Category Archives: iOS

Hacked versions of popular iOS games available on App Store

By Waqas

Software pirates are distributing hacked and infected versions of iPhone apps by hijacking Apple’s enterprise developer program. Reportedly, the hacked apps include versions of Minecraft, Spotify, Angry Birds, and Pokemon Go. These apps have been modified for making paid content/features available for free to deprive the original developers and Apple of their due revenue share […]

This is a post from HackRead.com Read the original post: Hacked versions of popular iOS games available on App Store

Smashing Security #115: Love, Nests, and is 2FA destroying the world?

Smashing Security #115: Love, Nests, and is 2FA destroying the world?

Is two factor authentication such a pain in the rear end that it’s costing the economy millions? Do you feel safe having a Google Nest in your home? And don’t get caught by a catfisher this Valentine’s Day.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by B J Mendelson.

Update your iOS devices now against the FaceTime eavesdropping bug

Last week a bug became such big news that it broke out of the technology press, and into the mainstream media – generating headlines around the globe.

The reason? A bizarre bug had been discovered in the way iPhones and iPads handled Group FaceTime calls meant that someone could potentially listen and even see you *before* you answered an incoming call.

As news of the flaw spread like wildfire on social media, Apple said it would fix the problem “later in the week” and made a change server-side that temporarily disabled all Group Facetime calls to prevent others from being at risk (much to the irritation of those hoping to prank their friends.)

The bad news for Apple grew as it not only failed to release a patch within its original estimate, but it was also revealed that a 14-year-old boy had separately discovered the problem a couple of weeks earlier, and had received no response when he attempted to report the bug to the tech giant.

Two members of the US Congress wrote to Apple CEO Tim Cook, demanding answers as to why the company had not acted immediately when the vulnerability was discovered, and how it was planning to address any harm caused to consumers.

House Energy and Commerce Committee Chairman Frank Pallone and Representative Jan Schakowsky claimed that Apple was failing to be transparent about what they described as a “serious issue.”

Meanwhile, New York Governor and Attorney General announced that they would be launching a probe into Apple’s failure to warn consumers.

Personally I do think that Apple dropped the ball somewhat in failing to take the 14-year-old’s bug report seriously when they first received it, but I find it hard to accept that the company didn’t act quickly when it understood the privacy-breaching nature of the problem.

Within hours of videos spreading rapidly on social media, and the first news reports of how to exploit the vulnerability, Apple had shut down all Group FaceTime calls – preventing others from abusing the bug.

And yes, obviously in an ideal world it would have had an iOS patch ready to roll out the next day – but the worst thing in the world would have been for Apple to have been rushed into issuing a fix that didn’t properly remediate the issue or – worse – introduced yet more flaws.

Sometimes it takes a while for code to be properly tested and quality controlled. As there was a no way for anyone to exploit the bug with Group FaceTime disabled it seems reasonable to me that Apple has only now issued an updated to iOS, iOS 12.1.4, which fixes the problem.

The update also fixes a number of other security issues, including two zero-day flaws discovered by researchers working for Google.

For many iPhone and iPad users the update will be automatically installed, but – if you want to make sure that you are protected – follow these instructions:

Click on Settings > General > Software Update, and choose Download and Install

And as for Grant Thompson, the 14-year-old high school student who first discovered the flaw? He appears to have been credited in Apple’s security bulletin about the flaw, just as any other security researcher would be.

Smart kid.

Apple fixes FaceTime eavesdropping bug, two iOS zero-days

Apple has pushed out critical security updates for iOS and macOS, which fix the “Facepalm” FaceTime eavesdropping bug but also two zero-day flaws that, according to Google researchers, have been exploited in the wild. Fixed vulnerabilities The Facepalm bug (CVE-2019-6223) affects FaceTime Groups both on iOS and macOS, and was discovered by Grant Thompson, a high schooler from Arizona. After the existence of the flaw and demontration videos of its exploitation were made public, Apple … More

The post Apple fixes FaceTime eavesdropping bug, two iOS zero-days appeared first on Help Net Security.

Jack’d Dating App Allowing Strangers to See Intimate Photos

Dating sites can sometimes contain photos that the users don’t want everyone to see. However, dating and hook-up app Jack’d

Jack’d Dating App Allowing Strangers to See Intimate Photos on Latest Hacking News.

E Hacking News – Latest Hacker News and IT Security News: Google’s Research App- ‘Screenwise Meter’ To Encroach Apple’s Policies?





















Apparently, a research application was being run by Google, which could potentially violate Apple’s policies, the same way Facebook once did.


“Screenwise Meter” is the name of the infamous application, so being mentioned.



It’s an invitation-only program which works on collecting data and its monitoring onto phones and in return guarantees gift cards.



The application uses an “Enterprise Certificate”, named “Sideload” which was revoked from Facebook.



Due to this revocation, a lot of havoc was wreaked within the ‘employee-only’ apps of Facebook on iPhones.



After what happened with Facebook, there were likewise chances of Google’s certificate being revoked by Apple too.



