Gmail For iOS Puts Your Data At Risk

July 11th, 2014

iPhone

Gmail is one of the most popular email clients around and iOS devices are likewise incredibly prevalent. It stands to reason, then, that millions of individuals access their Gmail accounts on their iPhone or iPad. As Jeremy Kirk reports for Computer World, doing so leaves users vulnerable to data theft.

At issue is a lack of a vital security technology that would keep attackers from spoofing security certificates and gaining access to the encrypted communications being sent through Gmail. Any website or application that has users sending potentially valuable personal information uses digital certificates to encrypt that data. Attackers have been able to fake these certificates, however, and decrypt the data.

Google would be able to put a stop to these man-in-the-middle style of attacks by implementing a technology called certificate “pinning”. This involves hard coding legitimate certificate details into an application. While Google has known about this vulnerability since late February, they’ve yet to implement pinning.

Making this more odd is that this vulnerability only affects iOS users because Gmail for Android uses certificate pinning. This is being referred to as “an oversight by Google”.

For the time being, using Gmail on your iPhone is unsafe. There’s always a possibility of your messages being intercepted by a third party.

At Geek Rescue, we offer a number of email solutions for home and business, as well as support for mobile devices, including iPhones and Androids. If you’re having issues with technology, call us at 918-369-435.

Four New Additions With iOS 7.1

March 12th, 2014

iPhone and iPad

In September, Apple released iOS 7. Since then, users have been waiting for the next update that would fix bugs and introduce new features. There have been plenty of stories predicting what the update would contain, but no one could know for certain. This week, iOS 7.1 was officially released and in just a couple of days, adoption is already close to 10-percent for eligible devices. Eric Zeman of Information Week reports on the iOS update and what’s new for iPhone, iPad and iPod Touch users.

  • Major Bug Fix

Many users complained that their device reset unexpectedly after updating to iOS 7. This soft reset wouldn’t delete any apps or saved data, but would interrupt whatever activity the user was currently engaged in. One of the primary goals of the update to 7.1 was to fix this annoying bug. So far, users are reporting that the reset problem has been solved.

  • Siri Upgrades

Apple’s virtual personal assistant received an upgrade in iOS 7.1. While Siri will still actively listen for voice commands, there’s an added option of manually control when Siri needs to pay attention. Users can hold the Home button down while they give a command and release it when they finish directing Siri. There are also a number of new voice options for Siri in a variety of languages.

  • iTunes Radio

Apple is still excited about the possibilities of iTunes Radio and continues to roll out new features for it. In iOS 7.1, users are able to make purchases easier from their mobile devices. Previously, users can now purchase music directly from the “Now Playing” screen in iTunes Radio and even buy entire albums. Users are also able to subscribe to iTunes Match directly from their iPhone or iPad. The search function for iTunes Radio was also tweaked to make it easier for users to access it quickly.

  • CarPlay

Perhaps the most anticipated addition included in iOS 7.1 allows iPhone and iPad users to integrate their devices with their cars. Before you get too excited, know that cars that support CarPlay aren’t even on the market yet. Some upcoming 2015 models are expected to include that feature. In the meantime, Apple’s devices are already ready to go. Users with CarPlay will be able to use Siri, navigation, messaging and access their music.

As always, it’s recommended that you back-up your device before installing a significant update like this one. Downloading and installing iOS 7.1 reportedly takes about 10-minutes over a WiFi connection.

If your device has issues that an update won’t fix, bring it to Geek Rescue or call us at 918-369-4335.

The Vulnerability Of Apple’s ‘Lost Mode’

March 4th, 2014

Holding iPhone

Many iPhone, iPad and Mac users rely on the ‘Lost Mode’ feature to keep their device safe in the event that it’s misplaced or stolen and to be able to find it. ‘Lost Mode’ contains a security vulnerability, however, that a recent open-source hacking project is able to exploit to access the device and all of the data stored there. Paul Ducklin of Naked Security delves into the details.

