iOS Security Hole Allows Attackers To Poison Already Installed iPhone Apps

“Masque attack” could expose the bank details, emails, and other sensitive data.

Security researchers have warned of a security hole in Apple’s iOS devices that could allow attackers to replace legitimate applications with booby traps, an exploit that could expose passwords, emails or other sensitive user data.

The attack “Masque”, as described by researchers at security firm Fire Eye, is based on the supply of the company to replace banking, email, or other legitimate applications already installed on a proprietary telephone created by a malicious adversary. From there, the attacker can use the Access application sends malicious emails, tokens login credentials or other data belonging to the legitimate application.

“The Masque attacks can replace real applications, such as banking and email applications, the use of malware attacker on the Internet,” the researchers wrote in a blog Fire Eye released Monday. “That means the attacker can steal banking credentials from users by replacing a real banking application with malware that has the same user interface. Surprisingly, malware can still access local data of the original application, was not removed when the original application is replaced. These data can contain cached emails or login-tokens that malware can use to log into the user account directly. ”

The attack works by presenting a specific phone with the same type of digital certificate from large corporations use to install custom applications on iPhones and iPads for employees, provided that both the legitimate application and malicious application use the same packet identifier. The attack requires some sort of decoy to fool a goal in installing the malicious application, possibly billed as an update out of band or track to an already installed application. Recently, researchers found evidence of attacks may be circulating online, said without elaborating. The technique does not work with pre-installed iOS apps like Mobile Safari. Fire Eye researchers said they reported the vulnerability to Apple in July.

“By leveraging Masque attack, an attacker can trick a victim to install an application with a misleading name crafted by the attacker (like New Angry Bird) and the iOS system will be used to replace a legitimate application with the same identifier package “Monday’s report said.”Attack Masque could not replace own applications platform as Apple Mobile Safari, but you can replace the installed applications from the App Store.” From there, attackers can:

Imitate interface logon application replaced to steal login credentials victims
Local caches application data assigned to replace to steal access emails, Session Tokens or other sensitive data
Install custom programming interfaces are not approved by Apple on phones of victims
Skip the normal architecture built into iOS application sandbox and get root access by exploiting known possibly iOS, such as those recently conducted by the team of Pangu vulnerabilities.

Fire Eye researchers documented the following example attack proof of concept:

In one of our experiments, we used an application on the company with a packet identifier “com.google.Gmail” with a title “New Flappy Bird.” We signed this application from a certified company. When you install this application from a web page, which replaced the original Gmail app on the phone.

Figure 1 illustrates this process. Figure 1 (a) (b) show the genuine Gmail application installed on the device with 22 unread e-mails. Figure 1 (c) shows that the victim was lured to install an application on the local called “New Flappy Bird” of a site. Note that “New Flappy Bird” is the title of this application and the attacker can set it to an arbitrary value in the preparation of this application. However, this application has a packet identifier “com.google.Gmail”.

After the victim clicks on “Install”, Figure 1 (d) shows the application of the house was replacing the original Gmail app during installation. Figure 1 (e) shows that the original Gmail app was replaced by the application in the enterprise. After the installation, open the new “Gmail” application the user is automatically registered with almost the same user interface except for a small text box at the top that says “yes, you are pwned” which designed to easily illustrate the attack. Attackers will not be displayed as a courtesy to real-world attacks. Meanwhile, the emails stored in the local cache authentic original Gmail application, which were stored in plain text in a sqlite3 database as shown in Figure 2, are loaded into a remote server.

Note that Attack Masque completely passing over the wireless network, without relying on connecting the device to a computer.

Message Monday comes a few days after researchers discovered a Palo Alto Networks active malware campaign also abused company certificates to install unwanted apps on iPhones & iPads. The post FireEye WireLurker described as a “limited form of attacks Masque to attack iOS devices via USB. Attacks Masque can be a lot bigger than WireLurker threat.”

The attacks can be prevented by installing only the applications that come from official App Store of Apple. Users who encounter dialogs third party websites requesting permission to update existing applications or install new ones should be especially suspect. Users must promptly uninstall all applications that return a warning saying that “Untrusted App Developer.”

Microsoft’s Next Surprise Is Free Office For iPad, iPhone,Aand Android

There is no such thing as a free lunch, or is there?

