Security holes discovered in iPhones, iPads

Apple security vulnerabilities have alarmed some in higher education.

A new security hole has opened up in Apple Inc.’s iPhone, iPad and iPod Touch devices, raising alarms about the susceptibility of some of the world’s hottest tech gadgets to hacker attacks.

Flaws in the software running those devices came to light after a German security agency warned that criminals could use them to steal confidential data off the devices.

Apple, the world’s largest technology company by market value, said Thursday that it is working on a fix that will be distributed in an upcoming software upgrade.…Read More

‘Big App’ is watching you, with iPhone worse offender than Android

Your smartphone may be secretly transmitting to “outsiders,” such as ad networks, your name, your location, your age, your gender, your phone number, your unique device number and other personal data without your knowledge or consent, appolicious reports. As part of a series of articles on privacy, Scott Thurm and Yukari Iwatani Kane reported in the Wall Street Journal that smartphones “don’t keep secrets. They are sharing this personal data widely and regularly.”

The reporters, reviving the spyware controversy in the new era of apps, examined 101 apps and found that 56 of them transmitted the smartphone’s unique device ID and 47 apps transmitted the phone’s location. Daniel Eran Dilger said in Apple Insider: “The findings might be news to some smartphone users, who are rarely presented with simple, straightforward information about individual apps’ privacy policy.” The limited survey–where Apple (AAPL) offers hundreds of thousands of apps for the iPhone–found: “iPhone apps transmitted more data than the apps on phones using Google (GOOG) Inc.’s Android operating system.”

For example, the reporters said the worst offender in the survey was textPlus 4 for texting on iPhone, which sent unique ID numbers to eight ad companies, along with age and gender to two. The popular music app Pandora transmitted age, gender, location and phone ID to ad networks……Read More

Researcher warns of iPhone phishing dangers

ReadWriteWeb reports that malicious web developers can take advantage of the iPhone’s ability to push the Safari’s address bar out of view, according to independent security researcher Nitesh Dhanjani via a post on his personal blog. After a web page loads, the real address bar can disappear while a web site graphic depicting the address bar can be used to trick users into thinking they’re on the correct site. This weakness stems from a design consideration from Apple. It only occurs on websites that identify themselves as mobile sites, as it allows web developers to take advantage of more of the “precious screen real estate” on the iPhone’s small screen, says Dhanjani. However, for phishers, this could be a new way to direct users to dangerous websites. Dhanjani created a proof-of-concept demo of how this phishing attack could work, which iPhone users can try (safely) from the following URL: . If you don’t have an iPhone to test it, you can watch this YouTube video instead. In the demo, mobile Safari visits a web page that looks nearly identical to Bank of America’s mobile web site. The web site name and lock icon even appear in green, an indication that the website is protected via SSL. However, as you can see, the graphic is not the real address bar. If you scroll up, the actual address bar appears at the top of the page…

Click here for the full story

…Read More

New iPod, iPhone application can increase campus security

The University of Illinois Police Department is testing a new iPod and iPhone application that allows patrolling officers to access live security footage from virtually anywhere, reports the Daily Illini. The purchase of the application, titled iRa C3, was funded through a $10,000 grant from the university’s Moms and Dads Associations and a $15,000 grant from Lextech Labs, said University Chief of Police Barbara O’Connor. The application runs through a series of different servers that take video as it is being recorded by licensed cameras. Authorized officers out in the field using an iPod touch, iPhone, or a web browser can access the footage through a wireless internet connection. O’Connor said each individual camera on campus has to be licensed and programmed to run with the application before an officer can access it. Detective Tim Hetrick of University police said not every camera on campus will be programmed to run with the application. He said about 15 cameras will be accessible through iRa C3, with most of those cameras located in areas of recent increased criminal activity, though specifics have not yet been determined…

Click here for the full story

…Read More