iOS Users Facing Another Security Flaw

February 25th, 2014

Frustrated smartphone user

There’s a security flaw in Apple’s mobile operating system, iOS. No, it’s not the same flaw that we reported yesterday. That widely publicized flaw allows attackers to intercept data being sent between your phone and web servers and an update that fixes it is already available for most affected users. This new flaw, as Lance Whitney of CNet reports, allows for the remote capture of “every character the victim inputs” on an iPhone or iPad.

The vulnerability was uncovered by security firm FireEye. A keylogging app is able to run in the background of any iOS 7 device because of a flaw in the Background App Refresh setting.

You may be wondering what the danger of a hacker being able to monitor every press of your touchscreen, or home button, or volume controls is. Attackers aren’t just able to monitor when you touch your screen, but precisely where on the X and Y axis. That means that passwords and log-in credentials could be stolen. Your phone’s lock screen could also be compromised. Think of everything you use your phone or tablet for and then consider how dangerous it would be to have a stranger looking over your shoulder the entire time.

Unlike the SSL vulnerability that was revealed recently, this iOS vulnerability requires a malicious app to be installed on the device first. Of course, there are a number of ways an app can make it’s way to your iPhone. Apps downloaded directly from the official App Store are usually legitimate, however. So, these malicious apps would likely come from 3rd party app stores or email attachments.

Apple has publicly stated that they’re working with FireEye to create a patch to fix the problem. In the meantime, users can close any apps running in the background by double-tapping their Home button. Close any apps you aren’t currently using. If there’s an app running that you don’t recognize, there’s a good chance that it’s malware.

If you have a device that’s been infected with malware, bring it to Geek Rescue or call us at 918-369-4335.

Apple Security Flaw Requires Immediate Update

February 24th, 2014

iPhone

Over the weekend, Apple released an update to its mobile operating system, iOS. Version 7.0.6 for iOS 7 devices and 6.1.6 for iOS 6 devices were seemingly rushed out to fix a bug that put users’ data at a significant risk. At Gizmodo, Brian Barrett explains why iOS users should update their devices as soon as possible.

The bug, or security vulnerability, that Apple is now attempting to fix involves a flaw in the operation of SSL, which stands for Secure Sockets Layer. Using SSL allows for private and secure communications between your web browser and the servers it need to communicate with to access different websites. When you see the small lock icon appear in your browser’s address bar, that means that SSL is functioning and securing your connection to the site you’re currently on.

Without SSL, everything you send to a server and receive back is up for grabs. SSL verifies that your browser is contacting the correct server for the website it’s displaying, but the Apple bug prevents that from happening. This opens the door for what’s called “man in the middle attacks”, which refers to a third party intercepting data intended for someone else. So, your log-in credentials for any online account you have, payment information for an online purchase, emails and a number of other potentially costly possibilities can all be stolen and monitored by criminals.

The vulnerability affects not only browser Safari, but also Calendar, Facetime, Keynote, Twitter, Mail, iBooks and more. Any time you’ve used one of these apps on an unsecured network, which could be anything from free WiFi in a coffee shop to the network at your job that doesn’t require a password, all the data you’ve accessed and submitted could have been intercepted.

This flaw has an update for devices dating back to the iPhone 3GS and fourth generation iPod Touch. Any devices older than that likely won’t have an update available to fix the problem. This is also an issue for Mac users with the OS X operating system. While there’s a known vulnerability for Macs, there isn’t currently a patch or update to fix it.

While exploits of this vulnerability only recently began being spotted, the SSL flaw has been in both iOS and OS X since September of 2012. For the past year and a half, data has been available through a fairly simple exploit on one of the most popular mobile devices. If you haven’t already updated, do so now. If there isn’t an update available for your device yet, avoid using the affected apps on any unsecured networks.

Security vulnerabilities are a serious concern for any device. If you’ve experienced an attack and have a device infected with malware, or want to explore additional security options, contact Geek Rescue at 918-369-4335.