Microsoft Office Suite for iPad, iPhone, and Android is now free. In a surprise move, the software giant is shaking his mobile office strategy to keep consumers connected to Word, Excel, and PowerPoint. Starting today, you no longer need a subscription to Office 365 for editing documents or store them in the cloud. The decision comes just days after Microsoft announced a strategic alliance to integrate Dropbox storage service in the cloud via Office desktop, mobile and web. You can now download Office for iPad and store all your documents in Dropbox without pay Microsoft anything at all. Microsoft is also launching a new iPhone application of the mark today with a preview of Office for Android tablets, all with Dropbox integration.

Microsoft plans may seem crazy to most, and which at first sight is easy to reach that conclusion, but the company argues it is a matter of moving your free web applications for mobile phones. “It’s an extension of the strategy we have,” says marketing director Michael Atalla from Microsoft Office. “There is a total strategic change as much of an extension of the existing strategy.” Microsoft offers free online Office applications, and Atalla argues that recent changes in the pattern of development within Microsoft have allowed the company to open the editing functionality for mobile clients. “We’re taking the same user experience that we offer online for native iOS and Android applications. We want to ensure that our customers can be productive through every device they have.”

While consumers using mobile Office applications can access for free, Microsoft is extending this free enterprise functionality. Office 365 subscription is required to edit the documents stored in Dropbox OneDrive for business or for business, a clear sign of how Microsoft will continue to generate money from the thousands of companies that rely on its suite of productivity and platform cloud. “There are still worth the premium that will add on top of that,” says Atalla. “There will still be subscription value, clear and easily identifiable in the commercial space, but also in the consumer space around the advanced authoring, analysis, presentation and OneDrive unlimited storage.” Microsoft is also restricting any graphic element of personalization and tracking changes to paid customers, so the premium features.

The key here seems to be a strategic move by Microsoft to maintain the competence of the Office for the mobile space. It is too easy for competitors to build competitive products and ship free on iPad, iPhone, and Android, which offers superior features at the top. Microsoft Office Suite is dominant, which also means it’s ripe for disruption. If there is an iPad app Office opponent‘s free and easy to use, which could tempt consumers away from their dependence on preconceived Word, Excel and PowerPoint. CloudOn, an application based on gestures for editing Office documents, has seen some early success here. Apple also offers its own iWork apps on the iPad at no additional cost, and several rivals, including the maker of the popular iPad app Paper, are emerging to threaten the mobile office. The nightmare scenario for Microsoft is that consumers realize suddenly that do not require Office to create your resume or personal documents, so why should they pay for it on a smartphone or tablet, where we are used to get free apps.

While Microsoft never admit it, is that threat more than anything that has forced change moving company here. “By in large we want the experience of creating core against all users who love the Office on any device they choose,” says Atalla. That experience building nucleus can help keep users hooked Office, and Microsoft does not want to face a future in which consumers, and finally, companies are no longer obsessed with Word, Excel and PowerPoint. There is also a game for OneDrive consumers using cloud storage and a Microsoft. Both can help Microsoft to tempt consumers to Office 365 for additional storage and the added advantage of Office for PC and Mac, as part of a subscription. It‘s a bold move for Microsoft, but also defensive. Competition from Microsoft now have to look elsewhere to plot their attack Office.

How The iPhone And Oil Prices Are Propelling The Best U.S. Economy In Years

In our minds, the price of gas has a huge impact. It’s hard to spend more than a day or two without seeing what it costs to fill your car at a nearby station, given the prominent indication of prices. And lately the price has been directed in one direction – down. Thanks almost entirely to drop about $ 30 on the price of a barrel of oil, much of the decline in just the past few weeks, gas prices are at multi-year low and many Americans have a little more to spend elsewhere.

A popular place to put that money has recently been on a new Apple iPhone, which went on sale just over a month since the price on the pump started their recent free fall. Because the economic effects are complex, none of them is an unqualified victory for the US economy. But overall, it is likely to help the country to finish 2014 with one of its strongest since the financial crisis of 2008 results.

How large can be a bit of phone?

