Search Results for “Apple Insider”


September 6, 2019
Lorenzo Franceschi-Bicchierai / Motherboard

Lorenzo Franceschi-Bicchierai / Motherboard  
[Updated] Apple Issues Statement on Google’s Discovery of iOS Vulnerabilities That Led to Attacks on Uighur Community, Says The Attacks Lasted for Shorter Period of Time and Were Less Widespread Than Google Researchers Suggest

Apple released a rare and defensive statement to comment on the attacks on iPhone users revealed by Google last week. Google revealed five chains of iOS vulnerabilities discovered by its security teams and described the attacks as “indiscriminate,” and potentially hitting “thousands” of people. Apple disputes minor details that Google released about the attacks saying the attacks lasted for a shorter amount of time and that they were less widespread than Google reported. Apple said that the attacks affected fewer than a dozen websites that focus on content related to the Chinese Muslim minority Uighur community. The target of the attacks had not been revealed by Google but journalists subsequently discovered they were targeted at the Uighur community. In the statement, Apple said that “Google’s post, issued six months after iOS patches were released, creates the false impression of ‘mass exploitation’ to ‘monitor the private activities of entire populations in real time,’ stoking fear among all iPhone users that their devices had been compromised. This was never the case.” In response to Apple’s statement, Google issued its own statement saying “we stand by our in-depth research.”

Related: Apple, The Verge, Bloomberg, Reuters, Slashdot, Quartz, Buzzfeed, Gizmodo, CNET, The Next Web, New York Magazine, FOX News, Daring Fireball, Yahoo! News, FirstpostTODAYonline, TechCrunch, iClarified, TechnoBuffalo, iMore, MacDailyNews, Tech Insider, MacRumors, Technology Review, The Hill: Cybersecurity, Channel News Asia, The Hacker News, Engadget, iPhone Hacks, SlashGear » security

Tweets:@lmatsakis @josephfcox @josephfcox @zeynep @zackwhittaker @lorenzofb @markgurman @jeffstone500 @thehackernews @BleepinComputer @JohnPaczkowski @ericgeller @ericgeller @RMac18 @alexstamos @alexstamos @alexstamos @alexstamos @alexstamos @alexstamos @gizmodo @LorenzoFB @ShiraOvide @tqbf @suka_hiroaki @mattblaze @howelloneill @josephmenn @josephfcox @SwiftonSecurity

Apple: A message about iOS security 
The Verge: Apple accuses Google of ‘stoking fear’ over iPhone security issues
Bloomberg: Apple Disputes Google Description of a Widespread iPhone Attack
Reuters: Apple says Uighurs targeted in iPhone attack but disputes Google’s findings
Slashdot:Apple Disputes Google’s Claims of a Devastating iPhone Hack
Quartz: Apple implies iPhones were hacked to spy on China’s Uyghur Muslims
Buzzfeed: Apple Has Confirmed Uighurs Were Targeted In Wide-Ranging Phone Hacking Scheme
Gizmodo: Apple Can Feel Its Reputation for Bulletproof Security Slipping Through Its Fingers
CNET: Apple pushes back against Google on iOS hack targeting Muslims
The Next Web: Apple claps back at Google for spreading FUD in iOS exploit report
New York Magazine: Apple Downplays Enormous iOS Security Hole That Google Found
FOX News: Apple disputes Google’s iPhone hack claim, says report ‘creates false impression’
Daring Fireball: Apple Pushes Back on iOS Security in Wake of Google’s Report
Yahoo! News: UPDATE 2-Apple says Uighurs targeted in iPhone attack but disputes Google findings
Firstpost: Apple says Uighurs targeted in iPhone attack but disputes Google findings
TODAYonline: Apple says Uighurs targeted in iPhone attack but disputes Google findings
TechCrunch: Apple doesn’t want Google ‘stoking fear’ about serious iOS security exploits
iClarified: Apple Issues Statement on iOS Exploits Found in the Wild
TechnoBuffalo: Apple responds adamantly to concerns about iOS security vulnerabilities
iMore: Apple responds vehemently to concerns about iOS security vulnerabilities
MacDailyNews: CNET reviews Apple Card: Most useful for users who love Apple Pay
Tech Insider: Apple just put Google on blast for trying to stoke ‘fear among all iPhone users that their devices had been compromised’ (AAPL, GOOG)
MacRumors: Apple Disputes Some Details of Google’s Project Zero Report on iOS Security Vulnerabilities [Updated]
Technology Review:Apple says China’s Uighur Muslims were targeted in the recent iPhone hacking campaign
The Hill: Cybersecurity: Apple says iPhone attack was targeted at Chinese Muslim minority group
Channel News Asia: Apple says Uighurs targeted in iPhone attack but disputes Google’s findings
The Hacker News: Google Uncovers How Just Visiting Some Sites Were Secretly Hacking iPhones For Years
Engadget: Apple tries to clear up Google’s claims about iOS vulnerabilities
iPhone Hacks: Apple Disputes Google Project Zero Findings, Issues Statement Highlighting iOS Security
SlashGear » security: Apple just accused Google of iPhone security fake news [Update]