But before that could happen, Google, shut its ‘Screenwise Meter’ down and apologized for putting the application into Apple’s Enterprise Program in the first place.



The application was always meant to be voluntary, cited one of the spokespersons of Google, and also that it has now been entirely disabled on all the iOS devices.



E Hacking News - Latest Hacker News and IT Security News

Google’s Research App- ‘Screenwise Meter’ To Encroach Apple’s Policies?



Apparently, a research application was being run by Google, which could potentially violate Apple’s policies, the same way Facebook once did.

“Screenwise Meter” is the name of the infamous application, so being mentioned.

It’s an invitation-only program which works on collecting data and its monitoring onto phones and in return guarantees gift cards.

The application uses an “Enterprise Certificate”, named “Sideload” which was revoked from Facebook.

Due to this revocation, a lot of havoc was wreaked within the ‘employee-only’ apps of Facebook on iPhones.

After what happened with Facebook, there were likewise chances of Google’s certificate being revoked by Apple too.

But before that could happen, Google, shut its ‘Screenwise Meter’ down and apologized for putting the application into Apple’s Enterprise Program in the first place.

The application was always meant to be voluntary, cited one of the spokespersons of Google, and also that it has now been entirely disabled on all the iOS devices.

Google also abused its Apple developer certificate to collect iOS user data

It turns out that Google, like Facebook, abused its Apple Enterprise Developer Certificate to distribute a data collection app to iOS users, in direct contravention of Apple’s rules for the distribution program. Unlike Facebook, though, the company did not wait for Apple to revoke their certificate. Instead, they quickly to disabled the app on iOS devices, admitted their mistake and extended a public apology to Apple. Google’s app Google’s Screenwise Meter app is very similar … More

The post Google also abused its Apple developer certificate to collect iOS user data appeared first on Help Net Security.

Hey Siri, Get My Coffee, Hold the Malware

With Apple’s introduction of iOS 12 for all their supported mobile devices came a powerful new utility for automation of common tasks called Siri Shortcuts. This new feature can be enabled via third-party developers in their apps, or custom built by users downloading the shortcuts app from the app store. Once downloaded and installed, the Shortcuts app grants the power of scripting to perform complex tasks on users’ personal devices.

But accessing the phone from Siri Shortcuts also presents some potential security risks that were discovered by X-Force IRIS and reported to Apple’s security team. This post gives some insight into potential attack scenarios using Shortcuts and reminds users that keeping a tight lid on app permissions is a critical step to upping security on devices and the way we use them.

Shortcuts Make Life Easier, Right?

Want to turn all your lights to disco, play your favorite soundtrack, and text your friends to come over? Or maybe perform complex mathematical computations with a single voice command? Siri Shortcuts can help do that and facilitate much more in user interaction with their devices, directly from the lock screen or via existing apps they use. These shortcuts can also be shared between users, using the app itself via iCloud, which means they can be passed around rather easily.

Beyond users wishing to automate daily activities, app developers can create shortcuts and present them to their user base from within their apps. The shortcut can then appear on the lock screen or in ‘search’ when it is deemed appropriate to show it to the user based on time, location and context. For example, a user approaches their usual coffee shop, and the relevant app pops up a shortcut on the screen to allow them to order the usual cup of java and pay for it on the app before they even enter the coffee shop.

These shortcuts are a nifty addition to Siri’s functionality, but while allowing extended functionality and personalization of the use of Siri, there are some less favorable scenarios to consider.

Siri Shortcuts Can Also Be Abused by Attackers

Siri Shortcuts can be a useful tool for both users and app developers who wish to enhance the level of interaction users have with their apps. But this access can potentially also be abused by malicious third parties. According to X-Force IRIS research, there are security concerns that should be taken into consideration in using Siri Shortcuts.

Siri Demanding Ransom?

Using Siri for malicious purposes, Shortcuts could be created for scareware, a pseudo ransom campaign to try to scare victims into paying a criminal by making them believe their data is in the hands of a remote attacker.

Using native shortcut functionality, a script could be created to speak the ransom demands to the device’s owner by using Siri’s voice. To lend more credibility to the scheme, attackers can automate data collection from the device and have it send back the user’s current physical address, IP address, contents of the clipboard, stored pictures/videos, contact information and more. This data can be displayed to the user to convince them that an attacker can make use of it unless they pay a ransom.

To move the user to the ransom payment stage, the shortcut could automatically access the Internet, browsing to a URL that contains payment information via cryptocurrency wallets, and demand that the user pay-up or see their data deleted, or exposed on the Internet.

The More the Merrier

To add to this scenario, the malicious shortcut can also be configured to spread to other devices by messaging everyone on the victim’s contact list, prompting them to download and install the same shortcut. This would be a cost effective and hard to detect distribution method, coming from a trusted contact.

In a video we created we show how native functionality can be used to make convincing ransom threats to someone running a malicious Siri Shortcut.