Michael Feroli, chief economist of the US JPMorgan Chase said the New York Times smartphone Apple has a great importance. “The iPhone is having a measurable impact. This is a small gadget, but it costs a lot and it seems that everyone has one. By doing the multiplication, to be imported.” His estimate is that sales of the iPhone added 1 / 4 1/3 of a point of GDP.

Notably, similar Feroli had to say things again in 2012, when the iPhone 5 was new. At that time, he estimated that 8 million new phones were sold in the country in the fourth quarter with about $ 400 margin. In any case, reports earlier this cycle and the CEO of Apple, Tim Cook, suggest that demand is stronger than ever. Feroli reality is more cautious with his estimate of the contribution of GDP this time even though the profit margin Apple phone is almost the same and the iPhone’s popularity has not faded.

But a cautious tone on the overall impact sounds, too. People who buy iPhones may have less money to spend elsewhere. Last month, the Commerce Department reported electronics and appliance sales rose 3.4%, while apparel fell 1.2%. “People are buying iPhones, partly as a status symbol,” Feroli told the Times. “They are not buying as much clothing.”

But it will never be the oil?

The effect of substitution of one good for another makes it seem that lower oil prices are just a winner, then. For every penny that you pay at the pump, which is one more than you can put into buying something else. But oil and Apple have become opposites in a rather intriguing way that makes things less clear. When the iPhone maker was young and outselling Macs in the 1980s, was a largely domestic company. All its profits are made here and stayed here. Today, the majority of iPhones are sold abroad and the economic impact they sit there, so the prospect of Apple to sell 60 million phones this quarter has dizzying meteorologists on US GDP.

Of course, the country was also importing the majority of its oil at the time, too. When prices fell, the pain that was felt especially in the Middle East as oil revenues fell along with them. With imports down to 1/3 of oil supplies, lower prices now beat in our own backyard, through places like Texas, Oklahoma, and North Dakota. Although there is concern that even lower prices could reduce investment in US oil production and increasing imports of oil again, even $ 80 a barrel means that profits fall drillers US . This leads to a smaller number of new jobs created in an industry responsible for 2 million and, according to Daniel Yergin, energy analyst and author of The Quest: Energy, Security, and the Remaking of the Modern World.

As Yergin did not put a value of GDP in lower oil prices, Capital Economics Andrew Kenningham quartz speculated that oil below $ 90 a barrel for a full year could add 0.5% to GDP. That is more important than one quarter of iPhone impact, but requires low prices to persist for some time – an uncertain bet in an uncertain world.

Meanwhile, a global phenomenon (the iPhone) and a global product (oil) are both working their magic on the US economy, often together. These prices mean lower gas more than $ 10 billion a month in the hands of consumers rather than the oil companies. And 10 billion dollars can buy a lot of iPhones.

iPhone 6, iPhone 6 Plus May Be Tough To Find Through The Holidays

When asked if the supply will begin to reach the demand, Apple CEO Tim Cook said, “We’re not even on the same planet.”

The iPhone 6 and iPhone 6 Plus still face inventory issues.

Apple CEO Tim Cook said that demand for the new iPhones is much higher than supply.

The result: the iPhone 6 and iPhone 6 Plus can still be a difficult device to find through the holidays.

While Apple’s suppliers have increased production of new iPhones, Cook said that the available supply of iPhones is not even close to meeting customer demand. “We’re not even on the same planet,” he said in a conference call to discuss results for the fourth fiscal quarter of the company.

The comments illustrate the continued strength of the iPhone franchise, which received a boost after Apple adopted a larger screen size – 4.7 inches for the iPhone 6 and 5.5 inches for the iPhone 6 Plus – and introduced new features such pay as your Apple mobile payment service. The demand has led Apple to sell 39.3 million units in the fourth fiscal quarter, which boosted the company’s revenues and profits beyond expectations of Wall Street.

“We’re selling everything we’re doing,” he said.

Cook declined to elaborate on the mix between the iPhone 6 and iPhone 6 largest Plus, saying it is not fair to look at the mixture, because everything is selling. He noted that Apple saw an improvement in demand for all countries, which he called unusual.

“Not a bad problem to have,” he said.

Zillow Adds Mortgage Preapproval Tool To iOS Mobile Apps

Zillow has added its new mortgage preapproval tool for iOS mobile applications portal for consumers, giving buyers the ability to secure a letter of pre-approval in minutes while out house hunting.

