News Posting: First Firmware Worm Able to Infect Macs Created by Researchers
August 5, 2015, 6:04 am
News Posting: Banks 'scrambling' to combat Apple Pay identity fraud - report
March 2, 2015, 7:20 pm
News Posting: Exterior Decorations at Yerba Buena Center Nearly Complete Ahead of October 22 Event
October 18, 2013, 9:05 pm
News Posting: Researchers Claim Apple Can Potentially Access Encrypted iMessages
October 17, 2013, 9:32 pm
News Posting: Apple may be planning to release a 12-inch MacBook
October 14, 2013, 4:38 am
View All »
The Apple Crazed Educator
This is a group for Educators that love APPLE. If you don't like the iPhone / iPad / Mac etc., go away! If you want to find and share ways that Apple can make your classroom work better and improve you life - please join and help other!
First Firmware Worm Able to Infect Macs Created by Researchers
The worm was created by security engineer Trammell Hudson, who first discovered the Thunderstrike exploits, and Xeno Kovah, owner of firmware security consultancy LegbaCore. When Thunderstrike made waves earlier this year, it was a limited proof-of-concept attack with no known presence in the wild, but Thunderstrike 2 demonstrates a real-world worm able to target Macs using the same general vulnerabilities.
Thunderstrike 2, unlike the first demonstration of Thunderstrike, is able to infect a Mac remotely through a malicious website or email. Once on a Mac, it's able to spread itself to other Macs by hiding in the option ROM of peripheral devices like Apple's own Thunderbolt to Gigabit Ethernet adapter, external SSDs, RAID controllers, and more. Once infected by a Mac that has the Thunderstrike 2 worm, the peripheral would go on to infect any other Mac it connects to.
"People are unaware that these small cheap devices can actually infect their firmware," says Kovah. "You could get a worm started all around the world that's spreading very low and slow. If people don't have awareness that attacks can be happening at this level then they're going to have their guard down and an attack will be able to completely subvert their system."Removing malware embedded into a Mac's firmware would need to be done at the hardware level, making it particularly dangerous. According to the researchers, Apple has not done enough to fix the vulnerabilities that leave Macs open to these kind of attacks.
"Some vendors like Dell and Lenovo have been very active in trying to rapidly remove vulnerabilities from their firmware," Kovah notes. "Most other vendors, including Apple as we are showing here, have not. We use our research to help raise awareness of firmware attacks, and show customers that they need to hold their vendors accountable for better firmware security."Kovah and Hudson have notified Apple about the Thunderstrike 2 vulnerabilities, but thus far, Apple's only fixed one of five security flaws and introduced a partial fix for a second. Three of the vulnerabilities have not yet been patched, but it's likely Apple is working to get the flaws fixed in an upcoming security update.
More information on Kovah and Hudson's research and the Thunderstrike 2 exploit can be found in a lengthy report over at Wired.
Banks 'scrambling' to combat Apple Pay identity fraud - report
By Sam Oliver
Monday, March 02, 2015, 11:01 am PT (02:01 pm ET)Apple Pay has proven to be a venue of convenience for criminals focusing on identity fraud, a new report suggests, with many fraudsters taking advantage of lax customer verification controls put in place by Apple's partner banks to make brick-and-mortar purchases using stolen credit cards via the growing mobile payment service.
Apple Pay itself has not been exploited, according to The Guardian, with issues instead arising at the issuing banks. The problem centers around the processes those banks use to verify customers' identity when adding a card to Apple Pay.
When adding a card, banks can reportedly choose to accept it immediately — using a so-called "green path" — or require additional verification, via a "yellow path." Apple provides the banks with contextual information, such as the name of the device Apple Pay is being configured on, the device's current location, and data about the length of iTunes transaction history, during setup to help identify cases where more stringent checks are required.
The yellow path processes have apparently been found lacking in some cases, with unnamed partner banks asking only for relatively easily-obtainable information, such as the last four digits of the customer's social security number. Once approved, criminals can then use Apple Pay to purchase products at retail, later selling them for cash — with Apple retail stores apparently a particularly attractive target.
