Tag Archives: ios

These jailbreak hacks will make your iPhone 6 more like an iPhone 6S

If you want the iPhone 6S’s new features but aren’t buying the new phone, you’re kind of in luck: a jailbreak was released for iOS 9 this week, and some of the first hacks for it bring 3D Touch and Live Photos to all iPhones.

Of course, that’s not entirely possible. 3D Touch, after all, requires a pressure-sensitive screen. But some jailbreak tweaks have found a way around that: rather than activating quick actions, peek, and pop with a forceful touch, those commands are activated by swiping up. So swiping up on an app icon presents shortcuts into the app, and swiping up on a photo previews it with a peek. The jailbreak tweak Forcy handles the app icons, while another tweak, UniversalForce, adds support inside of apps. A third tweak, Hapticle, adds vibrations for when they trigger. Naturally, these being jailbreak tweaks, you shouldn’t expect them to work perfectly, but they might still serve as an effective preview of the new 3D Touch actions.

BE WARNED THAT JAILBREAK TWEAKS AREN’T GOING TO WORK AS WELL, IF AT ALL

Live Photos ought to work much more smoothly on older iPhones since the feature doesn’t actually require new hardware. Since Live Photos are already built into iOS 9, the Live Photos Enabler tweak apparently just subverts Apple’s code and makes the button to enable them available on all phones. That tweak doesn’t seem to be working for everyone — some people on Reddit are reporting freezes and overheating — but others are reporting success. There still seems to be a lot of features to add, however, including the ability to easily preview the Live Photos without sending them to someone in Messages.

In both cases, you’re clearly going to be getting a worse experience than the iPhone 6S will actually give you, but that hacky vibe — not to mention the ability to add features to a device you already own — is kind of part of the appeal for anyone eager to do this. If you want to get started, you’ll have to check out the Pangu jailbreak.

Advertisements
Tagged , , , ,

Apple facing huge chip patent bill after losing case

Apple faces a bill of $862m (£565m) after losing a patent lawsuit.

The University of Wisconsin successfully claimed that Apple used its microchip technology without permission in some iPhones and iPads.

The patent, filed in 1998, is said to improve the power efficiency of microchips.

The case relates to use of the technology in the iPhone 5s, 6 and 6 Plus – but an additional lawsuit making the same claim against Apple’s newest models, the 6S and 6S Plus, has also been filed.

The University of Wisconsin sued Intel over the same patent in 2008. The case was settled out of court for an undisclosed sum.

In court papers, the university claimed Apple ignored its offers to license the patent, which would mean paying a fee for its continued use.

Therefore the university said Apple was wilfully infringing the patent, something which, if the court agrees, could carry a heavier fine.

The precise amount Apple may have to pay will be decided at a later stage in the court proceedings.

Despite recent well-publicised truces between some big tech firms, fierce patent battles are still being fought in courts globally.

Last week, a judge threw out claims by graphic card specialist Nvidia that Samsung and others had infringed three of its patents.

Tagged , , , , , ,

Ad blocking for the masses, part three: Apple iOS 9 and the future of web browsing

My three-part series covering the recent spurt of ad blocking software was supposed to be simple. Part one dealt with uBlock Origin for desktop browsers. Part two took a look at the new Adblock Browser for Android and iOS, from the developers of Adblock Plus. In order to write part three, all I had to do was wait for Apple to release iOS 9, update my iPhone, and find and test a third-party add-on ad blocking extension. What I got instead was a bit of drama, when three ad-blocking extensions raced to the top of the iTunes store’s paid app category soon after iOS 9 was released — and then one was promptly pulled.

adblock_ios_01

The app, Peace: Block Ads and Trackers, Powered by Ghostery, hit the number-one spot and stayed there until its superstar developer, Marco Arment (Tumblr co-founder and developer of the popular Instapaper and Overcast iOS apps), pulled the app from the store two days later, saying it “just doesn’t feel right.” Ghostery, which developed the filter Marco used in his app, clarified their joint position by saying: “Specifically, the black-and-white, all on/all off approach to content blocking in Peace ran counter to our core belief that these aren’t black-and-white decisions.”

