A new security threat that can exploit your iPhone has been demonstrated by Jamf Threat Labs (via AppleInsider). According to the cybersecurity experts, any iPhone running iOS 16 could be a victim of this fake Airplane Mode threat. It makes you think that your phone is disconnected from the internet, but instead, your iPhone is being exploited.

At the moment, it’s unclear how this attack could occur. Jamf Threat Labs only explains how easy it’s for a hacker to fool a user into thinking they have turned on Airplane Mode.

Basically, with an exploited iPhone, the user would turn on Airplane Mode, and it would look like they were actually offline – they wouldn’t even be able to access Safari – but the malware would be connected and exploiting the user.

The process demonstrated by Jamf is based on SpringBoard and CommCenter. Still, it doesn’t seem to have been actively exploited yet – and the paper doesn’t explain if this could be done over the air or if the hacker would need physical access to your device.

By changing the logs of how Airplane Mode works and tweaking the UX using Objective-C methods, the experts demonstrated how a hacker could fake Airplane Mode on an iPhone since Wi-Fi and Bluetooth toggles appear disconnected. Then, with CommsCenter, the lab is able to block cellular data access for specific apps.

Should iPhone users worry about this Fake Airplane Mode threat?

You shouldn’t spend too much time worrying about this threat at the moment, as it’s unclear how this malware could be used to exploit iPhone users. That said, this article is an early warning to Apple to block these possible tweaks that a hacker could use to pretend that you have Airplane Mode activated on your iPhone when you don’t.

Ultimately, if you want to be extra careful, you could start turning Airplane Mode on from your iPhone Settings app instead of the Control Center. That way, you’d make sure that your phone is disconnected. In addition, checking if there isn’t any downloaded app you don’t recognize is also important.

You can read the full blog post by Jamf Threat Labs here.

The post Security company shows how iPhone users could be tricked with Fake Airplane Mode appeared first on BGR.

According to a new study, you may soon have to protect your passwords by changing how you type. This study has revealed that deep learning audio-based password hacks can discern your password simply by listening to the way you type on your keyboard.

According to researchers involved in the study, the deep learning system was able to log keystrokes with a 93 percent accuracy rating when listening to the target typing on their keyboard. The system was taught by pressing the keys on an Apple Mac keyboard multiple times at different levels of pressure.

The researchers involved say that this kind of deep learning hack may be something we need to protect ourselves from in the future, as it could infect your mobile device and then listen in for typing whenever you have it close to a computer. If deployed to the broader world, it would make having a stronger, more random password even more critical than it already is.

A password input box is shown on a computer screen. Image source: jamdesign/Adobe

Further, the researchers say it might be a good idea to change your typing styles now and then to help confuse audio-based password hacks like this. That way, you’re prepared should they ever appear in the real world. Cybersecurity is an ongoing concern as more of the world goes online, and while keystroke logging isn’t new, doing so based on audio cues is undoubtedly surprising.

“The ubiquity of keyboard acoustic emanations makes them not only a readily available attack vector, but also prompts victims to underestimate (and therefore not try to hide) their output,” the researchers explained. “For example, when typing a password, people will regularly hide their screen but do little to obfuscate their keyboard’s sound.”

A password hack capable of listening in on your keystrokes would then be able to steal your password just by listening to your keyboard’s sounds with each tap. Further, an audio-based password hack could prove dangerous as it might also pick up the sounds of other keyboards around you. 

Considering the vast number of sounds keyboards can make, this might be a reason to move away from mechanical keyboards. Of course, that doesn’t mean the machine wouldn’t be able to learn about those taps, too, so it’s best to prepare for the eventuality of a side-attack such as this, especially if you work somewhere cybersecurity is paramount – such as a government job.

It is exploits like this, and others, that have led many companies to start supporting Passkeys, which are physical objects that give you access to your accounts instead of requiring a password to access them.

The post Terrifying ‘deep learning attack’ can steal your passwords by listening to you type appeared first on BGR.

A couple of years after releasing the first-generation AirTag, Apple could be planning to release AirTag 2 later in 2024. The information comes from analyst Ming-Chi Kuo, which in June said that due to “gradually grown” in AirTag shipments, Apple could be planning to develop a new generation of this product.

