flaw | KitGuru https://www.kitguru.net KitGuru.net - Tech News | Hardware News | Hardware Reviews | IOS | Mobile | Gaming | Graphics Cards Fri, 05 Oct 2018 15:29:32 +0000 en-US hourly 1 https://wordpress.org/?v=6.4.3 https://www.kitguru.net/wp-content/uploads/2021/06/cropped-KITGURU-Light-Background-SQUARE2-32x32.png flaw | KitGuru https://www.kitguru.net 32 32 Windows 10’s latest October Update is inexplicably deleting user files https://www.kitguru.net/gaming/operating-systems/damien-cox/windows-10s-latest-october-update-is-inexplicably-deleting-user-files/ https://www.kitguru.net/gaming/operating-systems/damien-cox/windows-10s-latest-october-update-is-inexplicably-deleting-user-files/#respond Fri, 05 Oct 2018 15:20:00 +0000 https://www.kitguru.net/?p=389669 Microsoft began rolling out its Windows 10 October Update earlier this week, allowing Nvidia RTX users to finally use real-time ray-tracing. Unfortunately, according to recent reports, users that do indulge the new update also risk potential loss of personal files. A number of user reports across Reddit claim to have witnessed the loss of files …

The post Windows 10’s latest October Update is inexplicably deleting user files first appeared on KitGuru.]]>
Microsoft began rolling out its Windows 10 October Update earlier this week, allowing Nvidia RTX users to finally use real-time ray-tracing. Unfortunately, according to recent reports, users that do indulge the new update also risk potential loss of personal files.

A number of user reports across Reddit claim to have witnessed the loss of files since installing the new Windows 10 October Update. Although the loss of Spotify and Discord doesn’t pose too much of an issue, sources indicate that all files from their Documents and Pictures folders were targets of the supposed bug.

Some users affected by the 1809 update were lucky enough to see ‘Desktop’, ‘Documents’ and ‘Downloads’ folders simply moved over to a secondary or tertiary drive. Many others, however, found that instead of being moved to another drive, the Recycle Bin or collected in a folder within the C:\Users directory, their files were entirely lost. One of the worst reports saw over 220GB of data vanish.

Connections have been drawn between the issue and Microsoft’s OneDrive cloud storage system, however it’s too early to determine what the cause is and whether or not there is a way to recover the missing data. Microsoft has stated that it is aware of the complaints and “actively investigating” the cases online, although it provided no details as to when a solution can be expected.

Currently, the Windows 10 October Update is only available to those that manually use the upgrade assistant, with automatic delivery planned for October 9th. In the meantime, it’s recommended that Windows users back up their personal data, particularly anything sensitive and sentimental, if not defer the update until an official fix has been released.

KitGuru Says: It seems as though C:\ drives were the only ones affected, so the easiest and quickest solution is to double-up on important data within secondary drives sooner rather than later. Overall, however, it’s much more effective to rely on an external drive away from these updates, as well as internal options.

The post Windows 10’s latest October Update is inexplicably deleting user files first appeared on KitGuru.]]>
https://www.kitguru.net/gaming/operating-systems/damien-cox/windows-10s-latest-october-update-is-inexplicably-deleting-user-files/feed/ 0
Tesla patches remote braking hack flaw found in Model S https://www.kitguru.net/gaming/security-software/jon-martindale/tesla-patches-remote-braking-hack-flaw-found-in-model-s/ https://www.kitguru.net/gaming/security-software/jon-martindale/tesla-patches-remote-braking-hack-flaw-found-in-model-s/#respond Wed, 21 Sep 2016 11:37:26 +0000 http://www.kitguru.net/?p=306755 Tesla has released a hotfix for its Model S electric car to close a potentially nasty hole in its security, which could have allowed hackers to remotely take control of the vehicle's Controller Area Network. The researchers who discovered it even showed themselves remotely activating the brakes of a Model S while it was in motion. …

The post Tesla patches remote braking hack flaw found in Model S first appeared on KitGuru.]]>
Tesla has released a hotfix for its Model S electric car to close a potentially nasty hole in its security, which could have allowed hackers to remotely take control of the vehicle's Controller Area Network. The researchers who discovered it even showed themselves remotely activating the brakes of a Model S while it was in motion.

