SAN FRANCISCO — Don’t use a mobile authenticator app on an old smartphone, because the app is only as secure as the operating system in which it’s running, two security researchers said at the RSA Conference here earlier this week.
In fact, one of the researchers says to avoid Samsung phones altogether.
Aaron Turner and Georgia Weidman emphasized that using authenticator apps, such as Authy or Google Authenticator, in two-factor authentication was better than using SMS-based 2FA. But, they said, an authenticator app is useless for security if the underlying mobile OS is out-of-date or the mobile device is otherwise insecure.
“You don’t want the risk associated with 32-bit iOS,” said Turner, adding that you should use only iPhones that can run iOS 13. “In Android, use only the Pixel class of devices. Go to Android One if you can’t get Pixel devices. I’ve had good experiences with Motorola and Nokia Android One devices.”
And he warned the audience to stay away from one well-known Android brand.
“[German phone hacker] Karsten Nohl showed that Samsung was faking device updates last year,” Turner said. “Stop buying their stuff.”
The problem is that if an attacker or a piece of mobile malware can get into the kernel of iOS or Android, then it can do anything it wants, including presenting fake authenticator-app screens.
“One of my clients had an iPhone 4 and was using Microsoft Authenticator,” Turner said, indicating another authenticator app. “All an attacker would need to do is to get an iPhone 4 exploit. My client was traveling in a high-risk country, his phone was cloned and then after he left the country, all sorts of interesting things happened to his accounts.”
Some Android phones are safer than iPhones
And don’t think iOS devices are safer than Android ones — they’re not. There are just as many known exploits for either one, and Weidman extracted the encryption keys from an older iPhone in a matter of seconds onstage.
The iPhone’s Secure Enclave offers “some additional security, but the authenticator apps aren’t using those elements,” said Weidman. “iOS is still good, but Android’s [security-enhanced] SELinux is the bane of my existence as someone who’s building exploits.”
“We charge three times as much for an Android pentest than we charge for an iOS one,” Turner said, referring to an exercise in which hackers are paid by a company to try to penetrate the company’s security. “Fully patched Android is more difficult to go after.”
Attacking from underneath
Authenticator apps beat SMS texted codes as 2FA second factors because app codes can’t be intercepted over the air, aren’t tied to a phone number and never leave the device. But authenticator app codes can be stolen in phishing attacks, and as we saw yesterday, by Android malware in screen-overlay attacks.
However, even the best training against phishing attacks and the best Android antivirus apps won’t stop attacks that come from the kernel, the underlying part of the mobile operating system to which the user doesn’t have access.
“What could possibly go wrong when installing a user-mode application with sensitive cryptographic key materials on a platform with kernel vulnerabilities?” Turner asked rhetorically.
Kernel vulnerabilities also can be used to hack two-factor push notifications, which Google uses for its own accounts and which can’t be phished.
In short, “we need to move away from usernames and passwords,” Turner said.
Fingerprints aren’t the answer, but this might be
Asked about biometric authentication such as fingerprint readers and facial recognition, Weidman said that it’s “better than nothing when used in addition to passwords.”
Turner wasn’t so sure.
“I am fundamentally opposed to using biometrics because it’s non-revocable,” he said, citing a famous case from Malaysia in which a man’s index finger was cut off by a gang to steal the man’s fingerprint-protected Mercedes. “Fingerprint readers are biometric toys.”
“I’ve got two Yubikeys on me right now,” Turner said. “Hardware separation is your friend.”
Sony finally unveils first batch of all-new PlayStation Plus games, including PS1 classics – MobileSyrup
PlayStation has finally offered an official list of some of the games that will be offered through the upcoming expansion of its PlayStation Plus service.
As previously confirmed, the current PS Plus benefits — online multiplayer, a few free monthly games and cloud saves — will remain the same through the ‘PS Plus Essential’ tier. This will still be priced at $69.99 CAD/year.
However, read on for a first look at “some” of the titles that are being offered through the two higher PS Plus tiers.
PlayStation Plus Extra
- 1 month — $17.99
- 3 months — $49.99
- 12 months — $114.99
PS Plus Extra subscribers get a catalogue of “up to 400” first- and third-party PS4 and PS5 games — here are the ones PlayStation has just confirmed. It should be noted that all of the Ubisoft games listed below are part of a new ‘Ubisoft+ Classics’ perk that will be available through PlayStation Plus Extra.