@lmatsakis: It's really telling, I think, that Apple doesn't use the word "China" in this statement confirming that the iOS exploits Google discovered were used to spy on China's minority Muslim population
@josephfcox: Apple just posted a wild statement in response to Google Project Zero's findings on malicious websites pushing iOS exploits for years - confirms against Uighurs - disputes "years" deployment, says two months - pretty arrogant tone about device security https://vice.com/en_us/article/qvgv4p/apple-disputes-googles-claims-of-a-devastating-iphone-hack
@josephfcox: The whole statement is pretty dismissive of the targeting of the Uighur minority. Notice it doesn't actually say how many devices were infected either, just tries to suggest smaller impact than Google said https://vice.com/en_us/article/qvgv4p/apple-disputes-googles-claims-of-a-devastating-iphone-hack
@zeynep: This is a terrible statement.
@zackwhittaker: Apple has issued a rare statement about iOS security re: Google's iPhone exploits it posted last week, basically confirming my reporting about the attacks targeting Uyghur Muslims.
@lorenzofb: So, to recap.Google said the attacks on iPhones were widespread. Multiple reports say it was China hacking Uighurs.Apple confirms it was Uighurs, but doesn't say it was China.In 2009, Google wasn't scared to point finger at China. How the times change.
@markgurman: First Siri privacy issues, now Apple puts Google malware finding controversy behind it ahead of Tuesday. They’re blasting Google for posting about it 6 months after it was fixed.
@jeffstone500: Apple’s response to Google today says that massive iOS hacking operation lasted "only" months & that it was “focused,” creating the impression all this is overblown. Try telling the Uighur targets who probably have Chinese spies lurking on their phones forever.
@thehackernews: Apple says Google created the false impression of “mass exploitation” to “monitor the private activities of entire populations in real time,” stoking fear among all iPhone users that their devices had been compromised.Update added to the original story:
@BleepinComputer: Apple claims Google's Project Zero report is "stoking fear among all iPhone users that their devices had been compromised."
@JohnPaczkowski: kinda odd that google didn't mention Uighurs in that project zero post, too
@ericgeller: In a rare public statement, Apple confirms watering-hole websites used to infect Uighurs' iPhones but rejects Google's initial description (https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html) including duration and scale. https://apple.com/newsroom/2019/09/a-message-about-ios-security/
@ericgeller: Google responds to Apple saying that Project Zero got some details wrong when it first revealed the iOS hacking campaign: "We stand by our in-depth research..."
@RMac18: Some updates:-An FBI official says the bureau has been aware of the exploit for some time and has been in contact with Apple.-Google has a statement pushing back on Apple and saying it stands by its research.
@alexstamos: Apple's response to the worst known iOS attack in history should be graded somewhere between "disappointing" and "disgusting".First off, disputing Google's correct use of "indiscriminate" when describing a watering hole attack smacks of "it's ok, it didn't hit white people."
@alexstamos: Even if we accept Apple's framing that exploiting Uyghurs isn't as big a deal as Google makes it out to be, they have no idea whether these exploits were used by the PRC in more targeted situations. Dismissing such a possibility out of hand is extremely risky.
@alexstamos: Second, the word "China" is conspicuously absent, once again demonstrating the value the PRC gets from their leverage over the world's most valuable public company.To be fair, Google's post also didn't mention China. Their employees likely leaked attribution on background.
@alexstamos: Third, the pivot to Apple's arrogant marketing is not only tone-deaf but really rings hollow to the security community when Google did all the heavy lifting here. I'm guessing we won't hear Tim talk about how they are going to do better on stage next week.
@alexstamos: This possibility that this incident might wake Apple up to their responsibilities the way Aurora impacted Google was discussed by @riskybusiness and I just a couple of days ago. I guess we have our answer.
@alexstamos: Dear Apple employees: I have worked for companies that took too long to publicly address their responsibilities. This is not a path you want to take. Apple does some incredible security work, but this kind of legal/comms driven response can undermine that work. Demand better.
@gizmodo: Apple can feel its reputation for bulletproof security slipping through its fingers
@LorenzoFB: Even former Apple security engineers think Apple's statement on this is bad.
@ShiraOvide: This is savage and good.Humility is a highly useful quality in people, and in companies.
@tqbf: Cosign all of this. Apple does astonishing technical work to secure the iOS platform, and this statement squanders the moral authority they earned.
@suka_hiroaki: Google: Hey, we found a bunch of full exploit chains for iOS, here is how to fix them. Apple: HOW DARE YOU!!!
@mattblaze: This thread from @alexstamos . I hope my friends at Apple read it very carefully. There's important, hard-earned wisdom here.
@howelloneill: There's a lot of worthwhile debate to be had over Apple's statement about this hacking campaign. One important thing it did do is confirm earlier reporting about Uighur targets. One thing it didn't do is use the word China. https://technologyreview.com/f/614277/apple-says-chinas-uighur-muslims-were-targeted-in-iphone-hacking-campaign/
@josephmenn: Unclear how Apple and Google taking Sharpies to one another is helping the Uighurs.
@josephfcox: i don't think anything has ever brought the infosec community together as much as this unanimous response to apple's statement
@SwiftonSecurity: Apple should have just taken the L and hardened their OS instead of posting this garbled statement.