This is the nightmare scenario that everyone looking to the future of connected cars imagines: you're relaxing, being driven along by your automated car and suddenly the brakes are on, the wheel is turning and you don't have time to stop it. All because a hacker took control of your vehicle using its remote access functions. Although Tesla has fixed this bug in the Model S, that is entirely possible with this sort of flaw.

teslahack

Keen researchers show taking over the in-car display of a Model S

It's a problem that is always going to exist when you have over the air updates for a car. Of course they have great advantages – the fact that Tesla was able to issue such a quick hotfix for the issue is one big example. It also makes the patching system convenient for users and practically invisible, but it is what allows these sorts of hacks to happen.

In the case of the Tencent Keen Security Lab which discovered this latest flaw, they were able to activate the brakes of the car, as well as open its doors and boot from a distance. All of this was done through a bug in the system's web browser.

[yframe url='http://www.youtube.com/watch?v=c1XyhReNcHY']

Of course we don't have the full details of the hack, as neither Tesla nor the researchers want any steps of it to become common knowledge. They did however post a video of the hack in action and praised Tesla for its speedy response to the bug.

Discuss on our Facebook page, HERE.

KitGuru Says: The bright side here is that a hack like this took a team of experts months to discover and perpetrate, so it shouldn't be something that's easy to achieve when these cars are more common place. However it is something that car companies will need to take very seriously as vehicles become more connected. 

The post Tesla patches remote braking hack flaw found in Model S first appeared on KitGuru.]]>
https://www.kitguru.net/gaming/security-software/jon-martindale/tesla-patches-remote-braking-hack-flaw-found-in-model-s/feed/ 0
Apple wants FBI to reveal how it hacked the iPhone https://www.kitguru.net/gaming/security-software/jon-martindale/apple-wants-fbi-to-reveal-how-it-hacked-the-iphone/ https://www.kitguru.net/gaming/security-software/jon-martindale/apple-wants-fbi-to-reveal-how-it-hacked-the-iphone/#comments Wed, 30 Mar 2016 08:18:20 +0000 http://www.kitguru.net/?p=288297 The FBI has been trying to force Apple to do something it doesn't want to for the past few months and now the shoe is on the other foot. Following the FBI calling off its legal demands and announcing it had used a third party to break into the San Bernardino attacker's smartphone, Apple now …

The post Apple wants FBI to reveal how it hacked the iPhone first appeared on KitGuru.]]>
The FBI has been trying to force Apple to do something it doesn't want to for the past few months and now the shoe is on the other foot. Following the FBI calling off its legal demands and announcing it had used a third party to break into the San Bernardino attacker's smartphone, Apple now wants to know how it did it.

The FBI and Apple have been tussling in courts and the press for a couple of months now, with the former wanting the latter to weaken the security on one of its iPhones, in order to find out potentially useful information on the San Bernardino attacker and his possible contacts. Apple repeatedly denied it, drawing support from other tech firms for doing so, as it said that it would affect the security of all iPhones around the world.

Although there was no real winner in the case, the FBI did eventually back down, but was able  to get the job done with what it described as a “third party,” instead. But as Apple has said all along, if a backdoor or flaw exists in iPhone security, that same exploit could be used by anyone, so it wants to know what and where it is, so it can shore up that hole.

iphonecode

Source: iPhoneBlog/Youtube

Much like the original case from the FBI, this is quite unprecedented. As the LATimes points out, while governments and intelligence agencies have used third party security companies and hackers before to help gain access to devices, none of it has played out in the public before. That's why Apple and more importantly, you and I, know about it.

But it does raise constitutional questions. If companies shouldn't be forced to put their customers at risk to help the government, should the government be allowed to put customers at risk without telling the affected company about it?

