Andrew Orr's photo

Andrew Orr

Since 2015 Andrew has been writing about Apple, privacy, security, and at one point even Android. You can find him most places online under the username @andrewornot.

Get In Touch:

Articles by Andrew Orr

Link

Researchers Spoof Face ID Using Tape and Glasses

Andrew Orr ·

During the Black Hat 2019 conference, researchers demonstrated a way to spoof Face ID using nothing more than glasses and tape.

To launch the attack, researchers with Tencent tapped into a feature behind biometrics called “liveness” detection, which is part of the biometric authentication process that sifts through “real” versus “fake” features on people. It works by detecting background noise, response distortion or focus blur. One such biometrics tool that utilizes liveness detection is FaceID, which is designed and utilized by Apple for the iPhone and iPad Pro.

Link

iOS 13 Will Prevent Location Tracking via SSID, BSSID

Andrew Orr ·

During Apple’s WWDC 2019 developer session 713 titled, “Advances in Networking” revealed that iOS 13 will stop location tracking using your device’s SSID/BSSID using the CNCopyCurrentNetworkInfo API. Developers have reported getting an email from Apple that says:

Starting with iOS 13, the CNCopyCurrentNetworkInfo API will no longer return valid Wi-Fi SSID and BSSID information. Instead, the information returned by default will be:

SSID: “Wi-Fi” or “WLAN” (“WLAN” will be returned for the China SKU) BSSID: “00:00:00:00:00:00”

Link

Apple Locks New iPhone Batteries to Each Model

Andrew Orr ·

With a special chip on the battery, Apple is locking down new iPhone batteries to prevent third-party repairs. Instead, you’ll have to go to an Apple store or an authorized repair center.

iFixit reports that replacing a battery in the iPhone XR, XS, or XS Max generates a “service” message saying the phone is “unable to verify this iPhone has a genuine Apple battery.” The phone will also not display any battery health readings.

The change is due to the chip on the battery itself. In addition to being able to relay information about battery cycles and temperature to the phone, the chips on the newer iPhone models also have an authentication feature for pairing with a specific phone.

Link

Amazon Helps Cops Get Ring Surveillance Videos Without Warrants

Andrew Orr ·

A couple weeks ago I shared news that Amazon is requiring police to promote its Ring surveillance cameras. Not that bad, I thought, because at least the police had to have the owner’s permission. But I was optimistic, because Amazon is giving police talking points on how to persuade owners, and even seizing the video footage if the owner said no.

As reported by GovTech on Friday, police can request Ring camera footage directly from Amazon, even if a Ring customer denies to provide police with the footage. It’s a workaround that allows police to essentially “subpoena” anything captured on Ring cameras.

Things like government surveillance and hacking are precisely why I will never buy smart home products. Update: A Ring spokesperson emailed me a correction: The reports that police can obtain any video from a Ring doorbell within 60 days is false. Ring will not release customer information in response to government demands without a valid and binding legal demand properly served on us. Ring objects to overbroad or otherwise inappropriate demands as a matter of course.

Cool Stuff Found

PDF Expert 7 Pro Features Cost $50 Yearly

Andrew Orr ·

Readdle is launching PDF Expert 7, and Pro features are now a subscription of US$49.99/year. There are still free features available, but if you want to do anything other than viewing a PDF, you’ll have to pay. Free Features: New design; better page management; sticker packs; improved engine that now runs on Metal; Files app integration; advanced search; new Annotation Summary tool. Pro Features: Edit PDF text and images; convert to PDF; reduce PDF file size; organize pages; sign PDFs; protect PDFs with a password; customizable toolbar; regular major updates. If you bought the PDF Expert 6 pro features, you’ll still have them in PDF Expert 7. App Store: Free (Offers In-App Purchases)

 

Link

Create an Email Filter for Your Bank So You Won't Miss Important Messages

Andrew Orr ·

David Murphy has a good tip: Create an email filter for your bank so you don’t miss important messages like fraud alerts.

Get specific when you set your filters, because you don’t want to accidentally drag in phishing emails that are attempting to pose as your bank. This shouldn’t be a problem if your email service is good about eradicating spam but, when in doubt, I’d probably try to set a combined filter for emails from your bank’s exact domain that contain the word “fraud,” rather than just a filter that catches subject lines with “your bank’s name” and “fraud.”

Link

Apple Card Doesn't Support Financial Apps

Andrew Orr ·

Within Wallet, your Apple Card will display transaction categories, transaction history, total spending, and more. But you won’t be able to export that data to financial apps.

As financial apps like Mint and software like Quicken are popular with many people, it’s possible that Apple will add support for exporting data in the future. Right now, Apple Card data and transactions can be viewed and managed only on the iPhone and the iPad, with no web support available.

Link

Mastercard Benefits for Apple Card Customers

Andrew Orr ·

While Apple is busy rolling out its credit card to customers, Mastercard shared some benefits you’ll get with the card. Both companies clearly prefer Apple Card to be your default payment method, and maybe these extra features will entice you. Here is one:

Mastercard ID Theft Protection

A complimentary service that will alert you about possible identity theft by monitoring the surface, dark and deep web, searching for compromised credentials and potentially damaging use of your registered personal information.2 To enroll, visit applecard.idprotectiononline.com.

Link

Apple Card Rolls Out to Select Users Today

Andrew Orr ·

Apple Card preview is rolling out today to a select group of users who signed up to be notified of the release, although we don’t know if it’s all users who signed up or a small group.

Apple Card is getting its first group of public test users today. A limited amount of customers that signed up to be notified about the release of Apple Card are getting the ability to apply for the card in their Wallet app today — as well as the option to order their physical Apple Card. A full rollout of Apple Card will come later in August. It requires iOS 12.4 and up to operate.

Link

Microsoft Launches Azure Security Lab and Doubles Bug Bounty

Andrew Orr ·

Announced at Black Hat 2019 today, Microsoft launched the Azure Security Lab, as well as doubling its top Azure bug bounty to US$40,000.

The Azure Security Lab takes the idea to the next level. It’s essentially a set of dedicated cloud hosts isolated from Azure customers so security researchers can test attacks against cloud scenarios. The isolation means researchers can not only research vulnerabilities in Azure, they can attempt to exploit them.

The Azure Security Lab isn’t open to the public — you have to apply. Microsoft is promising quarterly campaigns for targeted scenarios with added incentives, including exclusive swag. Security researchers will also be able to engage directly with Azure security experts.

Link

Apple Previews Apple Card Sign Up Process

Andrew Orr ·

Apple’s wallet.apple.com website gives people a video on how to apply for Apple Card, which consists of opening the Wallet app and tapping the plus (+) button on the upper right.

Before you start, there are a few things to check: You are a US citizen or lawful resident at least 18 years of age or older. Make sure you’re on the latest version of iOS. Learn here how to updateApplying for Apple Card requires an iPhone that can use Apple Pay. Check here to see if your device is compatible.

I can’t wait for the launch, and will be signing up.