Posts Tagged ‘iPhone’


Everything you do on your iPhone may be open to NSA snooping thanks to a covert software the agency can install without user’s knowledge. Apparently the app, called Dropout Jeep, can remotely send all of your text messages, contacts and voicemails to the NSA, and can activate your iPhone’s camera or mic for real time surveillance, too.

Security researcher says NSA can spy on your iPhoneSecurity researcher says NSA can spy on your iPhone

In a presentation at the 30th Chaos Communication Congress in Germany, security researcher Jacob Applebaum detailed the NSA’s iPhone spying capabilities. Along with being able to use Dropout Jeep to collect your conversations and contacts, the agency can use cell towers to find your location, and can remotely push new files to user’s iPhones.

The NSA documents Mr. Applebaum referenced say it has a perfect track record for installing Dropout Jeep on targeted iPhones, meaning they have been able to successfully install the software on every iPhone they want. Based on the agency’s success rate and the amount of data they’re able to collect, Mr. Applebaum questions Apple’s involvement.

He said in a presentation at the conference,

I don’t really believe that Apple didn’t help them. I can’t really prove it, but they [the NSA] literally claim that anytime they target an iOS device, that it will succeed for implantation. Either they have a huge collection of exploits that work against Apple products, meaning that they are hoarding information about critical systems that American companies produce and sabotaging them, or Apple sabotaged it themselves. Not sure which one it is. I’d like to believe that since Apple didn’t join the PRISM program until after Steve Jobs died, that maybe it’s just that they write shitty software.

PRISM is an NSA program to gain back door access to company servers so it can gather personal information and user activity without first gaining a court order. Apple has  claimed it doesn’t participate in PRISM, and went so far as to say it hadn’t even heard of the program until it first appeared in the news in June 2013.

In a public statement Apple said, “We do not provide any government agency with direct access to our servers, and any government agency requesting customer content must get a court order.”

Apple has since asked the NSA for better transparency on surveillance, and has said that text messages sent through iMessages are encrypted and that it can’t convert them back to readable text.

Apple has also said that it doesn’t collect data about user activities. If true, that would make a secret back door into the company’s servers less valuable, and would make something lie Dropout Jeep far more useful since it allows the NSA to gather whatever information it wants without directly involving Apple or its servers.

It’s a safe assumption that if the NSA has developed clandestine surveillance malware for the iPhone, it has done the same for other smartphone platforms, too. Android OS, Windows Mobile, and BlackBerry have all likely been targeted with similar malware, too.

A 2008 document that details Dropout Jeep said that in needed to be installed via “close access methods,” but that the agency was working on a way to remotely install the malware. Considering that was five years ago, it’s possible the NSA has moved on to remote installation, which could give the agency the ability to install its monitoring tools on any iPhone anywhere in the world at any time.

 

Balancing the right to privacy with national security is always a tricky act. While the NSA will deny the existence of many surveillance programs regardless of whether or not they actually exist, the number of leaked documents show the agency is involved in collecting massive amounts of personal information without court order or consent, and that means the scales have tipped away from privacy in a big way.

[Thanks to The Daily Dot for the heads up.]

Advertisements

The popular Messaging app, WhatsApp, has been made free for a limited time only. Grab it while you can, before it goes to the normal $0.99 price.

WhatsApp Messenger is a cross-platform smartphone messenger currently available for iPhone and other smartphones. The application utilizes push notifications to instantly get messages from friends, colleagues and family. Switch from SMS to exchange messages, pictures, audio notes and video messages with WhatsApp users at no cost. All features are included without the need for extra in-application purchases.

*************************************
WHY USE WHATSAPP VS. OTHER SOLUTIONS:
*************************************

* NO HIDDEN COST: Once you and your friends download the application, you can use it to chat as much as you want. Send a million messages a day to your friends for free! WhatsApp uses your Internet connection: 3G/EDGE or Wi-Fi when available.

* MULTIMEDIA: Send Video, Images, and Voice notes to your friends and contacts.

* GROUP CHAT: Enjoy group conversations with your contacts.

* NO INTERNATIONAL CHARGES: Just like there is no added cost to send an international email, there is no cost to send WhatsApp messages internationally. Chat with your friends all over the world as long as they have WhatsApp Messenger installed and avoid those pesky international SMS costs.

* SAY NO TO PINS AND USERNAMES: Why even bother having to remember yet another PIN or username? WhatsApp works with your phone number, just like SMS would, and integrates flawlessly with your existing phone address book.

* NO NEED TO LOG IN/OUT: No more confusion about getting logged off from another computer or device. With push notifications WhatsApp is ALWAYS ON and ALWAYS CONNECTED.