By comparison, uBlock Origin lets you choose to unblock on a per-website basis. Adblock Browser uses Adblock Plus’s “acceptable ads” EasyList to decide which ads will be allowed to be displayed on a web page.

Nearly two weeks after iOS 9’s release, the $1.99 Purify Blockerremains in the iTunes App Store’s top 50 paid apps list at number 6 (as of October 4, 2015), indicating consumers’ continued interest in blocking ads in mobile Safari. Unlike the former best-selling Peace blocker, Purify lets the user maintain a whitelist of sites whose ads will be allowed to pass through its filter. This content blocker appears to be a less-blunt instrument than Peace. And the Crystal ad block extension’s developer said he will work with Eyeo (which produces Adblock Plus) to use its acceptable-ads whitelist.

adblock_ios_02

Not all iPhone and iPad models can make use of ad-blocking extensions — they only work on iOS devices with 64-bit processors. This means the oldest devices that support the extensions are the iPhone 5s, the iPad mini 2, and the iPad air. Apple says this is thanks to the performance limitations of 32-bit devices. Note that the option to turn content blocking on in iOS doesn’t appear in the Settings menu until you actually install one of the content-blocking extensions.

What’s Next?
I received what seemed to me a strongly worded tweet soon after we published the first two parts of this ad blocker article series. It read:

“Internet ads are life blood of marketing, journalism. If no ads, your fav media disappears #NoAdBlocking”

This assumes the the web is some kind of inflexible unchanging entity. In reality, advertisers and websites will have to adjust — just as they have through the years, such as when pop-up window blocking became the default option in web browsers to prevent annoying pop-up and pop-under windows. While misbehaving and even malicious web ads will continue to make some people feel the need to block ads, the mainstream industry will eventually have to react and reach some kind of armistice with the blockers.

Google’s Senior Vice President of Ads & Commerce, Sridhar Ramaswamy, said in an on-stage interview that he “thinks crappy ad experiences are behind the uptick in ad-blocking tools, and that Google, along with the advertising and publishing industries, is obliged to come up with a fix,” as Re/Code reported. “We need to recognize, as an industry, that this is something we need to deal with. We need to work together to come up with a definition of what an acceptable ad is and what an acceptable ads program can be.”

The vast majority of people do not mind ads all that much. What bothers them are the ones that ruin the web experience. An article in The New York Times looked at ads on 50 mobile sites and found an interesting spectrum of load times for ads versus content. Boston.com, for example, had 15.4 megabytes of ads which took 30.8 seconds to load. Its content was 4 megabytes and took 8.1 seconds to load. On the other end was the smallest overall mobile website, USAToday.com. Its ads were a mere 0.4 megabytes (400 kilobytes) and its home page content was one megabyte large, which resulted in load times of 0.8 and 2 seconds for the ads and content, respectively.

It’s also still possible for all kinds of ad annoyance to get through ad blockers. A recent Security Now podcast (#527) points out LingsCars.com, a horrifying-but-useful site specifically designed to demonstrate an amazing array of annoying ad types that will get through desktop and mobile ad blockers. (Go there at your own risk.)

Tagged , , , , , , , , ,

Dash Radio: What happens when Apple swipes your mic? (Q&A)

When DJ Skee launched his startup, he didn’t anticipate going head-to-head with Apple Music’s most popular feature, but he isn’t letting Beats 1 knock him down.

At 6 feet 3 inches tall, DJ Skee isn’t often the little guy, but everyone looks small compared with Apple.

The Cupertino, California, tech giant is known for following established trends with polished products and services. What does that mean for a fledgling company that paved the way? Scott Keeney, better known as DJ Skee, said explaining his startup got a little easier, especially to people who thought he was crazy.

