iOS Trustjacking: How Attackers Can Hijack Your iPhone – The Mac Security Blog

The security researchers, Adi Sharabani and Roy Iarchy, presented a live demonstration of the attack. Sometime before the presentation, Sharabani had previously connected his iPhone X to Iarchy’s MacBook and tapped “Trust” in a dialog box on the iPhone—something many people do when they connect their iPhone to a computer.

During the presentation, Sharabani used his iPhone X to take a selfie with Iarchy, after which he sent a text message to their company’s CEO.

On the MacBook, Iarchy issued a command to Sharabani’s iPhone to back up its data over Wi-Fi, which is made possible by an iOS feature, called iTunes Wi-Fi Sync. After the synchronization was complete, Iarchy showed that both the selfie and the text message were easily accessible on his MacBook.

This is fascinating stuff. You “trust” a computer when you connect an iOS device; this is a security feature that ensures that when you connect a device to a computer, you have to choose whether it has access to the data on your device. This notably allows you to connect your iPhone or iPad to any computer to charge it without worrying about the computer and iTunes wiping the device. But the downside is that people may see the dialog and think they have to trust a computer to charge, if they do this, which opens up the device to access even via wi-fi.

Source: iOS Trustjacking: How Attackers Can Hijack Your iPhone | The Mac Security Blog

Access the New Battery Health Setting in iOS

Battery healthApple added a new Battery Health feature to iOS 11.3, which was released yesterday. This gives you information about how good (or not) your iPhone’s battery is. This is in response to issues around iPhones being throttled if their batteries are old.

To access this setting, go to Settings > Battery > Battery Health. You’ll see the battery’s maximum capacity – the amount of power it can hold when fully charged – and its peak performance capability; this latter will be reduced if the battery is old.

This information shows up on my iPhone 8+, but not on my 10″ iPad Pro, or my iPad mini 4. My guess is that it only displays on those iPhones whose processors can be throttled if their battery is below nominal capacity. (iPhone 6 or later, and iPhone SE.) It would be useful, however, if it displayed on all iOS devices; I think users of old iPads might like to know what the maximum capacity of their batteries is, and potentially replace the battery when it gets low.

iOS Music App Now Shows Music Videos Section in Apple Music

IMG 7698 The iOS Music app now shows a Music Videos section when you browse Apple Music.

This shows featured videos at the top of the page, followed by New Music Videos, Music Video Playlists, then some sections by genre and one for the “Essential ’80s.” There are only three genres for now – hip-hop, pop, and rock – though that probably covers the majority of music videos available in the west. (Bollywood videos are certainly a big thing in India.)

This is another step toward Apple Music becoming more than just a music service, but expanding to what will eventually become a full range of video content. You can check one out here.

This section does not yet appear in iTunes on the desktop, but should show up soon.

Update: the Music Videos section now shows in iTunes as well.

How to Remove Wi-Fi Networks from Your Mac and iOS Device

If you travel regularly with your Mac or iOS device, you likely find yourself connecting to new Wi-Fi networks: at airports, in train stations, in hotels, restaurants, pubs, or at clients’ offices. Whether you connect to these networks with your Mac, iPhone or iPad, miraculously, your devices will remember these networks and sync them via iCloud — so your other Apple products can access them too, if you use iCloud Keychain.

Your Apple device’s ability to remember previously connected to networks can be both good and bad. While it means you don’t have to search for or remember login credentials when you connect to a known Wi-Fi network on a different device, it can lead to a surfeit of Wi-Fi networks stored in your keychain and potentially allow you to unknowingly connect to a Wi-Fi network that might not be secure.

You can cull these Wi-Fi networks, but only on a Mac. Read on and we’ll show you how to remove these Wi-Fi networks so your Macs and iOS devices forget them.

Read the rest of the article on The Mac Security Blog.

Mac and iOS Keychain Tutorial: How Apple’s iCloud Keychain Works

Your need passwords to log into websites and services, and it’s hard to remember them. Since it’s a bad idea to use the same password for each different website — because if one site is compromised, hackers will have an email address and password that they can try on other sites — you need to ensure that your passwords are different, and hard to crack. (A recent episode of the Intego Mac Podcast talks about password strategies.)

Your Macs and iOS devices have a “keychain,” which is an encrypted file that stores your passwords and some other information. This file syncs via iCloud, so you can use the same passwords on all your devices. Here’s how Apple’s iCloud keychain works.

Read the rest of the article on The Mac Security Blog.