Sign up for our Technology Newsletter 
xCodeGhost To Wreak Havoc On IOS Devices
Comments Off on xCodeGhost To Wreak Havoc On IOS Devices
A security firm has released a list of ongoing and incoming threats that cover a range of things from Apple’s iOS to the Internet of Things (IoT).
In its third report this year, Quick Heal warns that Apple users in particular better brace themselves for impact as more and more malware writers who’ve earned their stripes targeting Android users turn their attention to iOS.
“As the number of iPhone owners rises across the world, iOS has become a new potential target for Android malware authors and hackers. It is expected that Android malware will soon be altered to attack iOS users as well, and jailbroken iOS devices will be the first wave of targets for these attacks,” explained the firm (PDF).
“Recently, the ‘XcodeGhost’ malware was found on the Apple App Store and this is just the beginning of such attacks.”
In a section on wearables, Quick Heal predicts hackers will increasingly target fitness trackers, something that other security researchers have already warned about.
A lot of space in the report is reserved for Android-flavoured threats, and users are offered advice on protecting themselves such as if there is an option to use a password over a touch sign-in, then you ought to take it.
“A group of researchers have discovered a serious security flaw in the Android Lollipop version running on devices right now. This flaw allows attackers to bypass the lockscreen of an Android smartphone by using a massive password and thereby exposing the homescreen,” it explains.
“The attack essentially works by opening the in-built camera application and afflicts people using a password to protect their Android device and lock their screen.”
The most significant Android threat is a rascal called Android.Airpush.G, which claims 30 percent of the bug pool and is the kind of adware thing that makes you want to take a hammer to your phone screen. The second most prominent issue is Android.Reaper.A, which can haul in a large data harvest when in place.
Quick Heal is not the only security company in town, and a post on the Symantec website also seems set to put the fear into the Apple user community. That post, read it here – if you dare, says that the Mabouia ransomware is capable of causing a problem for Mac and PC users alike.
Fortunately, Mabouia is a proof-of-concept attack that a researcher shared with both Apple and Symantec. Symantec says that the PoC effort achieves at least one first.
“Mabouia is the first case of file-based crypto ransomware for OS X, albeit a proof-of-concept. Macs have nevertheless already been targeted by ransomware in the form of browser-based threats,” it explained.
“For example, in 2013, researchers at Malwarebytes discovered browser-based ransomware that targeted Safari for Mac users through a malicious website. The website directed Windows users to a drive-by download, while Mac users were served JavaScript that caused Safari to display persistent pop-ups informing the user their browser had been “locked” by the FBI for viewing illegal content.”
Source-http://www.thegurureview.net/computing-category/will-the-xcodeghost-malware-wreak-havoc-on-ios-devices.html
Did Apple Have Issues With iOS 9
Apple has officially released iOS 9, but in the first hour users reported that they were unable to grab the 1GB download.
“Software Update Failed,” the message read on iPhones and iPads. “An error occurred downloading iOS 9.”Computerworld confirmed the problem, initially seeing it on multiple iOS 8 devices. But after several subsequent attempts, the download successfully started about an hour after Apple issued the upgrade.
Similar reports of early problems were posted on Apple’s own support forums and elsewhere on the Internet. “Not a very helpful error,” wrote someone identified as “yanic” on the former.
Others countered with snark. “Strangely, this is not a ‘limited time offer,’ said “stedman 1″ on the same thread, likely referring to Microsoft’s Windows 10 free upgrade offer, which is valid for one year. “The software will be available tomorrow, and the next day, and next week.”
Some advice ended up being more helpful. “You are facing an overloaded server which is pretty typical of the first day a software revision comes out,” contended “Ralph Landry1″ on a different discussion thread.
Several iPhone owners who had said that they were unable to download iOS 9 returned to the same forum threads to report they had gotten the upgrade later.
Apple’s track record with iOS releases has been mixed. Last year’s iOS 8 roll-out seemingly started off smoothly — there were few initial complaints about getting the upgrade — but many soon griped that 8′s large size forced them to wipe apps and content from their devices before they could install the new OS.
iOS 9′s size and the free space requirements for installation were both reduced to address that problem of last year. The free space demand for iOS 9 fell to 1.3GB to 1.8GB from last year’s 4.5GB to 5GB.
Source-http://www.thegurureview.net/consumer-category/users-reporting-problems-upgrading-to-apples-ios-9.html
Bluetooth 4.1 Goes IPV6
The Bluetooth Special Interest Group (SIG) has announced Bluetooth 4.1, the first version of Bluetooth to lay the foundations for IPV6 capability.
The first hints of what the Bluetooth SIG had planned for this new version were revealed to The INQUIRER in October during our exclusive interview with Steve Hegenderfer at Appsworld. There, he revealed his aspirations for the Bluetooth protocol to become integral to the Internet of Things.
