Apple Designing Servers In-House to Prevent Snooping

With the amount of sensitive information stored on their servers, cloud providers take security very seriously. However, many cloud services actually use third-party servers like Amazon Web Services or Microsoft Azure to run their platform. Even for those with their own servers, the hardware is made by and supplied by third-parties. In light of security concerns, Apple is taking it to the next level and designing their own servers.

Right now, Apple uses Amazon, Microsoft and Google servers to help run iCloud in addition to their own hardware. While it might seem prudent to do everything in-house to keep things secure, Apple wants their servers to be designed themselves. As we know from Edward Snowden’s revelations, the NSA, and probably other spy agencies are prone to intercepting hardware mid-shipment and tampering with the hardware.  Cisco for instance, has been one own past target and with Apple’s legal fight against the FBI, they may have been moved up the list.

By designing their own hardware, Apple will be able to make sure that everything is where it is supposed to be and no hardware has been added to it. With the massive scale of iCloud, Apple will be able to easily have whole manufacturing runs dedicated to them. Still, with their massive user base, running that many servers will be will a challenge for Apple. Nonetheless, Apple may soon get the total hardware control truly needed for true security.

Apple Reportedly Working on iCloud Security to Lock Out Law Enforcement

Apple is currently facing an uphill battle against the FBI regarding the security of their iPhone devices. In order to reinforce their stance of being unable and unwilling to hand over the keys to personal information to anyone, law enforcement or otherwise, they are reportedly putting into place tighter security measures on their iCloud service. Still thought to be in preliminary phases, it could expand Apple’s battle against those wishing to access private cloud-stored data. The downside to this could be that it would make it impossible for Apple to restore the data of users who have forgotten their passcode, which is one of the main reasons for users to make use of iCloud’s backup system.

In the modern age of cloud data storage, law enforcement agencies regularly request data from web-service companies such as Google, Microsoft and even Apple, typically via court orders. It was reported that Apple had responded to requests from law enforcement agencies regarding as many as 1400 accounts in the first half of 2015 alone. While these are sometimes faced with contention, the main point of issue is often data sovereignty, when the person’s data is requested by a nation with no jurisdiction over it.

Much data from the time leading up to the attacks was retrieved from Farook’s iCloud backups, which stopped 6 weeks before the attack. This was what led to the FBI attempting to gain access to the terrorist’s iPhone itself. It is thought that the investigators responsible for collecting data from the iCloud account committed an error, which made the iPhone impossible to recover or compromise through the platform. Of course, with Apple’s supposed new hardening, even getting this much data would be impossible, with no amount of court orders being able to change it. A drastic change like this could be polarizing amongst the public, with many in America supporting the FBI in regards to the iPhone unlocking, which could have a strong effect on Apple’s business in the US and abroad.

Apple Would Have Given Government Data But Someone Changed The Passcode

It seems like every time I look at the news another company has put in their chips on the Apple vs FBI discussion. From being told to allow the FBI access, to finding a way to give them access, Apple made it clear that they want to avoid removing protection on a phone as it could set a “dangerous precedent” for the industry. Even the White house has stepped forward to try to clarify that it didn’t want a “backdoor”, but Apple wants to help the government without risking their iPhones. That help may have come a little too late, though.

The Department of Justice filed a motion stating that Apple has to comply with the FBI’s request to access the phone, even if that means bypassing the phone’s passcode. The problem being is that Apple offered them an alternative, that they now can’t make use of. Apple offered suggestions including triggering an automatic backup by plugging the phone in and connecting to known wifi, meaning it would then back up to the iCloud, a place where Apple can provide them with the data they are so keen to gain access to.

When the government stated that the automatic backups weren’t working, it was discovered, as listed in the motion, that a county employee in San Bernardino changed the ID passcode online after the shooting incident. San Bernardino county are the owners of the iPhone in question, having given it to Farook as one of their employees. The problem being that the reset occurred hours after the attack Farook was responsible for, raising the question of whom reset the passcode.

With Apple looking to help the government they are definitely appearing as the good guys, and with the news that the Government is already looking at ways to bypass encryption the fact that they are requesting the modification of the iOS to gain access seems to ring more than a few warning bells for companies and users alike.

End-to-End Encrypted iMessages Can Still be Read by Apple

Apple’s approach to user security is admirable – though its dedication to end-to-end encryption could see its smartphones banned in California – but despite its iMessage service – an instant messaging app used for communications between Apple devices – seeming impenetrability, there is one loophole that could leave user messages available for Apple to access, The Hacker News reports.