Pay attention to the following steps taking place in the video:

  1. The shortcut is configured to gather personal data from the device:
  • It can collect photos from the camera roll.
  • Grab the contents of the clipboard.
  • Get the physical address of the device’s location.
  • Find the external IP address.
  • Get the device’s model.
  • Get the device’s current mobile carrier
  1. The Siri Shortcut can message the information to an external party; this data can also be sent over SSH to the attacker’s server using native functionality.
  2. The Shortcut can set the brightness and volume of the device to 100%
  3. It can turn the device’s flashlight on and off while vibrating at the same time to get the user’s attention and make them believe their device has been taken over.
  4. The Shortcut can be made to speak a ransom note which can include convincing personal details to make the user believe the attacker. For example, it can indicate the IP address and physical address of the person and demand payment.
  5. The Shortcut can be further programmed to then display the spoken note in a written alert format on the device.
  6. To nudge the user to pay up, the Shortcut can be configured to open a webpage, accessing a URL that contains payment information to a cryptocurrency wallet, or a phishing page demanding payment card/account information[1].
  7. To spread around, and since Siri Shortcuts can be shared among users, the malicious Shortcut could also send a link to everyone in the user’s contact list giving it a “worm like” capability[2] that’s easy to deploy but harder to detect.

Not Only Ransom

In our security research labs, we tested the ransom attack scenario. The shortcut we created was named “Ransom” in the video, but it could easily be named any other name to entice users to run it. Lures, such as game cheats/hacking, unlocking secret functionality in apps, or getting free money, often entice users to tap on a shortcut and see where it leads.

From our researchers’ experience, users may fall prey to social engineering and end up installing and running malicious code or apps on their devices.

Using Siri Shortcuts More Safely

Siri Shortcuts has its merits and some security concerns to be aware of. Yet, it is possible to use this functionality in a safer manner.

  1. Never install a Shortcut from an untrusted source.
  2. Check the permissions that the shortcut is requesting and never give permission to portions of your phone you are not comfortable with. Things like photos, location and camera could be used to obtain sensitive information.

Siri Shortcut on iOS12

  1. Use the show actions button before installing a third-party shortcut to see the underlying actions the shortcut might take. Look for things like messaging data to numbers you don’t recognize, emailing data out, or making SSH server connections to servers.

Checking permissions for Siri Shortcut

Apple Controls Centralized Patch Control

Siri Shortcuts is a native feature of iOS12; however, in order to utilize custom shortcuts, one must download the Shortcuts app from Apple’s app store. This gives Apple the ability to patch/update the functionality of the Shortcuts app without having to update the entire OS version.

Users Should Be Very Selective with App Permissions

It’s also important to note that using the shortcuts is designed for, and therefore requires, a lot of user interaction. First, users must download and install the shortcut from a shared source, and then manually tap it to run. Users must also grant access to photos, contacts or any sensitive data the shortcut wants access too.

A sharp reminder to validate anything you install on your mobile device as Shortcuts allows you to see everything the script is capable of before installing. As tempting as it might be to just scroll past that text and hit accept, users must be more aware of good security practices, which includes reading and understanding anything they authorize to run on their device.

[1] Not shown in this video

[2] Not shown in this video

The post Hey Siri, Get My Coffee, Hold the Malware appeared first on Security Intelligence.

Smashing Security #113: FaceTime, Facebook, faceplant

Smashing Security #113: FaceTime, Facebook, faceplant

FaceTime bug allows callers to see and hear you *before* you answer the phone, Facebook’s Nick Clegg tries to convince us the social network is changing its ways, and IoT hacking is big in Japan.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by John Hawes from AMTSO.

Blog | Avast EN: Apple Pulls Service from Facebook | Avast

Citing a breach of agreement, Apple has revoked its distribution certificate from Facebook, abruptly powering down all apps using the intra-company iOS app distribution service. This does not mean that the Facebook app will stop working on your iPhone, but it does mean that Facebook as a company has lost its Apple Developer Enterprise Program certificate privileges for the time being.



Blog | Avast EN

Apple is Planning 3D Cameras for Next Year’s iPhones; Three Rear Cameras Setup For This Year’s Phone; and Dark Mode for iOS 13: Report

Apple plans to launch iPhones with a more-powerful 3-D camera as soon as next year, stepping up the company's push into augmented reality, Bloomberg reported Wednesday. From the report: The rear-facing, longer-range 3-D camera is designed to scan the environment to create three-dimensional reconstructions of the real world. It will work up to about 15 feet from the device, the people said. Apple's new system uses a laser scanner, rather than the existing dot-projection technology which doesn't work as well over longer distances, according to the people, who asked not to be identified discussing unreleased features. That's just one of many new features -- including a third, more advanced camera, enhanced photo-capture tools and a more powerful chip -- that Apple plans to include in coming generations of iPhones, the people said. [...] For 2019, Apple plans successors to the iPhone XS and iPhone XS Max -- code-named D42 and D43 -- and an update to the iPhone XR, said the people. The larger of the new high-end iPhones will have three cameras on the back, and other handsets could eventually come with the upgraded system, too, the people said. [...] Apple's next operating system update, iOS 13, will include a dark mode option for easier nighttime viewing and improvements to CarPlay, the company's in-vehicle software.

