Tag Archive for iphone

Apple Covered a Mass Hack on 128 Million iPhone Users in 2015

 

Apple and Epic are now embroiled in a legal dispute, and as a result, some shocking material has surfaced on the internet. Epic recently demonstrated Apple's desire to conquer the industry by deciding not to unleash the iMessage platform on Android. Now, according to a recent email filed in court, Apple decided not to alert 128 million iPhone users of its first-ever mass hack. This was back in 2015 when the iPhone 6s series was first introduced. 

The massive hack was first discovered when researchers discovered 40 malicious App Store applications, which quickly grew to 4,000 as more researchers looked into it. The apps included malware that turned iPhones and iPads into botnets that stole potentially sensitive user data. 

According to an email filed in court last week in Epic Games' litigation against Apple, Apple managers discovered 2,500 malicious apps on September 21, 2015, that had been downloaded a total of 203 million times by 128 million users, 18 million of whom were in the United States. 

“Joz, Tom, and Christine—due to the large number of customers potentially affected, do we want to send an email to all of them?” App Store VP Matthew Fischer wrote, talking to Apple's Greg Joswiak, senior vice president of worldwide communications, and Tom Neumayr and Christine Monaghan, who work in public relations. 

The email continued: "If yes, Dale Bagwell from our Customer Experience team will be on point to manage this on our side. Note that this will pose some challenges in terms of language localizations of the email, since the downloads of these apps took place in a wide variety of App Store storefronts around the world (e.g. we wouldn’t want to send an English-language email to a customer who downloaded one or more of these apps from the Brazil App Store, where Brazilian Portuguese would be the more appropriate language)." 

Bagwell talks about the complexities of notifying all 128 million impacted customers, localizing updates to each user's language, and "accurately including the names of the applications for each client" about 10 hours later. 

Unfortunately, it seems that Apple never carried out its plans. There was no indication that such an email was ever sent, according to an Apple spokesperson. Apple instead released only this now-deleted article, according to statements the representative submitted on background—meaning I'm not allowed to quote them.

An Award-Winning iPhone Hack Used by China to Spy on Uyghur Muslims

 

According to a recent article, the Chinese government used an award-winning iPhone hack first uncovered three years ago at a Beijing hacking competition to spy on the phones of Uyghur Muslims. The government was able to successfully tap into the phones of Uyghur Muslims in 2018 using a sophisticated tool, according to a study published Thursday by MIT Technology Review. 

For years, the US government and other major technology firms have recognized that China has been waging a violent campaign against ethnic minorities using social media, phones, and other technologies. The movement also attacked journalists and imitated Uyghur news organizations. 

According to MIT Technology Review report the hacking vulnerability was discovered during the Beijing competition. The Tianfu Cup hacking competition began in November 2018 in China as a way for Chinese hackers to discover vulnerabilities in popular tech software. According to the paper, the competition was modeled after an international festival called Pwn2Own, which attracts hackers from all over the world to show technical bugs so that marketers can discover and patch defects throughout their goods. 

However, China's Tianfu Cup was designed to enable Chinese hackers to show those vulnerabilities without exposing them to the rest of the world. According to the paper, this will enable the Chinese government to use those hacking methods found at the event for their own purposes. 

The very first event took place in November of 2018; Qixun Zhao, a researcher at Qihoo 360, won the top prize of $200,000 for demonstrating a remarkable chain of exploits that helped him to easily and reliably take control of even the newest and most up-to-date iPhones. He discovered a flaw in the kernel of the iPhone's operating system, originating from inside the Safari web browser. 

What's the end result? Any iPhone that accessed a web page containing Qixun's malicious code might be taken over by a remote intruder. It's the type of hack that could be traded on the black market for millions of dollars, allowing hackers or governments to spy on huge groups of people. It was given the name "Chaos" by Qixun. 

Apple patched it two months later, but an analysis revealed that it had been used by the Chinese government to hack Uyghur Muslims' iPhones in the interim. After US surveillance found it and confirmed it to Apple, the company released a low-key press release acknowledging it, but the full scale of it wasn't understood until now.

A Bug in iPhone Call Recording App Exposed Clients Data

 

A security vulnerability in a famous iPhone call recording application exposed thousands of users' recorded conversations. The flaw was found by Anand Prakash, a security researcher and founder of PingSafe AI, who tracked down that the aptly named Automatic Call Recorder application permitted anybody to access the call recordings from different clients — by knowing their phone number. 
 This application can track and record calls without an internet connection and can alter the voices of recordings, upload them to Dropbox, Google Drive, or One Drive, and also can translate in up to 50 dialects. All the client information gets stored in the company’s cloud storage on Amazon web services. This cloud storage has somewhere around 130,000 audio recordings that make up almost 300 GB. 