Skee spent a decade as a DJ for radio giants like LA’s KIIS-FM and satellite radio service Sirius XM. That was long enough for him to see what was going wrong. Too many commercials and the lack of freedom to be musically adventurous were making radio unlovable, he said.

So he quit and launched a startup a year ago: free Dash Radio, a digital network of live radio channels with a mission of expertly picking the right tracks.

“We want to bring back the magic of what live audio could be,” Skee said.

Unfortunately for Los Angeles-based Dash, Apple had the same idea.

When Apple Music launched in June with a three-month free trial, its live worldwide radio station, Beats 1, was among the most lauded features because of inventive programming and expert hosts.

With Apple Music’s first free trials due to expire Wednesday, Skee spoke to CNET about what it was like when the technology giant moved into a niche he had carved.

Q: Apple’s Beats 1 is fundamentally similar to Dash Radio, your startup. What’s that like?
DJ Skee: We don’t necessarily look at Apple Music as a direct competitor as much as, say, iHeart Radio or Sirius XM. Apple Music only has one station, and its main goal is to get people to start using subscription services. It just happens that Apple is using radio services as marketing for that.

Bob Pittman, CEO of terrestrial radio giant iHeart Media, once joked that if Apple invented radio, everybody would be amazed. Launching Beats 1, Apple made good on that punchline, in a way. Will Dash be overlooked?
Skee: Just by the media power and the spending power that Apple has, it helped educate a whole group of people who didn’t realize how magical live radio could be.

People nowadays grew up in the era of corporate radio. For the past decade or so, if you turned on the radio, you had a 99 percent chance of tuning into a station owned by one of the big conglomerates. Chances are it’s the same 20-song playlist, and there’s a 1 in [3] chance you’re listening to a commercial. About 20 minutes per hour on traditional radio is commercials. There’s so much more music out today than there was ever before, and radio never caught up. They’re still in bed with the major labels. They’re still shady. Just being honest. That was one of the key reasons I left.

Apple has launched one station that has incredible content and top artists. We still think we have that too, on steroids. Plus ours is uncensored, and we don’t have ulterior motives, like trying to sell things.

Is there anything Beats 1 is doing that makes you envious?
Skee: Absolutely, I’m envious. No. 1 is just the budgets they have. It’s the most valuable company in the world, so they can afford to hire the biggest staff ever. But I wouldn’t trade places, because they’re more limited in what they can do.

The biggest thing is censorship [of obscenity]. I’ve talked to many DJs there, including some who started off with us but were offered a huge check to leave, and they’re frustrated with that. I understand why they have to be clean: It’s Apple, they only have one station, and they don’t have any other option. We have clean stations, and we have dirty stations.

I wouldn’t trade that, even though they have all the money in the world.

A few weeks before Apple Music launched, Dash had more than a million monthly active users. Where is it at now?
Skee: It has grown. It’s been climbing steadily every month. I don’t have the exact number, we haven’t disclosed it yet.

[Dash has more than 2 million monthly active listeners, Skee said in a follow-up after the interview. Apple hasn’t discussed monthly active listeners, but last month it said 11 million people have signed up for Apple Music free trials.]

Can you characterize how Dash’s growth rate has changed since the introduction of Apple Music?
Skee: It hasn’t gone down, but it hasn’t made a tremendous jump because of Apple entering the space. We haven’t lost anybody. The time spent listening is going up steadily, almost five minutes every single month, so about 35 minutes to 40 minutes per session right now. When we launched, we were at four or five minutes per session.

You’ve talked before about how you met with Apple to give the company more insight into Dash, in the hope of App Store promotion. Then Apple executive Jimmy Iovine took to the stage to introduce Apple Music with what sounds a lot like the same pitch you made. What happened?
Skee: I don’t want to make it us versus Apple. At the end of the day, the idea is radio. We took a system that has worked for 100 years but consumers weren’t happy with, and we made it digital and made it good.