Read more of this story at Slashdot.

Facebook to shut down iOS app that allowed for near total data access

When Apple banned its Onavo VPN app from its App Store last summer, Facebook took repackaged the app, named it “Facebook Research” and offered it for download through three app beta testing services, TechCrunch has discovered. About the Facebook Research app Facebook used the Onavo app to collect the aforementioned data of both Android and iOS users and, based on the information gleaned from it, made decisions to acquire competing apps and add popular features … More

The post Facebook to shut down iOS app that allowed for near total data access appeared first on Help Net Security.

FaceTime bug exposes live audio & video before recipient picks call

By Waqas

FaceTime bug is exposing calls and videos – Here’s how to disable FaceTime until this issue is fixed. According to reports, there is a major bug in iPhone FaceTime’s video calling function that lets users hear audio from the call even before the recipient has accepted the video call. Moreover, the flaw also lets people see […]

This is a post from HackRead.com Read the original post: FaceTime bug exposes live audio & video before recipient picks call

Apple Is Making a 7th-Gen iPod Touch and New iPads, Says Report

Four new iPad models and a 7th-generation iPod Touch have been found in upcoming iOS 12.2, and seven new iPad models were discovered in the Eurasian Economic Commission Database, reports MacRumors. From the report: Developer Steven Troughton-Smith speculates that the iPad model numbers could be new iPad mini devices, which would be in line with rumors suggesting a new iPad mini 5 is in the works. According to Troughton-Smith, none of the iPads have Face ID, which is what we would expect as a new iPad mini is likely to be positioned as an affordable, lower-end device. There's also a reference to "iPod 9,1," which does not match up with any known iPod touch devices, suggesting it is a new next-generation model. The current sixth-generation iPod touch is "iPod 7,1," for reference. The iPod listed in iOS 12.2 does not appear to have Face ID or Touch ID, which is in line with the current iPod touch. Previous rumors have indeed suggested Apple is working on a 7th-generation iPod touch, an iPad mini 5, and a new version of the lower-cost 9.7-inch iPad, which may actually be upgraded to 10 inches in its next iteration. There's been mixed information about what to expect from an iPad mini update. A case leak suggested a vertical camera and quad speakers, but a photo of an unreleased iPad mini, which could be the new iPad mini, featured an older A9 processor and a design that's similar to the fourth-generation iPad mini.

Read more of this story at Slashdot.

Critical FaceTime bug turns iPhones, Macs into eavesdropping tools

A shocking and easily exploitable FaceTime bug allows people to listen in on other users of Apple devices by simply calling them through the service. The bug apparently affects Group FaceTime and Apple has reacted by making the service unavailable until they can push out a fix. Exploitation of the FaceTime bug The bug was first reported by 9to5Mac and then replicated and confirmed by others. The gist of it is this: it allows the … More

The post Critical FaceTime bug turns iPhones, Macs into eavesdropping tools appeared first on Help Net Security.

Apple publica la primera actualización del año para iOS y macOS ¡Actualiza ya!

Apple ha publicado las actualizaciones de enero que solucionan la mayoría de las CVE que afectan iOS y macOS con unas pocas que afectan a Safari, watchOS, tvOS e iCloud para Windows. iOS v12.1.3 Esta última versión arregla una lista de CVEs para el iPhone 5 y posteriores, iPad e iPod Touch 6th Generation. Casi […]

Researcher Releases Jailbreak PoC for iOS 12 on iPhone X

After tinkering with the latest iteration of Apple’s mobile operating system, a Chinese researcher has published a proof-of-concept of what he claims is a working exploit that can jailbreak iOS 12 on an iPhone X – and remotely, at that.

Critical vulnerabilities in Apple’s Safari browser, as well as in the iPhone’s operating system itself, enabled Qixun Zhao to create a “jailbreak” of the iPhone X’s A12 chip, opening the hardware to unauthorized apps and settings.

Dubbed “Chaos,” the jailbreak is not yet available to the public. Zhao details the hack in this elaborate blog post, but refrains from releasing the actual jailbreak code publicly. He explains:

“In this article, I will release the PoC of Chaos and will elaborate in details (for beginners) how to get the tfp0 exploit details on A12,” Zhao wrote.

“However, I will not release the exploit code, if you want to jailbreak, you will need to complete the exploit code yourself or wait for the jailbreak community’s release,” he said. “I will not mention the exploit details of the post exploit, as this is handled by the jailbreak community.”

The hack works on iOS 12.1.2 which, until a few days ago, was the latest version of the iPhone’s operating system. Apple immediately made a patch available, bringing iOS to version 12.1.3. The update, however, was not dedicated to patching the jailbreak. iOS 12.1.3 brings several fixes and improvements for owners of iDevices.