Apple is said to have initially made the yellow path optional for banks, changing its mind to require such a process less than one month before Apple Pay's debut. That left banks little time to sort out a solution, with many falling back to call center-based procedures.
As part of their Apple Pay agreements, issuing banks agreed to accept liability for fraud through the platform. Thus far, that amount is thought to have risen into the millions of U.S. dollars, and banks are working on fixes.
"These are probably just some teething problems," Tim Sloan, an executive at financial consultancy Mercator Group, told the paper. "If the banks can nail down the authentication, they should see less fraud on Apple Pay," he continued, adding that "battle plans always look great until you meet the enemy."
Exterior Decorations at Yerba Buena Center Nearly Complete Ahead of October 22 Event
Click for larger
Apple's event kicks off next Tuesday, October 22 at 10:00 AM Pacific Time and the company is expected to introduce a number of new products including both hardware and software. New iPads are expected to be a major focus of the event, but OS X Mavericks, Mac Pro, and other products will also be addressed.
Researchers Claim Apple Can Potentially Access Encrypted iMessages
Thursday October 17, 2013 10:54 am PDT by Juli CloverFollowing the revelation of government data gathering program PRISM in June, Apple released a statement on customer privacy that suggested the company was unable to access or decrypt iMessage and FaceTime conversations.
According to researchers who presented at the Hack the Box conference in Kuala Lumpur (via Macworld), it is actually possible for someone inside Apple to intercept messages because the company has access to public iMessage keys.
The company's claim that iMessage is protected by unbreakable encryption is "just basically lies," said Cyril Cattiaux, who has developed iOS jailbreak software and works for Quarkslab, a penetration testing and reverse engineering company in Paris.To encrypt iMessages, Apple utilizes public key cryptography, which means that every Apple device is assigned both a private key and a public key. When an iMessage is sent, it requests the public key of the recipient's device to encrypt the message, which is then decrypted by a private key upon receipt.
The researchers emphasized they have no indication that Apple or the government is reading iMessages, only that it would be possible to do so.
Because Apple manages public keys and does not divulge them to users, it is not possible to verify that a sent iMessage is going to the intended recipient. Apple could, for example, substitute or add a public key to intercept an outgoing message without the sender being aware of the change, as end users do not have access to public keys.
With a public server, such as MIT’s PGP Public Key Server, the sender can at least see more information, such as whether a key has changed. At that point, the sender can decide whether they want to trust it or not if they suspect a man in the middle attack. Apple’s key server is not public, the researchers say.According to the researchers, there would be no way for an end user to detect an intercepted or rerouted message from their iOS device, as it is impossible to see whether or not a key has been switched or where a message has been routed. The solution to the issue, to introduce true end-to-end encryption, would require Apple to store public keys on each iOS device to allow users to compare keys to verify that messages are going to the intended recipient.
"The biggest problem here is you just cannot control that the public key you are using when you are ciphering the message is really the key of your recipient and not, for example, the public key of some guy in Apple," Cattiaux said.
Earlier this year, a Drug Enforcement Agency document noted that it was impossible for law enforcement agencies to eavesdrop directly on iMessage conversations due to Apple's encryption, but it appears that Apple itself could potentially intercept those messages using public keys.
Apple may be planning to release a 12-inch MacBook
Specifically, the new MacBook is expected to feature a clamshell form factor even thinner than the current MacBook Air, and may debut at a lower-price point than the current Retina MacBook Pro line due to an improving yield rate. While Kuo stops short of calling the new model a replacement for the current MacBook Air line, his description of the model suggests that it would indeed supplant Apple's current ultra-slim notebook line.
We expect the unprecedented 12” model will boast both the portability of the 11” model, and productivity of the 13” model. The high resolution display will also offer the outstanding visual experience of the Retina MacBook Pro. The offering will likely be lighter and slimmer than the existing MacBook Air to further highlight ease of portability in the cloud computing era. We think the form factor will showcase a much improved clamshell structure, and that it will redefine laptop computing once again following the milestone created by the MacBook Air.Kuo's claims match with a report from NPD DisplaySearch analysts earlier this week claiming that Apple is planning to introduce a new 12-inch MacBook Air next year. That new model was predicted to use a high-resolution 2304 x 1440 display
Both rumors also fall in line with earlier reports that Apple is set to move to IGZO displays for many of its future products, allowing for higher-resolution displays with lower power consumption.
