iPhone location tracking is a security risk

On By mehranmuslimiblogIn CyberSecurity, TipsLeave a comment

There is no such thing as absolute privacy or security for smartphone users. The only way you can have control is by not storing information that you want to keep a secret on your phone.

As Apple CEO Tim Cook said last year, “The people who track on the internet know a lot more about you than if somebody’s looking in your window, a lot more.” It should make us pause to think about how we use our phones.

Apple, according to Zak Doffman, believes it is “privacy protector-in-chief,” and iOS14 is intended to demonstrate its privacy-first approach. Doffman points to the ongoing battle between Apple and Facebook over ad tracking, remarking, “Exploitation of our personal data has become a commodity traded between the world’s largest organisations.”

However, iOS users were surprised when Apple explained its location tracking. It is an invasive feature, and as Doffman says, “a perfect illustration of just because you can, doesn’t mean you should.”

Were you aware that the location tracking builds up a data collection of all the places you have visited, including times, dates, the type of transport you used to get there and how long you stayed at the location.

Jake Moore of ESET commented, “significant locations is one of those features hidden within the privacy section which many users tend not to be familiar with. I cannot think of a positive or useful reason why Apple would include this feature on any of their devices.”

If you check out the data repository on your iPhone, you will likely see that it stores certain places, times and dates, and that is because it is trying to work out if this might be important for a photo memory or a calendar entry. But do you really want this? I agree with Doffman when he says, “I don’t need my phone tracking every single location I visit and deciding which it deems significant to save me a few seconds of effort.”

According to Apple, the device wants to “learn the places that are significant to you.” However, you can breathe a small sigh of relief when you learn that the “data is end-to-end encrypted and cannot be read by Apple.”

What this illustrates is that even though the data is encrypted, you still don’t have absolute control over the security of your iPhone. John Opdenakker, an information security expert, said, “While Apple’s encryption and device-only restriction certainly reduces the security and privacy risks, I personally switched this feature off because it doesn’t offers real benefits and just feels creepy.”  He added, “What worries me from a privacy perspective is that this feature is enabled by default and that the setting is hidden away such that the average user probably doesn’t find it.”

Don’t forget that you can turn off other location-based services on your Apple device, such as ads and alerts. Want to know where to find them all? Just go to “Settings-Privacy-Location Services-System Services-Significant Locations.”

Google spanks naughty app developers

On By mehranmuslimiblogIn appsLeave a comment

If you have an app on the Google Play Store, and that app provides for in-app purchases, watch out, because the Big G is coming after you.

Currently, under Google’s rules, if you provide in-app purchases, you must use the Google Play Store’s billing services, which basically means that Google keeps around 30% of your revenue.

This is nothing new. It has always been the case. However, a number of developers have decided to ignore this rule and Google is not pleased. So, it plans to reinforce it. Apple is taking similar measures, so the news for developers is not good.

In response, a coalition of app publishers, such as Spotify, Epic Games and Basecamp, “have announced the creation of the “Coalition for App Fairness,” which hopes to more fair arrangements between app stores and publishers,” Johan Moreno reports. The new organization formalises efforts the companies already have underway that focus on either forcing app store providers to change their policies, or ultimately forcing the app stores into regulation. You can find out more on the coalition’s website, where the group details its key issues, including anti-competitive practices, such as the app stores’ 30% commission structure, and the inability to distribute software to billions of Apple devices through any other means but the App Store. The group sees this as an affront to personal freedom.

They just happen to be some of the developers that have been thwarting Google’s fee rule, according to Bloomberg. They have managed to do this, “by mandating that users sign up for services (and pay) through the app’s website, which avoids the need for in-app purchases.”

The problem for Google is Android’s open nature. It allows users to download third-party apps, whereas Apple has a closed app ecosystem. As Moreno says, “on some Android devices, there may be a third-party app store, operating completely without the guidance of Google.”

App developers may continue to circumvent Google by creating and popularising, “a third-party app marketplace that can be loaded onto Android that may provide more fair terms for developers.”

Would you pay a ransom for your cup of joe?

On By mehranmuslimiblogIn CyberSecurity, internetLeave a comment

If you’re a gadget-loving person, and you enjoy your coffee, then there is a very good chance that you have a coffee machine. However, I don’t suppose you’ve ever thought it might be a cybersecurity threat.

