Tag Archive: iPhone 5


Apple Fixes “Fundamental” SSL Bug in iOS 7

Apple quietly released iOS 7.06 late Friday afternoon, fixing a problem in how iOS 7 validates SSL certificates. Attackers can exploit this issue to launch a man-in-the-middle attack and eavesdrop on all user activity, experts warned.

“An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS,” Apple said in its advisory.

Users should update immediately.

Watch Out for Eavesdroppers
As usual, Apple didn’t provide a lot of information about the issue, but security experts familiar with the vulnerability warned that attackers on the same network as the victim would be able to read secure communications. In this case, the attacker could intercept, and even modify, the messages as they pass from the user’s iOS 7 device to secured sites, such as Gmail or Facebook, or even for online banking sessions. The issue is a “fundamental bug in Apple’s SSL implementation,” said Dmitri Alperovich, CTO of CrowdStrike.

The software update is available for the current version of iOS for iPhone 4 and later, 5th generation iPod Touch, and iPad 2 and later. iOS 7.06 and iOS 6.1.6. The same flaw exists in the latest version of Mac OS X but has not yet been patched, Adam Langley, a senior engineer at Google, wrote on his ImperialViolet blog. Langley confirmed the flaw was also in iOS 7.0.4 and OS X 10.9.1

Certificate validation is critical in establishing secure sessions, as this is how a site (or a device) verifies that the information is coming from a trusted source. By validating the certificate, the bank website knows that the request is coming from the user, and is not a spoofed request by an attacker. The user’s browser also relies on the certificate to verify the response came from the bank’s servers and not from an attacker sitting in the middle and intercepting sensitive communications.

Update Devices
It appears Chrome and Firefox, which uses NSS instead of SecureTransport, aren’t affected by the vulnerability even if the underlying OS is vulnerable, Langley said. He created a test site at https://www.imperialviolet.org:1266. “If you can load an HTTPS site on port 1266 then you have this bug,” Langley said

Users should update their Apple devices as soon as possible, and when the OS X update is available, to apply that patch as well. The updates should be applied while on a trusted network, and users should really avoid accessing secure sites while on untrusted networks (especially Wi-Fi) while traveling/

“On unpatched mobile and laptop devices, set ‘Ask to Join Networks’ setting to OFF, which will prevent them from showing prompts to connect to untrusted networks,” wrote Alex Radocea, a researcher from CrowdStrike.

Considering recent concerns about the possibility of government snooping, the fact that iPhones and iPads were not validating certificates correctly can be alarming for some. “I’m not going to talk details about the Apple bug except to say the following. It is seriously exploitable and not yet under control,” Matthew Green, a cryptography professor at Johns Hopkins University, posted on Twitter.

Check out this video from News Loop:

 

Source: PC World Security Watch

Android climbs to 43% in US, iPhone still at 28%

Android is still growing in the US, but is taking all its share from non-iPhone rivals, Nielsen found on Monday. Google was up from 40 percent in July to 43 percent in August, but Apple was still at the 28 percent it has held since June. Most of that decline came from Microsoft, which took the “other” category down from 13 percent to 11 percent.

RIM’s BlackBerry also lost a point to 18 percent. It may have been helped by a slew of BlackBerry 7 phones shipping the same month, such as the Bold 9900 and 9930.

Google still had added momentum in the Nielsen research. Among those who had bought a smartphone in the past three months, 56 percent were buying Android. Apple still wasn’t under threat with a static 28 percent, but there had been extra pressure on Microsoft and RIM, which collapsed to about six and nine points. Both audiences may have been in holding patterns for most of the summer as they either waited for later BlackBerry 7 launches or for Windows Phone 7​.5 (Mango) in October.

Android may see a rare share reversal in October. The year so far has been unusual as Apple’s first where a new iPhone didn’t ship in the summer. Possibilities exist that iphone sharecould start growing again as Apple fills pent-up demand, most of all if a Sprint iPhone 5 ships and eliminates another shelter for Android.

Smartphones should also still be on track to become the dominant cellphones in the US, researchers said. They were now up to 43 percent of total ownership and at 58 percent among those who had bought in the past three months. Ownership is expected to cross the 50 percent mark before the end of the year as the iPhone 5, and more Android devices like the Galaxy S II tip the balance.

