Happily, the attack can apparently be deterred by having a strong unlock passcode, which you already have set, right?
Owners of Mac and iOS devices have found their iPhones and iPads held for ransom through a hack that targets the Find My iPhone and Find My Mac features on these devices to trigger a remote lock of the device.
The Find My iPhone feature is meant to allow users to track missing devices on a map, remotely lock the phone in the event that the device is lost or stolen and display a message so that those who find it will see that custom message. First surfacing in numerous reports in Australia yesterday, this attack claims through the custom message to be perpetrated by an Oleg Pliss, likely a pseudonym given that the most visible person by that name is a software engineer at Oracle. The malicious hacker responsible asks through the displayed message for users to pay $100 through PayPal for the privilege of unlocking their phones.
via Apple Users Fend Off Ransom Attacks Against iPhones & Macs.
Another reminder that your encryption is only as secure as your keys:
Misleading blog post title aside, the fact is, ElcomSoft researchers did not crack AES-256, Luther Martin, a senior security architect at Voltage Security, wrote on the Superconductor blog on May 26. Digging deeper into Katalov’s post reveals that ElcomSoft researchers didn’t actually figure out a way to brute-force its way through the encryption, but circumvented the security measures altogether by obtaining the encryption keys stored on the device to unlock the data.
via iPhone 4 Encryption Remains Uncracked, but Password Keys Easy to Obtain – Security – News & Reviews – eWeek.com.
Just like the old “Check the security keypad buttons for wear” trick:
Security researchers from the University of Pennsylvania have highlighted a potential attack vector for accessing your mobile devices–the smudges from your fingertips.
In a paper (PDF) presented this week at the USENIX Security Symposium in Washington, D.C., the researchers revealed that oily residues on the surface of touch screens used on devices such as smartphones can be used to infer passwords.
via Smartphone Security Vulnerable to Touch-Screen Smudges, Researchers Report – Security from eWeek.
This’ll be very handy for small business owners and contractors.
Line2 gives your iPhone a second phone number — a second phone line, complete with its own contacts list, voice mail, and so on. The company behind it, Toktumi (get it?), imagines that you’ll distribute the Line2 number to business contacts, and your regular iPhone number to friends and family. Your second line can be an 800 number, if you wish, or you can transfer an existing number.
To that end, Toktumi offers, on its Web site, a raft of Google Voice-ish features that are intended to help a small businesses look bigger: call screening, Do Not Disturb hours and voice mail messages sent to you as e-mail. You can create an “automated attendant” —“Press 1 for sales,” “Press 2 for accounting,” and so on — that routes incoming calls to other phone numbers. Or, if you’re pretending to be a bigger business than you are, route them all to yourself.
via State of the Art – Line2 Allows iPhone Users to Sidestep AT and T – NYTimes.com.