- Alienation | Housemarque, PS4
- Bloodborne | FromSoftware, PS4
- Concrete Genie | Pixelopus, PS4
- Days Gone | Bend Studio, PS4
- Dead Nation Apocalypse Edition | Housemarque, PS4
- Death Stranding and Death Stranding Director’s Cut | Kojima Productions, PS4/PS5
- Demon’s Souls | Bluepoint Games, PS5
- Destruction AllStars | Lucid Games, PS5
- Everybody’s Golf | Japan Studio, PS4
- Ghost Of Tsushima Director’s Cut | Sucker Punch, PS4/ PS5
- God of War | Santa Monica Studio, PS4
- Gravity Rush 2 | Japan Studio, PS4
- Gravity Rush Remastered | Japan Studio, PS4
- Horizon Zero Dawn | Guerrilla, PS4
- Infamous First Light | Sucker Punch, PS4
- Infamous Second Son | Sucker Punch, PS4
- Knack | Japan Studio, PS4
- LittleBigPlanet 3 | Sumo Digital, PS4
- LocoRoco Remastered | Japan Studio, PS4
- LocoRoco 2 Remastered | Japan Studio, PS4
- Marvel’s Spider-Man | Insomniac Games, PS4
- Marvel’s Spider-Man: Miles Morales | Insomniac Games, PS4/PS5
- Matterfall |Housemarque, PS4
- MediEvil | Other Ocean, PS4
- Patapon Remastered | Japan Studio, PS4
- Patapon 2 Remastered | Japan Studio, PS4
- Resogun | Housemarque, PS4
- Returnal | Housemarque, PS5
- Shadow of the Colossus | Japan Studio, PS4
- Tearaway Unfolded |Media Molecule, PS4
- The Last Guardian | Japan Studio, PS4
- The Last of Us Remastered | Naughty Dog, PS4
- The Last of Us: Left Behind | Naughty Dog, PS4
- Until Dawn | Supermassive Games, PS4
- Uncharted The Nathan Drake Collection |Naughty Dog, PS4
- Uncharted 4: A Thief’s End | Naughty Dog, PS4
- Uncharted: The Lost Legacy | Naughty Dog, PS4
- WipEout Omega Collection | Clever Beans & Creative Vault Studios, PS4
- Ashen | Annapurna Interactive, PS4
- Assassin’s Creed Valhalla | Ubisoft, PS4/PS5
- Batman: Arkham Knight | WB Games, PS4
- Celeste | Maddy Makes Games, PS4
- Cities: Skylines | Paradox Interactive, PS4
- Control: Ultimate Edition | 505 Games, PS4/PS5
- Dead Cells| Motion Twin, PS4
- Far Cry 3 Remaster | Ubisoft, PS4
- Far Cry 4 | Ubisoft, PS4
- Final Fantasy XV Royal Edition | Square Enix Co. LTD, PS4
- For Honor | Ubisoft, PS4
- Hollow Knight | Team Cherry, PS4
- Marvel’s Guardians of the Galaxy | Square Enix Co. LTD., PS4/PS5
- Mortal Kombat 11 | WB Games, PS4/PS5
- Naruto Shippuden: Ultimate Ninja Storm 4 | Bandai Namco Entertainment Inc., PS4
- NBA 2K22 | 2K Games, PS4/PS5
- Outer Wilds | Annapurna Interactive, PS4
- Red Dead Redemption 2 | Rockstar Games, PS4
- Resident Evil | Capcom Co., Ltd, PS4Soulcalibur VI | Bandai Namco Entertainment Inc., PS4
- South Park: The Fractured but Whole | Ubisoft, PS4
- The Artful Escape | Annapurna Interactive, PS4/PS5
- The Crew 2 | Ubisoft, PS4
- Tom Clancy’s The Division | Ubisoft, PS4
PlayStation Plus Premium
- 1 month — $21.99
- 3 months — $59.99
- 12 months — $139.99
Premium includes all of the benefits of Essential and Extra, as well as “up to 340” additional games from the PS1, PS2, PSP and PS3 eras. Some games will have “improved frame rates and higher-quality resolution” over their original versions, PlayStation has teased.