October 10, 2019
Jack Nicas / New York Times

Jack Nicas / New York Times  
Apple Caves to Chinese State Criticism and Pulls App That Allowed Hong Kong Protesters to Track Police

In a move among several recent developments that shows the power of the Chinese state to dictate policies by American companies, Apple removed an app, HKmap.live, from its app store that enabled protesters in Hong Kong to track the police, a day after facing intense criticism from Chinese state media for it. Apple’s removal of the app followed an editorial by the People’s Daily, the flagship newspaper of the Chinese Communist Party, that accused Apple of aiding “rioters” in Hong Kong. Apple said it verified with the Hong Kong Cybersecurity and Technology Crime Bureau that the app has been used to target and ambush police, threaten public safety, and criminals have used it to victimize residents in areas where they know there is no law enforcement.

Related: The Next Web, Reuters, Forbes, ZDNet Security, News.com, Apple Insider, Newsweek, Israel National News, South China Morning Post, The Korea Times News, Hong Kong Free Press HKFPPOLITICO, Financial Times, iMoreDaring FireballFortune, Security, Privacy & Tech Inquiries, EJ Insight, The New Daily, RT News, rthk.hk Local, WRAL Tech Wire, MacRumors, TechCrunch, Tech Insider, iPhone Hacks, MacRumors, Silicon Republic, Tech Insider, Z6 Mag, Global Voices, ReutersFortune  iMore, Tech Insider, WRAL Tech Wire, Fortune, Z6 Mag, BBC News, CRN, NDTV, Telegraph, QuartzNaked Security, EFF, Threatpost

Tweets:@juhasaarinen @Pinboard @thegrugq @jpwarren @jeffstone500

The Next Web : Apple bans app that warns Hong Kong citizens about police activity, again
Reuters : Apple pulls police-tracking app used by Hong Kong protestors after consulting authorities
Forbes : Apple Removes App Used To Track Hong Kong Police After Pressure From China
ZDNet Security: Apple pulls HKmap.live from app store
News.com.au : Apple bans app after China threat
Apple Insider : Apple again pulls police monitoring app from Hong Kong app store
Newsweek: What is HKmap? Apple’s Removal of App Used by Hong Kong Protesters is ‘Political Decision to Suppress Freedom,’ Devs Say
Israel National News : Apple withdraws Hong Kong police-tracking app
South China Morning Post: Swedish tech firm Yubico hands Hong Kong protesters free security keys amid fears over police tactics online
The Korea Times News: Swedish firm gives Hong Kong protesters security keys amid police hacking fear
Hong Kong Free Press HKFP: ‘You’re not alone’: Hong Kong activists united over raising awareness about gender-based violence
POLITICO: U.S. passing Hong Kong human rights and democracy act will ‘punish the wrong people,’ says ex-Trump envoy
Financial Times: Apple pulls Hong Kong map used by protesters from App Store
iMore : Hong Kong mapping app removed from App Store
Daring Fireball: Apple Removes HKmap.live From App Store
Fortune: Apple Removes Hong Kong Protest Map From App Store The Day After Beijing Complains
Security, Privacy & Tech Inquiries: Censorship-resilient apps with Progressive Web Applications
EJ Insight: Apple pulls HK police-tracking app after China criticism
The New Daily: Apple removes Hong Kong police tracker app
RT News: Apple removes app that Hong Kong protesters used to track police movements following vandalism, attacks on officers
rthk.hk Local: Apple pulls HK protester app after Beijing warning
WRAL Tech Wire: Apple drops Hong Kong activists app; Huawei may be able to buy some US goods
MacRumors: Apple Pulls Hong Kong Protest App From App Store Following Chinese Criticism
TechCrunch: Apple pulls HKmap from App Store, the day after Chinese state media criticized its “unwise and reckless decision” to approve it
Tech Insider: China’s grip on Apple tightens as it boots a Hong Kong police-tracking app and news app Quartz
iPhone Hacks: Tim Cook Explains Why Apple Removed the Controversial Hong Kong Protest App
MacRumors: Tim Cook Defends Removal of Hong Kong Mapping App From App Store in Leaked Memo
Silicon Republic: Apple accused of bowing to political pressure amid Hong Kong app removal
Tech Insider: Hong Kong lawmaker who relied on the banned HKMap Live app warns Apple from becoming an ‘accomplice for Chinese censorship’
Z6 Mag: Apple CEO Tim Cook justifies removal of Hong Kong maps app from App Store
Global Voices: Google removes Hong Kong protester role-playing game from its Play Store
Reuters : Apple pulls app used to track Hong Kong police, Cook defends move
Fortune: Apple CEO Tim Cook Defends Decision to Drop Hong Kong Protest Map From App Store After China Complaint
iMore: Read Charles Mok’s open letter to Tim Cook about Hong Kong
Tech Insider: Hong Kong lawmaker who relied on the banned HKMap Live app warns Apple from becoming an ‘accomplice for Chinese censorship’
WRAL Tech Wire: Tim Cook’s choice: Apple kowtows to China or face punishing costs
Fortune: Apple CEO Tim Cook Defends Decision to Drop Hong Kong Protest Map From App Store After China Complaint
Z6 Mag: Apple CEO Tim Cook justifies removal of Hong Kong maps app from App Store
BBC News : Few convinced by Apple’s case for Hong Kong app removal – BBC News
CRN : Apple criticised for pulling app that tracks Hong Kong police
NDTV : Apple Removes Quartz News App From China App Store Over Hong Kong Protest Coverage
Telegraph : Fury as Apple pulls US news app Quartz from China ‘over Hong Kong coverage’
Quartz: Tim Cook doesn’t seem to know how the Hong Kong app Apple removed actually works
Naked Security: Apple removes app that tracks Hong Kong police and protestors
EFF: China’s Global Reach: Surveillance and Censorship Beyond the Great Firewall
Threatpost: China’s Sway Over Tech Companies Tested with Apple, Blizzard