Kuo has generally been quite accurate with his predictions over the past several years, including accurately outlining many of the details of Apple's 2013 launch plans as far back as January. Other accurate predictions have included the introduction of a "third MacBook line" that arrived in the form of Retina MacBook Pro models and thediscontinuation of the 17-inch MacBook Pro last year.
Related roundup: MacBook Air
Apps on iPhone 5s Reportedly Crashing Twice as Often as on iPhone 5c and iPhone 5
Friday October 11, 2013 7:24 am PDT by Richard PadillaAccording to a study by mobile application mangement platform Crittercism, iOS apps are twice as likely to crash on the new iPhone 5s as they are when running on the iPhone 5 and 5c, reports AllThingsD.
The app crash rates on the iPhone 5s are attributed to the unforseen issues that developers have had transitioning to the new internals of the iPhone 5s, such as rewriting drivers and code for the phone's 64-bit A7 chip and M7 coprocessor. Apple notably began allowing developers to submit 64-bit apps for the iPhone 5s on September 16, just four days before the launch of the device itself.
“Anytime there is new hardware or software release, we see issues,” Crittercism CEO Andrew Levy said in an interview. “Inevitably, over time, those issues get resolved.”However, the company compliments Apple for releasing two updates in quick succession for iOS 7, stating that the company is "doing a really good job of addressing these issues as they come up.” Since its launch last month, a number of noteworthyapps have been redesigned or optimized for the iPhone 5s, with more developers stating that they will update their apps to accommodate the new processor in the near future.
Levy said that perhaps the reason the iPhone 5s is seeing more crashes than the equally new iPhone 5c is that, while developers were able to check their apps for compatibility with iOS 7 during several months of beta testing, the new hardware wasn’t available ahead of time. The iPhone 5s packs a new 64-bit A7 chip and an M7 coprocessor, while the 5c is nearly identical, internally, to the iPhone 5.
Benchmarks: iPhone 5s lives up to the hype
@jimgalbraith Sep 24, 2013 4:45 AMprint
While much of the recent discussion about the new iPhone 5s and 5c has been about colors and availability, the Macworld Lab has been busy thinking about the new iPhones’ performance. We put our new iPhone 5s and 5c models to the test and found that the devices to live up to—and in some cases surpass—Apple’s marketing claims.
While many things about the new iPhones are similar to last year’s iPhone 5 (including the same 4-inch screen, 1136-by-640-pixel resolution, and storage capacity), a number of under-the-hood changes range from subtle to startling.
The iPhone 5s features a brand-new 64-bit A7 processor running at 1.3GHz. The iPhone 5c is powered by the A6 processor Apple introduced in last year’s iPhone 5. Apple says the new A7 chip is up to twice as fast as the A6 in both processing and graphics. Interestingly, most of tests we ran show the iPhone 5s to be twice as fast as the iPhone 5c, but the 5c proved to be a bit slower than last year’s iPhone 5 with the same 1.3GHz A6 processor.
Geekbench 3 (Single-Core Score)
iPhone 5s 1393.0
iPhone 5c 671.0
iPhone 5 723.0
iPhone 4S 217.0
iPhone 4 213.0
HTC One 591.0
Samsung Galaxy S4 667.0
Higher scores/longer bars are better.
Geekbench 3 (Multi-Core Score)
iPhone 5s 2485.0
iPhone 5c 1180.0
iPhone 5 1302.0
iPhone 4S 412.0
HTC One 1507.0
Samsung Galaxy S4 1862.0
Higher scores/longer bars are better.
The iPhone 5s’s Geekbench score was more than twice that of the iPhone 5c. Last year’s iPhone 5, however, was about 10 percent faster than the new 5c in this test. The iPhone 5s score was six times that of the score of the iPhone 4S.