Four Ways Your iPhone Is Vulnerable To Attack

February 13th, 2014

iPhone

In Cisco’s Annual Security Report, they claim that 99-percent of mobile malware targeted Android in 2013. Whether or not that’s completely accurate, it’s safe to say that more threats exist for Android users than their iOS counterparts. That doesn’t mean, however, that security shouldn’t be a concern for iPhone users. As Tom Brewster of The Guardian reports, there were 387 documented security flaws in iOS in 2012 compared to only 13 for Android. When iOS debuted, another 70 flaws needed to be patched. The existence of flaws doesn’t mean attacks on them are inevitable, but it does illustrate how vulnerable iOS users are. Here are a few ways attackers could attack Apple devices.

  • Apps

Even if the base of iOS itself isn’t vulnerable to attacks, the apps that users add often are. One prominent flaw is the allowance of developers to switch the internet address that apps use to acquire data. Hackers are able to exploit this flaw and associate an otherwise legitimate app with their own malicious site. This allows the attackers to execute a variety of malicious actions on a user’s device.

  • App Store

Legitimate apps often contains security vulnerabilities, but there’s only been one documented case of a malicious app being allowed into the official App Store. That likely won’t be the case for long, however. Researchers have already demonstrated ways for a harmful app to be approved by Apple and earn a spot in the app store. One demonstrated app works legitimately when tested by Apple, but is able to rearrange its code when it’s downloaded by users to steal data and remotely control certain functions of the the device.

  • Public Networks

Insecure WiFi opens up a number of possible attacks, regardless of what device you’re using to access it. Not only does data being sent to and from your device become vulnerable, but data stored insecurely on your device could also be vulnerable to an attack. While these dangers aren’t limited to iOS users, the perceived security of Apple devices often leads to iPhone users being more cavalier in the use of their device, which can lead to valuable data being stolen with little effort.

  • Fake Certificates

This is another threat that isn’t limited to iOS, but certainly is a threat worth understanding. The use of fake, or stolen, security certificates is a growing trend in cyber attacks and allows for malicious programs to be accepted and executed. For example, an email that appears to be from a legitimate source asks users to download an application, update or even just a document. Without a trusted certificate, users would be warned about the download. With a false certificate, or one stolen from a legitimate source, an application is accepted as trusted by the operating system and malware is allowed to infect your device.

Protecting against these vulnerabilities often requires users to be more careful about how they use their devices. Understanding that your iPhone isn’t completely immune from common threats is important.

If you find that one of your devices has been infected by malware, call Geek Rescue at 918-369-4335.

 

 

Details On The Soon-To-Be-Released iOS Update

February 10th, 2014

Two iPhones

Apple’s mobile operating system, iOS 7, was released in September and since then, more than 80-percent of users with supported devices have adopted it. After a few rounds of beta updates, Apple seems poised to release the first significant update to iOS 7. As JC Torres of Slash Gear reports, iOS 7.1 is rumored to be released in March.

Don’t expect 7.1 to break any new ground, however. For the most part, the update is being released to fix common bugs and functionality issues users have reported, not to improve existing features or introduce many new features.

You can expect a few visual tweaks. The slide to unlock, dialer, keyboard and music functions are all expected to look a little different in iOS 7.1. When sliding to turn off your iPhone, you’ll rounded slider at the top of your screen and a white cancel button at the bottom. Slight adjustments to the slide to unlock screen and animation are also being made.

When answering calls, you’ll have the option to accept or decline in green and red circles, instead of rectangles. You’ll also have actual icons above those options for ‘Remind Me’ or ‘Message’.

The dialer has become visually more attractive with color gradients and accents. The large green ‘Call’ rectangle has also been replaced with a smaller, circular phone icon.

In the music app, users may notice more prominent buttons for repeat and shuffle options. Those are now ‘Repeat Song’ and ‘Shuffle All’ and have a pink background behind them.

Another minor change comes in the keyboard, where the shift and delete buttons are now more prominent and easier to discern.

There are also new options in Calendar and animation tweaks to the Control Center and Messages.

Perhaps the most exciting change coming wrapped in iOS 7.1 is iOS in the Car. This new features allows you to connect your iPhone to compatible cars and display iOS content like maps, directions and messages on the navigation screen.