@juhasaarinen: Apple pulls http://HKmap.live from app store https://zd.net/2nxabSt via @ZDNet & @dobes
@Pinboard: This is important. Note the hypothetical language used here by Hong Kong police—they contacted "several app stores" (presumably including Apple) with the complaint that @hkmaplive "could leak the officers' whereabouts, which could facilitate the criminals to ambush our officers."
@thegrugq: This pure information warfare attack surface is brilliant. Blizzard punished a player for being pro Hong Kong. Players are attempting to get Blizzard games banned by Chinese censors. Winnie the Pooh is already censored due to memes about Xi, so this isn’t too unrealistic a goal.
@jpwarren: I am doubling my order of @Yubico keys and telling everyone I know to do the same, because of their principled stance on Hong Kong. And so should you. Please RT.
@jeffstone500: Censorship is just the beginning. China is using powerful DDoS attacks to knock foreign websites offline, per @EFF @Mala. Recent victims include Telegram, a Hong Kong protest forum, and social media outside government control.


August 16, 2019
Susan Decker / Bloomberg

Susan Decker / Bloomberg  
Apple Files Copyright Lawsuit Against Software Startup Corellium Accusing the Security Vulnerability Tool Company of Illegally Selling Virtual Copies of iPhone, iPad Operating Systems

In a copyright infringement lawsuit filed in West Palm Beach, FL, Apple has accused upstart Corellium of illegally selling virtual copies of the iPhone and iPad operating systems under the guise of helping discover security flaws. Corellium provides a research tool for those trying to discover security vulnerabilities and other flaws in Apple’s software. Apple alleges that the software company has copied the operating system, graphical user interface and other aspects of the devices without permission, and wants a federal judge to stop the violations. Apple further argues that Corellium allows the creation of a virtual Apple device, copies new versions of Apple works as soon as they are announced and doesn’t require users to disclose flaws to Apple. In its suit, Apple is further asking for a court order forcing Corellium to notify its customers that they are in violation of Apple’s rights, destruction of any products using Apple copyrights, and cash compensation.

Related: Tech Insider, Slashdot, Z6 Mag, TechCrunch, MacRumors, PCMag, ZDNet, iMore, AppleInsider, 9to5Mac, SecurityWeek, Economic Times,ZDNet Security, The Register, Computer Business Review, MobileSyrup.com, Slashdot, MacDailyNews

Tweets:@pwnallthethings @riskybusiness @MalwareJake @runasand @LorenzoFB @LorenzoFB @LorenzoFB @dcuthbert @ryanaraine @hackerfantastic @Bing_Chris

Tech Insider: ‘Enough is enough’: Apple is suing a company that claims it creates ‘perfect’ replicas of iOS
Slashdot: Apple Files Lawsuit Against Corellium For iOS Emulation
Z6 Mag: Apple sues Corellium, saying that they are profiteering from supposedly good-faith security research
TechCrunch: Apple is suing Corellium
MacRumors: Apple Files Lawsuit Against Virtualization Company Corellium for Illegally Replicating iOS and Apple Apps
PCMag: Apple Sues Corellium Over ‘Illegal Replication’ of iOS
ZDNet: Apple files lawsuit against Corellium for flogging virtual iOS copies for security tests
iMore: Apple accuses software company Corellium of selling replicas of iOS in new lawsuit
Apple Insider: Apple sues virtualization firm Corellium for selling iOS and iTunes knockoffs
9to5Mac: Apple files lawsuit against virtualization company Corellium for selling ‘perfect replicas’ of iOS
SecurityWeek: Apple Sues Corellium Over Security Research Tool
Economic times : Here’s why Apple is suing this cybersecurity startup
ZDNet Security: Apple files lawsuit against Corellium for flogging virtual iOS copies for security tests
The Register: Apple fires legal salvo at Corellium claiming the virtual iPhone flinger is infringing copyright
Computer Business Review: Apple Sues Virtualisation Firm Corellium for “Perfect Digital Facsimile” of iOS
MobileSyrup.com: Apple suing company that creates browser-based replica of iOS
Slashdot: Apple Files Lawsuit Against Corellium For iOS Emulation
MacDailyNews: Apple seeks to shut down Corellium’s unauthorized ‘perfect replicas’ of iOS