According to a tweet by the analyst, AirTag 2 will likely go into mass production in 4Q24. In addition, he believes that “spatial computing is a new ecosystem that Apple wants to build, using Vision Pro as the core to integrate other devices, including AirTag 2.”

At this moment, it’s unclear what changes Apple could add to a second-generation AirTag, as this device is basically an item tracker to your everyday things, such as wallet, luggage, or bike.

Over the past few years, Apple has improved tracking detection, as some people were using this device to stalk others. For example, just last week, Google announced that Android phones can now alert you if an AirTag is stalking you.

Another great change coming with iOS 17 is the ability to share your AirTag with family members, so some items won’t trigger a stalking alert, such as a keychain, while also allowing other users to see where this item is through the Find My app.

Although it’s unclear at this moment, it’s possible that Apple Vision Pro might give you a clearer view of where to find an item with an AirTag attached by showing a new Precision Find feature. Besides that, we’ll have to wait for new reports to corroborate Kuo’s analysis.

In addition, for AirTag 2, Apple could make the internal sound louder or even improve the ultra-wideband chip to work at a longer distance.

Naturally, BGR will continually report about this product and rumors regarding upcoming Apple hardware and software.

The post Kuo: AirTag 2 could launch in late 2024 with Apple Vision Pro integration appeared first on BGR.

If you are reading this on a Windows device, you need to watch out for dangerous new malware that has been infecting internet browsers, password managers, and even cryptocurrency wallets. The Uptycs Threat Research team has named the malware “The Meduza Stealer” after Meduza, the threat actor who created it. Although no specific attacks have been attributed to The Meduza Stealer yet, Uptycs says the malware is capable of “comprehensive data theft.”

Uptycs says that the administrator of The Meduza Stealer has been promoting the new malware by showing that it can successfully evade detection by reputable antivirus software. Screenshots show Bitdefender, AVG, Kaspersky, and McAfee all failing to detect the malware in static and dynamic scans of the Meduza stealer file:

Static antivirus scan report of Meduza stealer file. Image source: Uptycs

UPDATE 7/13: We previously included Malwarebytes on the list above, but the company reached out to let us know that its software does detect and block this malware and has since mid-June.

Here’s how the malware actually works once it infiltrates your computer:

The first step it performs is a geolocation check. If the victim’s location is in the stealer’s predefined list of excluded countries, the malware operation is immediately aborted. However, if the location isn’t on the list, Meduza Stealer checks if the attacker’s server is active. In case the server isn’t accessible, the stealer also promptly terminates its activity. If both conditions—location check and server accessibility—are favorable, the stealer proceeds to gather extensive information. This includes collecting system information, browser data, password manager details, mining-related registry information, and details about installed games. Once this comprehensive set of data is gathered, it is packaged and uploaded, ready to be dispatched to the attacker’s server, thereby completing the stealer’s operation within the infected machine.

As noted above, the malware targets several sensitive apps, including browsers and password managers. The list of browsers The Meduza Stealer attacks include several versions of Chrome, Edge, Firefox, Opera, Brave, and dozens more I’ve never even heard of.

Other noted targets include the Steam software client, Discord, password managers, two-factor authentication apps, and cryptocurrency wallet extensions.

In order to avoid becoming a victim of The Meduza Stealer malware, Uptycs recommends you regularly install updates for your computer and any applications, be careful when downloading files, use strong passwords, and avoid suspicious browser extensions.

The post Dangerous new malware targets dozens of browsers, password managers, and crypto wallets appeared first on BGR.

Cybersecurity and antivirus provider Kaspersky shared a report on Thursday regarding a new spyware attack against iOS devices. After detecting suspicious activity on multiple iPhones, the security experts at Kaspersky created offline backups of each device in order to inspect them all using the Mobile Verification Toolkit for iOS. The file produced by the MVT featured a number of indicators suggesting that the iPhones had indeed been compromised.

Kaspersky has dubbed this spyware campaign “Operation Triangulation.”