The other exciting news surrounding the coming iOS update is a promised fix for the infamous ‘white screen of death’. This glitch has been causing many users to suffer unexpected reboots and crashes. Users of the iPhone 5S, iPad mini with Retina and iPad Air have all reported this problem.

If your Apple device’s problems can’t be fixed by an iOS update, call Geek Rescue at 918-369-4335 or come see us. We fix hardware and software problems, as well as malware infections and more.

 

Tablet Showdown: Kindle Fire HDX Versus Apple iPads

January 29th, 2014

iPads

About a third of Americans over the age of 18 own a tablet. That kind of wide spread adoption means there’s always a large portion of people in the market for a new device. The most popular options are generally regarded as the Apple tablets, but Amazon’s offering of the Kindle Fire has gained a fair share of the market. At Gizmag, Will Shanklin pitted the Kindle Fire HDX 8.9 against both the iPad Air and the Retina iPad Mini. Here are the results.

  • Hardware

The first thing most consumers look at when buying a tablet is screen size. These three represent the full range of options. The iPad Mini at 7.9-inches is the smallest of the bunch. The Kindle Fire HDX offers an 8.9-inch screen, while the iPad Air is a full-size 9.7-inches. While each offers high resolution displays, the Kindle is actually the sharpest. It features 339 pixels per inch, compared to 326 on the iPad Mini and 264 on the iPad Air. The nod also goes to the Kindle for color accuracy.

In the actual construction of the tablets, the Apple products boast that familiar anodized aluminum, while the Kindle is matte plastic.

All three devices feature typical battery life of about nine to ten hours, which is outstanding. And all three feature powerful processors that are more than capable of handling your typical uses.

  • Software

The most notable difference between these tablets is the app store. While the Apple tablets have the largest selection of apps, the Kindle suffers a bit from limited selection. Amazon’s Appstore features fewer options than Google Play, but for most users that won’t be a big issue. All the most popular apps, like Facebook, Twitter, Netflix, Candy Crush and Angry Birds are available. The advantage for Kindle adopters is the inclusion of the Mayday button, which allows you to instantly connect with a customer service representative. Don’t worry, while you can see them, they only see your screen.

Apple users will have Siri and those other familiar services all starting with ‘i’. There are also Google services apps available that aren’t for the Kindle.

  • Price

The cost of each device will make the decision for many users. The Kindle Fire HDX is the cheapest retailing at $380 for the 16 GB model. The 16 GB Retina iPad Mini starts at $400 and the iPad Air at $500. You’re getting a top of the line tablet with any of these choices, but that’s understandably not always worth the money.

Regardless of what tablet you choose, Geek Rescue fixes it when you have problems. For malware, software or hardware issues, call us at 918-369-4335.

Use Your iOS Device More Efficiently With These Tips

January 27th, 2014

iPad mini

There are still some users who don’t enjoy interacting with Apple’s iOS on their iPhone or iPad. For many of these users, their frustrations stem from not knowing the full capabilities and functionality of the operating system. At LifeHacker, Whitson Gordon has a list of shortcuts that make interacting with iOS more efficient. While some more advanced users will know many of these, there’s something for everyone to learn.

  • Pull down to refresh

For most users, this has become intuitive. But, some don’t realize that this gesture refreshes in nearly every situation. Pulling your email’s inbox down to check for new messages may be common knowledge, but you can also pull down a webpage to re-load it or pull down an app to refresh the content. Just make sure you pull down until you see an icon, then release to refresh.

  • Swipe for timestamps or more options

One common complaint about messaging in iOS is that timestamps aren’t included. Actually, they are but they’re not visible. To see when a message was sent or received, swipe left on the message. Use the same swipe over an email in Mail inbox to see more options, like a quick way to delete.

  • Swipe to go back

This is another gesture that works in nearly any situation in iOS. To go back one screen, or even back to the previous webpage, swipe from left to right. If you swipe slowly, you’ll be able to preview the previous screen before you decide to go back. If you swipe the opposite direction in Mail or Safari, you can go forward a screen.

