Tag Archive: iPhone Repair Abbotsford


Just a quick update for our clients in the Fraser Valley and Lower Mainland – Even though we are tucked away we have the BIGGEST selection of WHOLESALE priced accessories. All Blue tagged items take an additional 25% OFF.  The sales starts on December 14th and goes all the way until December 28th!  What does that mean?  Our already low prices are an additional 25 PERCENT OFF!  Most of the cool stuff will have the blue tag discount so get here quick before everything is sold out!  Happy Holidays and a VERY Merry Christmas to all my friends that continue to support our business!

For our iphone 5/5s/5C/6/6 Plus Customers – Mention this and get a FREE case with your cell phone screen repair!  THIS OFFER IS VALID UNTIL DECEMBER 31ST!

For anyone unlocking their smartphone or iPhone on UnlockMyPhone.ca our unlocking website, use promo code “5OFFUNLOCK” for an additonal $5 dollars off any unlock code or iPhone factory unlock!

 

Apple Fixes “Fundamental” SSL Bug in iOS 7

Apple quietly released iOS 7.06 late Friday afternoon, fixing a problem in how iOS 7 validates SSL certificates. Attackers can exploit this issue to launch a man-in-the-middle attack and eavesdrop on all user activity, experts warned.

“An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS,” Apple said in its advisory.

Users should update immediately.

Watch Out for Eavesdroppers
As usual, Apple didn’t provide a lot of information about the issue, but security experts familiar with the vulnerability warned that attackers on the same network as the victim would be able to read secure communications. In this case, the attacker could intercept, and even modify, the messages as they pass from the user’s iOS 7 device to secured sites, such as Gmail or Facebook, or even for online banking sessions. The issue is a “fundamental bug in Apple’s SSL implementation,” said Dmitri Alperovich, CTO of CrowdStrike.

The software update is available for the current version of iOS for iPhone 4 and later, 5th generation iPod Touch, and iPad 2 and later. iOS 7.06 and iOS 6.1.6. The same flaw exists in the latest version of Mac OS X but has not yet been patched, Adam Langley, a senior engineer at Google, wrote on his ImperialViolet blog. Langley confirmed the flaw was also in iOS 7.0.4 and OS X 10.9.1

Certificate validation is critical in establishing secure sessions, as this is how a site (or a device) verifies that the information is coming from a trusted source. By validating the certificate, the bank website knows that the request is coming from the user, and is not a spoofed request by an attacker. The user’s browser also relies on the certificate to verify the response came from the bank’s servers and not from an attacker sitting in the middle and intercepting sensitive communications.

Update Devices
It appears Chrome and Firefox, which uses NSS instead of SecureTransport, aren’t affected by the vulnerability even if the underlying OS is vulnerable, Langley said. He created a test site at https://www.imperialviolet.org:1266. “If you can load an HTTPS site on port 1266 then you have this bug,” Langley said

Users should update their Apple devices as soon as possible, and when the OS X update is available, to apply that patch as well. The updates should be applied while on a trusted network, and users should really avoid accessing secure sites while on untrusted networks (especially Wi-Fi) while traveling/

“On unpatched mobile and laptop devices, set ‘Ask to Join Networks’ setting to OFF, which will prevent them from showing prompts to connect to untrusted networks,” wrote Alex Radocea, a researcher from CrowdStrike.

Considering recent concerns about the possibility of government snooping, the fact that iPhones and iPads were not validating certificates correctly can be alarming for some. “I’m not going to talk details about the Apple bug except to say the following. It is seriously exploitable and not yet under control,” Matthew Green, a cryptography professor at Johns Hopkins University, posted on Twitter.

Check out this video from News Loop:

 

Source: PC World Security Watch

Anyone Can Bypass Your iOS 7 Lockscreen to See (and Share!) Your Photos

Got fancy new iOS 7 on that iPhone of yours? Beware. There’s a super simple bug that can let anyone blow right by your lockscreen and look through your pictures, and even share them.

The process was discovered by Jose Rodriguez, and even though it has quite a few steps, it’s super easy to master. Here’s how it works:

  • Swipe up on the locked phone to get to the control panel
  • Open the stopwatch app
  • Go over to alarm clock
  • Hold the power button until you get the “Power down” prompt
  • Hit the cancel button and immediately hit the home button twice, holding it down just a little longer on the second press. Like, buh-baah. It takes a try or two to get the hang of.

