Search the Community
Showing results for tags 'icloud'.
Found 4 results
straycat19 posted a topic in Security & Privacy NewsIsraeli spyware from shadowy NSO has made plenty of headlines this year, most recently back in May when it was exposed as the culprit in a high-profile WhatsApp hack that had enabled nation-states to target specific phones, installing spyware through voice calls on both iPhone and Android devices whether or not a user answered an infected call. That hack was first exposed by the Financial Times, and the same newspaper has continued to investigate, publishing a report today (July 19) that exposes sales claims being made by NSO that "its [Pegasus] technology can surreptitiously scrape all of an individual’s data from the servers of Apple, Google, Facebook, Amazon and Microsoft." NSO has continually denied that it promotes mass-surveillance or unethical hacking, but, according to the FT, "it did not specifically deny that it had developed the capability," described in documents seen by the newspaper. Put simply, the latest revelation suggests that an infected phone will provide NSO's software with the authentication keys for the cloud services—including Google Drive, Facebook Messenger and iCloud—that can be accessed by that device. And given that smartphones have now become the individual entry points into our cloud-based world, the implications of this will raise serious concerns. The FT cites a claim in one of the sales documents that this all happens without "prompting 2-step verification or warning email on a target device." NSO's Pegasus software has been described as the most sophisticated spyware smartphone of its kind and has become a highly-prized export for the Israeli government to help the company market to foreign states. The fact that Israel has been accused of allowing sales of the technology to countries like Saudi Arabia and the UAE carries geopolitical interest given the context and the developing situation in the Middle East. Now, this latest report suggests that compromising data on a phone or using the phone as an eavesdropping endpoint, is not enough. The phone can be hacked to such an extent that it provides the keys to the entire digital kingdom—the cloud-based ecosystem within which it operates. According to the FT, Amazon claimed there was no evidence of such a hack having access to its systems, but assured—as did Facebook—that it would review the claims. Microsoft and Apple responded with assurances around the continually developing security features on their platforms. Google didn't comment. Meanwhile, NSO itself told the newspaper that "we do not provide or market any type of hacking or mass-collection capabilities to any cloud applications, services or infrastructure." But the FT cites an NSO sales pitch, seen by the newspaper and prepared for the Ugandan government, which claimed that "having access to a 'cloud endpoint' means eavesdroppers can reach 'far and above smartphone content', allowing information about a target to 'roll in' from multiple apps and services." Smartphone compromises have been a continual theme this year, with malicious apps lurking in the Google Play Store, the NSO WhatsApp vulnerability, an Android media jacking hack hitting both WhatsApp (again) and Telegram and even the current FaceApp "something from nothing" controversy. State-level hacking, though, is on an entirely different level. The sophistication applied by the governments of China, Russia, Iran and North Korea goes way beyond what is seen in the mass-market and which targets financial information and login credentials and user carelessness in the main. With NSO, there is a productized state-level hack and that is why is causes so much concern. The targets of such hacks are significantly better protected than casual smartphone users. In May, Amnesty International (along with other human rights groups) filed a lawsuit in Israel to revoke NSO's export license. The groups cited allegations that NSO software had been used by oppressive regimes to target human rights activists and journalists—including its use by Saudi Arabia on murdered journalist Jamal Khashoggi. NSO denies that its software played any part in tracking Khashoggi—the company’s CEO Shalev Hulio claimed that "Khashoggi was not targeted by any NSO product or technology, including listening, monitoring, location tracking and intelligence collection." There has always been a risk associated with the integration of cloud platforms and multiple endpoints. And this is it. If I trust a device to access an entire online world, if the device is compromised then so is the security associated with that entire world. The cloud platforms have played down the exposure here. But you can bet that behind the scenes there will be some serious meetings and planning sessions in California and Seattle later today. Source
steven36 posted a topic in Software NewsWindows 10 users can now access the iCloud app on-the-go. The new iCloud for Windows app is available starting today in the Microsoft Store. ICloud for Windows users can now access their files via iOS devices and Macs, Apple and Microsoft announced Tuesday. The companies said the new iCloud app, listed for the first time in the Microsoft Store, will allow Windows 10 users to be more productive when away from their PC. The cloud system allows users to store files and folders on the internet rather than on their computer's physical hard drive, with iCloud including the ability to view files from File Explorer or the app without absorbing PC space. For those working on projects with different devices, the companies reiterated that edits will be synced across all devices with the cloud. So if you're working on a Microsoft Word document on your iPhone, for instance, your changes will show when you open the same document on your PC. You can also collaborate with others by inviting people to add their own multimedia content in Shared Albums. Additionally, you can share your Microsoft files with someone who has an iOS device. Apple and Microsoft didn't immediately respond to requests for comment. Source
The AchieVer posted a topic in Software NewsThe return of Windows 10's October updatewasn't welcome news for everyone. Microsoft says it's "working with Apple" to solve an iCloud for Windows bug that creates problems updating or syncing shared photo albums when using the latest Windows release. Suffice it to say that's a serious problem if you're interested in seamless access to your photos across your devices. It's not certain when you can expect a solution, but the two companies aren't taking any chances in the meantime. It's blocking PCs with iCloud for Windows from installing the latest Windows 10 update, and those who try to install it after the fact will get a warning that Windows doesn't support that version of iCloud. Like it or not, you may have to forego iCloud or the Windows update for a while. Source
steven36 posted a topic in Security & Privacy NewsTo comply with new laws \ Last month, Apple announced that it would hand over management of its Chinese iCloud data to a local, state-owned firm in China called Cloud Big Data Industrial Development Co (GCBD) at the end of February in order to comply with new laws. Now, Reuters is reporting that Apple will also hold iCloud encryption keys for Chinese users in China itself, raising new concerns about government access. The new policy does not affect any iCloud users outside of China. As Reuters notes, that compliance means Chinese authorities will have easier access to user data that’s stored in Apple’s iCloud service, especially now that, for the first time, Apple will store the keys for Chinese iClouds within China. Apple says it alone would control the encryption keys, and Chinese authorities do not have any “backdoor” to access data. Until now, such keys were exclusively stored in the US for all users. Starting February 28th, Apple’s operation of iCloud services in the country will transfer to GCBD. Reuters spoke to human rights activists who said there was fear that those in power could use the new rules to track down dissidents. In a statement, Apple said it “had to comply with recently introduced Chinese laws that require cloud services offered to Chinese citizens be operated by Chinese companies and that the data be stored in China.” Apple noted that its values don’t change even if it is “subjected to each country’s laws.” Apple’s attempt to capitalize one of its largest growth markets has been a juggle between consumer rights and business opportunities. Last year, the company controversially removed VPN apps from its App Store in China, claiming to only be following the law in order to continue operating there. It’s also snuck in several nods to the Chinese market during its major product announcement keynotes, such as references to WeChat during its previous demonstrations of the Apple Watch. Apple chief executive Tim Cook is also due to co-chair the China Development Forum in March. We’ve reached out to Apple for further comment. Source