 Security circumstances like this are disastrous. Alongside affecting client's security, these issues likewise debilitate the organization's image and give an additional benefit to the contenders, said Anand Prakash. “This wasn’t just a violation of data privacy but also affected the users physically and at cyber risk, if their recorded conversations carry sensitive personal information. App makers that go wrong in investing in their cybersecurity must accept that the fines they could face for non-compliance with data privacy laws are extremely expensive – not to mention the cost of losing their customers' trust” he added. 

The bug was detected by Anand Prakash on the 27th of the last month when he was able to modify the web traffic and supplant the enlisted telephone number with someone else's number utilizing a proxy site called Burp, which gave him admittance to that person's call records and details. Fortunately, the bug was fixed by Saturday, March 6th, and the glitch-free version was launched in the Apple App Store. 

The call recorder clients were advised to uninstall the previous variant and download the latest rendition that is 2.26 or newer which is accessible on the Apple App Store. The paid variant is $6.99 for 7 days; additionally, they allow a three-day trial period. Their most basic monthly membership costs $14.99, with a 12 months advance, and has a few other options as well.

Apple Deliberately Restricts Old Versioned iPhones’ Performance; Gets Fined!



Apple, the technology giant famously known for its partially eaten logo among other things, was recently fined by France’s authority that regulates competition in the country, mentioned sources.

This apparently isn’t the first time that Apple has been fined by governmental authorities but it hasn’t mattered to the multi-million organization much before because of its money replenishing power.

Per reports, the reason behind this charging happens to be Apple’s voluntarily keeping the fact from its users that the software updates it released in 2017 could limit the functioning of the older versions of iPhones.

According to sources, Apple never updated its users that the time-worn batteries of the older iPhones, namely, iPhone 7, iPhone 6, iPhone SE and such wouldn’t be able to manage the increased battery usages.

The Directorate-General for Competition, Consumption and the Suppression of Fraud (DGCCSF) is the aforementioned body that in one of its reports elaborated upon how Apple’s software updates hindered the proper performing of older models of iPhones and how the company never realized their duty to enlighten the users about it.

The updates in question basically curbed the performance levels of iPhones to thwart excessive energy consumption of older versions of the phones, eventually trying to ward off a total crashing down of the devices.

The users could go back to older software versions or replace the battery and their iPhones could have a chance at working like they formerly did. The issue is a good initiative and has a solution but how are the people to know about this and act accordingly, if they aren’t duly apprised by Apple?

And what’s more, Apple restricted the users from returning to their previous software types, meaning the users couldn’t do much about the situation anyway!

Sources mentioned that Apple agreed to pay the fine of around $27.4 million for purposely limiting the performance of older iPhones and not alerting the users about it.

There was quite a hullabaloo outside of France as well regarding the same issue including lawsuits that got Apple to publicly apologize and offer free battery exchanges for affected devices.

As per sources, an Italian agency too had fined Apple and Samsung for not conspicuously informing the users on how to replace batteries.

But, $27.4 is next to nothing for a gigantic tech name like Apple. It would, with no apparent trouble, stock back the amount of money in just 2roper to 3 hours!

Google Maps…Creepy or Useful?



Whether Android or iPhone there is no denying that Google is there for all of us, keeping a track log of our data in a "Timeline" that unequivocally shows wherever we've been, which while in some cases is amazingly valuable and helpful yet for the rest it’s downright creepy.

The creepy degree of details range from like precisely the time at which the user left for home, arrival at home, the exact route taken along the way, pictures taken in specific locations and then some.

It'll show them if they were driving, strolling or on a train, and any pit stops they may have made during their journey. Like here is an example including a user's stop for lunch, and a meeting they took with Snapchat on the Upper West side earlier in the day.



Zoomed in, one can see the exact course taken to arrive and where the car was parked.


And hence there's no reason as to why Google has to know this much information about any user, except if they truly care about things like Google's recommendations based on where they've been.

So there are a couple of ways the user can recover their privacy. First, here’s how the user can delete everything Google Maps currently knows about them:

  • Open Google Maps on your iPhone or Android phone.
  • Tap your profile picture on the top-right. 
  • Choose “Your data in Maps.” 
  • Choose “See & Delete activity.” 
  • Hit the menu button on the top-right of the page and select “Settings.” 
  • Choose “Delete all location history.” 


 And here’s how the user can set it up so Google automatically deletes all this location data every three months:

  • Open Google Maps on iPhone or Android. 
  • Tap the menu bar on the top-left of the app. 
  • Choose “Your Timeline.” 
  • Tap the three dots on the top-right of the screen. 
  • Choose “Settings and privacy.” 
  • Select “Automatically delete location history.” 
  • Change the setting from “Keep until I delete manually” to “Keep for 18 months” or “Keep for 3 months.” 


 Or, if the user doesn’t mind Google tracking them day to day but just want to stop it for a little while, they can simply turn on Incognito mode in Maps by doing this:


  • Open Maps on your iPhone or Android phone. 
  • Tap your profile picture on the top-right. 
  • Choose “Turn on Incognito mode.”