@pwnallthethings: Interesting case to watch here @Apple v @CorelliumHQ -- another example of big tech companies using legal pretexts as proxy fights in cybersecurity
@riskybusiness: Tfw your podcast is named in Apple’s lawsuit against @CorelliumHQ . At least I’m in good company with @mdowd and @lorenzofb .
@MalwareJake: This reminds me of when Oracle signaled it would take legal action against Sun Microsystems because dtrace would expose the inner workings of their DBMS. Bugs happen. Apple obviously wants these bugs exposed, but only to them. 1/
@runasand: "Apple said the software company Corellium has copied the operating system, graphical user interface and other aspects of the devices without permission, and wants a federal judge to stop the violations."
@LorenzoFB: I wonder if Apple will go after Corellium users now.
@LorenzoFB: Here's the full Apple v. Corellium complaint.
@LorenzoFB: I'm not a copyright lawyer but this lawsuit is fascinating. Apple is essentially arguing that Corellium has copied iOS and is offering unlicensed copies to customers.Apple is also arguing that these customers use Corellium to find vulns that they don't then report to Apple.
@dcuthbert: And this is a seemingly poor move by @apple https://macrumors.com/2019/08/15/apple-corellium-copyright-infringement-lawsuit/The tech allows us to streamline and modernise the entire testing approach. No more clunky physical phone testing farms. It allows rapid dev across multiple devices. Something Apple hasn't made easy
@ryanaraine: “For a million dollars a year, Corellium will even deliver a ‘private’ installation of its product to any buyer,” Apple said.
@hackerfantastic: "Corellium paints itself as a research tool for discover security vulnerabilities and other flaws in Apple’s software"...“Far from assisting in fixing vulnerabilities, Corellium encourages its users to sell any discovered information on the open market to the highest bidder" ??
@Bing_Chris: Very interesting case... I recently spoke to someone in the offensive cyber industry and they (unprompted) explained how this company’s software is extremely important nowadays in finding 0 days. I am curious though, what was the option before Corellium?


October 14, 2019
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Apple Clarifies, Defends Against Reports That It Sends User Traffic to China’s Tencent, Says It Never Sends Browsing Traffic to Tencent’s System

Following a series of reports that Apple’s Safari web browser was secretly sending user traffic to Chinese company Tencent, all of which reflected a recent discovery that Apple had implemented a second “safe browsing” system within Safari, Apple issued a statement clarifying the situation and defending its practices. Apple said it has used Google’s Safe Browsing API inside Safari to check for bad links, and this year also added Tencent’s safe browsing system to Apple as well. Despite earlier versions of safe browsing sending a URL to a safe browsing provider, most current safe browsing mechanisms, such as those managed by Google and Tencent, work by sending a copy of the database to a user’s browser and letting the browser check the URL against this local database. Apple said its developers have implemented Safari’s safe browsing mechanism in this manner and never sends the user’s internet browsing traffic to safe browsing providers. Tencent is not the default safe browsing provider and is only used on devices where the Chinese locale is enabled. Apple relies on Tencent to help keep its users safe because the Chinese government bans Google domains inside China.

Related: Cult of Mac, Z6 Mag, Softpedia News, CNET News, iDownloadBlog.com, NewsBytes App, TechNadu, Sensors Tech Forum, Apple Insider,, 9to5Mac, HotHardware.com, Softpedia News, The Next Web, iPhone Hacks, MacRumorsTech Insider, The Hacker News, Ubergizmo, MacDailyNews, Techradar, MacRumors, The Loop, Digital Trends, Forbes, Sensors Tech Forum, SlashGear, Appuals.com, Threatpost, NDTV Gadgets360.com

Cult of Mac: Apple under fire for sending browsing data to China
Z6 Mag: Apple sends browser data to Chinese tech giant, Tencent
Softpedia News: New Apple Card Fraud Case Shows Cloning Might Not Be the Only Concern
CNET News: Apple defends the way it shares Safari browser data with Google or Tencent – CNET
iDownloadBlog.com: Safari caught sending some Safe Browsing data to Chinese internet giant Tencent
NewsBytes App: Safari caught sending browsing data to Chinese company: Details here
TechNadu: Apple’s Safari is Sending User Browsing Data to Chinese Company Tencent
Sensors Tech Forum: Apple Is Sharing Safe Browsing Data with Chinese Conglomerate Tencent
Apple Insider : Safari on iOS can be sending your browsing data to China’s Tencent [u]
9to5Mac: Apple responds to report on sending users’ browsing data to China-owned Tencent
HotHardware.com: Apple Safari Can Send Your Browsing Data To China’s Tencent Raising Privacy Fears
Softpedia News: How to Block Your iPhone from Sending Browsing Data to Chinese Firm Tencent
The Next Web : Apple under scrutiny for sending Safari browsing data to China’s Tencent
iPhone Hacks: Apple Issues a Statement Regarding Safari Fraudulent Website Warning, Says It Uses Tencent Only for Mainland China
MacRumors: Apple Sending User Data to Chinese Company for Fraudulent Website Warnings in Safari
Tech Insider: An Apple feature that shares some data from websites you visit in Safari with Chinese tech giant Tencent is attracting attention amid mounting tensions between the US and China (AAPL)
The Hacker News: Apple Under Fire Over Sending Some Users Browsing Data to China’s Tencent
Ubergizmo: Apple Reportedly Sending User Browsing Data To Chinese Company Tencent
MacDailyNews: Apple under fire for sending web browsing data, including IP addresses, to China’s Tencent
Techradar: Safari on iOS could be sending tracking data to China
MacRumors: Apple Clarifies Tencent’s Role in Fraudulent Website Warnings, Says No URL Data is Shared and Checks are Limited to Mainland China
The Loop: On Apple sharing some portion of your web browsing history with Chinese conglomerate Tencent
Digital Trends: Safari is sending user browsing data to China’s Tencent
Forbes : Apple accused of sending data from 1billion iPhones and iPads to china
Sensors Tech Forum: Apple Is Sharing Safe Browsing Data with Chinese Conglomerate Tencent
SlashGear: iOS 13 Safari’s Safe Browsing reportedly sending some data to Tencent
Appuals.com: Apple’s Safari Now Protects Users From Fraudulent Websites Using “Tencent Safe Browsing”
Threatpost: Apple Shares Some Browsing History with Chinese Company
NDTV Gadgets360.com: Apple’s Safari Browser on iOS Sends Browsing Information to China’s Tencent, Which May Log IP Addresses