For select original PlayStation and PSP classic games, PlayStation says subscribers will have access to a new user interface that allows you to save any time or rewind the game. Additionally, those who have purchased select PS1 or PSP games will be able to redownload them for free, no PS Plus membership required, while other titles will also be available for purchase individually outside of a subscription.
Classic games — Original PlayStation and PSP
- Ape Escape | Japan Studio, Original PlayStation
- Hot Shots Golf | Japan Studio, Original PlayStation
- I.Q. Intelligent Qube | Japan Studio, Original PlayStation
- Jumping Flash! | Japan Studio, Original PlayStation
- Syphon Filter | Bend Studio, Original PlayStation
- Super Stardust Portable | Housemarque, PSP
- Mr. Driller | Bandai Namco Entertainment Inc., Original PlayStation
- Tekken 2 | Bandai Namco Entertainment Inc., Original PlayStation
- Worms World Party | Team 17, Original PlayStation
- Worms Armageddon | Team17, Original PlayStation
Classic games — Remasters
- Ape Escape 2 | Japan Studio, PS4
- Arc The Lad: Twilight of the Spirits | Japan Studio, PS4
- Dark Cloud | Japan Studio, PS4
- Dark Cloud 2 | Japan Studio, PS4
- FantaVision | SIE, PS4
- Hot Shots Tennis | Japan Studio, PS4
- Jak II | Naughty Dog, PS4
- Jak 3| Naughty Dog, PS4
- Jak X: Combat Racing | Naughty Dog, PS4
- Jak and Daxter: The Precursor Legacy | Naughty Dog, PS4
- Rogue Galaxy | Japan Studio, PS4
- Siren | Japan Studio, PS4
- Wild Arms 3 | SIE, PS4
- BioShock Remastered | 2K Games, PS4
- Borderlands The Handsome Collection | 2K Games, PS4
- Bulletstorm: Full Clip Edition | Gearbox Publishing, PS4
- Kingdoms of Amalur: Re-Reckoning | THQ Nordic, PS4
- LEGO Harry Potter Collection | WB Games, PS4
PlayStation 3 games (original versions, available via streaming)
- Crash Commando | Creative Vault Studios, PS3
- Demon’s Souls | From Software, PS3
- echochrome | Japan Studio, PS3
- Hot Shots Golf: Out of Bounds | Japan Studio, PS3
- Hot Shots Golf: World Invitational | Japan Studio, PS3
- Ico | Japan Studio, PS3
- Infamous | Sucker Punch, PS3
- Infamous 2 | Sucker Punch, PS3
- Infamous: Festival of Blood | Sucker Punch, PS3
- LocoRoco Cocoreccho! | Japan Studio, PS3
- MotorStorm Apocalypse | Evolution Studios, PS3
- MotorStorm RC | Evolution Studios, PS3
- Puppeteer | Japan Studio, PS3
- rain | Japan Studio, PS3
- Ratchet & Clank: Quest For Booty | Insomniac Games, PS3
- Ratchet & Clank: A Crack in Time |Insomniac Games, PS3
- Ratchet & Clank: Into the Nexus | Insomniac Games, PS3
- Resistance 3 | Insomniac Games, PS3
- Super Stardust HD | Housemarque, PS3
- Tokyo Jungle | Japan Studio, PS3
- When Vikings Attack | Clever Beans, PS3
- Asura’s Wrath | Capcom Co., Ltd., PS3
- Castlevania: Lords of Shadow 2 | Konami, PS3
- Devil May Cry HD Collection | Capcom Co., Ltd., PS3
- Enslaved: Odyssey to the West | Bandai Namco Entertainment America Inc., PS3
- F.E.A.R. | WB Games, PS3
- Lost Planet 2 | Capcom Co., Ltd., PS3
- Ninja Gaiden Sigma 2 | Koei Tecmo, PS3
- Red Dead Redemption: Undead Nightmare |Rockstar Games, PS3
Finally, here are some of the titles that will offer free, downloadable full-game trials. PlayStation says most of these will only be available for two hours, although the counter only runs when you are actually in the game. Further, any progress, including earned trophies, will carry over into the full game should you decide to purchase it.