Apple will no doubt look to find a legal reason to compel the FBI to pass on details on the flaw, as if a flaw exists, it could be exploited by others whether it is disclosed to Apple or not. However intelligence agencies like the NSA have previously kept security holes under wraps for years so they can utilise them for their own efforts.

There is also some concern that now people know a flaw exists in the iPhone's security, that people will come out of the woodwork to try and crack it.

KitGuru Says: Although it seems unlikely that any software can be 100 per cent secure at any point, knowing that the iPhone has a particular weakness may well see people go looking for it. Do you think the FBI should inform Apple on what the flaw is?

The post Apple wants FBI to reveal how it hacked the iPhone first appeared on KitGuru.]]>
https://www.kitguru.net/gaming/security-software/jon-martindale/apple-wants-fbi-to-reveal-how-it-hacked-the-iphone/feed/ 23
Adobe patches Flash yet again after new security flaw emerges https://www.kitguru.net/gaming/security-software/matthew-wilson/adobe-patches-flash-yet-again-after-new-security-flaw-emerges/ https://www.kitguru.net/gaming/security-software/matthew-wilson/adobe-patches-flash-yet-again-after-new-security-flaw-emerges/#comments Fri, 11 Mar 2016 15:56:37 +0000 http://www.kitguru.net/?p=286734 This is becoming a very common occurrence. Today, Adobe has issued a new patch for Flash and is urging users to update their version of the software as yet another security flaw has been discovered. The patch fixes “critical vulnerabilities that could potentially allow an attacker to take control of an affected system”. This update …

The post Adobe patches Flash yet again after new security flaw emerges first appeared on KitGuru.]]>
This is becoming a very common occurrence. Today, Adobe has issued a new patch for Flash and is urging users to update their version of the software as yet another security flaw has been discovered. The patch fixes “critical vulnerabilities that could potentially allow an attacker to take control of an affected system”.

This update is a top priority for users on Mac OSX, Windows, Android, iOS and ChromeOS. There were apparently 23 different vulnerabilities in Flash which have now been fixed with this patch.

how-update-adobe-flash-player-problems-vulnerability-hacking-team-how-disable-mozilla

This is just the latest in security patches for Adobe Flash, which seems to need constant updates to plug flaws in the software. These constant issues have caused many companies to move away from Flash entirely as well, with giants like Google and Facebook believing that Flash will be completely obsolete in the not too distant future.

KitGuru Says: Adobe seems to be patching up Flash security issues on a very regular basis right now, which may lead to more companies dropping support for it in the future. 

The post Adobe patches Flash yet again after new security flaw emerges first appeared on KitGuru.]]>
https://www.kitguru.net/gaming/security-software/matthew-wilson/adobe-patches-flash-yet-again-after-new-security-flaw-emerges/feed/ 4
iPhones put into infinite boot loop with counter-Y2K issue https://www.kitguru.net/lifestyle/mobile/jon-martindale/iphones-put-into-infinite-boot-loop-with-counter-y2k-issue/ https://www.kitguru.net/lifestyle/mobile/jon-martindale/iphones-put-into-infinite-boot-loop-with-counter-y2k-issue/#comments Mon, 15 Feb 2016 09:13:26 +0000 http://www.kitguru.net/?p=284223 A new prank, nuisance and/or malicious attack on user hardware has emerged for 64bit iPhones and iPads that involves changing the date. Rolling it back all the way to the 1st January 1970 puts many modern iPhones into an infinite boot loop which many users have found it hard to recover from. Affected iPhones include the …

The post iPhones put into infinite boot loop with counter-Y2K issue first appeared on KitGuru.]]>
A new prank, nuisance and/or malicious attack on user hardware has emerged for 64bit iPhones and iPads that involves changing the date. Rolling it back all the way to the 1st January 1970 puts many modern iPhones into an infinite boot loop which many users have found it hard to recover from.

Affected iPhones include the 5S or newer, iPad Air or newer, iPad Mini 2 or newer and the sixth generation iPod and its contemporaries. The software flaw in this case was discovered (or at least popularised) by Redditors and can can be seen in action below. There are have been some reports of users in Apple stores setting the devices to the date in question, causing much annoyance for Apple staff.

