Apple under its Security Bounty Programme have had to reward an Indian Bug Hunter for discovering a bug in the signing-in process that used Apple ID.
The Indian Developer by name – Bhuvak Jain, spotted a bug that could let any hacker break into an Apple user’s account through a log-in flaw into third-party apps.
Much has been made of iOS devices and it’s stiff resistance to takeover threats but Bhavuk Jain was able to spot a vulnerability that would let any hacker break into Apple user’s accounts who logged into third-party apps like Dropbox, Spotify, Airbnb, and Giphy (now acquired by Facebook) and more
Though, Apple confirmed that there was no noticeable misuse of the bug and that no accounts were compromised, the bug was related to the process that allowed an iPhone or Mac user to use the Apple ID to log into a third-party website.
“In the month of April, I found a zero-day in Sign in with Apple that affected third-party applications which were using it and didn’t implement their own additional security measures. This bug could have resulted in a full account takeover of user accounts on that third party application irrespective of a victim having a valid Apple ID or not,” Jain wrote on his blog.
The bug, Jain said, was quite critical as it allowed a full account takeover if there weren’t any security measures in place while verifying a user. Sign In With Apple is mandatory for applications that support other social logins, such as those offered by Google or Facebook.
Sign In With Apple was launched in 2019 for more privacy focussed logins for iOS users and third-party apps and works similar to OAuth 2.0.
However, Apple through its Security bounty program have had to shell out a handsome amount – reportedly, $100,000 for such timely information when the world is in a major pandemic and victims of major brute attacks from hackers and fraudsters.
Nowadays, all big tech companies run bug-bounty programmes where they award money to people who find security bugs or flaws in their services and applications.
Apple meanwhile will be hoping this is the very last of its kind though as any major flaw as this again, their user data might not go unscathed.
Apple confirms this years iPhone 12 Models won’t release in September
The world is on fire in more ways than one and this has no doubt left even the most credibly run company’s at risk of altering their usual annual schedules.
This is the case of Apple who after some back and forth tinkering and analysis, finally confirmed that its new iPhone 12 launch will be delayed by a few weeks.
The tech giant always reveals it’s next lineup of smartphone during the last quarter of the year and was rumored to launch the iPhone 12 series this year in September.
However, this isn’t the first time Apple is not following its own trend. The iPhone X too arrived way later in November in 2017 just a few months after the iPhone 8 series was released in September. Although Apple did reveal that it is coming up with the iPhone X during the launch of the Apple iPhone 8 series, it didn’t release the smartphone until November that year.
Similarly, the iPhone XR too was unveiled a month after the iPhone XS and the iPhone XS Max were unveiled in September 2018.
Apple iPhone 12 Models Launch Date
Just like the speculations about Apple launching the iPhone 12 series took flight, the delay in its launch was also being speculated too.
Earlier this week, chipmaker Qualcomm hinted at a delay in a particular 5G chip availability when it said that there would be a “slight delay” of a “flagship phone launch” in the fourth quarter, which corresponds to when Apple typically releases its new iPhone models. Without naming either the brand or the smartphone, Qualcomm revealed in its Q3 earnings report that “a partial impact from the delay of a global 5G flagship phone launch” might be reason behind all this.
Moreover, this proved we quite significant to the latest decision from Apple as notably, Apple and Qualcomm had entered into a $4.5 billion deal, which entails Apple will use Qualcomm’s 5G modem for its upcoming devices and the delay in the release of the new iPhones would no doubt also impact Qualcomm’s business
During yesterday’s earnings call covering the third fiscal quarter of 2020 (second calendar quarter), Apple CFO Luca Maestri confirmed that Apple is expecting to release this year’s iPhones later than usual. He was quoted by TechCrunch as saying, “As you know, last year we started selling new iPhones in late September. This year, we project to supply to be available a few weeks later.”
Earlier tipster iHacktu Pro had speculated that Apple will hold two important events in September and October. The tipster tweeted saying that Apple’s online event will be held on September 8 and devices including the much-anticipated iPhone 12 series, the Apple Watch, the AirPower-a wireless charging pad, and the Apple iPad. Whereas Apple is likely to launch the Apple iPad Pro, Apple Silicon Macs, and Apple Glass on October 27.