Then, bam, you’re in the target’s multitasking menu and can start goofing around. If you go to the camera app, you’ll be treated to unrestricted access to the Photo Stream, and can share the pictures from there with email, Twitter, and more. It’s pretty scary. This isn’t the first time a bug like this has showed up in iOS either. Hopefully it’s the last.

We were able to replicate the bug on an iPhone 4s and an iPhone 5, and Jose. We can’t tell for sure if it works on the iPhone 5S or 5C yet, but there’s little reason to think it wouldn’t.

We’ve reached out to Apple for comment, and there’s no doubt they’ll be issuing a fix in the near future. But in the meantime, just be aware that your photos aren’t safe from prying eyes. The prying eyes of an up-to-date nerd, at least.

Update: You can fight this by turning off the Control Center access on the lockscreen. Just go to Settings, Control Center, and set Lockscreen Access to off. But man, lockscreen Control Center is awesome and it’s on by default. So maybe just don’t leave your phone with creeps?

Ryan says: I’ve been able to get into iPhone’s for a LONG time now.. when is Apple fixing these holes?

Apple Is Beta-Testing A Fix For Evasi0n Jailbreak

All good jailbreaks must come to an end.

Late last week Apple released an update for iOS to developers in beta that prevents the use of the popular jailbreak software evasi0n, according to one of evasi0n’s creators who tested the patch over the weekend, David Wang.

Wang tells me that he’s analyzed the 6.1.3 beta 2 update and found that it patches at least one of the five bugs the jailbreak exploits, namely a flaw in the operating system’s time zone settings. The beta update likely signals the end of using evasi0n to hack new or updated devices after the update is released to users, says Wang, who says he’s still testing the patch to see which other vulnerabilities exploited by the jailbreak might no longer exist in the new operating system.

“If one of the vulnerabilities doesn’t work, evasi0n doesn’t work,” he says. “We could replace that part with a different vulnerability, but [Apple] will probably fix most if not all of the bugs we’ve used when 6.1.3 comes out.”

That impending patch doesn’t mean evasi0n’s time is up, says Wang. Judging by Apple’s usual schedule of releasing beta updates to users, he predicts that it may take as long as another month before the patch is widely released.

When evasi0n hit the Web earlier this month, it quickly became the most popular jailbreak of all time as users jumped at their first chance to jailbreak the iPhone 5 and other most-recent versions of Apple’s hardware. The hacking tool was used on close to seven million devices in just its first four days online.

Despite that frenzy, Apple has hardly scrambled to stop the jailbreaking.  Evasi0n has already gone unpatched for three weeks. That’s far longer, for instance, than the nine days it took Apple to release a fix for Jailbreakme 3.0, the jailbreak tool released in the summer of 2011 for the iPhone 4, which was by some measures the last jailbreak to approach Evasi0n’s popularity.

Apple’s slow response to Evasi0n is explained in part by the relatively low security risk that the tool poses. Unlike Jailbreakme, which allowed users to merely visit a website and have their device’s restrictions instantly broken, Evasi0n requires users to plug their gadget into a PC with a USB cable. That cable setup makes it far tougher for malicious hackers to borrow Evasi0n’s tricks to remotely install malware on a user’s phone or tablet.

Security researchers have nonetheless pointed out that Evasi0n could give criminals or spies some nasty ideas. The tool uses five distinct bugs in iOS, all of which might be appropriated and combined with other techniques for malicious ends. And F-Secure researcher Mikko Hypponen points out that if a hacker used a Mac or Windows exploit to compromise a user’s PC, he or she could simply wait for the target to plug in an iPhone or iPad and use evasi0n to take over that device as well.

More likely, perhaps, is a scenario described by German iPhone security researcher Stefan Esser. He argues that a hacker could use a secret exploit to gain access to an iPhone or iPad and then install evasi0n, using the jailbreaking tool to hide his or her tracks and keep the secret exploit technique undiscovered by Apple and unpatched. “That way they protect their investment and leave no exploit code that could be analyzed for origin,” Esser wrote on Twitter.

Apple already has a more pressing security reason to push out its latest update. The patch also fixes a bug discovered earlier this month that allows anyone who gains physical access to a phone to bypass its lockscreen in seconds and access contacts and photos.

