Category: Apple


Anyone Can Bypass Your iOS 7 Lockscreen to See (and Share!) Your Photos

Got fancy new iOS 7 on that iPhone of yours? Beware. There’s a super simple bug that can let anyone blow right by your lockscreen and look through your pictures, and even share them.

The process was discovered by Jose Rodriguez, and even though it has quite a few steps, it’s super easy to master. Here’s how it works:

  • Swipe up on the locked phone to get to the control panel
  • Open the stopwatch app
  • Go over to alarm clock
  • Hold the power button until you get the “Power down” prompt
  • Hit the cancel button and immediately hit the home button twice, holding it down just a little longer on the second press. Like, buh-baah. It takes a try or two to get the hang of.

Then, bam, you’re in the target’s multitasking menu and can start goofing around. If you go to the camera app, you’ll be treated to unrestricted access to the Photo Stream, and can share the pictures from there with email, Twitter, and more. It’s pretty scary. This isn’t the first time a bug like this has showed up in iOS either. Hopefully it’s the last.

We were able to replicate the bug on an iPhone 4s and an iPhone 5, and Jose. We can’t tell for sure if it works on the iPhone 5S or 5C yet, but there’s little reason to think it wouldn’t.

We’ve reached out to Apple for comment, and there’s no doubt they’ll be issuing a fix in the near future. But in the meantime, just be aware that your photos aren’t safe from prying eyes. The prying eyes of an up-to-date nerd, at least.

Update: You can fight this by turning off the Control Center access on the lockscreen. Just go to Settings, Control Center, and set Lockscreen Access to off. But man, lockscreen Control Center is awesome and it’s on by default. So maybe just don’t leave your phone with creeps?

Ryan says: I’ve been able to get into iPhone’s for a LONG time now.. when is Apple fixing these holes?

Researchers describe hacking iOS devices with malicious charger

Researchers from the Georgia Institute of Technology will be demonstrating a proof-of-concept method of hacking an iPhone using a malicious USB charger. Billy Lau, Yeongjin Jang, Chengyu Song announced the demonstration for Black Hat USA 2013, an annual conference for hackers and security researchers that begins on July 27th in Las Vegas.

The short version is the three researchers found a way to use USB protocols to bypass some of Apple’s security features in iOS that prevent unauthorized software from being installed on your iOS device. The three built a charger based on a BeagleBoard (see below)—a US$125 computer-on-a-circuit-board—that was able to successfully insert malware onto an iPhone plugged into it.

Worse, they can do so in under a minute.

“Despite the plethora of defense mechanisms in iOS, we successfully injected arbitrary software into current-generation Apple devices running the latest operating system (OS) software,” the researchers wrote on their BlackHat presentation description. “All users are affected, as our approach requires neither a jailbroken device nor user interaction.”

In the demonstration, they said will discuss Apple’s existing security mechanisms that protect against “arbitrary software installation,” which in layman’s terms essentially means malware. They will then describe how standard USB capabilities can be, “leveraged to bypass these defense mechanisms.” To finish it off, they will demonstrate how this same process can be used to then hide the resulting malware from the user the same way Apple hides its own built in software.

The three researchers named their malicious charger “Mactans.”

The BeagleBoard it is based on is an off-the-shelf circuit board that can be used to create all manner of tiny computing devices running Angstrom (Open Embedded), Debian, Ubuntu, and Gentoo. There are other BeagleBoard products as well, including a slightly larger model with a 1GHz Sitara ARM Cortex-A8 processors that can run Android.

The point the researchers are making is that their method can be accomplished with readily available technology.

“While Mactans was built with limited amount of time and a small budget,” they wrote, “we also briefly consider what more motivated, well-funded adversaries could accomplish.”

The researchers will offer methods for protecting yourself against such an attack—we’ll throw out that you should probably be choosy about using a charger whose provenance you can’t verify—and what Apple can do to make this attack, “substantially more difficult to pull off.”