At the front end of Bluetooth 4.1, the biggest change for users is that the retry duration for lost devices has been increased to a full three minutes, so if you wander off with your wireless headphones still on, there’s more of a chance of being able to seamlessly carry on listening upon your return.
Behind the scenes, devices fitted with Bluetooth 4.1 will be able to act as both hub and end point. The advantage of this is that multiple devices can share information between them without going via the host device, so your smartwatch can talk to your heart monitor and send the combined data in a single transmission to your smartphone.
This sort of “pooling” of devices represents an “extranet of things”, and the technology can therefore be applied to a wider area in forming the “Internet of Things” too.
The other major additions are better isolation techniques to ensure that Bluetooth, which broadcasts on an unregulated band, doesn’t interfere either with itself or with signals from other protocols broadcasting at similar frequencies, including WiFi.
The Bluetooth protocol has retained complete backwards compatibility, so a new Bluetooth 4.1 enabled device will work seamlessly with a Bluetooth 1.0 dongle bought in a pound shop.
In addition, Bluetooth 4.0 devices can be Bluetooth 4.1 enabled through patches, so we should see some Bluetooth 4.1 enabled hardware arrive early in 2014.
ATM Malware Found In Mexico
A malicious software program identified in ATMs in Mexico has been improved and translated into English, which suggests it may be used elsewhere, according to security vendor Symantec.
Two versions of the malware, called Ploutus, have been discovered, both of which are engineered to empty a certain type of ATM, which Symantec has not identified.
In contrast to most malware, Ploutus is installed the old-fashioned way — by inserting a CD boot disk into the innards of an ATM machine running Microsoft Windows. The installation method suggests that cybercriminals are targeting standalone ATMs where access is easier.
The first version of Ploutus displays a graphical user interface after the thief enters a numerical sequence on an ATM’s keypad, although the malware can be controlled by a keyboard, wrote Daniel Regalado, a Symantec malware analyst, on Oct. 11.
Ploutus is programmed for a specific ATM model since it assumes there is a maximum of four cassettes per dispenser in the ATM. It then calculates the amount of money that should be dispensed based on the number of bills. If any of the cassettes have less than the maximum number of 40 bills, it releases whatever is left, repeating that process until the ATM is empty.
Kevin Haley, director of Symantec Security Response, said in an interview earlier this month that the attackers have deep knowledge of the software and hardware of the particular ATM model.
“They clearly know how this machine worked,” he said.
The source code of Ploutus “contains Spanish function names and poor English grammar that suggests the malware may have been coded by Spanish-speaking developers,” Regalado wrote.
In a new blog post, Regalado wrote that the attackers made Ploutus more robust and translated it into English, indicating the same ATM software can be exploited in countries other than Mexico.
The “B” variant of Ploutus has some differences. It only accepts commands through the keypad but will display a window showing the money available in the machine along with a transaction log as it dispenses cash. An attacker cannot enter a specific number of bills, so Ploutus withdraws money from the cassette with the most available bills, Regalado wrote.
Symantec advised those with ATMs to change the BIOS boot order to only boot from the hard disk and not CDs, DVDs or USB sticks. The BIOS should also be password protected so the boot options can’t be changed, Regalado wrote.
HP To Support The iPad
September 30, 2013 by admin
Filed under Consumer Electronics
Comments Off on HP To Support The iPad
Is your iPad out of warranty? Hewlett-Packard to the rescue.
HP updated its SmartFriend support service and will now troubleshoot problems with Windows, Android, Chrome OS, OS X and iOS products, according to a fact sheet describing the service.
“HP is expanding its HP SmartFriend service to provide 1:1 expert support for any brand of PC or tablet,” the company said. The plan previously supported PCs from HP and other vendors, as well as Macs.
Users can avail of the service to address general hardware, software and malware issues. HP says its agents can “remove viruses, improve PC performance, solve software errors, and connect devices to a wireless network with enhanced security.” The support is provided by phone or over the Internet, so don’t expect a technician to trot in and fix your iPad in person. But HP notes it can save you from driving to a store.
Unlike Best Buy’s Geek Squad service, HP’s service does not include hardware repairs. It can be tricky to change the battery or storage in tablets, so for iPads, the Genius Bars at Apple Stores may still be the best option for some repairs.
HP didn’t immediately comment on exactly what support it will provide for the iPad. HP printers offer wireless printing from iPads and iPhones. HP sells primarily Windows PCs and Android tablets, though on last Thursday it announced the Pavilion 14 laptop with Google’s Chrome OS.
While SmartFriend includes support for iOS devices, the service seems focused mainly on Windows products. Its technicians include “Microsoft Application Trainers, Microsoft Product Specialists, A+/MCP/MCSE Certified Professionals, Network Administrators and HTML Developers,” according to the fact sheet.
The service starts at US$9.99 per month and users can sign up for a pre-paid, monthly or yearly support plan. A “Complete Plan” supports two devices, while a “Family Plan” supports up to four devices.