According to Kaspersky, the spyware can infect iPhones without any action from the user. First, the iPhone user receives an invisible iMessage with a malicious attachment which contains the exploit. That message then triggers a vulnerability that leads to code execution, regardless of whether or not the user interacts with the message.

At this point, the code begins downloading additional stages from a command-and-control (C&C) server, which installs even more iOS exploits for privilege escalation. Once the iPhone has been exploited, a final payload is downloaded with a fully-functional advanced persistent threat (APT) platform. The initial message is then deleted along with the attachment, and the users are none the wiser as all of these steps have occurred in the background.

“Due to the peculiarities of blocking iOS updates on infected devices, we have not yet found an effective way to remove spyware without losing user data,” CEO Eugene Kaspersky explains on his blog. “This can only be done by resetting infected iPhones to factory settings, installing the latest version of the operating system and the entire user environment from scratch. Otherwise, even if the spyware is deleted from the device memory following a reboot, Triangulation is still able to re-infect through vulnerabilities in an outdated version of iOS.”

Kaspersky says the oldest traces of infection were from 2019, but the spyware is still infecting iPhones to this day. The good news is that the attack has only been detected so far on iPhones running iOS 15.7 or older. iOS 15.7 rolled out in September 2022, and Apple’s developer portal shows that over 80% of all iPhones are running at least iOS 16.

For what it’s worth, Eugene Kaspersky claims that his company “was not the main target of this cyberattack.” It’s unclear why so many Kaspersky devices were impacted, how widespread the spyware attack really is, or whether or not the average iPhone user is at risk. In the meantime, it’s yet another reason to keep your iPhone’s OS up to date.

The post Ongoing zero-click iPhone spyware attack uncovered in iMessage appeared first on BGR.

For years, Google has been dying to come up with an iMessage equivalent, a key iPhone feature that’s probably responsible for stealing plenty of users from Android. It took a while, but Google settled on RCS, a new standard that replaces SMS on Android devices. Now Google is dying for Apple to add RCS support to the iPhone Messages app, so iMessages and RCS texts can coexist.

Ever since Google began its attack ads, I’ve said that Apple shouldn’t do it. The messaging problem is blown way out of proportion, as plenty of apps bridge the gap between Android and iPhone. WhatsApp is the best example of that.

Fast-forward to late May and Google just shot itself in the foot when it comes to RCS. It turns out the Magic Compose AI feature that Google is building into Messages breaks encryption by sending messages back to Google’s servers. That’s a big problem, and it’s a perfect example of why Apple should keep RCS away from the iPhone.

When talking about RCS, Google wasted no time at I/O 2023 to make fun of Apple. Google touched on all the RCS features, including end-to-end encryption, before taking thinly-veiled shots at Apple, the iPhone, and iOS.

Sending high-quality images and video, getting typing notifications, and end-to-end encryption should all work. That’s why we’ve worked with our partners on upgrading old SMS and MMS technology to a modern standard called RCS that makes all of this possible.

And there are now over 800 million people with RCS on our way to over a billion by the end of the year. We hope every mobile operating system gets the message and adopts RCS so we can all hang out in the group chat together, no matter what device we’re using.

Then, Google demoed Magic Compose, a generative AI feature coming to Google Messages in the future. We didn’t necessarily need AI features in messages, but Google did its best to throw AI into everything at I/O 2023.

How Magic Compose works inside Google Messages. Image source: Google

And we didn’t have to wait long to test it. Generative AI is available inside Google Messages right now, and Magic Compose is available as a beta. Android Police points to a Google support page that says Magic Compose is available only for RCS conversations in the Messages app. That’s not a surprise or a problem. It makes sense for Google to upgrade RCS, especially considering the rivalry with Apple’s iMessage.

However, as Android Police points out, Magic Compose breaks end-to-end encryption (E2EE). That’s one of the tentpole features of iMessage, Signal, WhatsApp, and other chat apps. A feature that Google struggled to bring to RCS. But let’s not forget that Google made a point to mention E2EE during the Messages segment at I/O 2023.

