Apple’s iOS 8.2 eliminated the FREAK security flaw in Safari, but FireEye researchers found a handful of popular iOS apps are still vulnerable to attack even when running on iOS 8.2. Hundreds of others still connect to vulnerable HTTPS servers, leaving them open to attack when running on iOS versions lower than iOS 8.2. Shopping, medical and finance apps were all mentioned as possible targets in FireEye’s plea for app developers to remedy the lingering issues.
A new device allows users to access a locked device running iOS 8.1 through a brute-force attack, even with the “Erase data after 10 attempts” setting on, according to security company MDSec. The IP Box — available in England for £200 (about $293) — bypasses Apple’s security measures by cutting the iPhone’s power after each failed attempt at guessing the PIN, shutting down the phone before the attempt can be logged in flash memory. This method allows the device to break a four-digit PIN in approximately 111 hours. The vulnerability could be the issue noted in CVE-2014-4451 and addressed in Apple’s iOS 8.1.1 update, but MDSec recommends users create a “sufficiently complex” password rather than a simple PIN to protect their data regardless. [via Daring Fireball]
Nintendo will finally develop games for smartphones, The Wall Street Journal reports. The company that for years refused to cater to the smartphone market has partnered with Japanese game provider DeNA Co. to set up a new mobile game platform, which should debut this fall. Analysts say Nintendo’s reluctance to license its characters has come at a heavy cost as the gaming industry shifted to smartphones. Nintendo posted three straight years of losses amid disappointing console sales, forcing the company to be more open to embracing the free-to-download game model dependent on in-game purchases for revenue.
Nintendo’s new game distribution portal, slated to debut this fall, will be the only place to download the company’s games, but those looking to download Nintendo classics won’t find them there. Although Nintendo has put “no limitations” on which of its properties will wind up in smartphone games, the company’s announcement said, “Only new original games optimized for smart device functionality will be created, rather than porting games created specifically for the Wii U home console or the Nintendo 3DS portable system.”
Apple plans to expand its iPhone trade-in program to include Android devices and other non-Apple smartphones, 9to5Mac reports. Much like the iPhone Reuse + Recycle Program introduced about a year and a half ago, customers will receive gift cards that can be used toward the purchase of new iPhones in exchange for their older smartphones, with the value of the trade-in assessed by Apple Store employees based on the cosmetic and functional condition of the device. The new program is expected to begin in the next few weeks, and Apple is expected to begin training employees later this week.
Microsoft plans to bring Cortana, its Windows phone personal assistant technology, to both Apple and Android devices, Reuters reports. The company is reported to be developing an advanced version of its Siri competitor based on an artificial intelligence project it has dubbed “Einstein.” Microsoft’s new CEO, Satya Nadella, has been more aggressively opening up the company’s software to non-Windows platforms, eschewing Microsoft’s traditional approach of forcing customers into using its Windows operating system. Cortana debuted on Windows phones last year, and will be coming to the desktop with Windows 10 later this year. According to people familiar with the project, Microsoft also plans to release a standalone iOS app version of the technology. New technology in Cortana to be rolled out this fall is expected to incorporate more advanced features, such as the ability to read and understand e-mail and more accurately anticipate user needs, rather than simply responding to requests as Siri does.
Apple has released its third beta of iOS 8.3 to registered developers, following the public release earlier this week of iOS 8.2 to support the upcoming Apple Watch. This latest beta features a build number of 12F5047f and details few changes in the release notes from the prior beta, with minor issues related to CarPlay, WatchKit, and LTE Voice. As expected, this beta also adds the Apple Watch app and related settings that were introduced earlier this week in iOS 8.2. This update is also accompanied by a new beta of the Apple TV Software, although it is unclear what has changed in that particular version as Apple TV betas are generally not accompanied by release notes.
Despite reports that Apple would release a public beta of iOS 8.3 around this time, there has been no indication from Apple of a public beta program starting as of yet — as with previous iOS betas, iOS 8.3 beta 3 remains available to registered developers only.
Update: The iOS Public Beta program is now available at Apple’s Beta Software Program site. Some of the information in the FAQ appears to have been updated to include instructions for backing up and installing on iOS devices, but the ability to actually register for, download, and install the beta version does not yet seem to be available for all users.