Fortunately, as it stands forcing this boot-loop on devices requires several minutes of hard-access to the device, as you need to manually roll the date that far back. However one concern is that when iPhones use Wi-Fi to calibrate time based off of an NTP server, it could be possible to reset user clocks that way, sending their phones into the loop next time they restart (as per Ars).

[yframe url='http://www.youtube.com/watch?v=fY-ahR1R6IE']

At least if that happens though, there is a fix going around. Although wiping data or performing a factory reset doesn't do anything to fix the problem, killing the battery will. Either disconnecting it or de-charging it will cause the phone's on-board date to reset, kicking it out out of the boot loop.

Apple staff at stores are expected to be aware of the fix at this point, so should be able to help anyone that's run into the problem. However it's hoped that Apple will come up with a software fix for the flaw in the near future.

Discuss on our Facebook page, HERE.

KitGuru Says: Although we can't promise they won't be annoyed with you, this isn't a terrible prank to play on your friend who won't get off of their phone. 

The post iPhones put into infinite boot loop with counter-Y2K issue first appeared on KitGuru.]]>
https://www.kitguru.net/lifestyle/mobile/jon-martindale/iphones-put-into-infinite-boot-loop-with-counter-y2k-issue/feed/ 4
VPN flaw could allow anyone to view users’ real IPs https://www.kitguru.net/gaming/security-software/jon-martindale/vpn-flaw-could-allow-anyone-to-view-users-real-ips/ https://www.kitguru.net/gaming/security-software/jon-martindale/vpn-flaw-could-allow-anyone-to-view-users-real-ips/#comments Fri, 27 Nov 2015 12:00:05 +0000 http://www.kitguru.net/?p=276519 In the wake of the Edward Snowden revelations, obfuscating systems like encryption, the Tor browser and virtual private networks (VPN) have been championed by privacy advocates the world over as the best ways to protect your data online. However, that latter step may not be as useful as initially thought, as a new bug has …

The post VPN flaw could allow anyone to view users’ real IPs first appeared on KitGuru.]]>
In the wake of the Edward Snowden revelations, obfuscating systems like encryption, the Tor browser and virtual private networks (VPN) have been championed by privacy advocates the world over as the best ways to protect your data online. However, that latter step may not be as useful as initially thought, as a new bug has been discovered that could make it possible for anyone to view a user's real IP with ease.

The issue occurs if someone attempting to find information on a VPN user, hooks themselves up to the same VPN service. From there, if they forward traffic to a specific port and are able to trick the user into visiting a certain URL, the connection will reveal their original IP address, according to Perfect Privacy (via TorrentFreak).

It's even easier if the user is a torrent downloader, as then all the attacker has to do is port forward data to the standard Bittorrent port and they have the IP.

vpnissues

Source: Geralt/Pixabay

Affected companies included Private Internet Access, Ovpn.to and nVPN. They were told about the vulnerability a week ago however and have since fixed the problem. It wasn't a difficult fix either, with PIA suggesting that it simply needed to block access to forwarded ports from clients' real IP addresses.

Although this is obviously a serious issue, it should be taken into consideration that Perfect Privacy did use this opportunity to point out that while almost all VPNs are affected, its service isn't, so there is some self promotion in this story.

Discuss on our Facebook page, HERE.

KitGuru Says: It really is difficult to anonymise yourself online these days. How far do you go in trying to protect your privacy? 