I thought it might be interesting to see how the new iPhones stood up against a couple of popular Android phones, the Samsung Galaxy S4 and HTC One. Even though those Android phones use quad-core Qualcomm Snapdragon processors, the A7-powered iPhone 5s earned a Geekbench 3 Multi-Core score that was 33 percent higher than the Galaxy S4 and 65 percent higher than the HTC One. The iPhone 5s score was more than twice that of the Android phones in the Geekbench single-core tests. The Galaxy S4’s single-core score was almost identical to that of the iPhone 5c, but the S4 was 58 percent faster in the multi-core tests than the A6-powered 5c.
iPhone 5s 454.0
iPhone 5c 715.6
iPhone 5 707.6
iPhone 4S 1573.1
iPhone 4 2682.9
HTC One 1117.4
Samsung Galaxy S4 1210.5
Lower scores/shorter bars are better.
GFXBench 2.7 (T-Rex C24Z16 offscreen)
iPhone 5s 25.0
iPhone 5c 6.8
iPhone 5 6.8
iPhone 4S 2.8
.0.4 (iPhone 4)
HTC One 15.0
Samsung Galaxy S4 15.0
Results are in frames per second. Higher scores/longer bars are better.
GFXBench 2.5 (Egypt C24Z16 offscreen)
iPhone 5s 56.0
iPhone 5c 30.0
iPhone 5 30.0
iPhone 4S 12.0
.2.4 (iPhone 4)
HTC One 40.0
Samsung Galaxy S4 41.0
Results are in frames per second. Higher scores/longer bars are better.
GFXBench 2.7 (T-Rex C24Z16 onscreen)
iPhone 5s 37.0
iPhone 5c 13.0
iPhone 5 14.0
iPhone 4S 5.8
.0.9 (iPhone 4)
HTC One 14.0
Samsung Galaxy S4 15.0
Results are in frames per second. Higher scores/longer bars are better.
GFXBench 2.5 (Egypt C24Z16 onscreen)
iPhone 5s 53.0
iPhone 5c 37.0
iPhone 5 38.0
iPhone 4S 19.0
iPhone 4 4.4
HTC One 39.0
Samsung Galaxy S4 40.0
Results are in frames per second. Higher scores/longer bars are better.
We saw some big differences using GFXBench 2.7’s T-Tex C24Z16 1080p off-screen test. The iPhone 5s was able to push 25 frames per second (fps), more than 3.5 times the number of frames as the iPhone 5c. In this test, the iPhone 5c and iPhone 5 scores were identical. The iPhone 4S couldn’t even manage 3 fps. The T-Rex on-screen test, which runs at the native resolution of the device, had all of the iPhones displaying higher frame rates. The iPhone 5s, which scored 37 fps, was just shy of the three times as fast as the 5c’s 13 fps. The iPhone 5 was one frame per second faster than the iPhone 5c.
The Android phones scored around 15 fps in both sets of the T-Rex tests. The T-Rex on-screen results were very similar to the iPhone 5 and 5c results, but not close to the 37 fps the iPhone 5s posted. The off-screen T-Rex results found the Androids pushing more than twice as many frames as the iPhone 5 and 5c, but 10 fps less than the iPhone 5s.
In the less-taxing Eqypt test from GFXBench 2.5, the iPhone 5s was still significantly faster than the 5c and iPhone 5, but it didn’t quite break through the 2X barrier. Again, the Android phones scored similarly to the iPhone 5 and 5c in the on-screen Egypt tests. Off-screen, the HTC One and the Samsung S4 were 10 fps faster than the 5 and 5c, but around 15 fps slower than the iPhone 5s.
The iPhone 5s was surprisingly long-lived. Clocking in at over 11 hours in our looping-video test, the 5s lasted nearly 90 minutes longer than the iPhone 5 running iOS 7. The iPhone 5c lasted an impressive 10 hours, 19 minutes. Comparing these results to those of some of the Android competition, the Samsung Galaxy S4 made it to 7 hours in the same tests, while the HTC One lasted just 6 hours, 44 minutes. The iPhone 5s was not able to unseat our top battery performer, the Droid Razr Maxx, which recently lasted 13 hours, 28 minutes in our video-looping battery test.