Hacker demonstrates how to remotely Jailbreak iPhone X

By Waqas

A China-based security researcher associated with the Qihoo 360 Vulcan Team has published a proof-of-concept exploit for a kernel vulnerability, which he claims to be the second stage of an exploit chain that he was successfully able to jailbreak iPhone X remotely. The researcher Qixun Zhao posted the PoC on Twitter from his Twitter handle […]

This is a post from HackRead.com Read the original post: Hacker demonstrates how to remotely Jailbreak iPhone X

Expert shares PoC exploit code for remote iOS 12 jailbreak On iPhone X

Researcher published a PoC exploit code for critical vulnerabilities that could be chained to implement an iOS jailbreak On iPhone X

The security researcher Qixun Zhao of Qihoo 360’s Vulcan Team has published a PoC exploit code for critical vulnerabilities in Apple Safari web browser and iOS that could be exploited by a remote attacker to jailbreak an iPhoneX running iOS 12.1.2 and early versions.

The exploitation of the flaw is quite simple, the attacker needs to trick victims into opening a specially crafted web page using Safari browser.

The PoC code developed by Qixun Zhao, dubbed Chaos, chains two security flaws that were demonstrated at TianfuCup hacking contest in November.

The Chaos exploit code triggers a couple of vulnerabilities, a type confusion memory corruption flaw in Apple’s Safari WebKit (CVE-2019-6227) and a use-after-free memory corruption bug (CVE-2019-6225) in iOS Kernel. Apple addressed the flaws by releasing the iOS version 12.1.3

The Safari vulnerability allowed maliciously crafted web content to execute arbitrary code on the targeted device, which then the second one allowed to elevate privileges and silently deploy a malicious application

Zhao published a blog post that includes some details for the exploit code, the expert also shared a PoC video demonstration for it.

Zhao hasn’t published the exploit code for the iOS jailbreak to prevent attacks in the wild.

“I will not release the exploit code, if you want to jailbreak, you will need to complete the exploit code yourself or wait for the jailbreak community’s release. At the same time, I will not mention the exploit details of the post exploit, as this is handled by the jailbreak community,” Zhao said.

iPhone users urge to install the latest iOS update as soon as possible,

Pierluigi Paganini

(SecurityAffairs – iOS jailbreak, Apple)

The post Expert shares PoC exploit code for remote iOS 12 jailbreak On iPhone X appeared first on Security Affairs.

Apple delivers security patches, plugs an RCE achievable via FaceTime

Apple has released a new set of updates for its various products, plugging a wide variety of vulnerabilities. WatchOS, tvOS, Safari and iCloud Let’s start with “lightest” security updates: iCloud for Windows 7.10 brings fixes for memory corruption, logic and type confusion issues in the WebKit browser engine, all of which can be triggered via maliciously crafted web content and most of which may lead to arbitrary code execution. The update also carries patches for … More

The post Apple delivers security patches, plugs an RCE achievable via FaceTime appeared first on Help Net Security.

Apple Releases macOS 10.14.3, iOS 12.1.3, watchOS 5.1.3, and tvOS 12.1.2

Apple today pushed software updates for a range of its computing platforms. They are all minor releases that simply offer a few bug fixes and security updates, with no new features -- and there are no new features in any of the beta releases for these versions of the operating systems, either. From a report: iOS 12.1.3 fixes a scrolling bug in Messages, an iPad Pro-specific audio bug, and a graphical error in some photos, and it addresses some CarPlay disconnects experienced by owners of the three new iPhone models released in late 2018. It also fixes two minor bugs related to the company's HomePod smart speaker.

Read more of this story at Slashdot.

Phone-Based Phishing Scam Reveals the Growing Sophistication of Attacks Against Apple Users

A new phone-based phishing scam reveals how fraudsters are devising more sophisticated schemes to prey on Apple device users.

According to KrebsOnSecurity, the phishing scam began for Global Cyber Risk LLC CEO Jody Westby when she received an automated call that displayed Apple’s logo, physical address, company domain and customer support phone number. The call warned Westby that unknown attackers had compromised multiple servers containing users’ Apple IDs. It then urged her to ring a 1-866 number immediately.

Suspicious of the call, Westby contacted Apple’s support number directly and requested a callback from a support representative. The agent who called back reassured Westby that Apple had not placed the original call. But when she looked at her phone, Westby observed that her iPhone had lumped together both the scam call and the official callback under Apple’s contact profile on her device. Not surprisingly, this failure of Apple’s own devices to spot a spoof call could potentially fool many users.

The Prevalence of Phishing Attacks Targeting Apple Users

This phony call scam stands out for its extensive use of Apple branding. But by no means is it the only phone-related phishing scam targeting Apple users in recent history. For example, in July 2018, Ars Technica identified an India-based tech support scam using a fake Apple website that popped up a system dialog box with a prompt to call the fraudsters.

These phishing instances come after enterprise mobile security and data management provider Wandera found in 2017 that nearly two-thirds of mobile phishing attacks occur on iOS devices. This rate means that Apple users are twice as likely to experience phishing on their devices than Android users.

Help Your Employees Defend Against Phishing Scams

Security professionals can help employees defend against phishing scams by creating a security awareness training program that uses clear, concise policies based around business requirements. Organizations should also take a layered approach to email security — requiring a mix of both technology and education — to better defend against email-borne phishing campaigns.

