News  Apple
You're repairing it wrong

"Error 53" bricks iPhones not officially repaired

There's no warning and no fix for users who get the "Error 53" message. This is caused by Apples latest iOS update detecting the handset has been repaired by someone other than Apple.

Users who have had the home button repaired, which contains the fingerprint recognition system, by a "non-official" repair shop, or who have been unlucky enough to get it damaged but still be able to use the phone, are reporting this after the update. 

Reports have surfaced of  the phone working perfectly for weeks, even months before this update, so users are certain it was caused by a recent change by Apple.

News  Apple
Apple liked the security disclosure company so much it bought them

That's one way to do it

Years ago there was a famous shaver advert where the guy proudly declared he liked the product so much he bought the company. Often in sports you see something similar, but not quite with the same intent - a player on another team is so good he's bought and never fielded, in effect taking him out of the league all together.

When news of Thunderstrike 2  broke, Mac users went into a panic fearing the worm could silently modify their firmware, which meant even a full OS reinstall couldn't remove it. However, the developers behaved responsibly and it turns out that didn't go unnoticed by Apple. Just  two months after this news, their security firm - LegbaCore - has been bought by them and the team is working on hardening Apple firmware against exactly this kind of attack.

News  Android
Google patches Nexus devices

More Mediaserver fixes

The troubled Mediaserver issues are rumbling on. Google just released a batch of patches which contain fixes to further vulnerabilities found, plus WiFi and kernel remote code execution problems. Builds LMY49G and later contain the patches and you can check if your device is affected here.

5 critical, 4 high and 1 moderate

Two of the critical fixes, CVE-2016-0801 and CVE-2016-0802 are to counter attacks against the Broadcom WiFi driver. This requires the attacker and victim to be on the same network, but is classed as critical because it doesn't need the users involvement at all.

News  Android
Android two-factor authentication compromised


Malware known as "Android.Bankosy" has been identified by Symantec which attacks the SMS password two-factor authentication processes used by many online banking systems. Even the automated voice calls, which can be used as an alternative to the SMS method, can be intercepted by the attackers.

The malware has the ability to enable silent mode whilst locking the handset - this means the user is unaware they are being targeted.

Initially disclosed in 2014, variations of this malware have been detected which try to get the victim to enter their payment card details which are then forwarded on to the attackers,

The Bankosy trojan relies on a popup window which overlays a legitimate application, such as one for an online bank.