNs to date, and we are troubled to see Apple aiding China’s censorship efforts,” ExpressVPN said in a statement.

Not just ExpressVPN alone, but another VPN service provider, Star VPN, also received same notice from Apple, the company confirmed via its official Twitter account on Saturday.

“We are writing to notify you that your application will be removed from the China App Store because it includes content that is illegal in China,” Apple said in the notice. “We know this stuff is complicated, but it is your responsibility to understand and make sure your app conforms with all local laws.”

Although Apple did not comment on this issue, it is no coincidence, as the company has severely been implementing various aspects of Chinese law in recent months for its regional operations in the most populated country.

Earlier this year, Apple removed the New York Times (NYT) app from its Chinese App Store because the app was in “violation of local regulations.”

The tech giant has even partnered with a local firm in the southwestern province of Guizhou earlier this month to set up its first data centre in China, which will store all user information for Chinese customers.

Powered by WPeMatico

Does Apple Watch 3 have a chance against the competition?

Apple’s latest smartwatch is expected to hit the shelves early next year, and even though now it is midsummer, the rumors around the product have already begun circulating. Some of the top rumors for Apple’s Series 3 watch suggest that cellular integration will finally arrive for Apple watches. Speculators also mention the latest edition of the product is very likely to have a front facing camera. If true, this would be great news as you will soon be able to make and receive calls, as well as FaceTime without the need of your iPhone. Most of the rumored functions have already been present for years to products from Fitbit, Samsung, Moto, Xiomi, and LG. However, we are surely excited to see how these options would feel and operate on watchOS.

What needs to be improved in this new smartwatch?

The smartwatch market had continually been expanding since its inception about five years ago; it is not a secret the first two versions of the Apple Watch product have had some rough time reaching their sales targets. Apple is not very keen on sharing numbers, but analysts confirm masses are still not entirely convinced that any smartwatch is worth the $300+ price tag. The overall smartwatch market has been experiencing steady growth but not a real boom. So we were wondering if Apple Watch 3 will be the device that will finally convert smartwatches from being a gimmick to an everyday necessity? Here’s what Apple Watch 3 will need to outshine, or at least catch up with its competitors;

–    Improved battery life

Apple Watch 2 needs charging almost every night. This is almost laughable when compared to the 7-day battery life functionality of Fitbit Surge or the 4-day battery lasting of Samsung Gear S3. If you want to have a device capable of dominating the market, it needs to be fully functional for at least two days in a row. Otherwise, it is just yet another piece of technology that requires charging every night. There is light in the tunnel as the Commonwealth Scientific, and Industrial Research Organisation (CSIRO) recently announced that there might be a way to harvest energy from hand movements. Fingers crossed Apple will integrate similar technology in Apple Watch 3.

–    Fitness and Sleep Tracking Accuracy

One of the main reason for Fitbit to still be part of the leaders in the wearables market is the fact that it accurately tracks sleep, steps, floors, etc.  The fitness tracking accuracy of some of the top smartwatches hasn’t been on a level where we want it to be, and this includes Apple Watch 2. Apple’s current smartwatch does not have integrated sleep and cycling trackers – there are apps, but the functions are not yet integrated. We hope to see these features included in the new Apple Watch.

–    Better security

This is one of the places where Apple can step in their game. CSIRO recently announced there might be a way to add one more layer of protection to the wearable tech – the smartwatches of the future may be able to learn your walking habits and only work with its respective owners. They will be able to recognize your way of movement when compared to someone else’s, making sure all you are the only person able to access information stored on the device. This is where Apple Watch 3 has a real opportunity to outshine the rest of the pack.

Would this be enough?

Most of these factors would simply get Apple to catch up with the rest of the pack unless Apple’s R&D team find a way for watches to start being sufficiently charged from movement; they managed to develop more fitness tracking options, and they increase the level of security. So whoever gets there first, will be the winner as achieving these innovations may be the tipping point that will add smartwatch devices to people’s daily routine! Imagine a future where your watch does not require charging, and you no longer have to take your wallet, phone, and keys with you. All you will need will be an intelligent smartwatch!

The post Does Apple Watch 3 have a chance against the competition? appeared first on Panda Security Mediacenter.

Read More