With Dash, like every app company, we want to talk to Apple, just like we talk to Google and everyone about store placement. We showed them the product early on, and we have visited Cupertino. At the time, it was to say, “Hey, we’re not competing with Beats,” its streaming service at the time. “We compete directly with iHeart, Sirius — we’re live audio.” And they were always fans.

Then when we started hearing the rumors that they were getting into broadcast, at first of course it was daunting: “Wow, Apple is going to come in, they can do whatever they want.” But even if they’re taking a little bit from the concept, it still justifies the idea. There are people over there that were over here first. I’m not mad at it. Everybody has to do what’s best for them.

We don’t think that it makes sense for one company to own every space. Now, I’m the biggest Apple fanboy in the world. I’ve had an Apple computer since I was a kid, I’m talking on my iPhone to you, I have an Apple Watch on my wrist. Yet we don’t know if we want the same people that forced U2 onto my iPhone telling us what music is.

Tagged , , , , , ,

Apple sells record 13 million iPhones in first weekend for 6S, 6S Plus

The total exceeds the 10 million sold in the opening weekend last year for the previous versions of Apple’s smartphone.

The iPhone phenomenon endures.

Apple said Monday it sold 13 million iPhone 6S and 6S Plus units from Friday through Sunday, the first three days of sales.

The tally represents a record for Apple, which sold 10 million iPhones over the same period a year ago when the previous models hit stores.

This weekend’s sales continue the momentum for Apple’s smartphones, which contribute roughly two-thirds to the Cupertino, California, company’s revenue. Apple’s success stands in contrast with the broader mobile industry, which has been beset by slowing growth and increased competition from cheaper handsets.

“Sales for iPhone 6S and iPhone 6S Plus have been phenomenal, blowing past any previous first weekend sales results in Apple’s history,” Apple CEO Tim Cook said in a statement.

Apple launches have typically seen huge early numbers because of pent-up demand for the latest-model iPhones, so one weekend’s sales aren’t necessarily an indication of long-term success. But last year’s iPhone 6 and 6 Plus, which brought a larger display and new design, stayed hot after a strong start and went on to become the company’s best-selling smartphones.

The iPhone 6S and 6S Plus, unveiled three weeks ago, offer few design changes, although Apple added a sharper camera and a pressure-sensitive display that better responds to touch. Also helping the launch was Apple’s move to offer the new iPhones in China at the same time they debuted elsewhere. Last year, China was not part of the initial launch weekend because the phones didn’t yet have regulatory approval.

This year’s opening weekend brought the new iPhones to a dozen countries and territories. Besides China, the locations included the US, the UK, Australia, Japan, Singapore and France.

As usual, Apple fans showed up at stores around the world early, with queues forming days ahead of time in Sydney and San Francisco, though many of the lines were shorter than in years past. There were some wrinkles as well. New Yorkers had to contend with crowds both at Apple stores and for Pope Francis, who was in the city as part of his US tour.

The weekend numbers indicate that Apple sold more iPhones on a per-country basis than a year ago, according to Wells Fargo analyst Maynard Um. “This may validate Tim Cook’s comments that China continues to see strength,” he said.

On Monday, Apple said it will start selling the new phones on October 9 in 40 additional markets, including Russia, Spain, Italy, Mexico and Taiwan.

The revenue from this year’s launch weekend will be recorded in two separate fiscal quarters. Sales completed by Saturday will be included in the September quarter, the fourth of Apple’s fiscal year, and those completed on Sunday will be counted in the first quarter of Apple’s fiscal 2016.

Tagged , , , , , , , , ,

Apple App Store malware ‘infected 4,000 apps’

As many as 4,000 apps were infected by the XcodeGhost malware used in an attack on Apple’s App Store, security researchers have said.

The news came as Apple said it was going to make its Xcode program – the tool used to build apps for its operating system – easier to download in China, where the problem originated.

