Posts Tagged ‘iPad’

« Older Entries

iTunes Store Hacked by Rogue Developer

Monday, July 5th, 2010

A developing story on Engadget reports that, just this weekend, the top 50 books by revenue category on the iTunes App Store had been dominated by 42 titles from a single developer. Additionally, these titles appeared to have virtually no user reviews, and featured possibly stolen content.

But even more concerning, Engadget reports that–while still unconfirmed–these rogue book apps were catapulted up the sales chart by fraudulent charges to unknowing iTunes customers for downloading the books — purchases these customers never authorized.

Since the initial report, Apple has confirmed the situation and has responded by removing the developer in question, and all of his apps, from the iTunes store. Apple has not commented, however, on any fraudulent credit card charges reportedly linked to this scenario.

Tags: , , , , , , , ,
Posted in Uncategorized | No Comments »

The Evolution of Mobile Threats

Wednesday, June 30th, 2010

As mobile phones continue to evolve, they’ve become nearly as fast, powerful, and connected as personal computers. With this transformation has come drastically increased susceptibility to malware and viruses, as consumers use their internet-connected phones to download apps and access banking information.

Originating in the days of simplistic cell phones, these threats have evolved along with the devices themselves, and an independent security researcher recently traced their development in a post on the meedabyte blog.

In the article, security expert Cristofaro Mune cites online app stores–carrying thousands of smartphone applications from thousands of third-party developers–and the high-speed data capabilities of today’s 3G and Wi-Fi devices as two of the recent advancements that make today’s mobile phones increasingly vulnerable to viruses and malware.

Tags: , , , , , , , , , , ,
Posted in Uncategorized | No Comments »

iPad Security Breach Embarrasses Apple, AT&T

Wednesday, June 9th, 2010

An recent report on Gawker details the discovery of a security breach that has exposed the email addresses of over 100,000 iPad owners–among them high-ranking government and military officials and media moguls–along with corresponding iPad ICC-ID data that could potentially leave the devices open to spam and malware. The ICC-ID is a device-specific identifier used to authenticate each iPad’s SIM card on the AT&T network.

The breach was discovered by security research group Goatse Security, who successfully captured approximately 114,000 iPad owner email addresses and their corresponding ICC-IDs.

According to Gawker,

Goatse Security obtained its data through a script on AT&T’s website, accessible to anyone on the internet. When provided with an ICC-ID as part of an HTTP request, the script would return the associated email address, in what was apparently intended to be an AJAX-style response within a Web application. The security researchers were able to guess a large swath of ICC IDs by looking at known iPad 3G ICC IDs, some of which are shown in pictures posted by gadget enthusiasts to Flickr and other internet sites, and which can also be obtained through friendly associates who own iPads and are willing to share their information, available within the iPad “Settings” application.

To make AT&T’s servers respond, the security group merely had to send an iPad-style “User agent” header in their Web request. Such headers identify users’ browser types to websites.

The group wrote a PHP script to automate the harvesting of data.

Even more shocking is the list of compromised iPad owners. Gawker reports that among the victims of the breach are:

  • multiple devices registered to DARPA (US Dept. of Defense)
  • House of Representatives, US Senate, Dept. of Homeland Security, FCC and NASA staff members
  • a US Air Force Commander
  • Diane Sawyer of ABC News
  • New York City Mayor Michael Bloomberg
  • New York Times CEO Janet Robinson
  • high-level executives at Dow Jones, HBO, Viacom, and Time Warner
  • White House Chief of Staff Rahm Emanuel

The security researchers who discovered the breach notified AT&T (who has since publicly confirmed the vulnerability) and the issue has been corrected.

Tags: , , , , , ,
Posted in Uncategorized | No Comments »

Secure E-Medical Records Now Available on iPhone, iPad

Sunday, May 23rd, 2010

As medical back office systems become increasingly high-tech — with medical records contained across a number of different IT systems — Dassault Systèmes, creators of data management suite ENOVIA V6, have paired with application developer echoBase to bring secure E-Medical records access to Apple’s iPhone and iPad devices. This new technology will give medical professionals mobile access to comprehensive patient data across the growing Nationwide Health Information Network (NHIN).

“The adoption of the iPhone and other mobile devices in the healthcare industry is just the latest example of how technology is creating greater transparency and an improved experience for consumers when dealing with service providers of all kinds. As a result, we see this as a natural use of ENOVIA V6’s data management and federation capabilities,” says Michel Tellier, CEO, ENOVIA, Dassault Systèmes.

