Apple Launches Web Tool to Deregister Phone Numbers from iMessage

Apple today released a new web tool for users to deregister their phone number from iMessage in the event they switched to a non-Apple device. To deregister a phone number from iMessage, users simply enter their phone number in Apple's web tool, receive a free text message containing a code, and submit the code to complete the process. Users who still have their original iPhone can also transfer their SIM card back to the device and go to Settings -> Messages to turn iMessage off.





Users switching from an iPhone to another device were often unable to receive SMS messages from another iPhone due to their phone number still being linked to iMessage. These specific errors with iMessage have been a well-known issue since 2011, which is when the messaging service debuted with iOS 5. They were also made even more apparent this past May, where a server glitch caused widespread message delivery problems. Apple was even sued over the matter in a California court, although the company claimed that it was aware of the issue and could not provide a fix.



Apple's web tool for deregistering phone numbers from iMessage is available now.

Read More [...]

Posted in 2014 at 12:55AM, November 10

Apple to Live Stream Upcoming October 16 iPad Event

Apple has plans to offer a live stream of its October 16 event, according to a source that spoke to MacRumors. As with its September 9 iPhone event, Apple will likely offer a stream of the event both on its website and through a dedicated channel on the Apple TV.



Invitations for the October 16 event, which will be held at the Town Hall auditorium on the company's Cupertino campus at 10:00 AM Pacific Time, went out earlier this week with the tagline "It's been way too long."





At the event, Apple is expected to introduce an updated iPad Air and possibly a new Retina iPad mini, as well as updated iMacs with a 27-inch model that has a high-resolution Retina display. OS X Yosemite is also likely to be previewed one more time before its public launch, and updated Mac minis, which are rumored to be in the works, might possibly see an announcement at the event.



In addition to Apple's live stream, MacRumors will be providing its own live coverage of the event, both on MacRumors.com and on the MacRumorsLive Twitter account.

Read More [...]

Posted in 2014 at 12:55AM, October 10

Hackers Using Law Enforcement Tools to Access iCloud Backups Unprotected by Two-Factor Authentication

Earlier today, Apple issued a press release stating that an iCloud/Find My iPhone breach had not been responsible for the leak of several private celebrity photos over the weekend, instead pointing towards a "very targeted attack on user names, passwords, and security questions" hackers used to gain access to celebrity accounts.



The company did not divulge specific details on how hackers accessed the iCloud accounts, leading Wired writer Andy Greenberg to investigate the methods that hackers might possibly have used to acquire the stolen media.



Greenberg visited Anon-IB, a popular anonymous image board where some of the celebrity photos first originated, and discovered that hackers openly discuss exploiting software designed for law enforcement and government officials. Called ElcomSoft Phone Password Breaker (EPPB), the software in question lets hackers enter a stolen username and password to obtain a victim's full iPhone/iPad backup.

"Use the script to hack her passwd...use eppb to download the backup," wrote one anonymous user on Anon-IB explaining the process to a less-experienced hacker. "Post your wins here ;-)"

Acquiring just a user name and password allows hackers access to content on iCloud.com, but with the accompaniment of the ElcomSoft software, a complete backup can reportedly be downloaded into easy-to-access folders filled with the device's contents.



According to security researcher Jonathan Zdziarski, who spoke to Wired , metadata from some of the leaked photos is in line with the use of the ElcomSoft software and possibly the iBrute software, which exploited a vulnerability in Find My iPhone to allow hackers unlimited attempts to guess a password. Apple has, however, patched the exploit, and has suggested iBrute was not a factor in the attacks.



As noted by TechCrunch , using ElcomSoft's software to download an iPhone's backup successfully circumvents two-factor verification as the two-factor authentication system does not cover iCloud backups or Photo Stream. Apple's press release pointed towards two-factor authentication as a way to prevent similar hacking attempts, but it appears enabling two-factor authentication would not stop iCloud backup hacks conducted with the Phone Password Breaker.





The ElcomSoft software does not require any credentials to purchase and while it costs $399 to purchase, it is also available on bittorrent sites. This gap in security has been known for quite some time, with ElcomSoft's own CEO pointing towards the lack of two-factor authentication for iCloud backups back in May of 2013.



Apple has explored expanding two-factor authentication to some iCloud services, but an official expansion of the security feature has not yet been introduced.

Read More [...]

Posted in 2014 at 12:55AM, September 03