Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security...

To be fair to Apple, this behaviour is officially documented in Apple support article HT208086, entitled Use Bluetooth and Wi-Fi in Control Center with iOS 11, but in our opinion, you’d be forgiven for thinking that those those grey “off” icons on the Control Centre screen really meant “off”.

As the support article explains it, “off” in this context means something much more nebulous, namely:

Both Wi-Fi and Bluetooth will continue to be available, so you can use these important features: AirDrop, AirPlay, Apple Pencil, Apple Watch, Continuity features, like Handoff and Instant Hotspot, Instant Hotspot and Location Services.
Curiously, the support article also documents that both Wi-Fi and Bluetooth will automatically come back on when one of these happens:

You walk or drive to a new location. (Wi-Fi only.)
It’s 05:00 local time.
You restart your device.

Why risk breaking all the way into the phone if you can just hang around on the periphery and listen to all the data coming in and out?

It’s only been five days since Apple’s last security update for iOS, when dozens of serious security vulnerabilities were patched.

As we mentioned last week, the recent iOS 10.3 and macOS 10.12.4 updates included numerous fixes dealing with “arbitrary code execution with kernel privileges”.

Any exploit that lets an external attacker tell the operating system kernel itself what to is a serious concern that ought to be patched as soon as possible – hesitation is not an option.

After all, it’s the kernel that’s responsible for managing security in the rest of the system.

You can accelerate your own patch by manually visiting Settings | General | Software Update to force an upgrade, rather than waiting for your turn in Apple’s autoupdate queue.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

If you're an iPhone user who's downloaded iOS 11, you'll want to pay attention to this recent Tweet from F-Secure's head of hardware security Andrea Barisani.

iOS 11 comes with a new Control Center that opens when you swipe up from the bottom of the screen. But ironically, the app seems to be lacking some control. When you tap the Bluetooth and Wifi icons, while the phone disconnects from any current Bluetooth or Wifi connections, it doesn’t turn off those features completely.

That means new Bluetooth or Wifi connections can still be made. In order to make sure those features are off completely, you’ll need to go into the separate Settings app and turn them off there.

From a security and privacy perspective, it’s important to understand this distinction because turning off Bluetooth and Wifi when you’re not using them prevents your device from broadcasting information about itself.

Learn more / En savoir plus / Mehr erfahren: 

https://gustmees.wordpress.com/2013/12/21/privacy-in-the-digital-world-shouldnt-we-talk-about-it/

https://gustmees.wordpress.com/?s=privacy

Drive-by Wi-Fi i-Thing attack, oh my!
Don't skip this update

3 Apr 2017 at 22:46, Richard Chirgwin
Apple hasn’t provided much detail, but you don’t want to ignore the latest iOS release – 10.3.1 – because it plugs a very nasty Wi-Fi vulnerability.

Cupertino has rushed out the emergency patch because: “An attacker within range may be able to execute arbitrary code on the Wi-Fi chip” – meaning, presumably, that malicious packets gave attackers a vector.

The fix for the bug, which Apple attributes to Gal Beniamini of Google’s Project Zero, was a buffer overflow fixed by better input validation.

The bug affected iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation and later.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security