Apple users that utilise iCloud Backup could find that their iMessage chats, which are usually protected from interception via end-to-end encryption, are uploaded to Apple’s servers in plain text form. So, while the act of sending a message remains perfectly safe, backing up these messages leaves them potentially open to exposure.

“If the government laid a subpoena to get iMessages, we can’t provide it,” Apple CEO Tim Cook told Charlie Rose in a 2014 interview. “It is encrypted, and we do not have a key.”

Apple does, however, possess encryption keys for user’s iCloud accounts. Should an iCloud account be subpoenaed, Apple would be forced to hand over that information.

The vulnerabilities of iCloud accounts led to such unfortunate incidents as “The Fappening”, when hackers gained access to a number of celebrity iCloud accounts that had failed to implement two-step security verification, and posted the private nude photos that were found there.

Apple Waves Goodbye to iPhoto

It’s come to the end of the road for apples iPhoto and Aperture apps, Apple have released a replacement called Photos that provides the functionality of both aperture and iPhoto.

iPhoto was released in 2002 and has 10 major version releases, however has had no major development since 2010.

Photos has been designed to integrate closely with the iPhone App. It will do so via the iCloud photo library support. Users can upload photographs from any iOS or mac device, allowing end users to be able to edit and view pictures from whatever apple device they have in their hand. The only issue that may happen is that you will run out of iCloud storage. Currently with a standard iCloud package you will get 5Gb of free space, if this isn’t enough for your photos then you can upgrade to 200GB for £2.99 a month; pretty good really!

However the new Photos app is not a complete replacement for Aperture, since that program offered a much greater set of editing tools; lots of which were meant for professional photography.

Apple have stated that aperture and iPhoto will remain functional as long as they are installed on the device. However, the change will mean that there will be no more updates.

Thank you to The Verge  for providing us with this information.

Image courtesy of Maclife.

Apple Opens Up iWork Web Apps To People Without Apple Devices for Free

Apple has just made it possible for anyone, even those who don’t own an Apple product, to access iCloud web apps. Previously, only those who owned an iOS device or Mac could use the online versions of Apple’s productivity apps including Pages, Keynote and Numbers.

From today, anyone can go to iCloud.com and access Apple’s apps in a similar fashion to Google Docs or Microsoft Office. The big difference though, is that Apple does not directly monetise the service. There are no ads or subscriptions and the apps can be used in Safari, Chrome, Internet Explorer or Firefox for free. However, free users only get 1GB of storage, while users of a Mac or iOS device get 5 GB of storage. Owners of Apple devices can pay for more.

The move is seen as significant, with Apple deciding to put themselves directly in competition with such services from Google and Microsoft. Whether they will pose any threat to those services remains to be seen.

Source: MacRumors

OS X 10.10.3 Seeded to Developers – Includes Highly Anticipated ‘Photos’ App

Apple has just seeded the first beta of OS X 10.10.3 to developers, asking them test a number of tweaks and improvements, but most importantly, asking them to test the newly included Photos app – the iPhoto replacement that has apparently been heavily delayed.

Photos is set to be the all-out replacement for iPhoto, the app Apple introduced in the early 2000s as part of its ‘digital hub’ strategy. That was the concept that the Mac would become the centre of someone’s digital life, in that you would sync your iPod, your camcorder and your camera with your Mac acting as the central hub between all of the devices.

Of course, that isn’t the case these days, with the cloud having essentially taken that place of the hub. So Photos will essentially be the iPhoto of the cloud, tying in with Apple’s (currently in beta) iCloud Photos providing easy sync between Mac and iOS devices.

Developers are the only ones with access so far, with registered public testers possibly getting a chance to access it soon.

Source: Re/code

4chan Founder ‘Moot’ Leaves the Site

Founder of 4chan Christopher Poole, better known under the pseudonym ‘Moot’, has said farewell to the site he started 11 years ago. He said his goodbyes in a live broadcast on YouTube, watched by over 400,000 people.

‘Moot’ announced his departure in a front page post on 4chan on Wednesday, saying, “This is it for me. This is goodbye,” adding that it had been “a long time coming”.

“The journey has been marked by highs and lows, surprises and disappointments, but ultimately immense satisfaction. I’m humbled to have had the privilege of both founding and presiding over what is easily one of the greatest communities to ever grace the web,” he said.