‘Lost Mode’ is able to be activated by users of Apple devices when they log in to iCloud on another device. If your device is on, you can see approximately where it’s located. You can also tell the device to reboot, which will result in the device locking upon restart and requiring a four-digit code to access it. That code, also known as a “system lock PIN”, is chosen by the user when ‘Lost Mode’ is activated.

The idea is that if your device has been stolen or found by someone else, that person won’t be able to steal your information or even use or sell your device because of the lock. The recently released “iCloud Hacker” project demonstrates why the system lock isn’t as secure as it seems.

“iCloud Hacker” isn’t overly complicated in its attack. Since it knows that a 4-digit PIN is required, it simply tries every combination of numbers until it finds the right one. This would be possible for any human to perform also, but incredibly tedious. Apple devices don’t lock or shutdown after a certain number of failed log-in attempts, but after six failed attempts, a user must wait 5-minutes before trying again. This delay means that it could take weeks for a human to break into a device.

With “iCloud Hacker”, the human element is eliminated and codes are tirelessly inputted until one is successful. It also works around the 5-minute wait time by rebooting the device after six attempts.

Many are calling for Apple to improve security associated with ‘Lost Mode’, but there’s actually a fundamental security problem contained in any lost device. An intelligent criminal doesn’t even need to break the lock on your device. Instead, they only need to remove the hard drive and put it into another device. There, they can read and copy everything on it.

This prevents a criminal from using your device themselves or selling it to someone else, but your data and information is still very much at risk. Especially dangerous is the possibility that your hard drive is copied, returned to your device and your device is returned to you. With the lock still in place, many users will believe that their device and data are safe, when in actuality a criminal has all of their data.

Whether you’re using ‘Lost Mode’ or not, it’s important to encrypt your stored data. On your Mac, enable ‘Full Disk Encrpytion’ and you’ll add an extra layer of protection. There’ll be another password required to use your device and you’ll be given a 24-character recovery key in case you forget your password.

If you’d like to improve the security on any of your devices, or your device is in need of repairs, call Geek Rescue at 918-369-4335.

iOS Users Facing Another Security Flaw

February 25th, 2014

Frustrated smartphone user

There’s a security flaw in Apple’s mobile operating system, iOS. No, it’s not the same flaw that we reported yesterday. That widely publicized flaw allows attackers to intercept data being sent between your phone and web servers and an update that fixes it is already available for most affected users. This new flaw, as Lance Whitney of CNet reports, allows for the remote capture of “every character the victim inputs” on an iPhone or iPad.

The vulnerability was uncovered by security firm FireEye. A keylogging app is able to run in the background of any iOS 7 device because of a flaw in the Background App Refresh setting.

You may be wondering what the danger of a hacker being able to monitor every press of your touchscreen, or home button, or volume controls is. Attackers aren’t just able to monitor when you touch your screen, but precisely where on the X and Y axis. That means that passwords and log-in credentials could be stolen. Your phone’s lock screen could also be compromised. Think of everything you use your phone or tablet for and then consider how dangerous it would be to have a stranger looking over your shoulder the entire time.

Unlike the SSL vulnerability that was revealed recently, this iOS vulnerability requires a malicious app to be installed on the device first. Of course, there are a number of ways an app can make it’s way to your iPhone. Apps downloaded directly from the official App Store are usually legitimate, however. So, these malicious apps would likely come from 3rd party app stores or email attachments.

Apple has publicly stated that they’re working with FireEye to create a patch to fix the problem. In the meantime, users can close any apps running in the background by double-tapping their Home button. Close any apps you aren’t currently using. If there’s an app running that you don’t recognize, there’s a good chance that it’s malware.

If you have a device that’s been infected with malware, bring it to Geek Rescue or call us at 918-369-4335.

Apple Security Flaw Requires Immediate Update

February 24th, 2014

iPhone

Over the weekend, Apple released an update to its mobile operating system, iOS. Version 7.0.6 for iOS 7 devices and 6.1.6 for iOS 6 devices were seemingly rushed out to fix a bug that put users’ data at a significant risk. At Gizmodo, Brian Barrett explains why iOS users should update their devices as soon as possible.