August 2, 2019
Alex Hern / Guardian

Alex Hern / Guardian  
Apple Suspends Controversial Program That Allows Contractors to Listen to Siri Recordings

Apple has suspended its practice of having human contractors listen to users’ Siri recordings to “grade” them, and will not restart the program until it has conducted a thorough review of the practice following a Guardian report revealing the practice.  Apple also said it is committed to adding the ability for users to opt out of the quality assurance scheme altogether in a future software update. Contractors for Apple who conduct those reviews showed up for work on Friday in Ireland but were told to go home for the weekend. The Guardian broke the news that Apple contractors regularly hear confidential and private information while carrying out the grading process, including in-progress drug deals, medical details and people having sex.

Related: AppleInsider, iClarified, Mashable, Paul Thurrott – Thurrott.com, Tech Insider, Reuters, The Next Web, PhoneArena, ZDNet Security, The Verge, Cult of Mac, MacRumors, Axios, Techradar, BetaNews, Pocket-lint, Slashdot

Tweets:@inafried @gcluley @markwilsonwords

AppleInsider: Apple suspends Siri quality control program, will let users opt out in update
iClarified: Tim Cook Announces Apple Card Will Launch in August
Mashable: Apple suspends program that let humans listen in to Siri conversations
Paul Thurrott – Thurrott.com: Apple Suspends Siri Grading Program
Tech Insider: Three ways brands can benefit from adopting voice technology (AAPL, AMZN, GOOGL, MSFT)
Reuters: Apple halts Siri response grading program after privacy concerns
The Next Web: Apple and Google suspend monitoring of voice recordings by humans
PhoneArena: With privacy cred under fire, Apple to offer opt-out feature for Siri recordings access
ZDNet Security: Apple, Google: We’ve stopped listening to your private Siri, Assistant chat, for now
The Verge: Apple stops letting contractors listen to Siri voice recordings
Cult of Mac: Apple stops listening to users’ Siri queries
MacRumors: Apple Suspends Program That Lets Employees Listen to Siri Recordings for Quality Control, Opt Out Option Coming
Axios: Apple suspends program in which humans review users’ Siri queries
Techradar: Apple has stopped sending Siri chats to third parties… for now
BetaNews: Privacy: Google stops transcribing Assistant recordings and Apple stops listening to Siri recordings
Pocket-lint: Apple is suspending Siri quality control due to recent privacy concerns
Slashdot: Apple Stops Letting Contractors Listen To Siri Voice Recordings, Will Offer Opt-Out Later

@inafried: Breaking: Apple suspends program in which humans review users' Siri queries (link: https://www.axios.com/apple-suspends-program-in-which-humans-review-users-siri-queries-eb3ed834-35fb-4e96-bf66-4de3da03b1c5.html?utm_source=twitter&utm_medium=twsocialshare&utm_campaign=organic) axios.com/apple-suspends…
@gcluley: Apple suspends Siri response grading in response to privacy concerns (link: https://techcrunch.com/2019/08/01/apple-suspends-siri-response-grading-in-response-to-privacy-concerns/) techcrunch.com/2019/08/01/app…
@markwilsonwords: Privacy: Google stops transcribing Assistant recordings and Apple stops listening to Siri recordings


July 26, 2019
Alex Hern / The Guardian

Alex Hern / The Guardian  
Apple Contractors Regularly Hear Highly Confidential Siri Recordings, Including Drug Deals and Couples Having Sex, Whistleblower

Apple contractors regularly hear confidential medical information, drug deals, and recordings of couples having sex, as part of their job providing quality control, or “grading”, the company’s Siri voice assistant, according to a whistleblower working for the firm who is concerned about the company’s lack of disclosure of these human reviews. Apple’s privacy policies do not explicitly state that a small proportion of Siri recordings are passed on to contractors working for the company around the world. Apple conceded that humans are reviewing Siri audio saying “a small portion of Siri requests are analyzed to improve Siri and dictation. User requests are not associated with the user’s Apple ID. Siri responses are analyzed in secure facilities and all reviewers are under the obligation to adhere to Apple’s strict confidentiality requirements.”