When Apple’s update arrives, the team of jailbreakers known as the evad3rs may still have more tricks in store. Wang tells me that the group has discovered enough bugs in Apple’s mobile operating system to nearly build a new iOS jailbreak even if all the bugs they currently use are fixed.

But then again, Wang says he hasn’t yet been able to check Apple’s patch for every bug it might fix–either the ones evasi0n employs or those he and his fellow hackers had hoped to keep secret for their next jailbreak. “If they patch most of the bugs,” Wang says. “Then we’re starting from scratch.”

Ryan says:  We’re offering our customers the opportunity to Jailbreak their iPhone 5 for FREE until the end of March! – Call Ryan to book an appointment!

Source: Forbes

Upgrading RAM on the new iMac is practically impossible

The electronics website iFixit on Friday downgraded the new 21.5-inch iMac’s repair score to 3 out of a possible 10, calling servicing the computer “an exercise in disappointment.”

The website urged do-it-yourselfers to look for a leftover 2011 model instead. “Hackers, tinkerers, and repairers be forewarned: Get last year’s model if you’d like to alter your machine in any way,” said Miroslav Djuric, iFixit’s chief information architect, in an email announcing the site’s teardown of the newest iMac.

Apple started selling the redesigned 21.5-inch iMac on Friday at its retail and online stores. The larger, more expensive 27-in. iMac is to ship later this month.

After disassembling the iMac, iFixit assigned the all-in-one desktop a repair score of just 3 out of 10; The 2011 version of the same-sized iMac sported a more DIY-friendly score of 7 out of 10.

The iMac’s new score is in the same low range as Apple’s 15- and 13-inch Retina-equipped MacBook Pro laptops, which earned a 1 and 2, respectively, this summer and fall. In June, iFixit called the 15-inch MacBook Pro “the least-repairable laptop we’ve taken apart.”

Explaining the iMac’s low score, iFixit cited the copious amounts of “incredibly strong” adhesive that bonds the LCD and front glass panel to the frame. Earlier iMacs fixed the display in place with magnets rather than the hard-to-dislodge glue, which is even harder to replace.

Just as damning was an Apple design decision that makes it practically impossible for users to upgrade the iMac’s RAM. The 21.5-in. iMac comes standard with 8GB of memory – and can be upgraded to 16GB – but because the RAM is buried beneath the logic board, owners must “take apart most of the iMac just to gain access,” iFixit said.

Older 21.5-inch iMacs had four external RAM slots that were easily accessed by users.

Apple mentions the impracticality of memory upgrade only in a side note hidden on the iMac’s options page. There, Apple said: “Every 21.5-inch iMac comes with 8GB of memory built into the computer. If you think you may need 16GB of memory in the future, it is important to upgrade at the time of purchase, because memory cannot be upgraded later in this model.”

The not-yet-available 27-inch iMac will continue to sport four external memory slots. Customers can boost the RAM at the time of ordering to 16GB (for an extra $200) or 32GB ($600), but those prices are exorbitant compared to third-party RAM that users install themselves. An additional 8GB of memory – which would raise the iMac’s total to 16GB – costs just $40 at Crucial.com, for example.

iFixit spotted several other changes to the iMac, including a larger, single fan rather than several smaller fans; dual microphones, likely a noise cancellation move for FaceTime video calls; and a vibration-dampening housing around the laptop-sized 2.5-in. hard disk drive.

The teardown also exposed the location where Apple places a “Fusion Drive,” the option that combines 128GB of flash storage with a standard platter-based hard drive.

The new iMacs are priced between $1,299 and $1,999 – $100 more than their precursors – and can be purchased or pre-ordered at Apple’s online and retail stores.

iFixit reduced the repair score of Apple’s iMac from 7 to 3 (out of 10), citing screen-to-chassis glue and the impracticality of upgrading RAM or swapping drives.

Source: TechWorld

Apple poised for iPhone 5 launch

Technology giant Apple has fuelled rumours it will launch a new version of its best-selling iPhone by announcing a “special event” only hours before two of its competitors unveiled two new devices.

The secretive firm sent out invitations for the event next week ahead of Wednesday’s announcement in New York by Nokia and Microsoft where they revealed details of two new phones which will run on Microsoft’s Windows operating system.

The Nokia Lumia 920 and Nokia Lumia 820 are the Finnish company’s attempt to claw back lost ground since it lost its position as the world’s biggest phonemaker to Samsung.

