Connect with us

Biz & IT

iOS 13: Here are the new security and privacy features you might’ve missed

Published

on

In just a few weeks Apple’s new iOS 13, the thirteenth major iteration of its popular iPhone software, will be out — along with new iPhones and a new iPad version, the aptly named iPadOS. We’ve taken iOS 13 for a spin over the past few weeks — with a focus on the new security and privacy features — to see what’s new and how it all works.

Here’s what you need to know.

You’ll start to see reminders about apps that track your location

Ever wonder which apps track your location? Wonder no more. iOS 13 will periodically remind you about apps that are tracking your location in the background. Every so often it will tell you how many times an app has tracked where you’ve been in a recent period of time, along with a small map of the location points. From this screen you can “always allow” the app to track your location or have the option to limit the tracking.

You can grant an app your location just once

2 location ask

To give you more control over what data have access to, iOS 13 now lets you give apps access to your location just once. Previously there was “always,” “never” or “while using,” meaning an app could be collecting your real-time location as you’re using it. Now you can grant an app access on a per use basis — particularly helpful for the privacy-minded folks.

And apps wanting access to Bluetooth can be declined access

Screen Shot 2019 07 18 at 12.18.38 PM

Apps wanting to access Bluetooth will also ask for your consent. Although apps can use Bluetooth to connect to gadgets, like fitness bands and watches, Bluetooth-enabled tracking devices known as beacons can be used to monitor your whereabouts. These beacons are found everywhere — from stores to shopping malls. They can grab your device’s unique Bluetooth identifier and track your physical location between places, building up a picture of where you go and what you do — often for targeting you with ads. Blocking Bluetooth connections from apps that clearly don’t need it will help protect your privacy.

Find My gets a new name — and offline tracking

5 find my

Find My, the new app name for locating your friends and lost devices, now comes with offline tracking. If you lost your laptop, you’d rely on its last Wi-Fi connected location. Now it broadcasts its location using Bluetooth, which is securely uploaded to Apple’s servers using nearby cellular-connected iPhones and other Apple devices. The location data is cryptographically scrambled and anonymized to prevent anyone other than the device owner — including Apple — from tracking your lost devices.

Your apps will no longer be able to snoop on your contacts’ notes

8 contact snoop

Another area that Apple is trying to button down is your contacts. Apps have to ask for your permission before they can access to your contacts. But in doing so they were also able to access the personal notes you wrote on each contact, like their home alarm code or a PIN number for phone banking, for example. Now, apps will no longer be able to see what’s in each “notes” field in a user’s contacts.

Sign In With Apple lets you use a fake relay email address

6 sign in

This is one of the cooler features coming soon — Apple’s new sign-in option allows users to sign in to apps and services with one tap, and without having to turn over any sensitive or private information. Any app that requires a sign-in option must use Sign In With Apple as an option. In doing so users can choose to share their email with the app maker, or choose a private “relay” email, which hides a user’s real email address so the app only sees a unique Apple-generated email instead. Apple says it doesn’t collect users’ data, making it a more privacy-minded solution. It works across all devices, including Android devices and websites.

You can silence unknown callers

4 block callers

Here’s one way you can cut down on disruptive spam calls: iOS 13 will let you send unknown callers straight to voicemail. This catches anyone who’s not in your contacts list will be considered an unknown caller.

You can strip location metadata from your photos

7 strip location

Every time you take a photo your iPhone stores the precise location of where the photo was taken as metadata in the photo file. But that can reveal sensitive or private locations — such as your home or office — if you share those photos on social media or other platforms, many of which don’t strip the data when they’re uploaded. Now you can. With a few taps, you can remove the location data from a photo before sharing it.

And Safari gets better anti-tracking features

9 safari improvements

Apple continues to advance its new anti-tracking technologies in its native Safari browser, like preventing cross-site tracking and browser fingerprinting. These features make it far more difficult for ads to track users across the web. iOS 13 has its cross-site tracking technology enabled by default so users are protected from the very beginning.

Read more:

Source link

Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published.

Biz & IT

Netflix’s ad-supported plan likely to have another drawback: No video downloads

Published

on

Getty Images | Bloomberg

The presence of advertisements apparently won’t be the only major difference between Netflix’s ad-supported and ad-free plans. Text reportedly found in the code of Netflix’s iPhone app suggests the ad-supported plan won’t let users download movies and shows for offline viewing.

The text says, “Downloads available on all plans except Netflix with ads,” according to a Bloomberg report yesterday. The text was discovered by iOS developer Steve Moser, who wrote about it on his blog. Unsurprisingly, the Netflix app “code also suggests that users won’t be able to skip ads—a common move in the streaming world—and playback controls won’t be available during ad breaks,” Bloomberg wrote.

Netflix has been offering video downloads in its apps since late 2016. A Netflix spokesperson told Ars, “We are still in the early days of deciding how to launch a lower-priced, ad-supported tier and no decisions have been made. So this is all just speculation at this point.”

Moser’s blog post said he also found Netflix app text from a setup process for new subscribers who select the ad-supported plan. The text refers to the use of personalized ads. “Now, let’s set up your ad experience. We just need a few details to make sure you get the most relevant ads on Netflix. It’ll be really quick, we promise!” the text says.

Hulu similarly makes downloads available only to users on its no-ads plans. HBO Max also requires an ad-free plan for downloads.