The post Phone-Based Phishing Scam Reveals the Growing Sophistication of Attacks Against Apple Users appeared first on Security Intelligence.

Has Your Phone Become Your Third Child? Ways to Get Screen Time Anxiety Under Control

smartphone screen timeYou aren’t going to like this post. However, you will, hopefully, find yourself nodding and perhaps, even making some changes because of it. Here it friends: That love-hate relationship you have with your smartphone may need some serious attention — not tomorrow or next week — but now.

I’m lecturing myself first by the way. Thanks to the June iOS update that tracks and breaks down phone usage, I’m ready — eager in fact — to make some concrete changes to my digital habits. Why? Because the relationship with my phone – which by the way has become more like a third child — is costing me in time (75 days a year to be exact), stress, and personal goals.

I say this with much conviction because the numbers don’t lie. It’s official: I’m spending more time on my phone than I am with my kids. Likewise, the attention I give and the stress caused by my phone is equivalent to parenting another human. Sad, but true. Here’s the breakdown.

Screen time stats for the past seven days:

  • 5 hours per day on my device
  • 19 hours on social networks
  • 2 hours on productivity
  • 1 hour on creativity
  • 18 phone pickups a day; 2 pickups per hour

Do the math:

  • 35 hours a week on my device
  • 1,820 hours a year on my device
  • 75 days a year on my device

Those numbers are both accurate and disturbing. I’m not proud. Something’s gotta give and, as Michael Jackson once said, change needs to start with the man (woman) in the mirror.

A 2015 study by Pew Research Center found that 24% of Americans can’t stop checking their feeds constantly. No surprise, a handful of other studies confirm excessive phone use is linked to anxiety, depression, and a social phenomenon called FOMO, or Fear Of Missing Out.

Efficiency vs. Anxiety

There’s no argument around the benefits of technology. As parents, we can keep track of our kids’ whereabouts, filter their content, live in smart houses that are efficient and secure, and advance our skills and knowledge at lightning speeds.

That’s a lot of conveniences wrapped in even more pings, alerts, and notifications that can cause anxiety, sleeplessness, and stress.  In our hyper-connected culture, it’s not surprising to see this behavior in yourself or the people in your social circles.

  • Nervousness or anxiety when you are not able to check your notifications.
  • An overwhelming need to share things — photos, personal thoughts, stresses — with others on social media.
  • Withdrawal symptoms when you are not able to access social media.
  • Interrupting conversations to check social media accounts.
  • Lying (downplaying) to others about how much time you spend on social media sites.

We often promote balance in technology use, but this post will go one step further. This post will get uncomfortably specific in suggesting things to do to put a dent in your screentime. (Again, these suggested changes are aimed at this mom first.)

Get Intentional

  • Look at your stats. A lot of people don’t go to the doctor or dentist because they claim “not knowing” about an ailment is less stressful than smartphone screen timeknowing. Don’t take that approach to your screen time. Make today the day you take a hard look at reality. Both iOS and Android now have screen time tracking.
  • Get reinforcements.  There are a lot of apps out there like Your Hour, AppBlock, Stay Focused, Flipd, and App Off Timer designed to help curb your smartphone usage. Check out the one/s that fits your needs and best helps you control your screen time.
  • Plan your week. If you have activities planned ahead of time for the week — like a hike, reading, a movie, or spending time with friends — you are less likely to fritter away hours on your phone.
  • Leave your phone at home. Just a decade ago we spent full days away from home running errands, visiting friends, and exploring the outdoors — all without our phones. The world kept turning. Nothing fell to pieces. So start small. Go to the grocery store without your phone. Next, have dinner with friends. Then, go on a full day excursion. Wean yourself off your device and reclaim your days and strengthen your relationships.
  • Establish/enforce free family zones. Modeling control in your phone use helps your kids to do the same. Establish phone free zones such as homework time, the dinner table, family activities, and bedtime. The key here is that once you establish the phone free zones, be sure to enforce them. A lot of parents (me included) get lax after a while in this area. Research products that allow you to set rules and time limits for apps and websites. McAfee Safe Family helps you establish limits with pre-defined age-based rules that you can be customized based on your family’s needs.
  • Delete unused apps. Give this a try: Delete one social app at a time, for just a day or a week, to see if you need it. If you end up keeping even one time-wasting app off your phone, the change will be well worth it.
  • Engage with people over your phone. If you are in the line at the grocery store, waiting for a show to begin, or hanging out at your child’s school/ sports events, seek to connect with people rather than pull out your phone. Do this intentionally for a week, and it may become a habit!
  • Do one thing at a time. A lot of wasted device time happens because we are multi-tasking — and that time adds up. So if you are watching a movie, reading, or even doing housework put your phone in another room — in a drawer. Try training yourself to focus on doing one thing at a time.smartphone screen time
  • Give yourself a phone curfew. We’ve talked about phone curfews for kids to help them get enough sleep but how about one for parents? Pick a time that works for you and stick to it. (I’m choosing to put my phone away at 8 p.m. every night.)
  • Use voice recorder, notes app, or text. Spending too much time uploading random content? Curb your urge to check or post on social media by using your voice recorder app to speak your thoughts into. Likewise, pin that article or post that photo to your notes to catalog it in a meaningful way or text/share it with a small group of people. These few changes could result in big hours saved on social sites.
  • Turn off notifications. You can’t help but look at those notifications so change your habitual response by turning off all notifications.
  • Limit, don’t quit. Moderation is key to making changes stick. Try limiting your social media time to 10 minutes a day. Choose a time that works and set a timer if you need to. There’s no need to sever all ties with social media just keep it in its proper place.