Davey Winder, a tech journalist, points caffeine addicts in the direction of a new report by security research firm Avasti, which as discovered, “smart coffee machines can not only be hacked but can be hacked with ransomware.”

One of Avasti’s senior researchers, Martin Hron, wrote in a recent blog, “The fresh smell of ransomed coffee”, about how he proved a myth was true when he turned a “coffee maker into a dangerous machine asking for ransom by modifying the maker’s firmware.”

Proving a myth

Hron goes on to say:”I was asked to prove a myth, call it a suspicion, that the threat to IoT devices is not just to access them via a weak router or exposure to the internet, but that an IoT device itself is vulnerable and can be easily owned without owning the network or the router.”

What Hron discovered was that the coffee machine acted as a Wi-Fi access point when switched on. This then established an unencrypted, unsecured connection to a companion app. From that point he was able to explore the machine’s firmware update mechanism, finding that because the updates were unencrypted, no authentication code was required. Hron, behaving as a hacker would, then reverse engineered the firmware stored in the machine’s Android app.

Crypto or coffee?

Perhaps you’ll smile at what Hron tried to do next. He attempted to turn the coffee machine into a cryptocurrency mining machine, something he found would be possible, although also impossibly slow due to the CPU speed. What he did instead, was perhaps more dramatic. Imagine your coffee machine starts making an ear-splitting noise and there is nothing you can do to stop it. Hron created a noise malfunction that could only be stopped by paying a ransom, or pulling the plug on your morning coffee forever.

A noisy attack

He effectively produced a ransomware attack that nobody could ignore. Winder writes, “The trigger for the attack was the command that connects the machine to the network, and the payload some malicious code that “renders the coffee maker unusable and asks for a ransom.”

Hrom also went a bit further. He inserted code that permanently turned on the hotbed and water heater as well as the coffee grinder.

If you have a coffee machine connected to the Internet, you are probably safe, but it’s useful to know that these machines can be attacked. But I do wonder, would you pay the ransom to have your smart coffee machine return to normal breakfast duties, or would you pull the plug and go back to an old skool method of brewing up a cup of joe?

Is 10.5k the Bitcoin resistance point?

On By mehranmuslimiblogIn Bitcoin, cryptoLeave a comment

If you’re a Bitcoin (BTC) owner, you may have been disappointed to see it fail to stay across the $12,000 mark, and it has dropped to hover between $10,000 and $10,500 during the past week.

As Charles Bovaird says in one of his most recent posts about the Bitcoin price, “In this time, the digital currency has failed to reach $10,500, and while it has fallen below $10,000, it has failed to stay below this level for long.”

So, what does Bovaird make of what is happening, and I should say that I follow his analysis of this market, because it has always proved to offer balanced information.

What Bovaird asks is this: is BTC encountering “significant resistance” at $10,500?

According to those he interviewed, the answer to that is yes. Why is it happening?

In the opinion of Kiana Danial, CEO of Invest Diva, “Bitcoin has found a short-term resistance at $10,500 which has acted as resistance multiple times in the past, including in June 2020, February 2020, and a number of times in 2019.” She also adds, “A break above $10,500 could open doors for further gains towards $11,150, while a break below $10,000 (the lower band of the current range) could lead to a revisit of the lows of back in July at around $9,300.”

John Todaro at TradeBlock is of a similar opinion. “Yes, we are facing resistance at $10,500,” he stated, adding, “$12,000 has proven to be a difficult ceiling to break through.”

Joe DiPasquale, CEO of cryptocurrency hedge fund BitBull, commented, “Bitcoin is consolidating in this range for now with support at $10K and resistance at $10.5K.” 

He also says, that if BTC doesn’t fall beneath $10,000, then we may see a retest of $10.5k. But if it does fall, to say $9,800, then we’re likely to see $9.5k shortly after.

But not all agree that BTC is facing resistance at $10,500. Marouane Garcon, MD of crypto-to-crypto derivatives platform Amulet, said, “I would say that $10,000, which was a level of resistance, is now the support and in this obvious accumulation phase, we’re testing that support level.”

Do you have any thoughts about what might happen to the price of Bitcoin in the next few months, and what events might affect it to raise the price, or cause it to fall?