Some Chinese firms said slow download speeds behind the Great Firewall led them to seek locally held, bootlegged versions of Xcode that they did not know were infected with malware.

Apple’s marketing boss Phil Schiller said the firm would offer domestic downloads in China in a bid to speed up downloads and convince people to install only the official software.

App developers are not blocked from downloading the official version of Xcode. But censorship controls, along with low investment in infrastructure for international connections, make using services based outside China a painful process for some.

“In the US it only needs 25 minutes to download. China may take three times as long,” Mr Schiller told Sina.cn.

Security review

The counterfeit versions served malware that infected apps built on them, allowing the attackers to steal data about users and send it to servers they controlled.

The US security firm Palo Alto Networks said it believed the number of infected apps was likely to be “far greater” than the few dozen initially thought. According to FireEye, another security company, the figure could be as high as 4,000.

The App Store had previously been almost entirely free of malware, and it was unclear how the altered code withstood Apple’s app approval process, in which developers often wait a week for reviews of updates to their apps.

“These reviews are legendary for how particular Apple is,” said Robert Walker, founder of mobile dating app Cuddli, who worked for Microsoft in China. “Supposedly, a security review is part of that. But they missed this repeatedly over dozens of different applications. A huge mistake on their part.”

Security consultant Graham Cluley said: “Apple security, for so long priding itself on the tight ship it maintains over apps that get into its App Store, has definitely suffered a bloody nose.

“However, let’s not lose sight of the fact that malware appearing in Google’s equivalent app store for Android is far from rare.”

Apple released advice to developers on checking their versions of Xcode, but did not respond to a request for comment.

Tagged , , , , , , , , ,

Hundreds of iPhone apps infected in first major attack on App Store

Developers tricked into using XcodeGhost software that infiltrates legitimate apps in an attempt to steal data

Apple has taken down several apps after hundreds were found to have been compromised by a major attack on the App Store.

In the first significant security issue to affect the usually-watertight App Store for the iPhone and iPad, many were found with malicious “XcodeGhost” code inside of them.

The code found its way into the apps because developers had been tricked into using a modified version of Apple’s official software for creating apps, known as Xcode. The code was deeply embedded in the apps, which made it through the Apple reviewers who check every app before they are made available to download.

Security firm Palo Alto Networks said the XcodeGhost code could have reached hundreds of millions of users and taken data such as passwords, although it had not seen any examples of sensitive information being stolen. It said only five App Store apps had previously been found to be malicious.

The malicious software was hosted on Chinese website Baidu, and thus is believed to largely affect apps in China. Some developers download Xcode from unofficial sources in China because it can reportedly take a long time to get it from Apple’s servers.

wechat logoSocial network WeChat was one of those affected  Photo: WeChat

Tencent, the owner of the popular Chinese social network WeChat, said thata preliminary investigation had found no evidence of data being leaked or stolen, and that its most up-to-date version of the WeChat app was not affected.

However, apps that are available outside of China can also be affected. CamCard, which scans business cards and imports them into a phone’s contacts, is said to have been affected, while WeChat is used around the world, not just in China. Several other scanner apps are among a list of affected software.

Qihoo 360, a Chinese security firm, said it had found 344 apps affected by Xcode Ghost.

“We’ve removed the apps from the App Store that we know have been created with this counterfeit software,” Apple said.

“We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.”

Earlier this month, it emerged that 225,000 iPhone users who had “jailbroken” their iPhones may have had their data stolen by hackers. However, the XcodeGhost code could affect both jailbroken and “stock” devices.

Users who believe they may have been affected should remove any apps that may have been affected, as well as resetting their iCloud software and those associated with any of the affected apps.

Tagged , , , , , , , , ,

Why you’ll want to install that new iPhone operating system ASAP: Protection from hackers

Though smartphones have yet to become a major target for hackers, even the iPhone has known security flaws. Updating your software is one of the best ways to stay safe.