The firm described the 920 as its “flagship” product and it boasts a high powered camera described as the equivalent of “a standalone SLR camera” and can be recharged without being plugged in.

The Apple emails, sent on Tuesday to selected journalists, invite them to an event on Wednesday September 12 and includes the line “it’s almost here”.

It also features a figure 12 with a shadow that appears to be the number 5 – seemingly confirming the company will announce the arrival of the iPhone 5.

The events typically involve Apple executives unveiling new products at their California base – which are carried by videolink live to a central London location.

It is around a year since the firm unveiled the iPhone 4S complete with voice recognition software and an A5 chip allowing it to use much faster graphics for gameplay and to download data twice as fast.

The 4S also has an eight megapixel camera with five lenses, one more than the iPhone4, which results in sharper pictures and allows users to take HD video.

The new phone is expected to sell well. Thousands of gadget fans queued to get their hands on the iPhone 4S when it first went on sale.

Source: The Press Association

Hands On With Clueful, the iOS App That Rats Out Privacy Risks

When you install a new mobile app, you expect it to use your data according to the permissions you’ve allowed. So, when an app suddenly uses your information in an unexpected way — who can forget Path’s address-book-sharing saga? — it can feel like a betrayal.

Clueful, which made its debut at TechCrunch Disrupt today, is an app designed to prevent surprises. Clueful helps you identify “misdemeanant” apps on your iPhone — software that’s transmitting your data in ways you weren’t aware of.

Created by antivirus software developer Bitdefender, the app is simple enough. It gathers information on what apps are running in your iPhone’s memory and submits it anonymously to the “Clueful Cloud” for analysis. Using its own database of app behaviors, it then tells you what your software could be up to: whether an app uses GPS, whether an app is a battery-draining risk, or if an app can use address book information, among other things. The results are neatly listed, albeit in what appears to be random order, and you can tap an app listing to get more details on the possible risk areas of that app.

It’s not all fire and brimstone, though. The app also reveals “Things you might appreciate” for each app, such as information on whether it uses an anonymous identifier or encrypts stored data. (Foodspotting, for instance, does both of these things.)

It can be surprising to learn which apps do and don’t have solid security practices, and which apps are quietly tracking usage information for advertising purposes — something most apps do not openly reveal when you download them.

The app has several major pitfalls, though. For one, it can only provide information on free apps, so that sketchy $1 Angry Birds ripoff you got last week could be having a field day with your personal info, and you’d still never know it. And although it launches with a database of thousands of apps, there are more than 600,000 apps in the App Store, according to Apple’s Q2 earnings report. Clueful lets you search to see which apps are in its database, and we found some relatively big names were left out: Clear, Mint and Evi to name just three.

Also, Clueful doesn’t drill down into exactly what data is being transmitted from an app. Instead, it just generally reports what an app can and could be sending. (“Can” and “could” are differentiated.) Strangely, Clueful also “found” apps on my phone that I’ve never used or downloaded, like FlickFishing HD in the image above, and apps called Scoops and Quizarium. I’m sure they’re fine apps, but I’ve never downloaded them.

At $4 in the App Store, I can’t rightly recommend this app as a must-download. But if you’re completely anal about how your data is being used, or just curious, the download could be justified.

Source: Wired

Apple patches serious security holes in iOS devices

Apple has shipped a high-priority iOS update to fix multiple security holes affecting the browser used on iPhones, iPads and iPod Touch devices.

The iOS 5.1.1 update fixes four separate vulnerabilities, including one that could be used to take complete control of an affected device.

Here’s the skinny of this batch of updates:

  • A URL spoofing issue existed in Safari. This could be used in a malicious web site to direct the user to a spoofed site that visually appeared to be a legitimate domain. This issue is addressed through improved URL handling. This issue does not affect OS X systems.
  • Multiple security holes in the open-source WebKit rendering engine. These could lead to cross-site scripting attacks from maliciously crafted web sites. These vulnerabilities were used during Google’s Pwnium contest at this year’s CanSecWest conference.
  • A memory corruption issue in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue was discovered and reported by Google’s security team.

This patch is only available via iTunes. To check that the iPhone, iPod touch, or iPad has been updated:

  1. Navigate to Settings
  2. Select General
  3. Select About. The version after applying this update will be “5.1.1″.

Ryan says: As always, do not update to 5.1.1 if your iPhone is unlocked or jailbroken already or if you plan doing this in the future.

