iOS 7 Bug Lets Anyone Bypass iPhone’s Lockscreen To Hijack Photos, Email, Or Twitter
By Andy Greenberg
Forbes Staff
9/19/2013
Forget the debate around the security or insecurity of the iPhone 5s’s
fingerprint reader. The latest version of the iPhone’s operating system
currently offers a gaping hole in its old-fashioned passcode lockscreen.
Jose Rodriguez, a 36-year-old soldier living in Spain’s Canary Islands,
has found a security vulnerability in iOS 7 that allows anyone to bypass
its lockscreen in seconds to access photos, email, Twitter, and more. He
shared the technique with me, along with the video above.
As the video shows, anyone can exploit the bug by swiping up on the
lockscreen to access the phone’s “control center,” and then opening the
alarm clock. Holding the phone’s sleep button brings up the option to
power it off with a swipe. Instead, the intruder can tap “cancel” and
double click the home button to enter the phone’s multitasking screen.
That offers access to its camera and stored photos, along with the ability
to share those photos from the user’s accounts, essentially allowing
anyone who grabs the phone to hijack the user’s email, Twitter, Facebook
or Flickr account.
I tested the technique on an iPhone 5 running iOS 7, and it worked.
Rodriguez’s video shows it working on an iPad, too. It’s not yet clear if
the same exploit can bypass the lockscreen of an iPhone 5s or 5c, but
Rodriguez tells me he believes it will. I’ve reached out to Apple for
comment and I’ll update this post if I hear from the company. Update: A
spokesperson from Apple tells me that the company “takes security very
seriously and we’re aware of this issue. We’ll deliver a fix in a future
software update.”
[…]
http://www.forbes.com/sites/andygreenberg/2013/09/19/ios-7-bug-lets-anyone-bypass-iphones-lockscreen-to-hijack-photos-email-or-twitter/
Tag: cell phones
UK and US spies have cracked BlackBerry's BES encryption
UK and US spies have cracked BlackBerry’s BES encryption
By Peter Sayer
Techworld
09 September 2013
The U.S. National Security Agency is able to read messages sent via a
corporate BlackBerry Enterprise Server (BES), according to a report by
German news magazine Der Spiegel. The purpose of this spying is economic
or political, and not to counter terrorism, the magazine hints.
The report, published in English on Monday, cites internal documents
leaked by former NSA contractor Edward Snowden.
Governments have long demanded that BlackBerry provide access to encrypted
messages carried by its email and BlackBerry Messenger (BBM) services, to
allow them to monitor for terrorist activity.
BlackBerry has complied in the case of its consumer-grade BlackBerry
Internet Service (BIS), notably providing the Indian government with
access to consumer messages. Indeed, Der Spiegel cited NSA documents
claiming that since 2009, analysts have been able to see and read
[…]
http://news.techworld.com/security/3467695/report-uk-and-us-spies-have-cracked-blackberrys-bes-encryption/
The ConnectED scheme: Proposed new $5 per year cellphone tax could be used to bring more U.S. schools online
The ConnectED scheme
Unwilling to ask Congress for extra funds to pay for high-speed Internet connections in schools, President Obama is instead looking to tack yet another charge on cellphones through the Federal Communications Commission. The new program, called ConnectED, would expand an existing school-wiring effort and cost each cellphone user about $5 a year, said White House officials.
President Obama’s plan to bring high-speed Internet connectivity to 99 percent of America’s school students. The five year scheme was revealed back in June and at the time, there was vague talk about raising taxes on phone bills to help pay for the initiative – except it wasn’t clear whether this was fixed or phones, or when such a tax would be implemented, if at all.
That question has been answered today, and it’s cellphone users who will be paying. White House officials, quoted in the New York Post, say each phone user will end up paying about $5 extra per year on their bill, or around $0.40 each month. It’s unlikely to break the bank, but it’s enough to notice.
The FCC is considering completely reworking the E-Rate. The goal will be to reach President Obama’s goal of providing 100 Mpbs-1 Gbps of bandwidth to schools serving 99 percent of students, and to provide wireless access inside schools. Allocating funding based on enrollment is one proposal, but the FCC is also considering cutting the top discount level, eliminating telephone service from the program, expanding eligibility of fiber leases, etc.
To see a brief list of the changes that the FCC is considering
For those with more time, here is the full Notice of Proposed Rulemaking (NPRM)
It’s worth reading the comments of Commissioners Rosenworcel and Pai at the end of the NPRM, as they lay out very different visions of what the reform should look like. And the FCC really does read the comments. I think comments from school districts are especially powerful. It’s pretty easy to file comments online; here are the FCC’s instructions: http://apps.fcc.gov/ecfs//userManual/ecfsmanual.jsp FYI, E-Rate comments should be filed in Docket 02-6.
Comments were due September 16, 2013.
E-RATE WASTE & FRAUD
The Criminal N.S.A.
By JENNIFER STISA GRANICK and CHRISTOPHER JON SPRIGMAN
June 27, 2013
Jennifer Stisa Granick is the director of civil liberties at the Stanford Center for Internet and Society. Christopher Jon Sprigman is a professor at the University of Virginia School of Law.
http://www.nytimes.com/2013/06/28/opinion/the-criminal-nsa.html
THE twin revelations that telecom carriers have been secretly giving the National Security Agency information about Americans’ phone calls, and that the N.S.A. has been capturing e-mail and other private communications from Internet companies as part of a secret program called Prism, have not enraged most Americans. Lulled, perhaps, by the Obama administration’s claims that these “modest encroachments on privacy” were approved by Congress and by federal judges, public opinion quickly migrated from shock to “meh.”
It didn’t help that Congressional watchdogs — with a few exceptions, like Senator Rand Paul, Republican of Kentucky — have accepted the White House’s claims of legality. The leaders of the Senate Intelligence Committee, Dianne Feinstein, Democrat of California, and Saxby Chambliss, Republican of Georgia, have called the surveillance legal. So have liberal-leaning commentators like Hendrik Hertzberg and David Ignatius.
This view is wrong — and not only, or even mainly, because of the privacy issues raised by the American Civil Liberties Union and other critics. The two programs violate both the letter and the spirit of federal law. No statute explicitly authorizes mass surveillance. Through a series of legal contortions, the Obama administration has argued that Congress, since 9/11, intended to implicitly authorize mass surveillance. But this strategy mostly consists of wordplay, fear-mongering and a highly selective reading of the law. Americans deserve better from the White House — and from President Obama, who has seemingly forgotten the constitutional law he once taught.
The administration has defended each of the two secret programs. Let’s examine them in turn. <snip>