The bug, or security vulnerability, that Apple is now attempting to fix involves a flaw in the operation of SSL, which stands for Secure Sockets Layer. Using SSL allows for private and secure communications between your web browser and the servers it need to communicate with to access different websites. When you see the small lock icon appear in your browser’s address bar, that means that SSL is functioning and securing your connection to the site you’re currently on.

Without SSL, everything you send to a server and receive back is up for grabs. SSL verifies that your browser is contacting the correct server for the website it’s displaying, but the Apple bug prevents that from happening. This opens the door for what’s called “man in the middle attacks”, which refers to a third party intercepting data intended for someone else. So, your log-in credentials for any online account you have, payment information for an online purchase, emails and a number of other potentially costly possibilities can all be stolen and monitored by criminals.

The vulnerability affects not only browser Safari, but also Calendar, Facetime, Keynote, Twitter, Mail, iBooks and more. Any time you’ve used one of these apps on an unsecured network, which could be anything from free WiFi in a coffee shop to the network at your job that doesn’t require a password, all the data you’ve accessed and submitted could have been intercepted.

This flaw has an update for devices dating back to the iPhone 3GS and fourth generation iPod Touch. Any devices older than that likely won’t have an update available to fix the problem. This is also an issue for Mac users with the OS X operating system. While there’s a known vulnerability for Macs, there isn’t currently a patch or update to fix it.

While exploits of this vulnerability only recently began being spotted, the SSL flaw has been in both iOS and OS X since September of 2012. For the past year and a half, data has been available through a fairly simple exploit on one of the most popular mobile devices. If you haven’t already updated, do so now. If there isn’t an update available for your device yet, avoid using the affected apps on any unsecured networks.

Security vulnerabilities are a serious concern for any device. If you’ve experienced an attack and have a device infected with malware, or want to explore additional security options, contact Geek Rescue at 918-369-4335.

Five Must-Haves For Mobile Security At Your Business

February 14th, 2014

Key in lock on smartphone

There are a number of advantages to becoming a more mobile business. Employees are able to access data from virtually anywhere, which can make them more productive and give them access to vital information when meeting with clients. It’s also much easier for them to collaborate with others. There’s also the bring your own device trend that allows employees to integrate their own mobile devices into their work. All of these allow for more productivity and connectivity, but they also all introduce new security concerns. At Network World, Ed Tittel lists some best practices all business owners should be familiar with for dealing with mobile security.

  • Anti-malware software

With more smartphones being used worldwide and more valuable data being accessed with them, it stands to reason that they’re becoming a more valuable target for criminals. Attacks have been observed on both iOS and Android devices. For devices that are used to access company data, you can’t afford to let them connect to your network without proper security apps in place.

  • VPNs

Typically, mobile communications are relatively easy for hackers to intercept. That’s why most experts recommend the use of a VPN, or virtual private network, to encrypt all communications between mobile devices and company servers. Cloud storage and an employee’s smartphone may both be properly protected, but when data is transferred between them there exists a vulnerability. Using a VPN eliminates that threat.

  • Authentication

If a device is used to access company data, it should be secured with multiple forms of authentication. It goes without saying that smartphones should require a password to unlock, but newer devices also allow for fingerprint scanning or even facial or vocal recognition. In addition, companies need to plan ahead for cases when devices are lost or stolen. The ability to remotely lock and wipe lost devices is vital to security.

  • No Third Party Software

Once an employee begins using their mobile device for work, they lose the ability to use whatever software they choose. There must be some consideration to the security of the device and the company’s data. Completely blocking the downloading and using of third party software is one way. Another is to allow exceptions once IT or management is informed that an individual wants to download a third party application and it’s been cleared.

  • Test And Audit

If you feel that you’ve put all the necessary precautions into place, you need to test to make sure there are no penetration points you’ve missed. How else will you be sure that your company’s data is protected from threats? Regular testing allows you to find vulnerabilities before the criminals do.

For help with the security at your business, contact Geek Rescue at 918-369-4335.