Source: Electronista

5 Reasons Droid Bionic Will Steal the iPhone 5’s Throne

The smart phone war is far from over. When the iPhone broke into the scene back in January 2007, it was clear it intended to remain there. However, the recent onslaught of high-quality and low-cost Android-fueled phones to make it to the market in the last year are leaving some skeptical. In fact, with Steve Jobs now out of the picture, many can’t help but ask: Is the iPhone’s time up?

That is where the new Droid Bionic from Motorola comes in. The Droid Bionic, released Thursday, is no weak contender in this fight to the top. Running on Android 2.3.4, the phone is miles ahead of even some of the most far-stretched rumors of the iPhone 5’s capabilities. With that being said, there are five reasons the Droid Bionic will be taking over the throne:

Price:

When the Bionic hits shelves early Thursday morning, it will not be undersold. With prices confirmed, such as $280 at Costco with free accessories, this phone is coming out swinging. As always, Apple plans to keep its customers in the dark, so no pricing is confirmed. However, knowing Apple’s past release of iPhone 4, one can expect a minimum $600 price tag.

Battery:

Anyone who has ever owned an iPhone knows one thing: There is no such thing as charging your iOS-powered phone too much. The Droid Bionic will operate using state of the art Lithium Ion battery with a capacity of 1,735 mAh, which is 315 more than the last iPhone released. Due to this, talk time is clocked in at 10.83 hours and stand a whopping 200 hours!

Flash:

Steve Jobs’ campaign against Flash compatibility has been a fight against what the people want. Bionic comes equipped to handle Flash and Flash-enabled software. This means no more sacrificing Web browsing or staring at error boxes where the flash content should be!

Music:

You would think that coming from having roots in an MP3 player the iPhone would have much more muscle in this field. However, the Droid Bionic once again outdoes Apple with the ability to handle formats such as WMA, eAAC+, AMR, and OGG. These formats, especially eAAC+, are some of the highest-quality, lowest-loss music media to date in the digital world.

Memory:

With no word from Apple yet on the iPhone 5’s ability to hold microSD cards, it is safe to assume the Droid Bionic is at the very top of its class. The microSD cards are already known for being some of the cheapest and most efficient ways to store data and Droid Bionic makes use of this. In fact, the new Motorola Smart Phone will be able to hold up to 32 GB of additional microSD or microSDHC memory!

The days of Apple’s rule over the kingdom are over. The new smart phone on the block, the Droid Bionic, is going to clean the floor with the lagging iPhone 5.

Source: Yahoo! / Engadget

BlackBerry Messenger will launch on Android and iOS

Research In Motion is planning to bring its beloved BlackBerry Messenger app and service to Android, and eventually to iOS as well. According to our sources, RIM has not yet finalized details surrounding timing or pricing, but we have heard that the company might make the software free to all users. We’re also told strategy is still being developed, however, and RIM may end up charging users a one-time fee or even a recurring fee for access to its BBM service on third-party platforms.

It might seem a bit strange for RIM to want to bring the software that is responsible for keeping BlackBerry devices in the hands of countless potential defectors, but in the big picture, we think it could make sense. The company is getting very frustrated with applications like WhatsApp and Kik offering third-party experiences based on a concept RIM invented, and RIM apparently wants to own the space.

As far as what Android and iOS users can look forward to, we’ve been told RIM will offer stripped down versions of the BBM experience BlackBerry owners know and love. That way, Android and iOS users can communicate with practically anyone who has a smartphone using BBM, but they might not be able to share photos, location, or videos (when RIM crosses that bridge). Users who want the full BlackBerry Messenger experience will still need a BlackBerry smartphone to get it. At the same time, RIM could own the entire messaging app category on every major smartphone OS platform and could potentially draw new users in because it has given them a taste of what BlackBerry Messenger is all about.

Right now, we have heard that Android is definitely a go. But again, we’re not sure on timing, though our sources are confident that it will launch some time this year. RIM chose Android first because of the fact that it could develop and integrate something like this much easier with an open platform, but the plan is to build and deploy an iOS version at some point as well.

Source: BGR