Apple is planning to put Force Touch technology — which will be included in the Apple Watch and new MacBook — into the next generation of iPhone, according to The Wall Street Journal. The feature allows improved touch sensors to distinguish between a light tap and a deeper press, letting users perform different functions by applying different levels of pressure. Sources say the Force Touch versions of the iPhone 6 and iPhone 6 Plus will be released later this year. The screen sizes for both devices will stay the same, but Apple is also reportedly testing a new pink color option to go alongside the current silver, gold and space gray models.
Researchers with ties to the CIA have been working for years to crack the security on iPhones and iPads, The Intercept reports. The researchers presented their latest achievements at the “Jamboree,” a secret annual gathering where attendees swap strategies for breaking into commercial and household electronics. Hackers discussed attempts to crack the security keys used to encrypt data on Apple devices, as well as efforts to modify the OS X updater and Apple’s proprietary software development tool, Xcode, to insert malicious code onto Apple devices. If successful, these breaches would allow hackers to intercept messages, steal passwords and even possibly “force all iOS applications to send embedded data to a listening post.”
Documents from 2010 to 2012 given to The Intercept by Edward Snowden note that researchers were “particularly intent” on extracting encryption keys for Apple products, but “do not address how successful the targeting of Apple’s encryption mechanisms have been, nor do they provide any detail about the specific use of such exploits by U.S. intelligence.” Neither the CIA nor Apple commented on the story, but Apple CEO Tim Cook has long touted privacy as a core value and has previously criticized the actions of U.S. intelligence agencies and law enforcement on such matters.
Apple has increased the price of unlocked iPhone 6 and iPhone 6 Plus units in Canada by approximately 12 to 14 percent, likely owing to persistent differences in currency exchange rates between the two countries. The price of the basic 16GB iPhone 6 has increased by $90 CAD, from $749 CAD to $839 CAD, while at the other end of the spectrum, the 128GB iPhone 6 Plus gets a price increase of $150 CAD, going from $1,079 CAD up to $1,229 CAD. With the gap between the U.S. and Canadian dollar having increased dramatically over the past four months, the previous pricing was significantly below the exchange rate, however these new prices now make Canadian unlocked iPhone models slightly more expensive than their U.S. counterparts, even after exchange rates have been factored in. This move follows a similar 20 percent price increase that hit the Canadian App Store this past January. [via iPhone in Canada]
During today’s “Spring Forward” event, Apple CEO Tim Cook announced that iOS 8.2 is being released today. The new update includes an Apple Watch app that will provide access to the App Store for the new wearable device, as well as the ability to configure settings, transfer apps to the Apple Watch, and even watch information and preview videos on the Apple Watch before buying one. iOS 8.2 is expected to be available for download through the normal software update mechanisms later today.
Update: iOS 8.2 includes a patch to remedy the FREAK security flaw.
Apple’s iPhone 5 Battery Replacement Program has been extended, as noted by iPhone in Canada. The program, which launched last August, replaces iPhone 5 batteries in select units free of charge — a serial number checker on the site confirms device eligibility. Initially, the program was set to run until March 1, 2015, but the program now claims to cover “affected iPhone 5 batteries for 3 years after the first retail sale of the unit.” The affected devices were sold between September 2012 and January 2013, which means the program will extend until January 2016 at the latest.
Apple plans to increase the RAM in the next-generation iPhone — likely to be dubbed the ‘6s’ — to 2GB, according to AppleInsider. This would provide more working memory to allow for apps to stay open and preserve data in the background, although at a potential battery cost. While Apple has defied expectations thus far in maintaining the iPhone RAM at 1GB in recent years, the iPad Air 2 received a RAM bump to 2GB last year, suggesting a high probability that Apple will do the same for the next-generation iPhone. The report suggests that this would apply to both the base iPhone 6s and iPhone 6s Plus.
The same report also suggests that Apple is “strongly considering” including the “Apple SIM” in the new iPhone models as well, which would allow users to sign up for service directly with their carrier of choice right from within an iOS app or setup screen. While the iPad Air 2 included the Apple SIM last fall, the idea was met with resistance from carriers, with some such as Verizon choosing to opt out of the program entirely. The more complex iPhone plans that most carriers offer — in comparison to the more basic data-only iPad plans — would make this even more of a challenge for Apple to work out with carriers.