However, he didn’t confirm whether the October 27 event will be an online event or an in-person event. But none of it seems to be happening now considering the global situation on ground but a penny for your thoughts on iPhone users now and all that fruit company fans.
It’s rare Apple confirms any of its future products. Usually, they pretend as if there are no upcoming iPhones. But, given Qualcomm already tipped their hand about the iPhone 5G delay, it doesn’t leave Apple much choice.
Also, with the recently launched iPhone SE still driving sales, we expect all parties involved to be happy in the end. We’ll all survive living without a new iPhone for a few weeks.
Google Covid-19 Exposure Notification Tech in our phones: Here’s Everything we know so far
Google and Apple have both rolled out the Exposure Notification feature for Android phones and the iPhone to Nigerians.
It might be the very first day of the month but the world of tech doesn’t do thrillers only blockbusters right? HAHAHA
So, shout out to every avid Naijatechguy reader and returning visitor out there. We go again!
Now this is it…
Remember those ‘chip implant’ rumours? Yeah it’s happening; Maybe the conspiracy theorist were right anyways right?
Hol’up hol’up just a second for a proper explanation.
If you check your iPhone privacy settings under “Health” you will see something called “COVID-19 exposure logging”. Similarly, if you check privacy settings for Google on your Android phone, you will see something similar.
Both Google and Apple have now updated their phones and software with an inbuilt exposure notification tool that can be used to track Covid-19 patients, and their contacts, somewhat similar to how India’s Aarogya Setu app and the UK NHS app does.
Although, the software for the iPhone and Android phones were updated last week to include this tool, it has not stopped the conspiracy theorist from taking another dimension to what they percieve to be an imminent ‘New World Order’
Different claims have been making rounds in this part of the world that this is a huge security risk and that Google and Apple will now work with NCDC to now track every Nigerian with a smartphone.
However this is not accurate on its entirety and will not be very much useful to you. Here’s a better explanation:
How Google and Apple Covid-19 Exposure Notification Feature Works
- The Apple iPhones and Android phones have received the “Exposure Notification” API that Apple and Google had been developing for quite some time. However, it doesn’t track your locations and other details until you allow it to do so.
- When you try turning on the Exposure Notification toggle on your Apple iPhone, the message below the toggle tells you that you cannot turn on the Exposure Logging without installing an authorized app that can send Exposure Notifications.
So contrary to the claims, unless you consent to download a compatible designated tracking app, the “tracker installed” is as good as nothing.
This is because the Google-Apple tool is an API that can be used only by an authorized app. This app, say Google and Apple, can be made only by a government or a government-authorized agency. Also, there is only one such app allowed by Google and Apple per country.
There could be limitations…how about user privacy?
Globally many governments have either made or are making contact tracking apps to keep a check on coronavirus infections. If you download any of these apps, the phone will then communicate with other phones for contact tracing.
But two main differences between an app based on Google-Apple API and any other app is going to be related to not just effectiveness but also user privacy.
Whilst the UK NHS contact tracing app, for example, requires information such as the location of users for contact tracing to work effectively, the Exposure Notifications, on the other hand, is strictly against collecting the GPS information because the APIs for this feature are designed to collect anonymous data.
Google and Apple seem to prioritize user privacy. We’ve had our butt stuck to the public or far too long though.
For example communication between phones with Exposure Notification feature turned on happens using random IDs through Bluetooth. The random IDS your device collects are stored in an exposure log for 14 days, the app then notifies you if you come in contact with any COVID-infected person.
- If a person is infected with COVID-19, he or she can share their device’s random IDs with the authorized app so it can notify the other users who have come in their contact. All this would be done without revealing the identity of the infected person.
In India, the government has its own app Aarogya Setu, which too is used for contact tracing. Currently, the Setu app is not compatible with the Google-Apple API for contact tracing and hence cannot use the feature now available in smartphones.
However, as many as 23 countries have shown their interest in the tech. In fact, countries such as Switzerland and Italy have already begun testing the APIs for Covid-19 Exposure Notifications feature for their own contact tracing apps.
Tis’ is it…
The bottom line is this, the exposure notification feature in your smartphones won’t work until the government (under NCDC) or a legalized firm makes an app that can use it.
Also, whether you believe the Coronavirus pandemic to be a hoax or not, the day to day happenings will surely give you second thoughts and a definite rethink.