Related: Engadget, Fast Company, 9to5Mac, Tech Insider, Trusted Reviews, MacRumors, Slashdot, TechSpot, Engadget, SlashGear » security, iPhone Hacks

Tweets:@geoffreyfowler @donie

Engadget: Apple contractors frequently hear sensitive info in Siri recordings
Fast Company: Your conversations with Apple’s Siri may not be so confidential
9to5Mac: Apple responds to Guardian report about contractors hearing private conversations while ‘grading’ Siri
Tech Insider: Apple contractors working on Siri ‘regularly’ hear recordings of sex, drug deals, and private medical information, a new report says
Trusted Reviews: Apple’s Siri contractors hear people having sex, says whistleblower
MacRumors: Contractors Working on Siri ‘Regularly’ Hear Recordings of Drug Deals, Private Medical Info and More Claims Apple Employee
Slashdot: Apple Contractors ‘Regularly Hear Confidential Details’ on Siri Recordings, Report Says
TechSpot: Apple QC workers often hear bits of private conversations in Siri recordings
Engadget: Apple contractors frequently hear sensitive info in Siri recordings
SlashGear » security: Whistleblower claims Apple contractors hear ‘sensitive’ Siri recordings
iPhone Hacks: Apple Contractors Regularly Hear Confidential Medical Information, Drug Deals and More While Grading Siri

@geoffreyfowler: The HomePod in my living room activates Siri at the strangest times. But I can't say I've ever seen it activated by a zipper.A good reminder, though, that Apple keeps recordings of every time Siri *thinks* it is being activated -- and you can't stop it.
@donie: Apple contractors regularly hear confidential medical information, drug deals, and recordings of couples having sex, as part of their job providing quality control, or “grading”, the company’s Siri voice assistant, the Guardian has learned.


August 6, 2019
Thomas Brewster / Forbes

Thomas Brewster / Forbes  
Apple Plans to Give Infosec Rockstars Who Participate in Bug Bounty Program Special iPhones for Testing, Will Launch Mac Bug Bounty Program, Report

Apple reportedly plans to announce plans to give infosec rockstar security researchers who participate in its invite-only bug bounty program special iPhones that will make it easier for them to find weaknesses in the smartphone. The special iPhones will essentially be “dev devices” that allow users to do a lot more than do locked-down iPhones and will be”lite” versions of the phones, without the same level of openness as enjoyed by Apple’s security team. Apple also plans to announce a Mac bug bounty program so that anyone who can find security issues in macOS will get rewarded with bug bounty payments that can run as high as $200,000.

Related: TechSpot, iDownloadBlog, MacDailyNews, Trusted Reviews, Engadget, The Mac Observer, MacDailyNews, BleepingComputer.comSoftpedia News, MacRumors, Apple Insider,iPhone Hacks

Tweets:@radian

TechSpot: Apple to launch macOS Bug Bounty program, will also give ‘special’ iPhones to researchers
iDownload Blog : Apple will supply security researchers with special iPhone variants for bug hunting
MacDailyNews: Apple hands hackers secret iPhones in a bid to boost security; to offer Apple Mac bug bounty
Trusted Reviews: Apple is giving jailbroken iPhones to hackers to tighten iOS security
Engadget : Apple may soon hand special iPhones to security researchers
The Mac Observer: Apple Bug Bounty Program Coming This Month
MacDailyNews: Apple hands hackers secret iPhones in a bid to boost security; to offer Apple Mac bug bounty
BleepingComputer.com: AT&T Launches Public Bug Bounty Program on HackerOne
Softpedia News: Apple to Give Away Special iPhones to Security Researchers
MacRumors: Apple to Give Security Researchers ‘Special’ iPhones for Bug Testing, macOS Bug Bounty Program Coming
Apple Insider: Apple to reportedly provide ‘dev device’ iPhones for bug hunting, introduce Mac bounty
iPhone Hacks : Apple to Reportedly Provide Security Researchers with Jailbroken iPhones

@radian: Very excited to return to the Black Hat stage this year to talk about some world-class Apple security features! iOS code integrity and Pointer Authentication Codes, Mac secure boot with the T2 Security Chip, the crypto behind the Find My feature, and more: (link: https://www.blackhat.com/us-19/briefings/schedule/#behind-the-scenes-of-ios-and-mac-security-17220) blackhat.com/us-19/briefing…


September 7, 2019
Thomas Brewster / Forbes

Thomas Brewster / Forbes  
U.S. Government Seeks to Force Apple and Google to Turn Over Detailed Personal Information on at Least 10,000 Users of Gun Scope App

In an unprecedented reach for app users’ personal data, the U.S. government has filed for a court order to force Apple and Google to turn over information, including names, phone numbers and other identifying data, of at least 10,000 users of Obsidian 4, an app used to control rifle scopes made by night-vision specialist American Technologies Network Corp. The app allows gun owners to get a live stream, take video and calibrate their gun scope from an Android or iPhone device. The Immigration and Customs Enforcement (ICE) department is seeking the information as part of a broad investigation into possible breaches of weapons export regulations. The court order application states that the requested information “will assist the government in identifying networks engaged in the unlawful export of this rifle scope through identifying end users located in countries to which export of this item is restricted.” If the government succeeds, Apple and Google will also have to turn over telephone numbers and IP addresses which can be used to locate the app users.

