iOS

Not Impressed With Apple

It's about time I put another article up here. Further down, I tell a repair story where Apple did right by its customers (and it only took a class action lawsuit to get there). But this is me, being highly peeved by Apple's current lack of vision and forward thinking. It's 2021, and we're supposed to have flying cars by now. Aside from the usual built-in obsolescence from non-upgradeable components such as hard drive and memory, Apple seem to be double downing on protecting legacy sales. Sure, there's now a shiny M1 chip inside that finally catches up with the VR world like it's 2017, but Apple have been removing features instead of expanding upon them. 

It's not just banking apps...

You thought the news about banking apps was bad. Well, it's not just the banking apps...

The Starbucks mobile app, the most used mobile-payment app in the U.S., has been storing usernames, email addresses and passwords in clear text, Starbucks executives confirmed late on Tuesday (Jan. 14). The credentials were stored in such a way that anyone with access to the phone can see the passwords and usernames by connecting the phone to a PC. No jailbreaking of the phone is necessary. And that clear text also displays an extensive list of geolocation tracking points (latitude, longitude), a treasure trove of security and privacy gems for anyone who steals the phone.

So You Thought Your Personal Banking App Was Secure...

IOActive have just published a report covering the security of online banking apps for mobile devices. They found that:

  • 90% of the apps they tested had security vulnerabilities.
  • 70% of the apps offered no support at all for two-factor authentication.
    This is where a third token is used for extra security in addition to the user name and password. It could be a picture identification, a pin code, or one-time password sent via SMS (text message) to the user.
  • 40% of the apps accepted any SSL certificate for secure HTTP traffic.
    This is a major issue as it completely invalidates the chain of trust between you and your bank, and allows anyone to misdirect you to a phishing site, for example while you are using an untrusted network such as a Wi-Fi hotspot. The magnitude of this issue is that you cannot detect this happening, and there's nothing you can do to stop it.