Source: UPI

Most of you know about our PC repair services, but did you know we fix/repair/unlock cellphones & tablets? Did you also know that we offer the lowest prices in the Fraser Valley and will price match and BEAT any competitor price? Now you do.

We repair all Smartphones / iPhones for :

* Broken LCD Screens & Touch Screen Replacement
* Water and other Liquid Damage Repair / Corrosion Clean Up
* Phone Data Recovery – Photos, Music, Text Messages
* No Power / Phone does not turn on
* Charging Problems / Charging Controller / Charging Port Replacement
* Battery Replacement (200+ Batteries in stock)
* Staticky, Crackling Speakers & Microphones
* Home Button / Power Lock Button Replacement
* Malfunctioning button, Trackball, Trackpad and Keypad
* Malfunctioning SIM card readers / NO SIM Reading Fix
* Software problems, upgrades and reflashing (All Models)
* Language change
* JTAG Service (Android Phones)
* Unknown Baseband, IMEI missing
* Password Protected / Disabled Phones / Pattern Lock Reset (Samsung)
* Jailbreaking — iPhone, AppleTV 1 & 2 + FREE TV & MOVIES + FREE APPS
* Rooting — Most Android Models — Custom Rom Reflashing Available

We unlock ALL Smartphones For :

* iPhone 2G/3G/3GS (Most iOS Versions)
* iPhone 4/4S – Factory unlock Fido/Rogers/Telus/Koodo/AT&T/Bell
* iPhone 5 – Factory unlock Telus/Koodo/AT&T/Rogers/Fido
* iPhone 4S/5 unlocking for iOS 5.x, 6.1.3 and below!
* BlackBerry, Samsung, LG, HTC
* Nokia, Motorola, Sony Ericsson, Huawei, Alcatel and other Overseas Models.

– iPhone Factory unlock for USA, UK, Brazil, Australia, France, Spain, Ireland, Netherlands, Denmark, Norway, Chile, Switzerland, Sweden, Saudi Arabia, Norway, Romania, Japan, etc.

As always, we DO NOT charge for repairs that cannot be performed.

180 Warranty on ALL parts & Labour – We ONLY use OEM Factory Parts.

Call the shop if you need a price quote, make sure to ask for Ryan.

Apple finally fixes App Store flaw by turning on encryption

Apple has finally fixed a security flaw in its application store that for years has allowed attackers to steal passwords and install unwanted or extremely expensive applications.

The flaw arose because Apple neglected to use encryption when an iPhone or other mobile device tries to connect to the App Store, meaning an attacker can hijack the connection. In addition to a security flaw, the unencrypted connections also created a privacy vulnerability because the complete list of applications installed on the device are disclosed over Wi-Fi.

It also allows the installation of apps, including extremely expensive ones that top out at $999.99, without the user’s consent, which can create serious consequences because Apple doesn’t give refunds. To do this, an attacker needs to be on the same private or public Wi-Fi network, including, for example, a coffeeshop, hotel, or airport network.

Security researcher Elie Bursztein discovered the vulnerability and reported it to Apple last July. Apple fixed the problem in a recent update that said “content is now served over HTTPS by default.” Apple also thanked Bernhard Brehm of Recurity Labs and Rahul Iyer of Bejoi.

Bursztein, who works at Google, in Mountain View, Calif., but emphasized this was work done at home in his spare time, published a personal blog post today that described details about the App Store vulnerability and included videos of how an attacker was able to steal passwords or install unwanted apps.

Publicizing this flaw, Bursztein said, highlighted how necessary encrypted HTTPS connections were. “Many companies don’t realize that HTTPS is important for mobile apps,” he said. But if they rely on Web connections or Webviews, he added, they are vulnerable to attacks: “Providing a concrete example seems a good way to attract developer attention to the issue.”

As a postdoctoral researcher at Stanford University, Bursztein published research that included demonstrating flaws in Captchas and the Web interfaces of embedded devices. At the Defcon conference in Las Vegas two years ago, he demonstrated how to bypass Windows’ built-in encryption that Web browsers, instant messaging clients, and other programs used to store user passwords.

