News  Apple
Siri PIN bypass discovered

Video shows simple to bypass PIN lock

A trivial way to get into a PIN-protected iPhone, running iOS9, without knowing the PIN at all has emerged which is available to anyone with physical access to the handset. Apples iOS9 had only been out for a week before a video appeared showing how it's done, making use of Siri and the onboard clock.

The way it works is to enter an incorrect passcode a few times, then tap Siri right at the same time as the final attempt, which gives access to other applications such as the clock. However, the clock gives the user the ability to share via SMS, which in turn means access to the users contacts, view photos etc.

News  Apple
Apple: Now malware is in the App Store

Hits hundreds of apps in Chinese App Store

Apples famous walled garden came tumbling down in China as news emerged of hundreds of apps it serves to trusting users being riddled with malware. This is particularly embarrassing for Apple, who take the opposite approach to Google when it comes to its App store by claiming every app allowed in is scrutinized by humans and various other procedures to ensure this never happens.

iPhones and iPads are equally affected in what Reuters are claiming is "Apples iOS App Stores first major attack".

Apple claim to have removed all apps known to be affected from the Chinese app store. They have not given advice to users regarding how they could determine if any of the apps they have installed are affected.

News  Apple
iOS AirDrop - video shows live iPhone hack

Installs signed apps without warning the user

Security researcher Mark Dowd has disclosed a vulnerability in Apples iOS and OS X which allows attackers to overwrite any file on a targeted device. With a little manipulation, it can even install a signed app which is fully trusted by the onboard system without even warning the user.

It turns out AirDrop is the culprit - the feature in Apples' operating systems which allow files to be sent directly to other devices. When set to allow connections from anyone, an attacker can hack the device even when it's locked. 

Dowd used his own Apple Enterprise Certificate to make a profile for a test app which enabled it to run on any device.

News  Android
Lockscreen hack

Video shows how to hack affected handsets

When users hear about hacks to smartphones they usually conjure up images of darkened rooms, hunched figures over keyboards and masses upon masses of software tools, debuggers and general highbrow geekiness. A new hack has emerged which blows that away - it lets users (eventually) unlock a locked handset using nothing but their thumb. Ok, it's as tedious as it is ingenious, and it must be stressed upfront this doesn't hit all Android handsets - a fix has already been issued - but the video shows a hack that has to be admired for the convoluted way it achieves its objective.