No stranger to controversy, 4chan had a busy year, not least due to the infamous hack of celebrity iCloud accounts that revealed a number of nude photos, crudely nicknamed ‘The Fappening’. He concedes, “It took a toll. We had close to a billion page views that month. I was completely overwhelmed.”

As a parting message to the more notorious element of his old site, Moot said, “For people who are angry on the internet, I hope that one day you find the beauty in things.”

Source: The Guardian

‘Hidden Message’ Revealed in iCloud EULA

Terms and Conditions or End User License Agreements have always carried a certain amount of mystery. Largely because of their extraordinary length and mundane context which means nobody ever reads them.

Well artist Florence Meunier has ‘revealed’ a hidden message in the EULA for Apple’s iCloud. It’s not nesscarily an ‘Easter Egg’ planted in there by Apple, it’s more of a message composed of words found in the document. The thing is though, the message is probably quite relevant to our attitudes to these agreements.

“This is the story of a man,
who one day was too busy
or maybe too lazy
that he, too quickly, 
clicked on I agree.
What the latter did not forsee,
is that he could never again disagree.
The lesson of this story is
that one shall not concede,
to something one does not read.”

That message was composed in a little booklet created by the artist, styled using CIA-style redacted text as you can see above.

See some more pictures of the booklet here.

Source: For Print Only Via: The Verge

E-Mail Startup Acompli Acquired by Microsoft

Startup e-mail app Acompli has been snapped up Microsoft. The moves surprised no one, since news of the deal accidentally leaked last week when a blog draft with the url http://blogs.microsoft.com/blog/2014/11/25/microsoft-acquires-acompli/, written by Microsoft Vice President Rajesh Jha, turned up on RSS feeds.

Acompli’s free e-mail app, for iOS and Android devices, has garnered many positive reviews since its release earlier this year. It supports Gmail and Microsoft Exchange integration – which likely brought the app to the attention of its new owner – as well as Dropbox, iCloud, and OneDrive.

Source: engadget

Apple Updates iWork for iCloud With New Editing Features

Apple has delivered some updates to iWork for iCloud, its online productivity apps.

There are now 8 new languages, including French, Spanish, Portuguese, Chinese, German and Arabic and Hebrew for Pages only.

Perhaps more interestingly though, there are now 50 new fonts as well as a couple of new editing features.

You can now quickly change the name of your document in the toolbar of apps and Keynote now allows you to hide the slide navigator. In Pages you can now undo deleted selection brakes.

iWork for iCloud is Apple’s answer to Microsoft’s Office 365 and Google’s Docs. The service was launched to allow users of Apple’s productivity apps to share and collaborate on documents over the web. It recently received some major updates alongside the launch of iOS 8 and OS X Yosemite.

Source: The Next Web

Apple increasing iCloud Security in light of Celebrity Scandal

An ever-developing story, not long ago many celebrities have had nude photos and videos leaked all over the internet (see above), originating from popular image board website 4chan alongside self proclaimed “front page of the internet” Reddit. Since the release of this information, Apple has claimed there was no ‘leak’ in their service  and authorities were excited in the fact they thought they found the original crook.

In recent news, Apple has decided to up their iCloud security in light of recent problems as according to CEO Tim Cook and The Wall Street Journal. Cook confirmed in this article the fact of photos being leaked due to ‘social engineering’, meaning the stars usernames and passwords were directly targetted.

Cook directly commented:

“Apple will alert users via email and push notifications when someone tries to change an account password, restore iCloud data to a new device, or when a device logs into an account for the first time”. WSJ

The change is set for implementation in two weeks, alongside a broadening of their two-factor authentication -alongside encouraging people to actually use these measures.

Are your accounts safe? It never hurts to educate yourself or others on basic internet securities – especially with so much of our data being ‘online’ in this day and age.

Image courtesy of 4chan

There was no ‘Leak’ to the iCloud – Apple Proclaims

We’re sure you’ve seen the above image by now. In recent days, an apparent Apple iCloud hack has seen numerous A-list celebrities have naked pictures and videos leaked all over the internet – stemming from popular image board website 4chan. Some people seem to think they may have even found the original perpetrator in this case.

Apple has now come to their own defence, claiming that it was not in fact an iCloud ‘leak’ but these celebrities have had their personal accounts hacked individually. Apples Natalie Kerris explained:

“We wanted to provide an update to our investigation into the theft of photos of certain celebrities. When we learned of the theft, we were outraged and immediately mobilized Apple’s engineers to discover the source. Our customers’ privacy and security are of utmost importance to us. After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.