Bursztein’s blog post comes a day after Apple’s marketing chief, Phil Schiller, took a security-related swipe at Google on Twitter by pointing to a report on the rise of Android malware.

 

Source: CNET

Apple Is Beta-Testing A Fix For Evasi0n Jailbreak

All good jailbreaks must come to an end.

Late last week Apple released an update for iOS to developers in beta that prevents the use of the popular jailbreak software evasi0n, according to one of evasi0n’s creators who tested the patch over the weekend, David Wang.

Wang tells me that he’s analyzed the 6.1.3 beta 2 update and found that it patches at least one of the five bugs the jailbreak exploits, namely a flaw in the operating system’s time zone settings. The beta update likely signals the end of using evasi0n to hack new or updated devices after the update is released to users, says Wang, who says he’s still testing the patch to see which other vulnerabilities exploited by the jailbreak might no longer exist in the new operating system.

“If one of the vulnerabilities doesn’t work, evasi0n doesn’t work,” he says. “We could replace that part with a different vulnerability, but [Apple] will probably fix most if not all of the bugs we’ve used when 6.1.3 comes out.”

That impending patch doesn’t mean evasi0n’s time is up, says Wang. Judging by Apple’s usual schedule of releasing beta updates to users, he predicts that it may take as long as another month before the patch is widely released.

When evasi0n hit the Web earlier this month, it quickly became the most popular jailbreak of all time as users jumped at their first chance to jailbreak the iPhone 5 and other most-recent versions of Apple’s hardware. The hacking tool was used on close to seven million devices in just its first four days online.

Despite that frenzy, Apple has hardly scrambled to stop the jailbreaking.  Evasi0n has already gone unpatched for three weeks. That’s far longer, for instance, than the nine days it took Apple to release a fix for Jailbreakme 3.0, the jailbreak tool released in the summer of 2011 for the iPhone 4, which was by some measures the last jailbreak to approach Evasi0n’s popularity.

Apple’s slow response to Evasi0n is explained in part by the relatively low security risk that the tool poses. Unlike Jailbreakme, which allowed users to merely visit a website and have their device’s restrictions instantly broken, Evasi0n requires users to plug their gadget into a PC with a USB cable. That cable setup makes it far tougher for malicious hackers to borrow Evasi0n’s tricks to remotely install malware on a user’s phone or tablet.

Security researchers have nonetheless pointed out that Evasi0n could give criminals or spies some nasty ideas. The tool uses five distinct bugs in iOS, all of which might be appropriated and combined with other techniques for malicious ends. And F-Secure researcher Mikko Hypponen points out that if a hacker used a Mac or Windows exploit to compromise a user’s PC, he or she could simply wait for the target to plug in an iPhone or iPad and use evasi0n to take over that device as well.

More likely, perhaps, is a scenario described by German iPhone security researcher Stefan Esser. He argues that a hacker could use a secret exploit to gain access to an iPhone or iPad and then install evasi0n, using the jailbreaking tool to hide his or her tracks and keep the secret exploit technique undiscovered by Apple and unpatched. “That way they protect their investment and leave no exploit code that could be analyzed for origin,” Esser wrote on Twitter.

Apple already has a more pressing security reason to push out its latest update. The patch also fixes a bug discovered earlier this month that allows anyone who gains physical access to a phone to bypass its lockscreen in seconds and access contacts and photos.

When Apple’s update arrives, the team of jailbreakers known as the evad3rs may still have more tricks in store. Wang tells me that the group has discovered enough bugs in Apple’s mobile operating system to nearly build a new iOS jailbreak even if all the bugs they currently use are fixed.

But then again, Wang says he hasn’t yet been able to check Apple’s patch for every bug it might fix–either the ones evasi0n employs or those he and his fellow hackers had hoped to keep secret for their next jailbreak. “If they patch most of the bugs,” Wang says. “Then we’re starting from scratch.”

