Hasta La Gadget!

It turns out that the security features on the iPhone are so robust, that police are unable to decrypt them in order to gain access to possibly crucial information on suspects’ devices. This has led to federal agencies getting a hold of Apple in order to decrypt iPhones for them, but it turns out that so many devices are being requested for decryption, that Apple had to make a waiting list.

While forensics teams are known for having the technology to hack into computers for vital information, it seems that the iPhone is one device that authorities are having trouble with, according to CNET. Specifically, an agent from the bureau of Alcohol, Tobacco, Firearms and Explosives (ATF) said that we was added to a wait list by Apple in order to get an iPhone 4S decrypted, and it took approximately four months to finally get the device unlocked.

Apple’s iMessage service has been hailed as a “challenge” to break into, as all messages sent between iOS users are encrypted. Last month, the US Drug Enforcement Administration had trouble breaking into iMessage while trying to tap into suspects’ text messages, anad they most likely phoned Apple for help.

Of course, this is good news for anyone that’s paranoid about an outsider trying to hack into their iPhone’s deepest corners. Users can enable a password lock on their devices for added security, but we all know that doesn’t quite work all the time, as numerous loopholes have been found that give users access to devices even with a password lock enabled. While it’s highly unlikely that your phone will slip into the hands of someone who can quickly bypass a lock screen, it’s certainly something that doesn’t make us feel at ease.

Then again, iOS devices will be receiving the nod from the US Department of Defense as being secure enough to be used inside the Pentagon. As we all know, the Pentagon has some pretty confidential stuff that they deal with, so having secure devices is a must, and if forensics team can’t even break into an iPhone, that must say something about its security robustness.

SOURCE: CNET

Police iPhone decryption sees high demand, Apple makes them wait is written by Craig Lloyd & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

iMessage is a convenient way for iOS users to swap messages, and it seems that extends to those engaging in less-than-honest dealings, particularly of the drug variety in this case. The folks over at CNET got their hands on an internal Drug Enforcement Administration memo that details an investigation and the difficulty suspects who use Apple‘s messaging system pose.

Obviously this is good news for those who are hyper-conscious of their privacy and the snooping attempts of others, but not for government agencies trying to finger suspects for crimes. According to the DEA document, “it is impossible to intercept iMessages between two Apple devices.” iMessage uses end-to-end encryption, and is massively popular, with the service having been used to transmit billions of chat messages.

It seems that as part of the investigation discussed, DEA agents received court permission to grab suspects’ text message logs from Verizon, only to discover blocks of obviously missing content. That content, it turns out, was because the individuals under surveillance were intermittently using iMessage. According to the DEA, those messages can’t be grabbed using Title III interceptions, trace devices, or trap devices.

This is part of an ongoing problem for law enforcement, with various government agencies having pursued and actively pursuing measures to add ways for them to access these messages. The ACLU has another view of the issue, however, with its senior policy analyst Christopher Soghoian stating, “The real issue is why the phone companies in 2013 are still delivering an unencrypted audio and text service to users. It’s disgraceful.”

[via CNET]

Apple’s iMessage encryption foils snooping, leaked DEA document reveals is written by Brittany Hillen & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

If you use the internet – and we know you do – you need to read about the massive “hacker” meltdown experienced by an online journalist this week due to security holes between cloud systems in two major networks. The “hack” as some are calling it – rather a clever realization, when it comes down to it – had one user’s account opened up with a simple phone call to Amazon. Once Amazon allowed the fake user to access one simple element in the victim’s account, the rest came tumbling down like a house of cards.

The key piece to this puzzle was the Amazon call-in policy that allowed anyone to change an email address of a user account just so long as they could identify the user’s name, email, and physical mailing address. This ability is no longer allowed as of this morning, with Amazon commenting to Wired that they changed the policy for “your security”, refusing to comment further.

The exploit – again this isn’t really a hack when it comes down to it, only needed the “hacker” to have the victim’s email – easy to guess – their full name – again, obvious – and their physical mailing address. This last bit was available, in this case, in a “whois” of a site that the victim owned. A “whois” is a listing of the ownership of a website, aka “Domain Registration Information” that many web hosts make available without question.

Once the hacker was able to change the email of his victim’s Amazon account, they were also able to see the last four digits of the victim’s credit card – these last four digits available to any person who is logged in to their own account, of course. Once the hackers had this, they were able to call in to Apple’s iCloud support with said information to “confirm” their way into his iCloud account as well. One company’s freely available account information used to easily bust in to another’s.

Now this “hole” is fixed, but you need to still be on your guard. Keep your eyes open for exploits such as these, have a peek at our post this morning about double-locking your Google account, for example, and simply stay smart.

Massive Amazon security hole “fixed” without comment is written by Chris Burns & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.