Yesterday, the internet discovered a workaround that allows someone to access anyone's Photos or Contacts on an iPhone 6s or 6s Plus without using a password. The bypass took advantage of 3D Touch and Siri by allowing a third-party to search Twitter for valid email addresses. This allowed unauthorized users to create a new contact using the 3D Touch quick action menu without using a password or Touch ID. After creating the new contact anyone could then access the photos and contact information stored on any iPhone 6s device.
Data theft is an ever-present danger in the modern world that one must remain on constant guard against. Requiring a username and password combination is one of the simplest security measures that people use to guard their private information. While it is an effective defense, it can backfire in a big way if the same password is used across many sites and services. The average person likely has login information for many tens of sites and apps, if not hundreds, and for the sake of convenience, many use the same password for many sites.
Hardly a week goes by in which we don't hear about a major breach in cyber security, be it stolen credit card data from a major retailer like Target or Home Depot, to leaked personal data, like the celebrity photo leak on iCloud or the Sony Pictures hack. We've all heard about stolen identities and the nightmare the victims go through to get them back, constant attempts of corporate espionage, and cases of private citizens being surveilled under dubious circumstances and cyber stalking and bullying dramas seem to be a staple of both the Lifetime channel and the local news.
iPhone 5s owners interested in locking down specific apps from prying eyes can now limit access using Touch ID authentication. The jailbreak tweak BioProtect makes it possible to select which apps are protected. Instead of entering a password to launch the protected apps, Touch ID is used to grant or deny access for faster results and better security.
Once installed, BioProtect can be enabled or disabled under Settings -> BioProtect. Options can also be set to customize the pop-up alert asking for Touch ID authentication. Individual apps can be locked out using toggles for each app under the section titled Protected Applications. Once an app is protected, it won't launch without a successful fingerprint match.
Ever worry that someone is trying to spoof the origin of text messages on your iPhone? Well according to developer pod2g you should. Although the security flaw he cites is not capable of executing malicious code, it can be exploited to fake the origin of an SMS to an unsuspecting iPhone user.
Pod2g is hoping Apple fixes the problem before the final release of iOS 6. If iOS dealt with incoming text message information properly, the message would display the reply-to (spoofed) phone number as well as the actual originating phone number. As currently configured, iOS only shows the reply-to number.