 

Four Ways Your iPhone Is Vulnerable To Attack

February 13th, 2014

iPhone

In Cisco’s Annual Security Report, they claim that 99-percent of mobile malware targeted Android in 2013. Whether or not that’s completely accurate, it’s safe to say that more threats exist for Android users than their iOS counterparts. That doesn’t mean, however, that security shouldn’t be a concern for iPhone users. As Tom Brewster of The Guardian reports, there were 387 documented security flaws in iOS in 2012 compared to only 13 for Android. When iOS debuted, another 70 flaws needed to be patched. The existence of flaws doesn’t mean attacks on them are inevitable, but it does illustrate how vulnerable iOS users are. Here are a few ways attackers could attack Apple devices.

  • Apps

Even if the base of iOS itself isn’t vulnerable to attacks, the apps that users add often are. One prominent flaw is the allowance of developers to switch the internet address that apps use to acquire data. Hackers are able to exploit this flaw and associate an otherwise legitimate app with their own malicious site. This allows the attackers to execute a variety of malicious actions on a user’s device.

  • App Store

Legitimate apps often contains security vulnerabilities, but there’s only been one documented case of a malicious app being allowed into the official App Store. That likely won’t be the case for long, however. Researchers have already demonstrated ways for a harmful app to be approved by Apple and earn a spot in the app store. One demonstrated app works legitimately when tested by Apple, but is able to rearrange its code when it’s downloaded by users to steal data and remotely control certain functions of the the device.

  • Public Networks

Insecure WiFi opens up a number of possible attacks, regardless of what device you’re using to access it. Not only does data being sent to and from your device become vulnerable, but data stored insecurely on your device could also be vulnerable to an attack. While these dangers aren’t limited to iOS users, the perceived security of Apple devices often leads to iPhone users being more cavalier in the use of their device, which can lead to valuable data being stolen with little effort.

  • Fake Certificates

This is another threat that isn’t limited to iOS, but certainly is a threat worth understanding. The use of fake, or stolen, security certificates is a growing trend in cyber attacks and allows for malicious programs to be accepted and executed. For example, an email that appears to be from a legitimate source asks users to download an application, update or even just a document. Without a trusted certificate, users would be warned about the download. With a false certificate, or one stolen from a legitimate source, an application is accepted as trusted by the operating system and malware is allowed to infect your device.

Protecting against these vulnerabilities often requires users to be more careful about how they use their devices. Understanding that your iPhone isn’t completely immune from common threats is important.

If you find that one of your devices has been infected by malware, call Geek Rescue at 918-369-4335.

 

 

Details On The Soon-To-Be-Released iOS Update

February 10th, 2014

Two iPhones

Apple’s mobile operating system, iOS 7, was released in September and since then, more than 80-percent of users with supported devices have adopted it. After a few rounds of beta updates, Apple seems poised to release the first significant update to iOS 7. As JC Torres of Slash Gear reports, iOS 7.1 is rumored to be released in March.

Don’t expect 7.1 to break any new ground, however. For the most part, the update is being released to fix common bugs and functionality issues users have reported, not to improve existing features or introduce many new features.

You can expect a few visual tweaks. The slide to unlock, dialer, keyboard and music functions are all expected to look a little different in iOS 7.1. When sliding to turn off your iPhone, you’ll rounded slider at the top of your screen and a white cancel button at the bottom. Slight adjustments to the slide to unlock screen and animation are also being made.

When answering calls, you’ll have the option to accept or decline in green and red circles, instead of rectangles. You’ll also have actual icons above those options for ‘Remind Me’ or ‘Message’.

The dialer has become visually more attractive with color gradients and accents. The large green ‘Call’ rectangle has also been replaced with a smaller, circular phone icon.

In the music app, users may notice more prominent buttons for repeat and shuffle options. Those are now ‘Repeat Song’ and ‘Shuffle All’ and have a pink background behind them.

Another minor change comes in the keyboard, where the shift and delete buttons are now more prominent and easier to discern.

There are also new options in Calendar and animation tweaks to the Control Center and Messages.