The post VPN flaw could allow anyone to view users’ real IPs first appeared on KitGuru.]]>
https://www.kitguru.net/gaming/security-software/jon-martindale/vpn-flaw-could-allow-anyone-to-view-users-real-ips/feed/ 2
BAE Systems hired by TalkTalk for hack investigation https://www.kitguru.net/gaming/security-software/jon-martindale/bae-systems-hired-by-talktalk-for-hack-investigation/ https://www.kitguru.net/gaming/security-software/jon-martindale/bae-systems-hired-by-talktalk-for-hack-investigation/#respond Mon, 26 Oct 2015 09:12:38 +0000 http://www.kitguru.net/?p=272934 Following the hack of its website and theft of its customer data last week that may have affected as many as four million people, Talk Talk has hired on defence contractor BAE Systems to investigate how exactly those responsible were able to infiltrate TalkTalk's systems. It will also be making recommendations on security that would …

The post BAE Systems hired by TalkTalk for hack investigation first appeared on KitGuru.]]>
Following the hack of its website and theft of its customer data last week that may have affected as many as four million people, Talk Talk has hired on defence contractor BAE Systems to investigate how exactly those responsible were able to infiltrate TalkTalk's systems. It will also be making recommendations on security that would provide better protections for consumers in the future, as TalkTalk has been criticised for its lack of certain safeguards.

The hack took place late last week and was confirmed after those claiming responsibility posted a selection of data that appeared to be from Talk Talk customers. It was later shown that the nefarious individuals behind the breach had stolen usernames, passwords, emails and in some instances even financial data. They went on to demand a ransom payment from Talk Talk to stop them releasing the data.

Although Talk Talk did initially claim that there should be no risk of money being stolen from customers affected by the hack, Reuters reports that some have had phony phone calls from people claiming to be from Talk Talk and missing money from their accounts.

baesystems
BAE is primarily a military defence contractor. Source: Elliot Brown

Although criticism has been levied at Talk Talk for its allowing the security breach in the first place, others have suggested that had it encrypted all user data, the fall out would have been far less severe. It's also prompted many to call for new regulations from the government about standards of data protection.

The UK does have the Britain's Information Commissioner which is there to act as a watchdog when companies aren't' delivering adequate customer data security. It has the power to levy fines in instances of negligence, wilful or otherwise, so some are hoping it throws the book at Talk Talk as an example to others.

Discuss on our Facebook page, HERE.

KitGuru Says: Do you think Talk Talk should be fined for allowing its customer data to be copied away without much encryption protection?

The post BAE Systems hired by TalkTalk for hack investigation first appeared on KitGuru.]]>
https://www.kitguru.net/gaming/security-software/jon-martindale/bae-systems-hired-by-talktalk-for-hack-investigation/feed/ 0
Use Whatsapp on your PC? You could be at risk https://www.kitguru.net/gaming/security-software/jon-martindale/use-whatsapp-on-your-pc-you-could-be-at-risk/ https://www.kitguru.net/gaming/security-software/jon-martindale/use-whatsapp-on-your-pc-you-could-be-at-risk/#respond Wed, 09 Sep 2015 08:19:39 +0000 http://www.kitguru.net/?p=266836 While most people use their smartphone for the WhatsApp encrypted messaging service, some use WhatsApp Web to do the same thing. Available to Android, BlackBerry, Windows Phone and iOS users on their PCs, it lets people look at messages they've received and sent, including images and videos. However, those that do use the service are …

The post Use Whatsapp on your PC? You could be at risk first appeared on KitGuru.]]>
While most people use their smartphone for the WhatsApp encrypted messaging service, some use WhatsApp Web to do the same thing. Available to Android, BlackBerry, Windows Phone and iOS users on their PCs, it lets people look at messages they've received and sent, including images and videos. However, those that do use the service are vulnerable to a new threat which attempts to trick them into downloading malicious files.

The WhatsApp web service lets users send “vCards” to one another if they have the appropriate phone number, containing contact info. However those cards can also come bearing malware code and if opened, can execute.

whatshacked
Source: CheckPoint

While having a specific person's phone number makes it possible for nefarious individuals to target those people with malware, with over 900 million WhatsApp accounts the world over, there are plenty of people that could potentially be affected if random numbers are contacted in this way.

Fortunately then, WhatsApp has already responded to the news and has patched the hole. However, users will need to update their WhatsApp web software (if they are running at least version 0.1.4481 then you're fine) but it wouldn't hurt to clear their cache too, to make sure the vulnerability has been removed.

“We applaud WhatsApp for such proper responses, and wish more vendors would handle security issues in this professional manner. Software vendors and service providers should be secured and act in accordance with security best practices,” said security firm Check Point.