* NO NEED TO ADD BUDDIES: Your Address Book is used to automatically connect you with your contacts. Your contacts who already have WhatsApp Messenger will be automatically displayed under Favorites, similar to a buddy list. (You can of course always edit Favorites any way you like)

* OFFLINE MESSAGES: Even if you miss your push notifications or turn off your iPhone, WhatsApp will save your messages offline until you retrieve them during the next application use.

* STATUS: Use the status feature of WhatsApp to inform your contacts if you are busy, in a meeting, at the gym, or available for a chat.

* AND MUCH MORE: Share location, Exchange contacts, Custom wallpaper, Custom notification sounds, Landscape mode, Precise message time stamps, Email chat history, Broadcast messages and MMS to many contacts at once and much much more!

———————————————————
We’re always excited to hear from you! If you have any feedback, questions, or concerns, please email us at: 

support@whatsapp.com 

or follow us on twitter: 

http://twitter.com/WhatsApp
@WhatsApp
———————————————————

WhatsApp on iPhone works with virtually all carriers and networks but some carrier limitations may apply. If you are on an Apple unsupported wireless carrier, double check our FAQ for up to date information on our coverage. 

NOTE: WhatsApp is a telephony application and as such iPod or iPad are NOT supported devices.

What’s New In This Version:
– fix application hanging after update from 2.8.1
– increase group size to 20
– let group admins remove from group
– bugfixes, etc.

You can download WhatsApp Messenger from the App Store for free


NewImage

Just as antivirus researcherscongratulated Apple for keeping the iPhone free of nasty apps five full years after its release, spammers seem to have finally tarnished that spotless record.

Antivirus researchers at Kaspersky say they’ve spotted an app known as “Find and Call” in both the iPhone App Store and Google’s Play market that secretly uploads all of a user’s contacts to a remote server and then sends text message and email spam to every number and email address listed in his or her phonebook.

Those messages, written in Russian and first reported by Russian mobile carrier MegaFon, simply advertise the app and include a link to a download site. But the app, which advertises itself as a tool for aggregating and simplifying contacts, doesn’t warn users it plans to upload their entire phonebook and mass-text and mass-email everyone they know. Add in the fact that it also spoofs the user’s number so that text messages appear to come from a trusted sender’s phone, and “Find and Call” almost certainly qualifies as the scummiest app to ever find its way past Apple’s significant security measures.

“It’s not for the first time when we see incidents related to user’s personal data and its leakage” in the iOS app store, writes Kaspersky researcher Denis Maslennikov in a blog post. “[But] it’s for the first time when we have a confirmed case of malicious usage of such data…Yes, these pieces of malware are not that ‘cybercriminalistic’. But malware is malware and in this case it steals user’s phone book and uses it for SMS spam.”

In a followup interview, Maslennikov told me that most or all users currently plagued by the spam app seem to be Russian, based on Russian-language complaints in the comments on the app in Google and Apples’ app markets. But there’s nothing to prevent users from other countries from downloading the app and having their contacts spammed, Maslennikov warns.

“The program sends the messages without notifying the user. Don’t download it!” reads one Russian comment on the app in the App Store. “Unbelievable,” reads another. “The application sends the SMS to all contacts from the contact list. Please delete it from the App Store!”

Maslennikov says Kaspersky has contacted both Google and Apple about the malware and expects that it will be removed from both app platforms soon. I also reached out to the two companies but haven’t yet heard back from either.

Update: Apple seems to have removed the app from the App Store.

A screenshot from Wealth Creation Laboratory, the company to which Kaspersky traced the “Find and Call” spam app.

Unlike more clearly criminal malware, the company behind “Find and Call” advertises itself in the open, including on acorporate website. That site doesn’t say much about the app’s creators. But by making a payment to the app’s PayPal account, Kaspersky traced the program to another company called Wealth Creation Laboratory, which lists a Singapore address and a director and co-founder named Sergey Bogatyrev. I called the company and will update this post if I hear back.

Update: I spoke by phone with Bogatyrev in Singapore, who tells me he has no connection to “Find and Call” and couldn’t offer any explanation as to how Kaspersky traced the app’s payment account to his website.

“Find and Call” hardly represents a real threat to iPhone users–more of a aggressive marketing annoyance at worst. And for Android, it’s barely an abberration, given that Google-targeted malware appears on a regular basis. But for Apple, it represents a rare chink in iOS’s armor. The only malicious apps to ever affect the company’s mobile platform in the past have either been mere proof-of-concept experiments created by researchers or were targeted at jailbroken phones.