Perhaps the most exciting change coming wrapped in iOS 7.1 is iOS in the Car. This new features allows you to connect your iPhone to compatible cars and display iOS content like maps, directions and messages on the navigation screen.

The other exciting news surrounding the coming iOS update is a promised fix for the infamous ‘white screen of death’. This glitch has been causing many users to suffer unexpected reboots and crashes. Users of the iPhone 5S, iPad mini with Retina and iPad Air have all reported this problem.

If your Apple device’s problems can’t be fixed by an iOS update, call Geek Rescue at 918-369-4335 or come see us. We fix hardware and software problems, as well as malware infections and more.

 

Use Your iOS Device More Efficiently With These Tips

January 27th, 2014

iPad mini

There are still some users who don’t enjoy interacting with Apple’s iOS on their iPhone or iPad. For many of these users, their frustrations stem from not knowing the full capabilities and functionality of the operating system. At LifeHacker, Whitson Gordon has a list of shortcuts that make interacting with iOS more efficient. While some more advanced users will know many of these, there’s something for everyone to learn.

  • Pull down to refresh

For most users, this has become intuitive. But, some don’t realize that this gesture refreshes in nearly every situation. Pulling your email’s inbox down to check for new messages may be common knowledge, but you can also pull down a webpage to re-load it or pull down an app to refresh the content. Just make sure you pull down until you see an icon, then release to refresh.

  • Swipe for timestamps or more options

One common complaint about messaging in iOS is that timestamps aren’t included. Actually, they are but they’re not visible. To see when a message was sent or received, swipe left on the message. Use the same swipe over an email in Mail inbox to see more options, like a quick way to delete.

  • Swipe to go back

This is another gesture that works in nearly any situation in iOS. To go back one screen, or even back to the previous webpage, swipe from left to right. If you swipe slowly, you’ll be able to preview the previous screen before you decide to go back. If you swipe the opposite direction in Mail or Safari, you can go forward a screen.

  • iPad’s split keyboard

It feels a little cumbersome typing on an iPad’s digital keyboard. There’s a second option that not everyone knows about, however. Hold down the keyboard key, or just simply pull the keyboard apart to get a more comfortable split keyboard. Now, you can type with your thumbs like you do with a smartphone and you can move the keyboard to anywhere on the screen.

  • Quick event changes in Calendar 

If an event you’ve stored in Calendar needs to be changed, you could edit it and type in the new details. An easier way, however, is to hold down on the event in Day mode, then move the event to a new day or time, or even change the duration.

  • Quickly view drafts in Mail

Any saved drafts of messages are available in Mail’s main menu with the rest of the folders, but to reach them quicker, just hold down on ‘Compose’. A list of your drafts will pop up as a menu you can choose from.

These tips allow you to access functions of your Apple device faster and use it more efficiently. If you have other problems with your device, like slow performance, malware infections or broken hardware, come by Geek Rescue or give us a call at 918-369-4335.

Fix For iOS 7 Reboot Bug Coming Soon

January 23rd, 2014

iPhone 5C being examined

Apple’s latest operating system, iOS 7, was initially made available to users in September. Since then, there have been a number of complaints, but overall it’s been accepted positively. That is, except for one incessant bug that has plagued a number of users and has no fix. As Adario Strange reports at Mashable, the so called “white screen of death” may be cured in the next couple months.

The bug, which has been reported by users since iOS 7 first hit their iPhones, causes devices to suddenly freeze and then reboot. It’s unclear exactly what causes the soft reboot. Some users claim it only happens when their battery dips below 30-percent, while others report they’ve experienced a sudden reboot at various levels of battery.

Up until now, complaints of users have been largely ignored by Apple, but an official statement about when users can expect a fix has finally come out. Apple says they have a fix for the bug, but there is no exact date for when that fix will be released. Most likely, users will have to wait for the release of iOS 7.1, which is currently in its fourth beta. In addition to the bug fix, the update will likely make some other minor changes to design and the user interface. However, it won’t be available until sometime in March.

This particular fix will have to come from Apple, but for other problems with your iPhone or any other device, call Geek Rescue at 918-369-4335.