Date: 2015-11-01
Last Update: 2015-11-01
I have more security issues, but they are in bookmarks right now. I'll update them over the next few days. This page also needs organization.
Last Week Tonight with John Oliver: Encryption (HBO) Published on Mar 13, 2016 https://www.youtube.com/watch?v=zsjZ2r9Ygzw
18:00 minutes
Can an iPhone's fingerprint sensor really be hacked using PLAY-DOH? Researchers claim toy can (sometimes) bypass Apple's security
http://www.dailymail.co.uk/sciencetech/article-3471718/Can-iPhone-s-fingerprint-sensor-hacked-using-PLAY-DOH-Researchers-claim-toy-bypass-Apple-s-security.html
The company's president reveals in a video shared by NewsFix that getting past common fingerprint scanners is just a step above child's play, testing out the simple hack on reporters at MWC.
Inkjet can spoof mobile fingerprint security
http://www.scmagazine.com/inkjet-can-spoof-mobile-fingerprint-security/article/482621/
Kai Cao and Anil Jain of the University of Michigan wrote in their new report: ?We have proposed a simple, fast and effective method to generate 2D fingerprint spoofs that can successfully hack built-in fingerprint authentication in mobile phones.?
Here's how easy it is to get past an iPhone's fingerprint sensor
http://www.businessinsider.com/heres-how-easy-it-is-to-get-past-an-iphones-fingerprint-sensor-2016-2?r=UK&IR=T
The fingerprint sensor in your iPhone may seem like a secure way to keep your files safe, but it's actually pretty easy to get past it.
iOS Apps That Collect Users' Personal Info
http://mjtsai.com/blog/2015/10/20/ios-apps-that-collect-users-personal-info/
Apple: We've identified a group of apps that are using a third-party advertising SDK, developed by '''Youmi''', a mobile advertising provider, that uses private APIs to gather private information, such as user email addresses and device identifiers, and route data to its company server. This is a violation of our security and privacy guidelines. The apps using Youmi's SDK will be removed from the App Store and any new apps submitted to the App Store using this SDK will be rejected.
iOS 9 security flaw grants unrestricted access to Photos and Contacts - September 23, 2015
http://appleinsider.com/articles/15/09/23/ios-9-security-flaw-grants-unrestricted-access-to-photos-and-contacts
As described in Rodriguez's proof-of-concept '''video''' the procedure takes advantage of an apparent bug related to Siri lock screen access and iOS 9's five-attempt lockout policy. Under a specific set of circumstances invoking Siri from an iPhone or iPad's lock screen grants limited system access.
Cisco AnyConnect Secure Mobility Client is on Facebook - Sept 8, 2015
https://m.facebook.com/anyconnect/posts/1043581472380492
We have noticed a couple of OS regressions between iOS 8.4.1 and iOS 9 which have been reported to Apple. Most notable is that when doing Split Tunneling, the Tunnel All DNS option no longer functions as expected. This was reported to Apple under Radar # 22558059. This is not resolved in the iOS 9 release.