To protect against this type of attack, we advise all users to always use a strong password and enable two-step verification. Both of these are addressed on our website at http://support.apple.com/kb/ht4232.” Business Wire

So although technically not a leak, Apple are claiming that these stars have fallen victim to “social engineering”. Although this is quite possibly true, Apple has already had some serious damage dealt to their reputation surrounding iCloud as a whole since this story surfaced just a few short days ago.

Moral of the story once again? If you’re going to take these kinds of photos, don’t store them anywhere on, at or near the internet!

Stay tuned to eTeknix for more information as it develops.

Image courtesy of 4chan

The Main Suspect behind the Celebrity Nude Leak Denies All Accusations

The leak of hundreds of erotic and nude photos of celebrities quickly got the interest of most of the internet and has dominated the news headlines for the past day already. As it is with every leak, people start to wonder where it came from and who could be behind it. Like before, the users of reddit and 4chan started their own investigation and also got some results quite fast.

They started the claim that the 26-year old web developer Bryan Hamade was behind the hack and leak. This was based on the posted screenshots that appeared online that showed a series of names that could be connected to the web development company Southern Digital Media. At first however they thought it was the 15-year old intern that was the culprit, but quickly changed their target towards the server administrator.

Hamade has given several interviews and is denying any and all allegations that he should be the hacker, saying “I only reposted one thing that was posted elsewhere and stupidly had my network folders visible.”

“I am not the original leaker. The real guy is on 4chan posting intermittently,” Hamade says. “He’s most likely the one behind it, but it does seem the photos passed around to multiple people before being leaked, so it may just be someone who has them and didn’t hack to get them. I’d never in a million years know how to hack into any of the accounts listed. 4chan just attacked me because they like to attack anyone in situations such as this.”

Hamade has also become the target of serious abuse in the wake of the accusations. It’s been a nightmare and he hasn’t slept for 34 hours, he said in a statement to BuzzFeed. He is being bombarded by email threatening him and to hack his websites and calling him at home to insult him only to hang up again. They even said they would hack his mothers website, so he took that down for now.

Hamade really regrets that he shared the photos, specially since he didn’t even get any Bitcoins out of it. “It’s the stupidest thing I’ve done and I hope it won’t ruin my life, though it probably will sine it’s the biggest news story.”

I honestly hope that this story won’t turn into another version of the CCTV investigation by the Reddit community on the Boston marathon bombings, where their identified suspect turned out to be an innocent homeless man, and was found dead. Vigilante actions aren’t the solution.

Apple is currently investigating the breach, but haven’t said anything definite about the attacks yet. “We take user privacy very seriously and are actively investigating this report,” said Apple spokeswoman Natalie Kerris. Some reports also indicate that the photos have been sold on black market sites for some time, but it wasn’t until they hit 4chan that the general population found out about it.

Thank you Business Insider for providing us with this information

Image courtesy of Business Insider.

Apple Exploit Can Disable ‘Find my Phone’ and Have Your Device Erased On Firmware 7.0.4

It appears that yet another bug cropped up in Apple’s latest iPhone iOS 7 firmware. The latest finding apparently lets you bypass the user password and deactivate the Find my Phone feature, hiding it from the iCloud.com page on which you can effectively track its location in case of losing it or having it stolen.

It is reported that replicating the bug is simple enough, and that repeated attempts were successful, according to MacRumors. The exploit was found on the current 7.0.4 firmware and can be performed by making a few changes to the iCloud account menu as shown in the video below.

[youtube]http://www.youtube.com/watch?v=QnPk4RRWjic#t=268[/youtube]

MacRumor reported to have replicated the exploit on firmware 7.0.4, but could not replicated it on the upcoming 7.1 firmware, leading to the possibility of it being fixed in the upcoming firmware release. To be noted is that the exploit can disable Find my Phone and have the iOS device erased, but it will not bypass Apple’s Activation Lock theft deterrent system. The handset will still be rendered unusable since it will always ask for the Apple account password for every action, such as downloading an app.

It is also noted that the exploit works on devices that do not have Touch ID or Passcode enabled, therefore it is recommended to enable at least the Passcode on your handsets if you do not own an iPhone 5s, at least until the iOS 7.1 firmware gets released and the exploit fixed.

Thank you MacRumors for providing us with this information
Video courtesy of MacRumors