New iPhone/Mac Vulnerabilities That Can Impact Your Business

Standard

 

Recently Apple was hit with two big issues in the same month. These gave rise to concerns that Apple products might not be as secure as most think. The first of the two came in the form of a text message that can be sent to Apple iPhones.

The text, which is entirely in Arabic, can be sent to anyone with an iPhone, and it will immediately shut down the phone. While this is more of an annoying bug than a security concern (although it definitely can be viewed as a security concern, depending on the owner of the phone and his/her need for uptime), it doesn’t seem to be harmful to the devices. Users in the  Reddit.com forums found the bug, and it appears they did so by accident.

Credit: parts of this image are reproduced with permission from: https://commons.wikimedia.org/wiki/File:Unibody_Macbook.JPG.

Credit: parts of this image are reproduced with permission from: https://commons.wikimedia.org/wiki/File:Unibody_Macbook.JPG.

If your phone receives the dreaded text message, you will need to turn on your phone and delete that message. One workaround to the text issue is to go into the settings,and turn off text message previews that appear on the home screen. Apple is aware of the bug and will resolve the issue in its latest update, which should be coming very soon.

The second security concern, and one that is very critical to businesses is the latest exploit which allows someone to put a permanent backdoor onto your Mac by rewriting the firmware for the BIOS to allow remote connection to the device. This affects all Macs older than mid-2014.

The reason this security concern is so troubling is, unlike other types of exploits, where if you were to be hacked you could wipe your hard drive and start clean with the appropriate updates, this targets the BIOS, meaning no matter how often you wipe your hard drive, hackers can exploit the vulnerability over and over again.

The vulnerability can be enacted as soon as a machine is woken from Sleep Mode. The security researcher who found the exploit, Pedro Vilaca, stated you can stop your machine from going into Sleep Mode to bypass the exploit. However, Apple is aware of the exploit and should patch it soon. Vilaca also stated that this is very similar to last year’s “Thunderstrike Proof-of-Concept” exploit.

While nothing will protect against this current exploit (i.e. antivirus, anti-malware), it does show that as Macs become more popular, holes are being found in the OS and, in this case, in the hardware itself. Business owners must be aware of both where their employees go on the Internet and how to protect their assets from hacking attempts.

Everon offers antivirus for Macs, as well as PCs, with a product called Webroot Secure Anywhere. We can assist in setting up hardware proxies that will prevent unauthorized access to the Internet. If you have any questions about what we can do for your Apple environment, feel free to call our techs at 1-888-244-1748 (or email at [email protected]). We’re here for you. Twenty-four/seven, 365.

——-

You may also like:

 

Why You Might Want to Turn Off Your Phone’s Location Services

Standard

 Tim - phone location blog - 2

How well do you know your Facebook friends? Would you want any — or all — of them knowing where you are, at any given time? Chances are, they can. Your smartphone logs everywhere you go, via location services. These are usually defaults in applications. If you don’t manually turn them off, others can find out where you are. Or where you’ve been. Common ones are Apple’s “Find My Friends” and Android’s “Locate My Friends!” apps. Your Facebook friends can use these to track you. Additionally, there are so many sub-services to location services that there are many, many more apps like these, which can “find” you and invade your privacy. (Note: this is different from the GPS tracking services used by maps, or methods the Feds can use to track criminals, etc.) Here’s how to turn off location services (and any sub-service) on Android, iPhone, and Windows phones.

Android/ Google Users:

If you’re an Android user, Google’s location services is broken down into two features:

  • Location Reporting is the feature that gives apps like Google Now, Google Maps, Foursquare, Twitter, and even your camera app access to your position. Whenever an app shows you something nearby, suggests local businesses, or helps you find the closest gas station, it’s using Location Reporting.
  • Location History is the feature that keeps track of where you’ve been, and any addresses you type-in or navigate-to. It’s how Google figures out where “Home” and “Work” are, so Google Now can estimate your commute time or give you traffic information for those places. Turning it off will still give you traffic information, but it means Google won’t try to guess where you’re going based on your previous searches.

To disable Location Reporting or History in Android:

  1. Open the App Drawer and go to Settings.
  2. Scroll down and tap Location.
  3. Scroll down and tap Google Location Settings.
  4. Tap Location Reporting and Location History, and switch the slider to off for each one.
  5. To delete your phone’s location cache, tap “Delete Location History” at the bottom of the screen under Location History.
  6. Repeat this process for each Google Account you have on your Android device. 

iPhone Users:

To disable location services in iOS:

  1. Open the Settings App.
  2. Scroll down to Privacy, and select Location Services.
  3. Disable all Location Services by swiping the slider at the top, or scroll down to disable location services for specific apps, including Google and Google Maps.
  4. Select System Services to deny location data from specific features, like location-based advertisements, turn off Frequent Locations, or disable the “Popular Near Me” feature

Windows Phone users:

This is for Windows Phone 8.1. If your phone is running Windows Phone 8, some options and features may not be available.