Ryan says:  We’re offering our customers the opportunity to Jailbreak their iPhone 5 for FREE until the end of March! – Call Ryan to book an appointment!

Source: Forbes

Upgrading RAM on the new iMac is practically impossible

The electronics website iFixit on Friday downgraded the new 21.5-inch iMac’s repair score to 3 out of a possible 10, calling servicing the computer “an exercise in disappointment.”

The website urged do-it-yourselfers to look for a leftover 2011 model instead. “Hackers, tinkerers, and repairers be forewarned: Get last year’s model if you’d like to alter your machine in any way,” said Miroslav Djuric, iFixit’s chief information architect, in an email announcing the site’s teardown of the newest iMac.

Apple started selling the redesigned 21.5-inch iMac on Friday at its retail and online stores. The larger, more expensive 27-in. iMac is to ship later this month.

After disassembling the iMac, iFixit assigned the all-in-one desktop a repair score of just 3 out of 10; The 2011 version of the same-sized iMac sported a more DIY-friendly score of 7 out of 10.

The iMac’s new score is in the same low range as Apple’s 15- and 13-inch Retina-equipped MacBook Pro laptops, which earned a 1 and 2, respectively, this summer and fall. In June, iFixit called the 15-inch MacBook Pro “the least-repairable laptop we’ve taken apart.”

Explaining the iMac’s low score, iFixit cited the copious amounts of “incredibly strong” adhesive that bonds the LCD and front glass panel to the frame. Earlier iMacs fixed the display in place with magnets rather than the hard-to-dislodge glue, which is even harder to replace.

Just as damning was an Apple design decision that makes it practically impossible for users to upgrade the iMac’s RAM. The 21.5-in. iMac comes standard with 8GB of memory – and can be upgraded to 16GB – but because the RAM is buried beneath the logic board, owners must “take apart most of the iMac just to gain access,” iFixit said.

Older 21.5-inch iMacs had four external RAM slots that were easily accessed by users.

Apple mentions the impracticality of memory upgrade only in a side note hidden on the iMac’s options page. There, Apple said: “Every 21.5-inch iMac comes with 8GB of memory built into the computer. If you think you may need 16GB of memory in the future, it is important to upgrade at the time of purchase, because memory cannot be upgraded later in this model.”

The not-yet-available 27-inch iMac will continue to sport four external memory slots. Customers can boost the RAM at the time of ordering to 16GB (for an extra $200) or 32GB ($600), but those prices are exorbitant compared to third-party RAM that users install themselves. An additional 8GB of memory – which would raise the iMac’s total to 16GB – costs just $40 at Crucial.com, for example.

iFixit spotted several other changes to the iMac, including a larger, single fan rather than several smaller fans; dual microphones, likely a noise cancellation move for FaceTime video calls; and a vibration-dampening housing around the laptop-sized 2.5-in. hard disk drive.

The teardown also exposed the location where Apple places a “Fusion Drive,” the option that combines 128GB of flash storage with a standard platter-based hard drive.

The new iMacs are priced between $1,299 and $1,999 – $100 more than their precursors – and can be purchased or pre-ordered at Apple’s online and retail stores.

iFixit reduced the repair score of Apple’s iMac from 7 to 3 (out of 10), citing screen-to-chassis glue and the impracticality of upgrading RAM or swapping drives.

Source: TechWorld

iOS 6.0.1 already jailbroken — for some devices

iOS 6.0.1 users can now jailbreak their devices, but there are some bumps in the road.

The latest version of the iPhone Dev Team’s Redsn0w can jailbreak iOS 6.0.1 devices, Redmond Pie confirmed today after testing the update.

However, not everyone can take advantage of the effort at this point.

The jailbreak works only on iOS devices powered by an A4 chip or lower. People who own the iPhone 5, the newest iPads, or the latest iPod Touch are out of luck. The jailbreak takes advantage of the Limera1n exploit, which can’t handle the A5 or later chips.

