Apple prides itself upon its diligent efforts to maintain software that is secure. iOS is generally regarded as the most robust in defense against malicious intrusion and attack, but like any piece of software, it is far from perfect. From time to time, Apple's mobile OS makes the headlines for the wrong reasons, and unfortunately, a claim by the Cupertino that email attachments are encrypted is refutable thanks to a glaring bug that has been lingering in the software for months.
Apple's Developer site is often found to have left security holes within its infrastructure, and while the Cupertino outfit tries its utmost to ensure these flaws are few and far between, it's the nature of the beast that every now and again, problems must be dealt with. Over the weekend, the Dev Center went offline for maintenance works, but while this is a frequent occurrence - particularly given that new iOS releases are almost always dished out on a Monday - the purpose this time around was to fix an issue that leaked private info of accounts all the way up to CEO Tim Cook.
Last month, we reported on a piece of Android malware that turned Android devices into Bitcoin miners, and now, a security firm has highlighted a few more suspect apps over at the Google Play Store. Given the growing popularity of cryptocurrency, mobile devices were always going to be targeted in this way, but the frequency in which these attacks appear to be occurring will certainly be seen as cause for alarm.
Security is a hot button topic right now, and with good reason. With government agencies trying to scoop your data just as much as the cyber criminals we're all told keep sniffing our credit card details, gone are the days of simply burying our heads in the sand and hoping it'll all be OK.
If you're an Internet junkie then the chances are high that you've come across the Heartbleed OpenSSL bug that rose to prominence on Monday. A number of extremely popular and frequently visited websites such as Pinterest, NASA, StackOverflow, OKCupid and Airbnb have the OpenSSL cryptographic library embedded into their architecture, and therefore have become immediately susceptible to the bug. Heartbleed was initially discovered by a Google security engineer in conjunction with Codenomicon, but what does it mean for you and your Internet usage?
Even though the Play Store is moderated to ensure that dodgy, malicious apps don't make it through the gates and onto people's devices, it's not a completely foolproof system. Virus Shield, a relatively new app that claimed to protect users from viruses and other such non-niceties, has scammed many folks out of their money because, at $3.99 a pop, it didn't actually provide any speakable anti-virus features. Although it has since been ousted by the search giant after being exposed, it remains to be seen whether the 10,000+ customers that parted with the substantial sum will see any kind of refund.
Starting with iOS 7, Apple introduced a new security mechanism into all iOS devices that required a user to disable Find My iPhone before an iCloud account could be deleted or the device could be restored. This, of course, requires access to the password associated with that Apple ID. The system was heralded as a great step forward for Apple, but it seems that it is not completely secure, with the discovery of a bug that allows the whole process to be bypassed. More details and video demo can be found right here.
Such is the open source nature of the Android ecosystem, that it presents itself as an attractive prospect to malware makers, and other such unscrupulous entities. It's often the case that potentially dodgy apps circulate outside of the confines of the Google Play Store, and thus, by avoiding third-party download services, Android users can remain relatively safe. However, renowned security firm Trend Micro has just discovered a new type of bug that can secretly turn devices into digital currency miners, and worryingly, at least two Play Store apps are thought to have been affected.
It seems that Google may have just fallen foul of one of the pitfalls of having engineers running the company rather than people that are more adept at giving a politician's answer to some tough questions. Google's head honcho of Android, Sundar Pichai, has been in attendance at this week's Mobile World Congress, and it seems he's given a very interesting answer to a mildly interesting question.
It hasn’t been a great week for Apple in terms of security. The Cupertino company is currently coming under heavy fire for a SSL security issue that was recently discovered to be present in both iOS and OS X. The software vulnerability, which is being referred to as the "goto fail" has the potential to provide malicious individuals with the ability to intercept and record data that the user believes to be secure. In addition to the "goto fail" flaw, it is now being reported that an issue has been found in iOS that makes the iPhone and iPad firmware susceptible to stealth key logging activities.