The tool pre-approval, which launched in March Zillow allows homebuyers to receive a preapproval letter a few minutes to share their relevant income, debt and personal information. First prompted buyers to complete a short questionnaire about your income, credit score and monthly debt gives them a pre-planned amount of loan approval.

So if you are interested in continuing the process after seeing this estimate, users enter their name, email address and phone number, making research your loan immediately available to lenders on Zillow Mortgage Marketplace. Lenders can then pull ‘credit scores and if they meet borrowers with potential lenders rules, send a letter of pre-approval to share with your agent or home seller and save, print or email.

“Buying a home can be very competitive today due to inventory shortages,” said Erin Lantz, vice president of mortgage Zillow, said in a statement. “Having the ability to obtain a pre-approval letter instantly can be the difference between getting and losing a home buyer who is better prepared.”

Uber Re-Launches Windows Phone App With The ‘Complete Experience’

Taxi and Uber Internet Travel based in San Francisco Age has relaunched its Windows Phone application for consumers.

Last year, the official app for Windows Phone Uber was removed from the Windows Phone Store when users realized that the application provides access to Uber through their mobile site. But now the company says that the new app is optimized for the Windows Phone platform, and reflects the “full experience Uber ‘.

The Uber Phone Windows application is now available for download in the Windows Phone Store.

Also, Uber is also offering users free two trips Lumia worth Rs. 500 each in the login for the service through the phone application Windows Uber.

Uber announced the launch of its official blog and said: “We are very pleased to launch a new application of Uber for Windows Phone, available for free download in the Windows Store Phone Users we will be able to open the Uber app on your! Windows Phone anywhere in the world – whether in the United States, India and France -. perfectly and get a safe and reliable travel at the touch of a button ”

“The availability of the Uber app – in over 150 cities and 41 countries – and international adoption of Windows Phone means you can connect to the Windows Phone community like never before,” said the blog.

Earlier this month, on July 18 Uber offered to deliver ice cream to door in 144 cities across 38 countries and 6 continents. The list includes India, and had 6 cities – Bangalore, Chennai, Hyderabad, New Delhi, Mumbai and Pune – where customers were able to make use of the offer.

The service was UberIceCream event once a year, similar to helicopter rides Father’s Day. Notably, the company has been offering the service UberIceCream occasionally for a couple of years in different countries.

Last month, the company had launched a new service called Travel low cost UberX. Was launched on June 25 in three cities – Bangalore, Hyderabad and New Delhi.

Google Analytics Gets Its Own Dedicated iPhone App

Google has released an official app for Google Analytics for iPhone, providing the same information that is used from your web control panel to your mobile device, including visits, fonts, page views and views of user behavior. The application also provides real-time reporting, which provides control of site activity that develops.

The real-time analysis can be a unique feature for this mobile application, which means website operators can now obtain information at a glance on the current activity of your site directly in your pocket, instead of resorting the web or without owning an Android app, where the mobile analysis software made its first appearance in June. Back when the application launched, Google had said it was “definitely thinking” about a release iOS to follow – and with this release comes less than a month later; it seems they were thinking hard enough.

The Curved iPhone 6 Screen Is Great News For Consumers, But Still Leaves iOS Developers In The Dark

The almost weekly leaking details about the new screen on the iPhone 6 continue. This week was 9to5Mac images of the glass layer of the screen, showing a more rounded profile. If this is the actual design (as always, the jury is out until the release of the final product), then the style of the iPhone 6 edges will be in line with phones like the Nexus 4 and Lumia 925.

In all these leaks, it emphasized the bright superficiality of the iPhone 6.’S Avalanche of stories I place the iPhone 6 (or whatever Apple decides to call it) on a pedestal, to be regarded with respect and admiration, and allowing readers the thrill and honor to get the phone early, before the rest of the world.

Items also have the practical effect of driving traffic, so as always my Taniyama-Shimura variant is in effect.

Many of these leaks are of the supply chain that must necessarily be in place for the construction of the next iPhone, which will all be preparing for production at this time so there will be enough stock to put the phone on sale as soon as possible after the announcement.