Google Messages’ Magic Compose AI feature breaks encryption. Image source: Google

Unfortunately, Magic Compose can’t run on-device to generate responses. The Messages app will send up to 20 of your last messages to Google, so Magic Compose can do its thing. Google didn’t mention this glaring issue during I/O, but it does disclose the problem in the support document:

Google doesn’t store messages or use them to train machine learning models. Up to 20 previous messages, including emojis, reactions, and URLs, are sent to Google’s servers and only used to make suggestions relevant to your conversation. Messages with attachments, voice messages, and images aren’t sent to Google servers, but image captions and voice transcriptions may be sent.

Sure, you can avoid enabling Magic Compose, as the Google Messages feature is optional. But I worry many will just enable the feature without considering the privacy implications.

That is a big problem, I don’t care how many excuses you make. Private messages are no longer private. There should be no way for a company to break E2EE on its messaging platforms. Even if it’s for next-gen generative AI features. And this is just one more reason why Apple should not add RCS support to its iMessage app.

The post Google’s encryption-breaking Magic Compose AI proves iPhone shouldn’t support RCS messaging appeared first on BGR.

If you’ve ever been tempted to sneak a peek at a friend or partner’s phone when they leave it lying around, know that you aren’t alone. According to a study conducted by the data recovery experts at Secure Data Recovery, 82% of Americans say that they have snooped on someone else’s device at some point in their lives. Of the 82% of those surveyed that have snooped, a whopping 81% say that they haven’t been caught in the act.

Have you ever snooped on someone’s phone?

“The motivations for snooping are also quite telling,” the study notes. “While general curiosity (59%) is the most commonly cited reason for snooping, a significant portion of Americans are driven by suspicions of wrongdoing (56%).”

Secure Data Recovery postulates that the “ease and accessibility” of digital snooping might be why it’s so common. As long as a phone, tablet, or computer is unlocked, virtually anyone with even the most basic understanding of how to operate the device in question can start clicking through texts, emails, photos, documents, and more in seconds.

Unsurprisingly, the reason most people claim they decided to snoop was to look at messages (87%). That includes text messages, emails, social media DMs, and more. It seems that we’re most curious about what our friends are saying to everyone else.

As for those who snoop on their romantic partners, 53% report finding something incriminating or concerning. A majority of the snoopers say that the concerning content they uncovered was evidence of either in-person infidelity or digital flirting and/or cheating.

As dishonorable as snooping may be, the study shows that “over a third report not feeling any regret or remorse after snooping, which indicates that they may feel rational in their actions or are comfortable with snooping as a behavior.”

If there’s one important takeaway from this study, it’s that you should probably put a passcode on all of your devices, as snooping is more common than you think.

Secure Data Recovery surveyed 1,003 people across the United States for this study.

The post 82% of people have snooped on someone else’s phone or computer, study shows appeared first on BGR.

Ahead of World Password Day, NordPass released the most common passwords on the internet in 2022. What’s interesting about this study is that 83% of the 20 most used passwords can be cracked in less than one second. That means your email, social media platforms, and computer could be at risk if you use any of these passwords.

NordPass says the list of passwords was compiled in partnership with independent researchers specializing in research of cybersecurity incidents with a 3TB database evaluated. Although the study includes 30 countries, there is specific information about the US.

The most common password in the US is “guest,” used by more than 127,000 people. This code takes 10 seconds to be cracked. Here it is along with the other top nine codes that are used most often. And, surprisingly, they can often be cracked in under a second:

1. guest
2. 123456
3. password
4. 12345
5. a1b2c3
6. 123456789
7. Password1
8. 1234
9. abc123
10. 12345678

NordPass also gives password lists of popular categories such as fashion brands, sports, movies, artists, and more that people use – and are also easily cracked down on. That said, it’s also a good deal to avoid codes like “tiffany,” “leon,” “u2,” “mini,” and “fish.”