Discuss on our Facebook page, HERE.

KitGuru Says: With WhatsApp closing in on a billion users, it's easily the world's second largest communication platform behind Facebook, which is a sterling achievement. 

The post Use Whatsapp on your PC? You could be at risk first appeared on KitGuru.]]>
https://www.kitguru.net/gaming/security-software/jon-martindale/use-whatsapp-on-your-pc-you-could-be-at-risk/feed/ 0
Webcam streamer wants a job https://www.kitguru.net/gaming/security-software/jon-martindale/webcam-streamer-wants-a-job/ https://www.kitguru.net/gaming/security-software/jon-martindale/webcam-streamer-wants-a-job/#respond Tue, 25 Nov 2014 10:14:02 +0000 http://www.kitguru.net/?p=223366 Are you looking for someone that has a background in breaking webcam security? Perhaps a penchant for highlighting security flaws in major corporate software in the public eye? Then consider hiring on the man responsible for the recent webcam hacking scandal, as he's added a job listing to his site, requesting interested parties get in …

The post Webcam streamer wants a job first appeared on KitGuru.]]>
Are you looking for someone that has a background in breaking webcam security? Perhaps a penchant for highlighting security flaws in major corporate software in the public eye? Then consider hiring on the man responsible for the recent webcam hacking scandal, as he's added a job listing to his site, requesting interested parties get in touch.

Or at least he did, late yesterday. Already the advert appears to have disappeared, which makes you wonder if he received a lot of interest, or none at all and it was clear it was a fruitless effort. Before it was taken down however, the job listing read: “Programmer is looking for a good remote job. Skills: Linux, FreeBSD, C/C++, Python, MySQL,” before listing contact details.

feed
Originally the site had many people's home camera feeds freely available

The site now appears as it did before, albeit with cameras filtered so that only public location cameras are shown and no privacy invading sources are available for viewing on the site. Initially cameras all over the world were streamed, including ones being used as baby monitor.

This hack has been used as a good reminder to set up a stronger password than the default one when using cloud enabled cameras.

As well as the original creator filtering out many of the feeds available on the site, a lot of people in the UK have followed the story and improved their own security, as well as requesting that their feed be removed. This has led to the site's some 500+ British camera feeds being reduced to just a handful that show public places.

Discuss on our Facebook page, HERE.

KitGuru Says: Pointing out flaws is quite a solid way to showcase your skills at security provisioning, but doing so as publicly as this seems unlikely to net you many friends. What do you guys think?

[Thanks Telegraph]The post Webcam streamer wants a job first appeared on KitGuru.]]>
https://www.kitguru.net/gaming/security-software/jon-martindale/webcam-streamer-wants-a-job/feed/ 0
Heartbleed is a big problem, but don’t knee jerk react https://www.kitguru.net/gaming/security-software/jon-martindale/heartbleed-is-a-big-problem-but-dont-knee-jerk-react/ https://www.kitguru.net/gaming/security-software/jon-martindale/heartbleed-is-a-big-problem-but-dont-knee-jerk-react/#respond Thu, 10 Apr 2014 08:59:42 +0000 http://www.kitguru.net/?p=186854 Heartbleed is bad. For those that haven't heard yet, it's a security flaw that's potentially opened up as many as two thirds of the world's websites to digital thieves and the worst part is that the flaw has existed for over two years. However, while many parts of the web are screaming for users to …

The post Heartbleed is a big problem, but don’t knee jerk react first appeared on KitGuru.]]>
Heartbleed is bad. For those that haven't heard yet, it's a security flaw that's potentially opened up as many as two thirds of the world's websites to digital thieves and the worst part is that the flaw has existed for over two years. However, while many parts of the web are screaming for users to change their passwords wherever possible, it's important not to dive right in, because unless the site owner has updated OpenSLL and their SSL certificate, hackers could just steal your password again.