With the different parts that make up the outer casing of the new iPhone cover last minute third profitable industry that has accumulated around protectors can start building their own actions to launch the phone. That is the real prize in the filtration of physical details. What it means is that these manufacturers are going to take a bit of a gamble, but the reward of being ready on day zero with a suitable case to be a profitable bet that many companies are willing to take – part of the BBC’s Mark Gregory is a good example of the time pressures that case designers will be under the imminent release of the next iPhone.

Hardware designers have a chain of large, porous supplies to help you prepare for the launch, unfortunately, iOS developers have nothing to go to the design for the new screen size.

5 Of The Best Smart Calendar Apps For Your iPhone

How you can leverage mobile to increase the profitability of your business? Discover in MobileBeat, VentureBeat seventh annual event on the future of mobile telephony, 8-9 July in San Francisco. There are only a few entries!

Apple revealed some amazing features in its next productivity Worldwide Developers Conference earlier this month – features that move seamlessly between users of OS X and iOS. Despite all the highlights, the team at Apple did not announce any change in one of the most important applications iOS: Calendar.

Do not worry! While we will certainly see some changes in the calendar app default iOS, there are plenty of calendar applications from reliable third parties available on the App Store with the social network and Refresh this integration that makes organizing your day be even easier.
1. Tempo

the Tempo team based in Menlo Park is “on a mission to save you time and hassle.” Tempo is focused on the use of artificial intelligence to access your social networks so you can find contact information quickly, regardless of whether the information is sitting in your iOS contact list, Facebook, LinkedIn, or any elsewhere.

2. Cal

On the heels of its award-winning productivity application, the team based in San Francisco Any.Do launched Cal No, it has nothing to do with the local school of the UC; is a calendar application wrapped in flame. As is the case with all applications we saw, syncs with your iOS Calendar application, which means that anything you do in Cal Any.Do ‘s will appear in your OS X, iOS or Google Calendar application and vice versa.

3. Mynd

the Palo Alto Alminder team is responsible for Mynd, an application that claims “not only record things to do, but actually helps to do them.” The team works hard to deliver on that promise with no less than four salient features.

4. UpTo

UpTo takes a different approach for the full schedule. With a focus on social, UpTo allows you to “follow” the publicly shared (not unlike shared calendars Google Calendar) Calendar. What is really interesting is how UpTo-interface integrates these shared personal calendars and events regular business user. The net effect is an application that it is full of content and free of debris.

5. Amanecer

At first sunrise of Sunrise Atelier seems basic. The application has a traditional view of his time with an interface that includes days, months, and display shelf weeks. Sunrise also packs in support time zone, along with the time based on the location and support of Google Maps to get directions.

But where Dawn really gets interesting is in the way is a natural platform rather than a calendar application. It is available in iOS (with dedicated interfaces for iPhone and iPad), Android and desktop via a powerful web application, which means that users can engage with an interface no matter what device they are.

Bloomberg: 4.7-inch And 5.5-inch iPhone 6 Models Could Launch At The Same Time

After several reports indicated that Apple iPhone suppliers, including Foxconn and Pegatron are they ready for the iPhone 6, Bloomberg intervened saying the two iPhone 6 bigger models will enter mass production in July. The publication has learned from people familiar with the matter that the two have 6 models of iPhone screens 4.7 inches and 5.5 inches, and could thus be released in September.

However, Apple is apparently some manufacturing problems with the larger model of iPhone 6, which has to overcome “a lower production efficiency” before volume can be increased.

Older iPhones should help Apple to better compete against Android, especially in the many markets where buyers often purchase smartphones with larger screens. The publication reveals that in China, 40% of Android devices sold in 2014 had larger 5-inch screens, according to an estimate by Forrester Research.

Bloomberg also said that the new models of iPhone 6 are rounder and thinner than its predecessors, who are consistent with the impressive number of different leaks, basically showing the same fake iPhone 6 units have shown.

“Apple is developing innovative iPhone including larger screens with curved glass and improved sensors that can detect different levels of pressure, Bloomberg News reported in November,” wrote the publication. “Called glass 2.5 sizes, material manufacturers allow the edges of the screen where the bezel meets the framework of a smartphone narrow.”

However, Bloomberg revealed no specific hardware details or release dates, either for iPhone Version 6.