That leaves just the iPhone 3GS, iPhone 4, and the iPod Touch 4G as prime candidates. The iPod Touch 3G and the original iPad don’t support iOS 6.0 or higher.

The jailbreak is also a tethered one. So after you shut down or reboot your device, you’ll need to connect it to your computer to return it to a jailbroken state.

Apple, or course, isn’t too fond of jailbreaking, a process that allows device owners to unlock certain features and install apps not found in the App Store.

The iPhone maker once tried to argue that the action violates its copyright. The U.S. Copyright Office recently ruled that jailbreaking is illegal on tablets and gaming consoles but not on smartphones.

Source: CNET

iPhone 3G/3GS/4/4S Factory Unlock Now Available at Ryan’s Unlock Shop

Enjoy the freedom of switching carriers locally or while roaming in another country! Save money on roaming fees!

iPhone 3G/3GS/4/4S Factory Unlock starting @ $40 – Carrier Unlock – No SIM Tray / Interposer Required!

Permanent Unlock – Update to ANY iOS.

We can unlock your 3G/3GS/4/4S for most carriers worldwide, please select from the country the iPhone is originally locked to. Factory Unlocking starts @ $40 for AT&T. Call (778) 245-0780 if you have any questions about unlocking your iPhone.

The process for factory unlocking iPhone 4 and 4S models can take between 1 and 2 days depending on server wait times.

We can currently unlock ALL iPhone 3G/3GS/4/4S (GSM or WCDMA) iPhones from Koodo, TELUS, Rogers, Fido, AT&T & Sprint.

The benefits to unlocking your iPhone permanently as opposed to keeping your iPhone unlocked via interposer chip are:

  • Update to any iOS version without losing your unlock.
  • No Modified SIM Tray / Interposer required.
  • No need for instructions to use unlock chip. (no chip required)
  • Higher re-sale value.
  • Use with any carrier that supports iPhone worldwide.

Purchase a factory unlock for your iPhone using our online unlocking website here.

Apple poised for iPhone 5 launch

Technology giant Apple has fuelled rumours it will launch a new version of its best-selling iPhone by announcing a “special event” only hours before two of its competitors unveiled two new devices.

The secretive firm sent out invitations for the event next week ahead of Wednesday’s announcement in New York by Nokia and Microsoft where they revealed details of two new phones which will run on Microsoft’s Windows operating system.

The Nokia Lumia 920 and Nokia Lumia 820 are the Finnish company’s attempt to claw back lost ground since it lost its position as the world’s biggest phonemaker to Samsung.

The firm described the 920 as its “flagship” product and it boasts a high powered camera described as the equivalent of “a standalone SLR camera” and can be recharged without being plugged in.

The Apple emails, sent on Tuesday to selected journalists, invite them to an event on Wednesday September 12 and includes the line “it’s almost here”.

It also features a figure 12 with a shadow that appears to be the number 5 – seemingly confirming the company will announce the arrival of the iPhone 5.

The events typically involve Apple executives unveiling new products at their California base – which are carried by videolink live to a central London location.

It is around a year since the firm unveiled the iPhone 4S complete with voice recognition software and an A5 chip allowing it to use much faster graphics for gameplay and to download data twice as fast.

The 4S also has an eight megapixel camera with five lenses, one more than the iPhone4, which results in sharper pictures and allows users to take HD video.

The new phone is expected to sell well. Thousands of gadget fans queued to get their hands on the iPhone 4S when it first went on sale.

Source: The Press Association

iPhone 4S iOS 5.1.1 Unlock Now Available at Ryan’s Unlock Shop

The long awaited  iPhone 4S iOS 5.1.1 Unlock is now available for purchase off of our unlocking website.  The newest unlock on the market works flawlessly with easy to use function, no programming, no 112, no SIM cutting required!  This unlock has been fully tested and will work with every carrier in Canada!

We have a limited quantity of the newest iOS 5.1.1 unlock so if you need one, give us a call or checkout on the site (Free Shipping to anywhere in Canada is INCLUDED.)