Updating your iPhone is like doing your taxes. You just gotta get it done.

On Wednesday, Apple released iOS 9, the latest version of the code that powers iPhones and iPads. It has new features like better battery life, advanced search functions and enhanced transit information in its Maps app.

The reason to update, however, is two key security improvements: stronger pass codes and additional security for logging in. As an enticement, it works with any iPhone or iPad made in the last three years. And it’s free.

Apple’s users should jump at the opportunity. Like desktops and laptops, smartphones are vulnerable to all sorts of hacks. Nearly all devices powered by Google’s Android software, for example, could be taken over by hackers who send a simple text message.

Still, just 11 percent of Apple’s users downloaded iOS 9 the first day it was available.

The low number is a harsh reminder of how annoying software updates can be. They’re often buggy, sometimes wrecking key functions like cellular connectivity and email reliability. Customers are alreadycomplaining that iOS 9 is causing their apps to crash. It’s as annoying as paying Uncle Sam every April.

By the first weekend the update was available, things were picking up: The download rate, Apple said, had surpassed 50 percent.

The road that shouldn’t be taken

Choosing not to upgrade leaves you vulnerable. Hackers often examine updates to figure out what’s wrong with older versions of the software, and then take advantage of users who haven’t upgraded. The result is that important data on phones — banking information, photos, fantasy football lineups — is left open for pilfering. Hackers could even turn on the microphone and listen in on you.

So far, we’ve been lucky. There haven’t been any major hacks involving smartphones, but security researchers say we should still be diligent.

Consider the disclosure in July of the Stagefright flaw by mobile-security company Zimperium. The flaw, which a researcher found in the software that powers Android smartphones, would let hackers insert malicious programs through a text message. Nearly all the billion Android-powered smartphones sold in the last year could be vulnerable, and it’s hard to tell how many will ever receive a fix.

It’s not just Google devices; Apple’s iPhones have also had flaws. For instance, an update Apple sent in August fixed among other things six flaws in the system that displays Web content on all browsers in an iPhone or iPad. And on Monday, Apple removed from its App Store a number of apps, created with counterfeit software, that contained malware.

Like all security flaws, these holes don’t turn into a problem until a hacker writes malicious code that can take advantage of them. But there’s a vast amount of these malicious files, called exploits, that security experts don’t know about.

“It is unquestionable beyond any shadow of a doubt that running the latest and greatest of anything is what you should be doing,” said Christopher Budd, who specializes in communicating about cybersecurity threats for security-software maker Trend Micro.

Installing a software update is more appealing now, isn’t it?

Sure, hackers generally have a much easier time on your Web-connected computer, where they can get your trusty laptop to silently download malicious software without even telling you.

That’s why the discovery of the Stagefright flaw in Android phones in July was so scary. If more flaws like that appear in smartphones, hackers will have a much easier time sneaking into your phone.

Security experts like Jon Marler, who helps make cybersecurity products at Trustwave, have yet to witness a major smartphone attack. That’s not to say it couldn’t happen; the flaws are there to abuse, he said, hackers just don’t think they’re yet worth the effort.

“As there are more and more mobile devices,” Marler said, “I think that will change.”

Tagged , , , , , , ,

Apple removes malware-infected App Store apps after major security breach

Apple has removed malware-infected apps from the App Store after acknowledging its first sustained security breach. The malware, known as XcodeGhost, worked its way into several apps by convincing developers to use a modified version of Xcode, the software used to create iOS and Mac software.

“We’ve removed the apps from the App Store that we know have been created with this counterfeit software,” Apple spokesperson Christine Monaghan told Reuters. “We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.”

XCODEGHOST COULD BE “VERY HARMFUL AND DANGEROUS”

Among the more notable apps affected were dominant Chinese messaging app WeChat, popular business card scanner CamCard, and Chinese Uber rival Didi Chuxing. WeChat, which has over 600 million monthly active users, said in a blog post that the exploit only affected a prior version of the app released on September 10th; the present version, released two days later, is clean.