Slow but Specific Changes

Lastly, go at change slowly (but specifically) and give yourself some grace. Change isn’t easy. You didn’t rack up those screen time stats overnight. You’ve come to rely on your phone for a lot of tasks as well as entertainment. So, there’s no need to approach this as a life overhaul, a digital detox, or take an everything or nothing approach. Nor is there a need to trumpet your social departure to your online communities. Just take a look at your reality and do what you need to do to take back your time and control that unruly third child once and for all. You’ve got this!

The post Has Your Phone Become Your Third Child? Ways to Get Screen Time Anxiety Under Control appeared first on McAfee Blogs.

Wirelurker for OSX, iOS (Part I) and Windows (Part II) samples


PART II

Wirelurker for Windows (WinLurker)

Research: Palo Alto Claud Xiao: Wirelurker for Windows

Sample credit: Claud Xiao



PART I


Research: Palo Alto Claud Xiao WIRELURKER: A New Era in iOS and OS X Malware

Palo Alto |Claud Xiao - blog post Wirelurker

Wirelurker Detector https://github.com/PaloAltoNetworks-BD/WireLurkerDetector


Sample credit: Claud Xiao


Download

Download Part I
Download Part II

Email me if you need the password




List of files
List of hashes 

Part II

s+«sìÜ 3.4.1.dmg 925cc497f207ec4dbcf8198a1b785dbd
apps.ipa 54d27da968c05d463ad3168285ec6097
WhatsAppMessenger 2.11.7.exe eca91fa7e7350a4d2880d341866adf35
使用说明.txt 3506a0c0199ed747b699ade765c0d0f8
libxml2.dll c86bebc3d50d7964378c15b27b1c2caa
libiconv-2_.dll 9c8170dc4a33631881120a467dc3e8f7
msvcr100.dll bf38660a9125935658cfa3e53fdc7d65
libz_.dll bd3d1f0a3eff8c4dd1e993f57185be75
mfc100u.dll f841f32ad816dbf130f10d86fab99b1a

zlib1.dll c7d4d685a0af2a09cbc21cb474358595


│   apps.ipa
│   σ╛«σìÜ 3.4.1.dmg

└───WhatsAppMessenger 2.11.7
            libiconv-2_.dll
            libxml2.dll
            libz_.dll
            mfc100u.dll
            msvcr100.dll
            WhatsAppMessenger 2.11.7.exe
            zlib1.dll
            使用说明.txt