What are the “Top 4” benefits of Unlocking and Jailbreaking an iPhone 4S?

More and better apps

The main reason for unlocking your iPhone is to be able to install as many apps as you wish. This cannot happen when you have your iPhone running on the software that you bought with it. Some of the most important apps that will serve you are normally restricted. Most of the times when you try to install them on your new iPhone you will receive an error message similar to this- the application is not from a trusted supplier.  The best way that you can avoid this is by unlocking the newly purchased iPhone. After all, you bought the phone so that it could serve you in the ways that you wish for.

Change your iPhone camera to perform video recording

Well, many of us who have been using the iPhone can bear witness that the mobile handset does not perform video recording as expected by most users. This is one disadvantage that the iPhone developers failed to consider. You can easily overcome this nightmare by trying out to unlock your iPhone. Once you have unlocked it you will be able to use the normal camera that the phone has to carry out video recording. This will require you to install other applications that will facilitate this.

Use the best themes

One thing that we are used to in the iPhones is the normal interface that they have on their handsets. Are you bored by this? Well, I am a victim that cannot bear having the same theme each year I get a new iPhone. Therefore the best way to solve this issue is to unlock my iphone. It is very easy to download and install the themes that you want once your iPhone is unlocked. You should try out the themes that are compatible with your iPhone I am sure that you will love it.

Feeling of being free

Last but not least, the most important reason that we decide to have our iPhones unlocked is to have the feeling of being free to do anything. It is very hard to carry out any function on the iPhone that you have before you get to unlock it. This is because everything is copyright protected. This means that you are limited to the usage of your device. This is why we look for options that will break us free from the carrier that we are using.

 

Hands On With Clueful, the iOS App That Rats Out Privacy Risks

When you install a new mobile app, you expect it to use your data according to the permissions you’ve allowed. So, when an app suddenly uses your information in an unexpected way — who can forget Path’s address-book-sharing saga? — it can feel like a betrayal.

Clueful, which made its debut at TechCrunch Disrupt today, is an app designed to prevent surprises. Clueful helps you identify “misdemeanant” apps on your iPhone — software that’s transmitting your data in ways you weren’t aware of.

Created by antivirus software developer Bitdefender, the app is simple enough. It gathers information on what apps are running in your iPhone’s memory and submits it anonymously to the “Clueful Cloud” for analysis. Using its own database of app behaviors, it then tells you what your software could be up to: whether an app uses GPS, whether an app is a battery-draining risk, or if an app can use address book information, among other things. The results are neatly listed, albeit in what appears to be random order, and you can tap an app listing to get more details on the possible risk areas of that app.

It’s not all fire and brimstone, though. The app also reveals “Things you might appreciate” for each app, such as information on whether it uses an anonymous identifier or encrypts stored data. (Foodspotting, for instance, does both of these things.)

It can be surprising to learn which apps do and don’t have solid security practices, and which apps are quietly tracking usage information for advertising purposes — something most apps do not openly reveal when you download them.

The app has several major pitfalls, though. For one, it can only provide information on free apps, so that sketchy $1 Angry Birds ripoff you got last week could be having a field day with your personal info, and you’d still never know it. And although it launches with a database of thousands of apps, there are more than 600,000 apps in the App Store, according to Apple’s Q2 earnings report. Clueful lets you search to see which apps are in its database, and we found some relatively big names were left out: Clear, Mint and Evi to name just three.

Also, Clueful doesn’t drill down into exactly what data is being transmitted from an app. Instead, it just generally reports what an app can and could be sending. (“Can” and “could” are differentiated.) Strangely, Clueful also “found” apps on my phone that I’ve never used or downloaded, like FlickFishing HD in the image above, and apps called Scoops and Quizarium. I’m sure they’re fine apps, but I’ve never downloaded them.

At $4 in the App Store, I can’t rightly recommend this app as a must-download. But if you’re completely anal about how your data is being used, or just curious, the download could be justified.

Source: Wired