  • iPad’s split keyboard

It feels a little cumbersome typing on an iPad’s digital keyboard. There’s a second option that not everyone knows about, however. Hold down the keyboard key, or just simply pull the keyboard apart to get a more comfortable split keyboard. Now, you can type with your thumbs like you do with a smartphone and you can move the keyboard to anywhere on the screen.

  • Quick event changes in Calendar 

If an event you’ve stored in Calendar needs to be changed, you could edit it and type in the new details. An easier way, however, is to hold down on the event in Day mode, then move the event to a new day or time, or even change the duration.

  • Quickly view drafts in Mail

Any saved drafts of messages are available in Mail’s main menu with the rest of the folders, but to reach them quicker, just hold down on ‘Compose’. A list of your drafts will pop up as a menu you can choose from.

These tips allow you to access functions of your Apple device faster and use it more efficiently. If you have other problems with your device, like slow performance, malware infections or broken hardware, come by Geek Rescue or give us a call at 918-369-4335.

Apps And Tips To Secure Your iPhone

January 24th, 2014

Smartphone lock screen

Previously, we outlined three security vulnerabilities that exist on your iPhone. With malware and hackers targeting iPhones more than ever, you not only need to know where you are vulnerable, but also how to protect your device. Steve Bell of Bullguard has a list of tactics and apps that will improve the security of your iPhone.

  • Find My iPhone

This isn’t technically an app, although there is one available. Find My iPhone is well-known, but it’s an indispensable tool. To activate it, go to your iPhone’s settings, then select ‘iCloud’ and check the ‘Find My iPhone’ option. Then, if your phone is lost, you’ll be able to log-in to iTunes and see its current location, display a message on its screen, play a sound, lock it or wipe it clean. The Find My iPhone app lets allows you to find other iOS devices from your iPhone. Also, consider using GadgetTrak, which offers similar features to Find My iPhone but will also use your phone’s camera to take a picture of its surroundings or its thief.

  • Passcode Lock

There are a large number of iPhone users that don’t lock their phones with any type of passcode. While locking your phone doesn’t provide robust security, an unlocked phone is a much more attractive target for criminals. Set a passcode by going to the general settings menu and selecting ‘Passcode Lock’. It’s also important to make sure that no one can use Siri unless your iPhone is unlocked. This is a slight security vulnerability that can be fixed by turning your phone on to the passcode screen and sliding the Siri slider to off.

  • Encrypt Back-ups

Using your computer to back-up data is a great idea in case your phone is lost or stolen or data is corrupted. But, storing it unencrypted makes it easy for hackers to steal it if they gain access to your computer. Make sure when you sync your iPhone or iPod to your computer with iTunes, you encrypt the data you back-up.

  • Hotspot Shield VPN

If you regularly connect to public WiFi and want to be able to log-in to online accounts or shop online with your phone, you need this app. A VPN encrypts the data you transmit while connected to a wireless network so it can’t be intercepted and stolen. Hotspot Shield also protects you from spam, phishing and malware. Using a unsecured network is a common way your identity is stolen or device infected. Using a VPN is a great way to protect yourself.

Sometimes, the best defense against cyber crime is to be smart about how you use your iPhone. Don’t download apps outside the official app store, don’t download email attachments and don’t enter personal information over an unsecured network. Avoiding the cause of issues helps you stay safe.

If any of your devices are having issues, like slow performance or malware infection, come by Geek Rescue or call us at 918-369-4335.

 

Three Security Vulnerabilities For iPhone Users

January 24th, 2014

iPhone

Recently, we’ve concentrated on the various threats associated with Android devices and their users. But there are security threats for Apple device users to concern themselves with also. With more than 300-million active iPhones in use today, Apple products make an attractive target for cyber criminals. At the Bullguard blog, Steve Bell revealed three of the most troubling security vulnerabilities associated with iPhones. These vulnerabilities come from studies focusing on banking apps specifically, but also suggest other potential security flaws in other downloaded apps.