Part I

BikeBaron 15e8728b410bfffde8d54651a6efd162
CleanApp c9841e34da270d94b35ae3f724160d5e
com.apple.MailServiceAgentHelper dca13b4ff64bcd6876c13bbb4a22f450
com.apple.appstore.PluginHelper c4264b9607a68de8b9bbbe30436f5f28
com.apple.appstore.plughelper.plist 94a933c449948514a3ce634663f9ccf8
com.apple.globalupdate.plist f92640bed6078075b508c9ffaa7f0a78
com.apple.globalupdate.plist f92640bed6078075b508c9ffaa7f0a78
com.apple.itunesupdate.plist 83317c311caa225b17ac14d3d504387d
com.apple.machook_damon.plist 6507f0c41663f6d08f497ab41893d8d9
com.apple.machook_damon.plist 6507f0c41663f6d08f497ab41893d8d9
com.apple.MailServiceAgentHelper.plist e6e6a7845b4e00806da7d5e264eed72b
com.apple.periodic-dd-mm-yy.plist bda470f4568dae8cb12344a346a181d9
com.apple.systemkeychain-helper.plist fd7b1215f03ed1221065ee4508d41de3
com.apple.watchproc.plist af772d9cca45a13ca323f90e7d874c2c
FontMap1.cfg 204b4836a9944d0f19d6df8af3c009d5
foundation 0ff51cd5fe0f88f02213d6612b007a45
globalupdate 9037cf29ed485dae11e22955724a00e7
globalupdate 9037cf29ed485dae11e22955724a00e7
itunesupdate a8dfbd54da805d3c52afc521ab7b354b
libcrypto.1.0.0.dylib 4c5384d667215098badb4e850890127b
libcrypto.1.0.0.dylib 3b533eeb80ee14191893e9a73c017445
libiconv.2.dylib 94f9882f5db1883e7295b44c440eb44c
libiconv.2.dylib fac8ef9dabdb92806ea9b1fde43ad746
libimobiledevice.4.dylib c596adb32c143430240abbf5aff02bc0
libimobiledevice.4.dylib 5b0412e19ec0af5ce375b8ab5a0bc5db
libiodb.dylib bc3aa0142fb15ea65de7833d65a70e36
liblzma.5.dylib 5bdfd2a20123e0893ef59bd813b24105
liblzma.5.dylib 9ebf9c0d25e418c8d0bed2a335aac8bf
libplist.2.dylib 903cbde833c91b197283698b2400fc9b
libplist.2.dylib 109a09389abef9a9388de08f7021b4cf
libssl.1.0.0.dylib 49b937c9ff30a68a0f663828be7ea704
libssl.1.0.0.dylib ab09435c0358b102a5d08f34aae3c244
libusbmuxd.2.dylib e8e0663c7c9d843e0030b15e59eb6f52
libusbmuxd.2.dylib 9efb552097cf4a408ea3bab4aa2bc957
libxml2.2.dylib 34f14463f28d11bd0299f0d7a3985718
libxml2.2.dylib 95506f9240efb416443fcd6d82a024b9
libz.1.dylib 28ef588ba7919f751ae40719cf5cffc6
libz.1.dylib f2b19c7a58e303f0a159a44d08c6df63
libzip.2.dylib 2a42736c8eae3a4915bced2c6df50397
machook 5b43df4fac4cac52412126a6c604853c
machook ecb429951985837513fdf854e49d0682
periodicdate aa6fe189baa355a65e6aafac1e765f41
pphelper 2b79534f22a89f73d4bb45848659b59b
sfbase.dylib bc3aa0142fb15ea65de7833d65a70e36
sfbase.dylib bc3aa0142fb15ea65de7833d65a70e36
sfbase_v4000.dylib 582fcd682f0f520e95af1d0713639864
sfbase_v4001.dylib e40de392c613cd2f9e1e93c6ffd05246
start e3a61139735301b866d8d109d715f102
start e3a61139735301b866d8d109d715f102
start.sh 3fa4e5fec53dfc9fc88ced651aa858c6
stty5.11.pl dea26a823839b1b3a810d5e731d76aa2
stty5.11.pl dea26a823839b1b3a810d5e731d76aa2
systemkeychain-helper e03402006332a6e17c36e569178d2097
watch.sh 358c48414219fdbbbbcff90c97295dff
WatchProc a72fdbacfd5be14631437d0ab21ff960
7b9e685e89b8c7e11f554b05cdd6819a 7b9e685e89b8c7e11f554b05cdd6819a
update 93658b52b0f538c4f3e17fdf3860778c
start.sh 9adfd4344092826ca39bbc441a9eb96f

File listing

├───databases
│       foundation
├───dropped
│   ├───version_A
│   │   │   com.apple.globalupdate.plist
│   │   │   com.apple.machook_damon.plist
│   │   │   globalupdate
│   │   │   machook
│   │   │   sfbase.dylib
│   │   │   watch.sh
│   │   │
│   │   ├───dylib
│   │   │       libcrypto.1.0.0.dylib
│   │   │       libiconv.2.dylib
│   │   │       libimobiledevice.4.dylib
│   │   │       liblzma.5.dylib
│   │   │       libplist.2.dylib
│   │   │       libssl.1.0.0.dylib
│   │   │       libusbmuxd.2.dylib
│   │   │       libxml2.2.dylib
│   │   │       libz.1.dylib
│   │   │
│   │   ├───log
│   │   └───update
│   ├───version_B
│   │       com.apple.globalupdate.plist
│   │       com.apple.itunesupdate.plist
│   │       com.apple.machook_damon.plist
│   │       com.apple.watchproc.plist
│   │       globalupdate
│   │       itunesupdate
│   │       machook
│   │       start
│   │       WatchProc
│   │
│   └───version_C
│       │   com.apple.appstore.plughelper.plist
│       │   com.apple.appstore.PluginHelper
│       │   com.apple.MailServiceAgentHelper
│       │   com.apple.MailServiceAgentHelper.plist
│       │   com.apple.periodic-dd-mm-yy.plist
│       │   com.apple.systemkeychain-helper.plist
│       │   periodicdate
│       │   stty5.11.pl
│       │   systemkeychain-helper
│       │
│       └───manpath.d
│               libcrypto.1.0.0.dylib
│               libiconv.2.dylib
│               libimobiledevice.4.dylib
│               libiodb.dylib
│               liblzma.5.dylib
│               libplist.2.dylib
│               libssl.1.0.0.dylib
│               libusbmuxd.2.dylib
│               libxml2.2.dylib
│               libz.1.dylib
│               libzip.2.dylib
├───iOS
│       sfbase.dylib
│       sfbase_v4000.dylib
│       sfbase_v4001.dylib
│       start
│       stty5.11.pl
├───IPAs
│       7b9e685e89b8c7e11f554b05cdd6819a
│       pphelper
├───original
│       BikeBaron
│       CleanApp
│       FontMap1.cfg
│       start.sh
└───update
        start.sh
        update