New iPhone app enables self-destructing sext messages

Sexting, or the act of sending sexually explicit messages or photographs between mobile phones, continues to grow increasingly popular. Mobile users often have private photos posted to the Internet without their permission, and politicians and celebrities alike have taken explicit photos that using mobile devices that were eventually leaked. Unfortunately for Anthony Weiner, the congressman wasn’t aware of an iPhone app by the name of Snapchat. The program is available for free in Apple’s App Store and allows users to send photos that self-destruct within 1-10 seconds. Images cannot be saved in the app, and Snapchat will even notify users if the recipient takes a screenshot — though there is no way to prevent screenshots from being taken, of course. It should also be noted that images are stored on the developer’s servers, and while the company “attempt(s) to delete image data as soon as possible after the message is transmitted,” it cannot guarantee messages will always be deleted. “Messages, therefore, are sent at the risk of the user,” the company’s privacy policy warns.

Source: Forbes / BGR

iOS loophole gives developers access to photos, sources say a fix is coming

Another day, another iOS security concern. Today’s confidence-defeating news comes from Nick Bilton at the New York Times. Bilton writes at the paper’s Bits blog that a loophole has been discovered in iOS which allows third-party developers access to your iPhone, iPad, or iPod touch’s photo and video location data… as well as the actual photos and videos themselves. It appears that if an app asks for photo location data on your device (and you approve the request for permission), that application will also be able to slurp down the photos and videos stored on your phone without any further notification. The Times report mirrors an earlier story from 9to5 Mac which detailed security issues on the platform.

Bilton had an unnamed developer create a dummy application which would replicate the offending functionality, and the developer was able to easily poach location information as well as photos and video from a test device. Other developers — such as Curio co-founder David E. Chen — sounded off on the issue. Chen told the Times that, “The location history, as well as your photos and videos, could be uploaded to a server. Once the data is off of the iOS device, Apple has virtually no ability to monitor or limit its use.” Camera+ developer John Casasanta said that, “It’s very strange, because Apple is asking for location permission, but really what it is doing is accessing your entire photo library.” The article also suggests that this loophole may have been introduced with the release of iOS 4 in 2010.

We reached out to Apple about the issue, but the company declined to comment.

All hope might not be lost, however. We spoke to sources familiar with the situation, and were informed that a fix is most likely coming for the loophole. According to the people we talked to, Apple has been made aware of the issue and is likely planning a fix with an upcoming release of iOS. Those sources also confirmed that the ability to send your photos and videos to a third-party is an error, not an intended feature. If we had to guess, the fix will likely come alongside a patch for Apple’s other recent security issue — the ability for apps to upload your address book information without warning.

This story has clear echoes of that controversy, which came to light when a developer discovered that the app Path was downloading all of your device’s contact information to the company’s servers. In a follow-up report, we discovered that Path wasn’t the only app grabbing your info.

It will be interesting to see how Apple reacts to security breaches of this nature in the future. The company has long made it clear that it’s working to respect user’s privacy; at a glance it looks like these recent slip-ups are exceptions, not the rule.

Source: The Verge

AirDroid flies between your Android device and your computer

The tagline reads “enjoy your Android over the air,” but perhaps more accurate would be “enjoy your Android over your computer.” AirDroid connects your Android device to your desktop, laptop or tablet — really anything that can browse the web — and lets you send messages, browse photos or files, set ringtones, uninstall apps, and many other things that can be done more easily through a larger screen and perhaps a mouse and full-sized keyboard. If you want this type of functionality, don’t hesitate to download this free app.

I’ve used other apps that claim to provide the same or similar features, but this is the best that I’ve personally tried. It’s easy — just launch AirDroid and it shows a specific URL (IP address) to type in your browser and a password to keep it secure. It’s fast, too. Once your browser connects, just click through the big icons on the web page to navigate into picture and files, view the call log, read text messages, and a lot more in a second. It’s also secure. AirDroid doesn’t store any of your info on its systems, and the password changes with each use (or you can set your own password if you prefer). All this, and it’s 100 percent free.

Once you control your phone over a computer screen, you’ll want to do so every time you’re near a computer. It’s very convenient. The app works its magic over a Wi-Fi connection.

Source: Appolicious