  • SSL Certificates

In order to secure connections between a web server and a browser, SSL certificates are used. These are small data files that contain a cryptographic key protecting the information being transmitted. This presents man in the middle attacks because if the data is intercepted without the proper key, it will remain encrypted. About 40-percent of the banking apps examined failed to validate the authenticity of SSL certificates used during transactions. That means any criminal who is able to intercept the data being transferred would be able to steal it and read it. Considering what type of valuable information you would commonly transmit using a banking app, that’s extremely troubling.

  • JavaScript Injections

Half of the apps studied were found to be vulnerable to JavaScript injections, which are able to inject JavaScript code into websites. This particular vulnerability exists in a Safari component that allows for web content to be embedded into apps. Through this vulnerability, attackers would be able to send text messages and make phone calls from your iPhone.

  • Unprotected Links

Many apps contain links that take users out of the app and onto the open web. These links can cause problems of their own if not properly implemented. In this study, nine out of ten of the banking apps contained non-SSL links to otherwise legitimate and trusted websites. Without the protection of encryption, however, these links are incredibly vulnerable to attacks. Data transmitted after following those links could be intercepted and criminals could even reroute users to a spoofed site in order to steal log-in credentials.

Apple’s iOS is considered a well-crafted, essentially secure environment, but vulnerabilities still exist with the introduction of apps. Though these apps may be found in the official App Store, they can still contain flaws that compromise your entire iPhone’s security.

If your having issues with your iPhone, or any of your devices, bring them to Geek Rescue or call us at 918-369-4335.

Fix For iOS 7 Reboot Bug Coming Soon

January 23rd, 2014

iPhone 5C being examined

Apple’s latest operating system, iOS 7, was initially made available to users in September. Since then, there have been a number of complaints, but overall it’s been accepted positively. That is, except for one incessant bug that has plagued a number of users and has no fix. As Adario Strange reports at Mashable, the so called “white screen of death” may be cured in the next couple months.

The bug, which has been reported by users since iOS 7 first hit their iPhones, causes devices to suddenly freeze and then reboot. It’s unclear exactly what causes the soft reboot. Some users claim it only happens when their battery dips below 30-percent, while others report they’ve experienced a sudden reboot at various levels of battery.

Up until now, complaints of users have been largely ignored by Apple, but an official statement about when users can expect a fix has finally come out. Apple says they have a fix for the bug, but there is no exact date for when that fix will be released. Most likely, users will have to wait for the release of iOS 7.1, which is currently in its fourth beta. In addition to the bug fix, the update will likely make some other minor changes to design and the user interface. However, it won’t be available until sometime in March.

This particular fix will have to come from Apple, but for other problems with your iPhone or any other device, call Geek Rescue at 918-369-4335.

Older Macs Susceptible To Webcam Attacks

December 20th, 2013

Woman using Mac webcam

Security researchers have reported previously that hackers and some forms of malware can claim control of your computer’s webcam. In some instances of ransomware, the webcam is used to capture an image of the user in an intimidation attempt. In other cases, the webcam can be used without the users knowledge to spy on unsuspecting victims. Lucian Constantin of Network World reports that users with older Macs are particularly susceptible to this form of cyber attack.

On iMac and MacBook computers manufactured before 2008, first generation iSight webcams were used. These webcams have their LED light, which indicates when the webcam is in use, linked directly to the image sensor. When the LED is on, it means the webcam is capturing images, but hackers have found a way to alter the webcam’s firmware so the light doesn’t come on while the camera is active.

Not only does this allow spying on users without their knowledge, but being able to modify the webcam’s firmware also allows for malware to infect a Mac from a virtual machine. To do so, hackers would need to reprogram the webcam to act as a keyboard.

To defend against this type of attack, an extension could be created that blocks certain USB device requests. With a defense such as this in place, a hacker would need root access to alter the webcam’s behavior.

The most impenetrable defense would need to come in the form of a hardware redesign of the camera itself, which would make it impossible to disable the LED indicator. Researchers have already sent suggestions to Apple, but have yet to hear back.

Users who have an older Mac computer can take one easy precaution to prevent spying. That’s put tape, or a bandage, over the webcam. This doesn’t prevent malware infections, however that type of attack is extremely rare, at least for the time being.

If your device has been attacked or you’d like to improve your security, call Geek Rescue at 918-369-4335.