As reported at Product Design & Development, the convenience of secure medical record access on mobile devices like the iPhone will ensure a more consistent patient experience with multiple providers, as well as freeing up 30-50 percent of doctor’s time spent entering patient data.

Tags: , , , , ,
Posted in Uncategorized | 2 Comments »

Jailbreak Your iPad

Tuesday, May 4th, 2010

A mere month after its release, Apple’s iPad can now easily be “jailbroken” using readily available tools. The jailbreaking process became popular as a way for users to hack their own iPhones in order to control previously limited aspects of the device such as home screen backgrounds, installation of third party apps and modem tethering to PCs. Although the jailbreak process essentially voids the device’s warranty, some users will prefer the added tweak-ability of their jailbroken iPads to Apple’s proprietary software.

For those willing to accept the risks, the process can be completed relatively quickly and easily. As reported on ReadWriteWeb, the jailbreak is completed using a freeware tool called “Spirit,” which loads the iPad with modified firmware and a program called “Cydia”, which enables access to a bevy of downloadable tweaks and programs. Once the jailbreak is performed, the device can be restored to factory settings via iTunes, effectively removing any trace of the process.

However, while a jailbroken device offers a wider range of customization and access to previously unusable applications, there are serious security concerns when running this kind of system modification. As we have previously reported, jailbroken iPhones have been targeted by malicious hackers and viruses that put private user data–banking passwords, SMS messages–at risk.

Tags: , , , , , , , , ,
Posted in Uncategorized | No Comments »

AT&T Wants Everything Online

Wednesday, April 7th, 2010

pic4-42Owing in no small part to their success as exclusive carriers of Apple’s iPhone, telecom giant AT&T now holds the title as the largest provider of cellular data in the United States. Boasting no less than some 30 million 3G-enabled smartphones as well as service to a bevy of other devices such as eBook readers, NetBook computers and now the coveted iPad, AT&T has announced at the CTIA Wireless Conference that they are ready for more.

An estimation by Cisco’s CTO is that within three years there will be 1 trillion (that’s a million million, or 1,000,000,000,000) devices connected to the Internet. If, according to AT&T’s president of emerging devices, the company wants to “wirelessly enable everything,” they’ll need a plan to scale the network from servicing 30 million nodes to at least 100 billion devices (a conservative low-end estimate of the USA’s share of those trillion devices).  That’s a jump of four orders of magnitude in as many years.

While this super-connected prospect is exciting, one can barely fathom the massive infrastructure that will be required to support such a wide variety of connected devices, let alone handle its security requirements. It will be interesting to see how AT&T “works the problem”.

Tags: , , , , ,
Posted in Uncategorized | No Comments »

Understanding “The Internet of Things”

Wednesday, April 7th, 2010

pic1-28Currently in its planning phases, the second annual “Internet of Things Conference” in Tokyo will take place this November. Discussing some of the conference’s proposed topics and how they’ll shape the future of the Internet of Things, a recent article on ReadWriteWeb explores the incredibly vast scope of this connected device landscape.

Some of the highlights include:

  • How the IoT–through the smart grid and other eco-initiatives–will encourage a greener planet
  • The creation of entirely new industries from relatively simple, novel tech ideas
  • The potential for connected technologies such as RFID and GPS to threaten personal privacy and security

As the Internet of Things continues its rapid expansion, the need to ensure device integrity and security–as an integral part of the design–will become increasingly critical.

Tags: , , , , ,
Posted in Uncategorized | 1 Comment »

Mocana announces First Government-Certified Crypto for iPhone, iPad

Monday, April 5th, 2010

pic1-42FIPS 140-2 Validation for Mocana NanoCrypto™ Removes An Obstacle to Federal Purchases of Apple Devices “Off the Shelf”

San Francisco, CA (PRWEB) April 5, 2010 — Mocana Corporation, a company that focuses on securing non-PC connected devices, today announced that it has earned the government’s first FIPS 140-2 level one validation for an encryption product running on the Apple iPhone or iPad.

The 140-2 FIPS (Federal Information Processing Standards) are used to accredit the cryptographic “engines” that drive secure software or hardware implementations, and most federal agencies and contractors working on sensitive government projects are prohibited from buying products containing security software that is not officially FIPS-validated. Up until now, FIPS-validated security hasn’t been commercially available for iPhone, iPod Touch or iPad devices. Today’s announcement clears an important obstacle to the more widespread use of these devices in the federal government.