- Uncharted: Legacy of Thieves Collection | Naughty Dog, PS5
- Horizon Forbidden West | Guerrilla, PS4/PS5
- Cyberpunk 2077 | CD Projekt, PS5
- Farming Simulator 22 | Giants Software GmBH, PS4/PS5
- Tiny Tina’s Wonderland | 2K Games, PS4/PS5
- WWE 2K22 | 2K Games, PS4/PS5
Going forward, PlayStation says new PS Plus Essential titles (PS4 and PS5) will be added on the first Tuesday of every month — the same as usual. On top of that, new games will be added to the Extra and Premium plans “in the middle of each month.” The exact number of titles will vary per month.
The all-new PlayStation Plus will launch in Canada and the U.S. on June 13th.
Image credit: PlayStation
iOS 15.5—Apple Issues Massive iPhone Security Update For Millions Of Users – Forbes
Almost exactly two months ago, Apple released iOS 15.4 which addressed a hefty 39 security issues for millions of iPhone users. Now there’s another massive security update in the shape of iOS 15.5 which really needs to be installed as soon as possible.
What should be, saving any emergency security updates, the final iOS 15 iteration before iOS 16 is released, has now landed. The functionality enhancements for Apple Cash, Apple Podcasts, and Apple Messages are explained in this article by David Phelan. However, my beat is security, and as that was the reason why I switched from an Android device to an iPhone a couple of years back, here’s what 15.5 brings to the smartphone security party and why you should update now.
The massive iOS 15.5 security update in detail
This crucial iOS update comes with fixes for some 34 vulnerabilities, covering the full gamut of exploit opportunities from executing arbitrary code with kernel or system privileges, to sandbox restriction bypass, denial of service, and privilege elevation.
Like Google with Chrome updates, Apple doesn’t disclose security issues in full technical detail until an update has been made available and a majority users have had a chance to install this. However, some of the impacts should a vulnerability be exploited by a threat actor, as confirmed by Apple include:
- Arbitrary code execution by processing a maliciously crafted image
- Processing of a ‘large input’ could lead to denial of service
- The tracking of users in Safari’s private browsing mode by a malicious website
- Access to photos from the lock screen (requires physical access)
- Code execution by way of malicious web content processing
The full list of Common Vulnerabilities and Exposures (CVE) references is as follows:
Don’t delay, update to iOS 15.5 today
Although none of the security vulnerabilities patched by the iOS 15.5 update are of the zero-day variety, and none are known to have been exploited by threat actors at this point, that is no excuse for complacency. Now that the fixes are out, it’s a race against time as those who would do you harm look for ways to exploit those vulnerabilities. Most of the security issues have serious enough consequences that updating your iPhone really should be a no-brainer. As Kate O’Flaherty from the Forbes Straight Talking Cyber (STC) team says in the video at the top of this article, the benefits of securing your smartphone outweigh the risks of a functionality bug, more often than not. Of course, your particular use case may mean that holding off on an update is the preferred option but, for the vast majority of users, the ‘don’t delay, update today’ advice stands firm. Ensuring your device is backed up to iCloud or your own computer is recommended before you start any update, of course.
Updating your iPhone: step-by-step
First and foremost, STC recommends that you set your iPhone to update automatically. You can do this by heading to Settings|General|Software Update|Automatic Updates and your iPhone should then update overnight as long as it is charging and connected to Wi-Fi.
Regardless of your automatic update status, unless you have got a notification informing you that your iPhone has already updated to 15.5, it is recommended that you go check and force the issue.
Head to Settings|General|Software Update and start the process.
You will see a progress bar with the download status followed by the preparing update one. Be warned, this can take some time so don’t panic, just wait it out.
Your iPhone will restart, eventually. On my iPhone 13 Pro connected to gigabit broadband, it took around 15 minutes to complete the iOS 15.5 update. Once your device has restarted you will see the above confirmation on your lock screen which means that your device is up to date with security fixes.
Apple Podcasts gets storage cleaning tools and annual subscriptions with iOS 15.5 – PhoneArena
Although Apple Podcasts is battling quite the severe competition in the faces of Spotify and others, Cupertino seems to not want to give up on its own podcast service. TechCrunch now reports that Apple is introducing a few new features to Apple Podcasts, and they will benefit both users and podcast makers.
Apple Podcast gains storage clean up tools, support for annual subscriptions
The new features for Apple Podcasts on iPhone, iPad, and Mac, are arriving alongside the latest software updates that Apple is now distributing to supporting devices. The main features included in this update are options for managing podcast storage across devices and tools to enable annual podcast subscriptions. For podcast makers, Apple announced Delegated Delivery system, but more on that later. For now, let’s focus on what podcast listeners will be getting with Apple Podcasts.
