Tag Archive for: ios

Mobile security specialist, Corrata, discovers weak encryption on major websites when accessed using iOS devices | News

/in


DUBLIN, May 17, 2022 /PRNewswire/ — Mobile threat defense solution provider, Corrata, today announced the discovery of poor encryption practices on a number of major websites including Irish telecoms company Eir and German newspaper Bild.  In line with its responsible disclosure practice, Corrata contacted the owners of the websites concerned and the weaknesses have now been remedied.  However it is likely that other websites contain similar vulnerabilities and Corrata urges website owners to make sure that their encryption is in line with industry best practice.

Today the vast majority of websites use encryption to ensure that sensitive data exchanges between users and the website remain confidential.  This confidentiality depends on the use of an internet protocol known as Transport Layer Security (TLS). HTTPS is the implementation of TLS used when browsing websites.  Its use is usually signalled by the appearance of the lock symbol at the top left hand corner of the browser address bar. 

However not all website implementations of https are equally secure.  Some websites use out of date versions of the protocol which are known to be vulnerable to hacking.  This is particularly risky when using Wifi networks because the traffic passing between a mobile phone and a Wifi access point can easily be spied upon.  Internet users rely on the fact that sensitive data is transmitted in encrypted form to combat such spying.  However where weak encryption is used it will fail to protect sensitive data such as passwords, financial information and other confidential data.

The specific weakness discovered by Corrata related to a misconfiguration of the sites’ web servers to favor an old insecure cipher called RC4 when accessed using iOS devices (iPhones and iPads).   Vulnerabilities in this cipher make it vulnerable to hacking and website owners have been strongly advised not to use it for at least ten years.  Devices with Corrata’s mobile threat defense solution installed automatically detect these flaws and prevent users’ data being stolen. It is these routine checks which brought the vulnerability to light. 

About Corrata

Corrata are global leaders…

Source…

How to secure your internet activity on iOS devices

/in


Learn about the on-device and network security options available to you in order to supercharge your internet security when browsing the web and using apps on iOS.

apple secure ios vpn
Image: Tada Images/Adobe Stock

Securing your internet access can mean many things, but we like to think of it as a two-fold approach for both on-device data and network data once your web request has left your device. There’s much that you can do to protect both on-device data stored locally (such as your browser cache) and the data that leaves your device when making website requests.

We’ll take a look at how to secure your data on the device and how to protect your data that ISPs might see through iCloud Private Relay and VPNs.

How to secure on-device network activity

iOS does a great job at ensuring that things that are stored locally are encrypted using your passcode, and also data between apps are secured and only data you wish to share between apps is actually shared.

Mail and Safari are two apps that can be configured to be more secure than it ships with by default when it comes to network activity on the device. Let’s look at each of the settings for these apps that can make your device more secure.

Enabling Mail Privacy Protection

Mail has always been a hotbed for compromising network activity: From tracking pixels to HTML content that could load inline, email can be tracked. Fortunately, iOS 15 includes a way to protect your email through Mail Privacy Protection that will still allow you to load remote content in emails, but it will hide your location and IP address from the sender.

To enable Mail Privacy Protection:

  1. Open the Settings app.
  2. Navigate to Mail | Privacy Protection.
  3. Enable the option for Protect Mail Activity (Figure A).

Figure A

apple-secure-fig2-bohon
Image: Cory Bohon/TechRepublic. Enabling Mail Privacy Protection makes opening emails with HTML content or tracking pixels more secure.

Clearing browsing history

Browsing history stored on your device can include not only the list of websites you’ve recently visited, but also a cache of those sites to load them more quickly the next time you visit the website. You can clear this data for security, but also to remove the cached…

Source…

Network Security News Summary for Friday April 1st, 2022

/in



Mobile Security || Every thing you need to know about mobile cyber attack || by Khojigeek

/in