NIST, the National Institute of Standards and Technology, wrote the FIPS 140 Publication Series to standardize federal cryptography requirements. Most federal agencies and departments require that any computer security implementations contain only FIPS-certified cryptographic modules. The FIPS 140-2 program tests security software and hardware approved for government “sensitive, but un-classified” information. The application and testing process is rigorous and non-trivial, but for companies selling security products to the federal government, their contractors or allies overseas, formal FIPS validations are a prerequisite to eligibility for government contracts.

Mocana applied for and received FIPS 140-2 Level 1 validation for its NanoCrypto product compiled for iPhone OS on ARM-based CPUs; the FIPS-validated NanoCrypto binary will run on all current iPhone, iPad and iPod touch models. NanoCrypto is a sophisticated cryptographic engine designed for device developers. It’s purpose-built for non-PC devices and resource-constrained embedded systems. It is one of the smallest, fastest and most comprehensive cryptographic cores on the market, in addition to being one of the most popular: the cryptographic engine that drives NanoCrypto is already installed on millions of devices from hundreds of device OEMs worldwide, on everything from wireless networked medical devices to unmanned military drones. With built-in support for over 30 operating systems, NanoCrypto enables device OEMs and ISVs to add sophisticated cryptographic security features to almost any type of device or application.

“This opens the door for developers to start building cost-effective, security-oriented commercial iPhone and iPad apps for use in federal and even military settings,” said Adrian Turner, CEO of Mocana. “Many government buyers couldn’t purchase iPhones ‘off the shelf’ for environments where encryption or authentication was required, because FIPS 140-2 validated “apps” simply weren’t available. Now these revolutionary platforms – including the new iPad – are more viable, cost-effective options for sensitive federal and military applications.”

FIPS certification should make it easier for iPhones and iPads to penetrate the medical market, too – another device ecosystem where security is key. Specifying FIPS 140-2 validated encryption software in purchasing contracts is an easy, “best practices” way for hospitals and health networks to take a high assurance approach to data confidentiality and integrity protection, especially as it relates to the security and privacy of patient records. Mocana’s CEO, Adrian Turner, was interviewed recently by Maria Bartiromo on CNBC regarding the state of medical device security, and interested parties can view that video here.

NanoCrypto, like every Mocana product, is available as a FIPS-validated binary for specific platforms or as platform-independent ANSI C source code. NanoCrypto is not a “finished app” for end-users. It’s designed exclusively for developers using Apple’s Objective-C™, a reflective, object-oriented programming language which underpins the iPhone OS that drives the iPhone, the iPad and the iPod touch. Developers can request a free trial of the NanoCrypto product here.


About Mocana
Mocana secures the “Internet of Things” – the 20 billion datacom, smartgrid, federal, consumer, industrial and medical devices that connect across every sector of our economy. These devices already outnumber PC’s on the Internet by five to one, representing a $900 billion market that’s growing twice as fast as the PC market. Every day, millions of people use products sold by over 100 companies that leverage Mocana’s Device Integrity software, including Dell, Cisco, Honeywell, General Electric, General Dynamics, Avaya, Nortel Networks, Harris and Radvision, among others. Mocana won Frost & Sullivan’s Technology Innovation of the Year award for 2008 for Device Security, and was named to the Red Herring Global 100 as one of the “top 100 privately-held technology companies in the world” in January 2009.

Tags: , , , , ,
Posted in Uncategorized | 2 Comments »

iPad Not Yet Available. But Already Hacked?

Tuesday, March 30th, 2010

pic7-41George Hotz gained cyber-fame as the first hacker to successfully break into the iPhone. And Wired.com’s Gadget Lab is reporting that he’s already declared himself triumphant over Apple’s not-yet-available iPad device.

The whiz kid on Thursday evening said he had cooked up a new hack for all iPhone OS devices, and he’s betting it will work on the iPad, too…. Hotz told Wired.com in a phone interview that he might release the hack when the iPad launches next week. But he said he would wait to see what the rest of the hacking community does first…. “We’ll see what the rest of the scene does,”…”Maybe I’ll release it [during the iPad launch].”

Tags: , ,
Posted in Uncategorized | No Comments »

VIDEO: A New Look at The Internet of Things

Tuesday, March 30th, 2010

IBM’s “Smarter Planet” group has released an insightful new animated video exploring the interconnected relationships and data that make up the evolving “Internet of Things.”

Tags: , ,
Posted in Uncategorized | No Comments »

« Older Entries