The company also lists a few tips and tricks to make sure users can keep their data safe:

1. Long and complex codes: A complex password contains at least 12 characters and a variety of upper- and lowercase letters, numbers, and symbols.
2. Don’t reuse passwords: A single code for multiple accounts makes a hacker’s job that much easier.  If only one of the accounts is compromised, all of your other accounts become jeopardized.
3. Audit your accounts: Regularly check which accounts you’re still using and which you no longer access. Unused accounts can put your security online at risk because you may not notice when they get breached.
4. Check password strength and update regularly: Regularly assess your password health. Identify weak, reused, or old passwords and fortify your online security with new, complex ones.

Last but not least, NordPass suggests users have a password manager. While there are several paid options, Apple, for example, offers it for free with every iPhone. NordPass also has a code generator that creates unique codes that you can decide their length and what it will have here.

The post Stop using these passwords right now, as they can be cracked in under a second appeared first on BGR.

The Association for a Better New York (ABNY) is donating 500 AirTags so the NYPD can distribute them to car owners to help prevent car theft in the city. According to ABC, vehicle theft is up 13% citywide compared to the same period last year, with nearly 4,500 vehicles reported stolen.

One of the reasons, according to the NYPD, is due to TikTok users instructing thieves how to steal Kias and Hyundais. “This year alone, we have 966 Hyundais and Kias taken,” said NYPD Chief of Patrol John Chell. According to the publication, the automakers are offering owners free software updates to help stop the trend.

While we heard several stories of people placing AirTags in cars to help prevent theft, this time, NYPD Chief of Patrol John Chell is also advising New York citizens to get an AirTag. “Your phone will be alerted. You know someone’s in your car who’s not supposed to be, and/or it’s stolen. You call 911 as fast as you can. You tell the officers involved, ‘I have an AirTag, ‘and they will immediately, with citywide apprehension apparatus will, start putting that tag citywide.”

With a retail price of $30, an AirTag connects with your iPhone and only needs to be charged around once a year. Using the Find My app, you can locate the AirTag and the attached item. Apple uses the Find My network, an anonymous network of hundreds of millions of Apple devices that can help you locate your lost devices.

If you place your AirTag in your car, it will update the location every time it passes close to an Apple device connected to the internet.

The Association for a Better New York will be donating 500 AirTags to the NYPD, which will announce how it’s going to distribute the item trackers to NY citizens through its Twitter account.

The post NYPD gave out 500 free Apple AirTag trackers in car theft crackdown appeared first on BGR.

Microsoft has been under fire for its questionable user-tracking tactics for years, but that has not dissuaded the company from continuing to collect oodles of data. To that point, a Redditor (via The Verge) recently noticed that the newest version of Microsoft Edge sends a request to bingapis.com with the full URL of nearly every site a user visits.

“Searching for references to this URL gives very few results, no documentation on this feature at all,” wrote hackermchackface. “Surely I can’t be the first to discover this?!”

Redditors that responded to the thread figured out that bingapis.com is a Microsoft-owned domain and that others have reported the site to Any.Run in the past. They were not able to determine why the company would implement such an egregiously invasive feature, but The Verge reached out to software engineer Rafael Rivera to see if he could figure out what was going on. As it turns out, Microsoft might have just made a mistake.

“Microsoft Edge now has a creator follow feature that is enabled by default,” Rivera explained. “It appears the intent was to notify Bing when you’re on certain pages, such as YouTube, The Verge, and Reddit. But it doesn’t appear to be working correctly, instead sending nearly every domain you visit to Bing.”

Microsoft started testing the Follow Creator feature last year and rolled it out to more users in recent months. The feature gives fans the ability to easily follow YouTube creators with the tap of a button. The problem is that other than a list of blocked sites in the Bing API’s master filter, the feature is sending every URL you visit to Bing.

“We’re aware of reports, [we] are investigating and will take appropriate action to address any issues,” Caitlin Roulston, director of communications at Microsoft, told The Verge.

In the meantime, if you want to stop Bing from scraping every URL you visit, you can turn off the Follow Creator feature. In order to do so in Edge, go to Settings > Privacy, search, and services. Now, in the Services section, toggle off the switch next to Show suggestions to follow creators in Microsoft Edge. That should eliminate the problem.

The post Microsoft Edge is leaking every URL that you visit to Bing appeared first on BGR.