When it comes to vulnerabilities, Heartbleed isn't the easiest to understand, though I'm sure for some it's a cake walk. For a great rundown, have a look at Vox's explanation here, but if you want my summary, here you go:

Heartbleed is a vulnerability that affects the digital discussion between two PCs that are communicating using SSL encryption. It is able to replicate a “heartbeat” message, which is designed to tell each computer that the other is still connected, which can possibly lead to the tricked server sending back real information, like the contents of its RAM. This has the potential to give up very secretive data, like user passwords, credit card details and even the site's own private encryption key, which opens it up to even more snooping.

While this is a nasty flaw, it's the fact that its in a standard used by so many sites and has been around for so long, that makes it truly problematic.

heartbleed
Someone actually made an image for it, it's that serious

The good news in this whole situation is that someone discovered the flaw: a team of researchers at Codenomicon and Google Security in-fact and they informed the OpenSSL team who have now patched the hole. The question is, how long will every site owner take to update things at their end?

Of course most of the big names have gotten on it pretty speedily, with Google announcing that most of its services, including Youtube, Gmail, Google Play, Chrome and Chrome OS among others, have all been updated, though a few of its other services need some work.

So those sites are good to go on a password change if you want to eliminate the risk that someone stole your password as part of the hack, especially if you use that same password somewhere else. However, the best recommendation at this point is not to change it on any site that may not have updated its SSL yet, since doing so could just serve up your newly remembered password to whoever was taking advantage of the flaw (if anyone) any way.

If you have a favourite site but aren't sure if it's updated its SSL yet, you can run it through a checker tool here.

KitGuru Says: This is a pretty nasty one, but no one has publicly stated that they're sitting on a load of passwords. That's not necessarily proof that no one is, but it's a bit of circumstantial evidence. That's about the best we'll ever have I imagine. 

The post Heartbleed is a big problem, but don’t knee jerk react first appeared on KitGuru.]]>
https://www.kitguru.net/gaming/security-software/jon-martindale/heartbleed-is-a-big-problem-but-dont-knee-jerk-react/feed/ 0
iOS 5.0.1 bug discovered that gives contacts & phone access https://www.kitguru.net/lifestyle/mobile/apple/stephen-dougherty/ios-5-0-1-bug-discovered-that-gives-contacts-phone-access/ https://www.kitguru.net/lifestyle/mobile/apple/stephen-dougherty/ios-5-0-1-bug-discovered-that-gives-contacts-phone-access/#respond Thu, 23 Feb 2012 18:13:16 +0000 http://www.kitguru.net/?p=80359 There's a security flaw to be aware of with iOS 5.0.1 which allows someone to bypass the lock screen on GSM-based iPhones and have unauthorized access to contacts as well as the phone's calling features. The method used is admittedly fairly complicated and involves inserting and ejecting the phone's SIM card a number of times …

The post iOS 5.0.1 bug discovered that gives contacts & phone access first appeared on KitGuru.]]>
There's a security flaw to be aware of with iOS 5.0.1 which allows someone to bypass the lock screen on GSM-based iPhones and have unauthorized access to contacts as well as the phone's calling features.

The method used is admittedly fairly complicated and involves inserting and ejecting the phone's SIM card a number of times as a part of the process, as well as making several missed calls to the phone (which also means the attacker needs to know the victim's phone number).

Providing the hack is executed correctly and multiple deliberate attempts are made to return a missed call without the SIM card (or any network coverage), the iPhone will unlock itself straight to the Phone application, in which the SIM card can then be re-inserted and leaves the contact list exposed as well as the ability to make FaceTime calls etc.

You can get a better idea of what it takes to accomplish the hack in the video demonstration below.

KitGuru says: We are not sure if Apple is already aware of this flaw, but in any case we'd expect it will be addressed in time for the release of iOS 5.1 which is still currently undergoing developer testing.

The post iOS 5.0.1 bug discovered that gives contacts & phone access first appeared on KitGuru.]]>
https://www.kitguru.net/lifestyle/mobile/apple/stephen-dougherty/ios-5-0-1-bug-discovered-that-gives-contacts-phone-access/feed/ 0