Apple took back the throne as the world’s top-selling phone manufacturer in the final quarter of 2014, according to Gartner, Inc. Sales of the iPhone made up more than 20 percent of the total phone market, narrowly edging out Samsung for the first time since 2011. Apple reported its best quarter ever at the end of 2014, selling 74.8 million units. The increase is attributed to Apple’s strong ecosystem of products and the release of the iPhone 6 and iPhone 6 Plus, which were a concession to users in the U.S. and China looking for bigger screens than previous iPhone models ever provided.
Criminals who stole iPhones and iPads are phishing for iCloud information from the very people they robbed in a new scam, according to Symantec’s security blog. Some users with lost or stolen devices have reportedly received messages informing them that their device has been found — these users are then sent links to fraudulent websites that often incorporate the word “icloud” into the URL and are made to look like the real iCloud login page. Once the thieves have the user’s iCloud credentials, they’re able to turn off Lost Mode and use or sell the device. Symantec warns users with lost devices to be wary when receiving unsolicited messages and to carefully examine URLs before entering any information. [via MacWorld]
VISA has announced that it will be introducing a new payment “tokenization” service in Europe designed to help facilitate mobile payment solutions. Intended to be available for European financial institutions to take advantage of as early as April, the new service will replace traditional plastic credit card numbers with unique one-time tokens that can be used to authorize payments without needing to expose account information. This form of one-time “tokenization” is a key component of the security behind Apple Pay, and while the VISA announcement simply mentions mobile devices and contactless payments in general terms, it seems likely that this development is intended to at least indirectly provide support for a future rollout of Apple Pay within the European Union. [via TNW]
Apple has released a second beta of iOS 8.3 to registered developers, continuing its parallel iOS 8.3 beta cycle which started earlier this month alongside the iOS 8.2 betas. This latest beta features a build number of 12F5037c and details few changes in the release notes from the prior beta. According to a report last week, Apple plans to begin releasing public betas with iOS 8.3 sometime in March; this second developer beta is likely the last for this version prior to the beginning of the public beta cycle.
Despite being listed as a partner company on Apple’s CarPlay page, Toyota currently has “no plans to adopt [...] CarPlay in the United States,” according to an article from The New York Times. The report mostly examines how Google and Apple are vying to develop the best in-car dashboard systems. John Hanson, the national manager of Toyota’s advanced technology communications, noted that the company is in frequent talks with both companies, but that the car maker currently prefers to use its “own in-house proprietary platforms for those kinds of functions.” Hanson conceded that the company may “eventually wind up there,” which may explain why Toyota remains a CarPlay partner, but the lack of any specific plans in this case raises questions about how soon CarPlay may actually be coming to new vehicles from any of Apple’s listed CarPlay partners. While it also remains unclear as to whether Toyota may implement CarPlay in other markets — considering that Hanson specifically limited his comments to the company’s U.S. operations — it’s worth noting that as a national manager, he likely wouldn’t comment on what Toyota’s plans may be outside of the U.S.
Apple plans to begin releasing new versions of iOS as public betas, according to a new report by 9to5Mac. Intended to help eliminate bugs from upcoming iOS versions before general release, the model will follow the one used by Apple for OS X Yosemite last summer — a public beta cycle that will begin following the early developer betas, running in tandem with the developer program up until general availability of the new operating system. The report notes that Apple intends to begin the new program with the release of the upcoming iOS 8.3 update as a public beta in March, aligned with the third developer beta release of that version; iOS 9 will also allegedly follow a similar schedule to last year’s OS X Yosemite releases, with an announcement at WWDC and the beginning of the developer beta program, followed by a public beta in mid-summer, and the normal final release in the fall. The iOS public beta program is expected to be limited to 100,000 users “in order to maintain a higher level of exclusivity.”
Apple has extended its two-step verification feature to include authentication of FaceTime and iMessage logins, The Guardian reports. First introduced in early 2013, Apple’s two-step verification requires users to enter a verification code that appears on a trusted iPhone, iPad, or iPod touch when signing in with their Apple ID and password, providing an extra layer of protection against compromised or hacked passwords. The security feature has been enabled for direct iCloud account features since its introduction, although other services continued to only require a standard password for access.
Apple has announced that developers can now submit applications up to 4GB in size to the App Store, an increase from the prior 2GB limit. This will allow developers of media-rich apps and games to include more content directly within their app, as opposed to using over-the-air downloads — a process that some developers previously relied on in order to provide content beyond that which could be included in the App Store download itself. The announcement notes that the cellular network delivery size limit of 100MB remains unchanged, however, meaning that larger apps will need to either be downloaded over Wi-Fi or synced via iTunes.