Battery Life Looping Video
iPhone 5s 11:03
iPhone 5c 10:19
iPhone 5 9:37
iPhone 4S 8:31
HTC One 6:44
Samsung Galaxy S4 7:01
Higher times/longer bars are better.
Check back soon for Macworld’s complete review of the new iPhone 5s and iPhone 5c.
When you upgrade to iOS 7.0, be aware of some security settings
When you upgrade to iOS 7.0, be aware of some security settings that you might want to review.
Apple hides its System Services settings all the way at the bottom of the Privacy > Location Services panel (Settings icon).
You will have many applications listed on this screen. At the bottom of the list, you will see the System Services setting and the explanation box of what the purple arrow icon means.
Then, notice when the arrow icon appears in the top right of your iOS menu bar and come back to Settings > Privacy > Location Services to see which apps are using your location data. Disable location access for apps that don't need it.
- Settings > Privacy > Location Services > System Services
We also recommend turning off:
- Settings > Privacy > Location Services > System Services Diagnostics & Usage
The Diagnostics & Usage setting monitors everything you do on your iPad/iPhone and "anonymously" sends it to Apple for "improving the iOS."
If that option is on, you're basically giving Apple your permission to monitor and record everything you do on your device.
- Settings > Privacy > Location Services > System Services > Frequent Locations
Frequent Locations is equally as bad as Diagnostics & Usage, so please disable this function.
- Settings > Privacy > Location Services > System Services > Location-Based iAds
iAds details how your location information could be used to allow Apple — and its "partners and licensees" — to "collect, use and share precise location data, including the real-time geographic location of your Apple computer or device."
Finally, we suggest turning off:
- Settings > Safari > Do Not Track
Apple is one of the few companies that still supports the aging "Do Not Track" standard in its mobile Web browser.
In summary, many programmers consider new iOS releases a test by Apple to check the functionality across a user base larger than its iOS development team. Many "upgrades" have required patches within a week of issuance because of battery life issues, bug fixes and security fixes to the newly released upgrade.
What you need to know about the iOS 7 upgrade
iOS 7 is here – should you upgrade?
Your iPad is about to look very different, at least on the software side. iOS, the base operating system that drives Apple’s iPad and iPhone, is getting a major upgrade with the release of iOS version 7. This free update is available now, adding a number of new features and a completely new look . iOS 7 is the most significant change to the iPad’s operating system ever, and it can be confusing if you don’t know what to expect. In this article, we’ll explain how to do the update and offer some tips for navigating the new software.
Can you do the update?
First, it’s worth asking whether you can even do the update. Here are the list of iOS 7 compatible devices:
- iPhone 4
- iPhone 4S
- iPhone 5
- iPad 2
- iPad 3 (Retina display)
- iPad 4 (Retina display)
- iPad Mini
- iPod Touch 5th generation
If you have an iPad 1 or an iPhone 3GS, your device will still work–you just won’t be able to do any future upgrades. So while you can keep flying with one of these, it’s probably time to consider an upgrade. Also note that just because your device is compatible with iOS 7 doesn’t mean every feature will be available. For example, the AirDrop feature will not work on iPhone 4/4S or iPad 2/3.
So you can do the update, but should you? Some people are nervous about software upgrades, advocating you wait until some of the inevitable bugs have been worked out. It’s a reasonable idea, but we’ve been using iOS 7 for weeks now and can report that it’s very stable. The major aviation apps run just fine, and we have no hesitation about performing the update.
We talked to the app developers as well and, while cautious, they seem to be pretty excited about iOS 7. Here’s what ForeFlight CEO Tyson Weihs had to say:
iOS 7 is about the biggest OS release since 2008. Given the magnitude, there will inevitably be things that both Apple and app makers will have to address. There is no need to rush to iOS 7, as iOS 6 is incredibly stable. If your iPad is a critical part of your flight deck, waiting for Apple to push a couple of minor bugfix updates is prudent. There will inevitably be issues they find and will need to fix once iOS 7 is in the wild. We strongly recommend waiting to fly with iOS 7 until you have a good half day to devote to familiarizing yourself with the significant changes–like the overhauled user interface and aesthetics, app switching, radio management, and kill app functions–and make sure all your apps operate as you expect. We have put a lot of effort into ensuring ForeFlight Mobile runs well on iOS 7. We don’t expect major issues and as always will quickly address anything that needs attention.