Ad tier planned for early 2023

After years of resisting ads, Netflix Co-CEO Reed Hastings announced in April that the streaming service will offer an ad-supported tier. Netflix says it plans to launch the ad-supported tier in early 2023.

Netflix prices in the US range from $9.99 for “Basic” to $19.99 a month for “Premium.” Netflix says the “lower priced ad-supported subscription plan” will be offered “in addition to our existing ads-free basic, standard, and premium plans.”

Netflix hasn’t said what the ad-supported plan will cost or whether it will have other limits like the ones in Netflix’s cheapest current plan. The Basic plan, which is currently the cheapest option, does not provide high-definition video and has two other notable limits: Basic users can’t watch on more than one screen at a time, and they can only download videos on one phone or tablet.

The $15.49-per-month Standard plan allows HD video and lets subscribers watch on two screens simultaneously and download videos on two devices. The $19.99 Premium plan allows 4K viewing, the ability to watch on four screens simultaneously, and downloads on up to four devices.

Netflix losing subscribers

Netflix is also cracking down on account-sharing by testing an “extra member” fee in some countries and an “extra home” fee in others. A Netflix letter to shareholders said the company aims to complete a broader rollout of sharing fees next year.

Netflix last month reported a loss of 970,000 paid streaming subscribers in Q2 earnings after having lost 200,000 customers in the first quarter of 2022. Worldwide paid memberships decreased from 221.64 million to 220.67 million in Q2, and revenue growth has slowed dramatically.

Netflix says the ad-supported tier is key to improving revenue and profits. “While it will take some time to grow our member base for the ad tier and the associated ad revenues, over the long run, we think advertising can enable substantial incremental membership (through lower prices) and profit growth (through ad revenues),” Netflix’s quarterly letter to shareholders said.

Netflix hired Microsoft to provide advertising technology, saying that “Microsoft offered the flexibility to innovate over time on both the technology and sales side, as well as strong privacy protections for our members.”

Continue Reading

Biz & IT

Zoom patches critical vulnerability again after prior fix was bypassed

Published

on

Enlarge / A critical vulnerability in Zoom for MacOS, patched once last weekend, could still be bypassed as of Wednesday. Users should update again.

Getty Images

It’s time for Zoom users on Mac to update—again.

After Zoom patched a vulnerability in its Mac auto-update utility that could give malicious actors root access earlier this week, the video conferencing software company issued another patch Wednesday, noting that the prior fix could be bypassed.

Zoom users on macOS should download and run version 5.11.6 (9890), released August 17. You can also check Zoom’s menu bar for updates. Waiting for an automatic update could leave you waiting days while this exploit is publicly known.

Zoom’s incomplete fix was reported by macOS security researcher Csaba Fitzl, aka theevilbit of Offensive Security. Zoom credited Fitzl in its security bulletin (ZSB-22019) and issued a patch the day before Fitzl tweeted about it.

Neither Fitzl nor Zoom detailed how Fitzl was able to bypass the fix for the vulnerability first discovered by Patrick Wardle, founder of the Objective-See Foundation. Wardle spoke at Def Con last week about how Zoom’s auto-update utility held onto its privileged status to install Zoom packages but could be tricked into verifying other packages. That meant malicious actors could use it to downgrade Zoom for better exploit access or even to gain root access to the system.

Continue Reading

Biz & IT

Ring patched an Android bug that could have exposed video footage

Published

on

Enlarge / Ring camera images give you a view of what’s happening and, in one security firm’s experiments, a good base for machine learning surveillance.

Ring

Amazon quietly but quickly patched a vulnerability in its Ring app that could have exposed users’ camera recordings and other data, according to security firm Checkmarx.

Checkmarx researchers write in a blog post that Ring’s Android app, downloaded more than 10 million times, made an activity available to all other applications on Android devices. Ring’s com.ring.nh.deeplink.DeepLinkActivity would execute any web content given to it, so long as the address included the text /better-neighborhoods/.

That alone would not have granted access to Ring data, but Checkmarx was able to use a cross-site scripting vulnerability in Ring’s internal browser to point it at an authorization token. Next, Checkmarx obtained a session cookie by authorizing that token and its hardware identifier at a Ring endpoint and then used Ring’s APIs to extract names, email addresses, phone numbers, Ring device data (including geolocation), and saved recordings.

Checkmarx’s video, featuring footage tests and a hoodie-wearing hacker.

And then Checkmarx kept going. With access to its own example users’ recordings and any number of machine-learning-powered computer vision services (including Amazon’s own Rekognition), the security firm went wide-angle. You could, the firm found in its tests, scan for:

  • Safes, and potentially their combinations
  • Images of documents containing the words “Top Secret” or “Private”
  • Known celebrities and political figures
  • Passwords and passcodes
  • Children, alone, in view of a Ring camera

To be clear, the vulnerability was seemingly never exploited in the wild. Checkmarx reported it on May 1, Amazon confirmed its receipt the same day, and a fix was released (3.51.0 for Android, 5.51.0 for iOS). Checkmarx says that Amazon responded to the high-severity issue with acknowledgment but also deferral. “This issue would be extremely difficult for anyone to exploit because it requires an unlikely and complex set of circumstances to execute,” Amazon told Checkmarx.

Erez Jalon, VP of security research at Checkmarx, told The Record that taped-together vulnerabilities are coveted among hackers.

“Each would be problematic, but chaining them together, something hackers always try to do, made it so impactful.”

Continue Reading

Trending