To turn Location Services on or off

  1. In the App list, tap Settings -> Location.
  2. Turn Location services on or off.

To turn the Location icon on

You can see when an app is accessing your phone’s location information by looking for the Location icon. To make sure this icon is turned on:

  1. In the App list, tap Settings -> Location.
  2. Select the Show icon check box.

For more help with your smartphone, or for other computer help with your small-to-medium business, please contact us at Everon: 888-244-1748 or [email protected]. We are your virtual IT department.

——-

You may also like:

 

Turning Your Cell Phone Into a Wireless Hotspot

Standard

 

Recently I was asked about how to turn a cell phone into a wireless hotspot, for purposes of being able to go online with a laptop. I realized that this very simple process can be complicated for anyone who doesn’t know how to do it, so I decided to write a post to help give some of the basic facts.

“Tethering” is the act of connecting a WiFi-capable device, such as a laptop or tablet, to your phone so you can utilize your cellphone’s cellular data to get on the Internet. This is a more secure option, offering you more privacy than, say, using the WiFi at a coffee shop. You are essentially turning your cellphone into a wireless router. It’s easier than you think.

The first thing to know is that this process is not free. You have to check with your phone carrier and add a tethering plan (or hotspot plan) to your service. The cost varies depending on how much data you want to have (or be limited to). In my case, I have AT&T. You can review some of AT&T’s monthly data tethering plans here.

Once you have a tethering plan in place, it’s very simple to use. My example is going to be on an iPhone. If you would like instructions on how to tether using your Android device, click here. You can also click here for instructions on tethering with Windows mobile.

For tethering with an iPhone, go to Settings ->Personal Hotspot, and turn on the slider button:

IMG_0104

Once you turn the Personal Hotspot feature on, it actually gives you instructions on how to connect your device to the phone. In this instance, our SSID (the name of our hotspot) is “Oncall,” so you will search for that SSID, which should now be discoverable.

Once you choose that, you input the special, randomly generated password you see on the Personal Hotspot screen, and it should connect you instantly. Note: even though your hotspot is discoverable by you, others won’t be able to log onto it, as they won’t have the password. Also, you do have the option to set your own password by clicking on the > next to the password. This will open a new screen that requests a special password for the hotspot.

IMG_0105

In some cases, it is more feasible to have a personal hotspot off of your phone, rather than to actually have Internet access at your home. I have met some people who get such slow speeds at their house that they use this method as their only way to connect. It is incredibly reliable and is great for any person who is constantly on the move but needs to stay connected. (If you are interested in how fast your 3G or 4G speeds can be, check out this great article that shows the latest speeds, as of Dec. 2014.)

For further information on tips and tricks you can do with your smartphone (in particular iPhones), be sure to check back here for my next series of blogs that outline cool things you can do with your smartphone. And remember, if you have any questions while you are trying to set up your own, personal, wireless hotspot, you can always contact us at Everon: 888-244-1748 (or [email protected]). We’re here for you 24/7, 365!

Turn your old smartphone into a webcam!

Standard
Tim's dogs

Sometimes I need to keep an eye on these guys.

 

Have an extra smartphone laying around that you’re not really using ? Make it into a web cam! This is an awesome tool when you want to keep an eye on your pets at home, for example. First off, however, you’ll need a Google account (sign up for free at google.com). Now, follow these simple steps:

1. Download the free application WebOfCam from the app store on your phone (for android, iphone, and ipad devices)
     a. Install the app to your old smartphone
     b. Then login into your Google account on your old smartphone to configure the app
     c. Select “camera” when it asks you to choose between camera and viewer options
     d. Place your new camera (old smartphone) in a good location.

2. Now install the same app on new smartphone
     a. Use the same Google account to login and select viewer

There you go, pairing completed. You now have a makeshift webcam!

5 Things You Need to Know About the BashBug

Standard

 

1. Don’t Panic.

As our favorite galactic traveler’s companion reminds us (ref. Hitch Hikers Guide to the Galaxy), It’s important to keep problems in perspective. The Heartbleed Bug incited widespread panic for what turned out to be limited reasons. This new security bug is reported to be even bigger than Heartbleed, but it, too, has a relatively limited reach. It only affects Unix-based systems that use Bash. The best way to address it is to keep updated on the patches which are sent out. Some routers are also affected, and so updates will be pushed out to handle those as well.

2. What is the BashBug?

Bash is one of the central programs to the modern Unix operating system. It’s used to issue commands to the kernel of the OS. It is a little like the Windows command line. Mac’s desktop operating systems are built on Unix, and that’s why people are concerned. The BashBug is an exploitable nuance of the Bash shell that someone could use to observe and possibly modify an unknowing computer’s information. Basically, it’s like leaving your car window down.

3. I have an iPhone, should I be worried?

No. The iOS is a different operating system from the Desktop OS of MAC, known as OS X.

4. What if someone w/ a Mac emails me? Will my company be at risk? Can I “catch” the Bug this way?

No. The vulnerability is specific to Unix-based OSes. It can’t be transferred between operating systems. Windows has a fundamentally different underlying program, and it does not include Bash, which is the host for this bug.

5. What’s this thing about routers? 

Some routers run on a variation of Linux. Manufacturers will also be pushing out updates to resolve this. Please contact your system administrator (which might be us) to resolve it if you have concerns. We can be reached at 888-244-1748.

BashBug