Related: Cult of Mac, MacRumors, MacRumors, Apple Insider, MacDailyNews, Boing Boing, RT USA, CNET, Slashdot


July 19, 2019
Mehul Srivastava and Tim Bradshaw / Financial Times

Mehul Srivastava and Tim Bradshaw / Financial Times  
Spyware Company NSO Group Tells Prospective Clients It Can Scrape Users’ Data from Servers of Apple, Google, Facebook, Amazon, and Microsoft, Report

Notorious Israeli spyware company NSO Group, whose flagship malware Pegasus has been used by authoritarian regimes to spy on smartphones, has told buyers its technology can surreptitiously scrape all of an individual’s data from the servers of Apple, Google, Facebook, Amazon, and Microsoft, according to sources familiar with the company’s sales pitch. Pegasus has evolved to capture ever greater amounts of information, including a target’s location data, archived messages or photos, according to people who shared documents with the Financial Times and described a recent product demonstration for the government of Uganda. The new capabilities are said to copy the authentication keys of services such as Google Drive, Facebook Messenger and iCloud, among others, from an infected phone, allowing a separate server to then impersonate the phone, including its location, giving open-ended access to the cloud storage of those apps without “prompting 2-step verification or warning email on target device,” according to the demonstration. Amazon, Facebook, and Microsoft say they have no evidence of Pegasus access to their cloud files but say they are investigating. Google has not responded.

Related: The Next Web, CNBC, Forbes, Digital Journal, MacRumors, The Loop, Tech Insider, The Mac Observer, AppleInsider, MediaNama: Digital Media in IndiaiPhone Hacks, Softpedia News, HotHardware.com, The Register – Security, SecurityWeek, MacDailyNews, Slashdot

Tweets:@Bing_Chris @hatr @josephfcox @zackwhittaker

The Next Web: NSO Group’s WhatsApp spyware can now snoop on your Facebook, Google, and iCloud data too
CNBC: Israeli security company reportedly has tool that spies on Apple, Google and Facebook cloud data
Forbes : Israel’s NSO Spyware Can Now Hack Google, iCloud And Facebook Via Phones: Report
Digital Journal: Israel spyware firm can mine data from social media: FT
MacRumors: Israeli Security Firm Claims Spyware Tool Can Harvest iCloud Data in Targeted iPhone Attack
The Loop: Israeli Security Firm Claims Spyware Tool Can Harvest iCloud Data in Targeted iPhone Attack
Tech Insider: The Israeli firm behind software used to hack WhatsApp boasted that it can scrape data from Amazon, Apple, Facebook, Google, and Microsoft cloud servers
Verdict: NSO denies having spyware that can hack cloud servers
The Mac Observer: NSO Group Tool Harvests Targeted iCloud Data
AppleInsider: Israeli spyware claims to beat Apple’s iCloud security
MediaNama: Digital Media in India: NSO spyware targets phones to get data from Google, Facebook, iCloud
HotHardware.com: NSO Claims Its WhatsApp Spyware Can Universally Hack iCloud, Google, Facebook, Amazon, Microsoft Cloud Data
The Register – Security: Israel’s NSO Group: Our malware? Slurp your cloud backups plus phone data? They’ve misunderstood
SecurityWeek: Israel Spyware Firm Can Mine Data From Social Media: FT
MacDailyNews: NSO Group says it can scrape data from Apple, Google, Facebook, Amazon, and Microsoft cloud services
Slashdot: NSO Spyware ‘Targets Big Tech Cloud Services’

@Bing_Chris: Per FT, new NSO sales pitch includes claim it can pull data from popular Cloud services. Also reveals Ugandan government had shown interest in capability. Comment from NSO spokesperson says "no mass collection" but that's clearly not the point.
@hatr: NSO seems to have a new pitch and new abilities. Accessing cloud data."This grants open-ended access to the cloud data of those apps without “prompting 2-step verification or warning email on target device”, according to one sales document."https://www.ft.com/content/95b91412-a946-11e9-b6ee-3cdf3174eb89 …
@josephfcox: NSO's malware can log into Facebook, Amazon etc, download content. FT has bizarrely framed this as an issue for the cloud services, when it's really about how end devices secure auth tokens. You own the device, you are the device. This will get dumb hyped
@zackwhittaker: I've been thinking about this FT story. The short of it is that NSO-developed spyware "can surreptitiously scrape all of an individual’s data from the servers of Apple, Google, Facebook, Amazon and Microsoft," say people familiar with its sales pitch. (1/)


August 2, 2019
Nick Bastone / Business Insider

Nick Bastone / Business Insider  
Google Suspends All Language Reviews for Voice-Powered Assistant After German Regulatory Authority Launches Investigation

Google has temporarily halted all language reviews for its voice-powered Assistant around the world after a German regulatory authority announced it is pursuing an investigation into the matter. A Dutch media outlet last month revealed that Google used leaked audio snippets to show that some Google Assistant users had been recorded by their devices unknowingly. Johannes Caspar, Commissioner for Data Protection and Freedom of Information, said that the “use of speech assistance systems in the EU must comply with the data protection requirements of the GDPR (General Data Protection Regulation). In the case of the Google Assistant, there are currently considerable doubts about this.”

Related: Neowin, AP Breaking News, POLITICO EU, Tech Insider, The Verge, Hamburg Commissioner for Data Protection and Freedom of Information (PDF), The Register – Security, SlashGear, Android Central , Graham Cluley, TechCrunch, VentureBeat, The Verge