Security firm Palo Alto Networks investigated XcodeGhost and concluded that it was able to prompt fake phishing dialogs, open URLs, and read and write clipboard data, leading the company to call it a “very harmful and dangerous” piece of malware that has affected at least 39 apps.

There’s no evidence that any data theft has occurred yet, but XcodeGhost is worrying because it shows how legitimate developers can be used as a vector for malicious software, bypassing Apple’s code review — a method that the CIA has also considered deploying. Palo Alto’s Ryan Olson told Reuters that the compromised version of Xcode came from a server in China, and may have been used because it was faster to download than the free, official version on Apple’s App Store.

Tagged , , , , , , ,

Why you’ll want to install that new iPhone operating system ASAP: Protection from hackers

Though smartphones have yet to become a major target for hackers, even the iPhone has known security flaws. Updating your software is one of the best ways to stay safe.

Updating your iPhone is like doing your taxes. You just gotta get it done.

On Wednesday, Apple released iOS 9, the latest version of the code that powers iPhones and iPads. It has new features like better battery life, advanced search functions and enhanced transit information in its Maps app.

The reason to update, however, is two key security improvements: stronger pass codes and additional security for logging in. As an enticement, it works with any iPhone or iPad made in the last three years. And it’s free.

Apple’s users should jump at the opportunity. Like desktops and laptops, smartphones are vulnerable to all sorts of hacks. Nearly all devices powered by Google’s Android software, for example, could be taken over by hackers who send a simple text message.

Still, just 11 percent of Apple’s users downloaded iOS 9 the first day it was available.

The low number is a harsh reminder of how annoying software updates can be. They’re often buggy, sometimes wrecking key functions like cellular connectivity and email reliability. Customers are alreadycomplaining that iOS 9 is causing their apps to crash. It’s as annoying as paying Uncle Sam every April.

The road that shouldn’t be taken

But choosing not to upgrade leaves you vulnerable. Hackers often examine updates to figure out what’s wrong with older versions of the software, and then take advantage of users who haven’t upgraded. The result is that important data on phones — banking information, photos, fantasy football lineups — is left open for pilfering. Hackers could even turn on the microphone and listen in on you.

So far, we’ve been lucky. There haven’t been any major hacks involving smartphones, but security researchers say we should still be diligent.

Consider the recent discovery of the Stagefright flaw by mobile-security company Zimperium. The flaw, which a researcher found in the software that powers Android smartphones, would let hackers insert malicious programs through a text message. Nearly all the billion Android-powered smartphones sold in the last year could be vulnerable, and it’s hard to tell how many will ever receive a fix.

It’s not just Google devices; Apple’s iPhones have also had flaws. For instance, an update Apple sent in August fixed among other things six flaws in the system that displays Web content on all browsers in an iPhone or iPad.

Like all security flaws, these holes don’t turn into a problem until a hacker writes malicious code that can take advantage of them. But there’s a vast amount of these malicious files, called exploits, that security experts don’t know about.

“It is unquestionable beyond any shadow of a doubt that running the latest and greatest of anything is what you should be doing,” said Christopher Budd, who specializes in communicating about cybersecurity threats for security-software maker Trend Micro.

Installing a software update is more appealing now, isn’t it?

Sure, hackers generally have a much easier time on your Web-connected computer, where they can get your trusty laptop to silently download malicious software without even telling you.

That’s why the discovery of the Stagefright flaw in Android phones in July was so scary. If more flaws like that appear in smartphones, hackers will have a much easier time sneaking into your phone.

Security experts like Jon Marler, who helps make cybersecurity products at Trustwave, have yet to witness a major smartphone attack. That’s not to say it couldn’t happen; the flaws are there to abuse, he said, hackers just don’t think they’re yet worth the effort.

“As there are more and more mobile devices,” Marler said, “I think that will change.”

Tagged , , ,