First off, you probably know that Apple Podcasts download shows to your device, and this might cause the app to consume a lot of device storage. This might be an issue, especially if you have a 64GB iPhone, or an iPad with less storage, as it can cause you to be unable to take new photos or install new apps and games.
And on top of that, Apple Podcast users might have found themselves even more annoyed when iOS 14.5 included a bug to the app causing unwanted, older episodes of shows to be downloaded. Yes, to the point where instead of saying ‘Hungry as a wolf’ we might say ‘Hungry as Apple Podcasts for storage’… no? Okay. Moving on!
Apple knew Apple Podcasts became very storage-hungry, so with the launch of iOS 15.5 and iPad 15.5, Cupertino addressed the issue by including new tools for Apple Podcasts’ diet, we mean tools that will allow you to easily remove a show’s accumulated downloads, potentially freeing up gigs of storage (if only losing real weight was so easy…)
Back to the topic, when you go to the Settings app on iPhone and iPad, you will be able to tap on “Automatically Downloaded” from the Podcasts sections and choose how many episodes you want to download and save. The following options you have are: download a certain number of recent episodes (like the latest three, five, or ten), or choose to download all episodes published recently (like in the last sever, 14, or 30 days). You might even want to not download anything by choosing the “Off” option and making Apple Podcasts more of a streaming service.
By default, brand-new Apple Podcasts users have the last five episodes kept for all episodic shows, and all episodes kept for serial shows, according to Apple. Yes, we advise you to go and configure what is convenient for you to avoid unpleasant surprises (especially if you’re sporting a 64GB iPhone)
Once you select your preference, the app will prompt you to remove the auto-downloaded episodes that no longer meet the newly selected criteria from the app. Pretty much, this works as a bulk clean-up tool for removing a lot of episodes. Before the update, it was a manual and quite a pain-staking process.
Now, you can configure those preferences at the show level as well, for more customization.
The new option will also show up on your iPhone recommendations related to cleaning up device storage. You can access it from Settings > General > iPhone Storage.
Options for podcast creators
Apple Podcasts has also gained some useful options for podcast creators.
Apple is now introducing the option for podcast creators to have annual subscription plans for premium podcasts alongside the monthly options. Keep in mind that the annual subscription will now be selected as the default, so when you’re subscribing to a podcast, make sure to check your payment option.
Delegated Delivery, on the other hand, is a feature that is not rolling out now with iOS 15.5 and iPadOS 15.5. This feature will arrive later this fall on supported podcast hosting providers. Delegated Delivery allows podcasters to easily distribute their podcasts directly to Apple Podcasts from third-party hosting providers. The first hosting providers that will be able to do that include Acast, ART19, Blubrry, Buzzsprout, Libsyn, Omny Studio, and RSS.com, and more services will be added over time.
ARTS AROUND: Last chance to view children’s exhibit at Rollin Art Centre – Alberni Valley News
Let's Get Digital! art exhibition at Palazzo Strozzi – The Florentine
Why Can’t The Federal Government Eliminate Systemic Racism In The Canadian Military?
Silver investment demand jumped 12% in 2019
Europe kicks off vaccination programs | All media content | DW | 27.12.2020 – Deutsche Welle
Global Media Markets, 2015-2020, 2020-2025F, 2030F – TV and Radio Broadcasting, Film and Music, Information Services, Web Content, Search Portals And Social Media, Print Media, & Cable – GlobeNewswire
News13 hours ago
Trinidad and Tobago to launch the 2022 Pan African Festival
Tech20 hours ago
tvOS 15.5, watchOS 8.6, and HomePod Software 15.5 now available to the public – 9to5Mac
Economy14 hours ago
Payday loans are on the rise in Canada, due to the pandemic
News15 hours ago
Canada Day: Celebrations moving from Parliament Hill | CTV News – CTV News Ottawa
Sports13 hours ago
England to host 2025 Women’s Rugby World Cup
News19 hours ago
Residents who fled flooded N.W.T town can return; some services might be unavailable
News18 hours ago
Alberta premier visits U.S. capital to talk North American energy security
Sports17 hours ago
How soon until CFL preseason games get cancelled? – TSN