Why the iPhone 11 Tracks Your Location Even When You Tell It Not To


If you call your hacking conglomerate Evil Corp and steal tens of millions of dollars from banks and individuals over the course of a decade, you can probably expect an indictment at some point. For alleged Evil Corp leader Maksim Yakubets, it came this week, as US and UK authorities charged him and an associate with hacking thefts that totaled over $100 million. A separate criminal complaint also ties Yakubets to the infamous Zeus trojan. There’s also a $5 million reward out for information leading to the arrest of cybercriminal mastermind—but don’t hold your breath.

We also took a look at vulnerabilities caused by the sloppy implementation of Rich Communication Services, the protocol that’s on its way to replacing SMS for texting and more. Even if you’re not familiar with RCS, you’re going to encounter it on Android soon; Google recently made it the default for its stock Messenger app. But unless it and the various carriers who have embraced it as the future of texting get their acts together, it doesn’t look much more secure than the recent past.

Speaking of the past, Microsoft patched what it considered a low-severity bug in Microsoft Outlook in 2017. So far, so good. But hackers have since figured out how to get around that fix, leaving Outlook alarmingly exposed to attacks at a time when email has become a target. Security firm FireEye recently sounded a warning that it had seen lots of activity lately associated with the bug, ranging from state-sponsored hacking crews to, well, other security firms on pen-testing missions.

What’s a dead drop? We explain it in depth, and you don’t even have to go to a previously agreed upon hiding spot to read it. And we took a look at why DuckDuckGo might just be the Google Chrome alternative you’ve been pining for. And if you have some time to spare this weekend, spend it with these animal liberation activists who want jurors to have to experience the suffering of animals being sent to slaughter for themselves—in virtual reality.

Lastly, a serious note: Ewoks are the most tactically advanced fighters in the Star Wars universe. This is not up for debate. Thank you for your time.

And there’s more. Every Saturday we round up the security and privacy stories that we didn’t break or report on in-depth but which we think you should know about nonetheless. Click on the headlines to read them, and stay safe out there.

The week started with a minor mystery. Security journalist Brian Krebs noted that the iPhone 11 and 11 Plus check in on your location even when you turn off all location-related settings. That doesn’t happen on older iPhones, and more importantly, goes against Apple’s privacy policy and general gestalt. Rather than clearing the issue up at the time, Apple brushed off Krebs, giving no explanation other than that it was expected behavior. Well! A few days later, the company finally gave a real answer. It turns out to be related to the new ultra wideband technology enabled by the U1 chip inside of Apple’s latest phones. “Ultra Wideband technology is an industry standard technology and is subject to international regulatory requirements that require it to be turned off in certain locations,” Apple’s statement reads. The location pings are there to make sure you’re not in one of those locations, and the info never leaves the phone itself. All of which sounds reasonable enough, although it’s still extremely unclear why Apple couldn’t have just said all of that in the first place.



Source link