Categories
Apple iOS macOS

Apple to Require Two Factor Authentication for Developers

Two Factor authentication on a Mac and verification on an iPhone

Today Apple sent out an email to developers about the security of their accounts. The emails states:

In an effort to keep your account more secure, two-factor authentication will be required to sign in to your Apple Developer account and Certificates, Identifiers & Profiles starting February 27, 2019. This extra layer of security for your Apple ID helps ensure that you’re the only person who can access your account. If you haven’t already enabled two-factor authentication for your Apple ID, please learn more and update your security settings. If you have any questions, contact us. Best regards, Apple Developer Relations

There are a few possible reasons for this. The first is, as the email states, to help secure developer accounts. By enabling the two-factor authentication, particularly for Certificates, Identifiers, and Profiles cannot be added by unauthorized users.

This will have some downsides though. By requiring two-factor authentication, only ten devices will be able to receive the two factor authentication codes. For most individual users, this will not be a problem. Five of these trusted devices can be Macs and five of these can be iOS devices.

I contacted Apple Support to verify the number, and it is indeed ten trusted devices that can be associated with an Apple ID.

For larger development groups who may need to allow more than one user to login to the Certificates, you will likely need add a user who has access to the Developer Resources.

If you have not already enabled two-factor authentication on your Apple Developer account, you will want to review the two-factor authentication support page to be sure that you have a way to recover your account, if needed.

Categories
Apple Technology

Apple’s Group FaceTime Bug

Over the last weekend a report of a serious privacy bug was found in Apple’s Group FaceTime service. The bug would allow someone to enable the microphone and camera on someone’s device.

The Issue

You can read the 9to5mac article for the steps on how this bug was activated. The short version is that if the person you are calling declined the call with the sleep/wake button, and you added your own phone onto the call again, you would be able to hear the original caller’s microphone and see their camera.

Apple is currently working on a fix. In the interim Apple has disabled Group FaceTime on the server-side, until a fix is released, which should be this week.

Security Implications

Imagine this scenario. A group of 3 people decides to have a FaceTime call. Person 1 calls Person 2. While the phone is ringing, Person 1 attempts to call Person 3, but accidentally clicks on their own contact information while scrolling.. Person 2 declines the FaceTime call accidentally, and the audio from Person 2’s is audible by Person 1.

I cannot emphasize enough how bad this bug is. Not just because of the fact that it should not have gotten through Quality Assurance (QA) and testing, but also because of Apple’s focus on privacy. In regards to getting through QA, using the sleep/wake button to dismiss a call is an extremely common action and adding another person to a Group FaceTime call is the entire point of Group FaceTime. To add on to this, despite announcing Group FaceTime was announced at the 2018 World Wide Developers Conference (World Wide Developer Conference, Apple delayed Group FaceTime due to bugs and issues. This one was obviously not noticed during testing.

You might think that this is a minor bug because you “have nothing to hide”. While that is all well and good for you, there are others that need privacy or are in sensitive situations where this can be abused. One example of this could be a domestic violence situation where an abuser can use this bug to be able to spy on someone. This would not be a good situation at all.

Another example could be a lawyer, who needs confidentiality of their clients. One last example is world leaders. If any of the world leaders, or their assistants, use and iPhone, they may have been able to use this bug to listen in. In other words, this is a really bad bug.

The fact that this bug got through is bad, but it is compounded because one of Apple’s core tenets is security and privacy. Any privacy bug is a problem for Apple because they make it a differentiator to other products on the market.

It is good to see that Apple has taken this seriously and has temporarily disabled Group FaceTime services. Even though this is bad, it is possible that Apple will make some internal changes to improve testing of their features for privacy bugs. 

Source: 9to5mac.com

Categories
Apple Apple TV iOS macOS

Apple App Store and iTunes Store Availability Changes

One of the biggest problems in today’s interconnected world is that there are those who are highly motivated by getting financial information from individuals. Many of these individuals use different means of getting this information. One way to be able to combat this is by having the companies who are storing financial data protect it.

One of the ways that these companies can do this is by removing older connection protocols and older software. Apple is making some changes with their older software versions. Apple has begun emailing individuals who are affected. From their support article:

On June 30, 2018, Apple will implement changes to continue to ensure your financial data is protected when you make purchases on the iTunes Store or App Store. As a result of the changes, you will no longer be able to change your Apple ID payment information from devices using the following versions of Apple software:

  • iOS 4.3.5 or earlier
  • macOS 10.8.5 or earlier
  • Apple TV Software 4.4.4 or earlier

If you’re using one of these versions on your device and need to change your payment method, update your device to the latest version of the software.

This change does not meant that you cannot access your content, you still can. But if you need to update your payment information you cannot do it on your older devices. I did not get an email, but I guess that is because I have not used any of the older operating systems recently. Maybe it is just me, but I am all for having companies better protect our financial information even if that means that you cannot use some older devices to change information.

Source: Apple Support.

Categories
Daily Run Down

Daily Run Down 07/04/2013: Morning Edition

Here is this morning’s Daily Run Down.

Big News

Social Issues/Human Interest

International

Politics

Health

Science/Space

Financial

Gaming

Gadgets

Law

Technology

Internet

Software/Apps

Funny

Chicagoland

Total Number of stories: 26

Look for more news stories this evening.

Categories
Daily Run Down

Daily Run Down 06/28/2013: Evening Edition

Here is this evening’s Daily Run Down.

General News

Politics

Science/Space

Gaming

Gadgets

Mobile

Security

London/Britain/UK

Personal

Funny

Chicagoland

Total Number of stories: 43

Look for more stories tomorrow.