Jan Mackenzie from Garmin said Garmin Pilot 5.1.2 (the latest version) is compatible with iOS 7, but there are some known issues. These have been addressed in version 5.2 of the app, which should be available very soon.
This matches the advice we’ve heard from other developers: if you’re dying to get iOS 7, go ahead and upgrade. Just give yourself some time to adapt. If you choose to wait, there’s nothing wrong with that approach.
Backup your iPad – it’s easy to do.
How to get iOS 7
First, before you even think about doing the upgrade, back up your iPad. It’s easy to do and you’ll be glad you did if anything should go wrong. For details about backing up to iCloud (wirelessly) or iTunes (syncing with your computer)
Once you’ve backed up your iPad, installing the update is actually quite easy. Go to the Settings app -> General -> Software Update. Your iPad will prompt you to install iOS 7, and ask you to plug it in. Tap the download and install button and you’re on your way. It can take some time to download the update, so be patient. Once the upgrade is complete, your iPad will restart and you’ll notice the difference right away.
Quick tour of iOS 7
The actual apps you fly with won’t look any different in iOS 7, so your favorite moving map page or weather app will feel familiar. It’s the overall operating system and the Apple apps (Mail, iTunes Store, Calendar, etc.) that has changed. Here’s a look at some of the more important changes:
- New look and feel. The first thing you’ll see is that iOS 7 has a very different style. Apple changed the color scheme, icons and buttons throughout, so take some time to familiarize yourself with the new interface. You’ll notice that the icons for the Apple apps are new, though functionality is mostly the same once in the app. One difference worth pointing out is the new style of buttons used in the apps; they are often represented by blue text or simple icons, compared to the round button shapes used in the previous versions of iOS.
- Control Center. One of our favorite features in iOS 7 is the new Control Center–a major upgrade over the old way of adjusting settings. At any time you can swipe up from the bottom of the screen to display the Control Center, which provides quick access to the settings you use most often: the music player, audio volume, screen brightness and AirPlay. In the center you’ll see 5 round buttons to quickly toggle the following settings on or off: airplane mode, WiFi, Bluetooth, do not disturb mode and screen orientation lock. And at the right side there are two buttons for quick access to the clock and camera apps. The control center is also accessible from the lock screen.
- Multi-tasking. The next thing to check out is the new appearance of the multitasking display (which shows a list of recently used apps and makes it easy to switch back and forth between them). Double-tap the home button to access this, and you’ll now see that the iPad shows a preview of the app in a window above the icon. Swipe your finger to scroll through the apps, and tap either the preview window or the icon to switch to a new app. Apple did make a change here in how you shut down an app completely. Instead of holding down on the icon to close it, you simply tap and hold on the preview window, and swipe it towards the top of the screen. This is useful if an app is not responding properly, or if you need to restart it.
- Searching for apps/Notifications. For those who like to use the spotlight search feature, it has moved and is now accessed by swiping down on the middle of the home screen. This is helpful for quickly launching apps that might be buried in a folder on a second or third screen. Notifications are also different: to access the notifications display, swipe down from the top of the screen. The style of this display has been updated to be a lot more organized and readable, and you can either view All or Missed notifications using the buttons at the top.
- Automatic app updates. Another new feature added in iOS 7 is automatic app updates. With this feature enabled, the iPad will automatically download new app updates as they become available from the App Store. This can be really handy, as your apps stay up to date with no input from you. But there’s a catch for pilots–an auto-update could create a situation where an app or data could be unavailable in the airplane. To be safe, we recommend that pilots disable this feature. To disable this, go to Settings, scroll down to iTunes and App Store on the left, and turn the switch OFF for Automatic Downloads – Updates.
While iOS 7 is undoubtedly a big change, we found ourselves feeling pretty comfortable with it after a day or two. Most of the changes are positives, and make everyday tasks easier to do. But plan on an evening on the couch to get familiar with it before you go flying.