The Broken-In-iOS-10 Edition Friday, March 10, 2017

MAC Randomization: A Massive Failure That Leaves iPhones, Android Mobes Open To Tracking, by Thomas Claburn, The Register

Apple, meanwhile, introduced MAC address randomization in iOS 8, only to break it in iOS 10. While the researchers were evaluating devices last year, Apple launched iOS 10 and changed its network probe broadcasts to include a distinct Information Element (IE), data added to Wi-Fi management frames to extend the Wi-Fi protocol.

"Inexplicably the addition of an Apple vendor-specific IE was added to all transmitted probe requests," the paper explains. "This made identification of iOS 10 Apple devices trivial regardless of the use of MAC address randomization."

​Use An iPhone If You Care About Secure Communications, Says Cryptographer, by Liam Tung, CSO

Cryptographer and professor at John Hopkins University, Matthew Green, chimed in, saying that journalists — or for that matter, anyone who is targeted by a well-resourced attacker — should “use an iOS device exclusively” for handling sensitive communications, pointing to the threat of malicious attachments, such as malware-laced Word files.

“If you routinely download email attachments on a machine, just assume it's cooked/cookable,” he said on the thread to Elder’s question, referring to attachments downloaded on a PC or Mac.

Greene said that hacking an iPhone via a malicious attachment was harder than compromising a Mac or PC this way.

WikiLeaks Will Help Tech Companies Fix Security Flaws, Assange Says, by Scott Shane, New York Times

Julian Assange, founder of WikiLeaks, said on Thursday that the anti-secrecy organization would work with Apple, Google and other technology companies to fix flaws that have allowed the C.I.A. to hack into the phones, computers and other devices they produce.

Speaking from London in an online news conference, Mr. Assange accused the C.I.A. of withholding information about the vulnerabilities the agency was exploiting in American technology even after it realized that documents describing the flaws had been leaked weeks ago.

The Truth About The WikiLeaks C.I.A. Cache, by Zeynep Tufekci, New York Times

If anything in the WikiLeaks revelations is a bombshell, it is just how strong these encrypted apps appear to be. Since it doesn’t have a means of easy mass surveillance of such apps, the C.I.A. seems to have had to turn its attention to the harder and often high-risk task of breaking into individual devices one by one.

Which brings us to WikiLeaks’ misinformation campaign. An accurate tweet accompanying the cache would have said something like, “If the C.I.A. goes after your specific phone and hacks it, the agency can look at its content.” But that, of course, wouldn’t have caused alarm and defeatism about the prospects of secure conversations.

How To Crash Safari By Typing Simple Words, by Keir Thomas, Mac Kung Fu

There’s a handful of basic words and letters that when typed into the URL field will instantly crash Safari on the Mac. Versions of Safari on iPhone and iPad don’t seem to be affected.

Geniuses In The Loop

Apple Retail Ends Genius Training In Cupertino, Moves To In-Store Web Seminars, by Joe Rossignol, MacRumors

Apple's off-site Genius Training program has been replaced by an in-store, self-guided experience using company-provided reference materials, according to a source. The training now involves watching web-based seminars through the Apple Technical Learning Administration System, or ATLAS, another source said.

Apple Genius Training In Cupertino Reportedly Coming To End, by Stephen Hackett, 512 Pixels

I went to Cupertino for my training in October 2007. While I am confident that the experience has changed in the intermediate decade, I can say that the two weeks I spent in California were well worth it. [...]

Beyond all of it though, getting to go to Cupertino was a real mark of pride for myself and other Geniuses. It made me feel like I was part of something much bigger, and much more important, than just my local retail store.


App Store Featuring Indie Games As Part Of New Promotion, by Juli Clover, MacRumors

Apple today updated its App Store with a major "Celebrating Indie Games" promotion that highlights a huge range of games created by independent developers and small app development companies.

On The 'To-do' List, Figure Out The Best Task Management App, by Peter Moon, AFR

On balance, we rate Things, for Apple devices, and Wunderlist, for practically any platform or device you can imagine, as the best task managers on offer right now, with a curious special mention for Reminders, an Apple freebie.

Half The AirPods For A Tenth The Price, by Adam C. Engst, TidBITS

So what if I told you that you could buy a competing product for less than a tenth the price? Seriously. Don’t expect it to be as good as the AirPods, not by a long shot, but for somewhere between $5 and $20, you can buy a single Bluetooth earbud that does basically what the AirPods do — put a speaker and microphone in your ear without awkward wires.

Plex Cloud Exits Beta, Lets You Instantly Create A Media Server Using Dropbox And Other Storage Services, by Zac Hall, 9to5Mac

Plex Cloud lets you connect your account to existing cloud storage services including Dropbox, Google Drive, and Microsoft OneDrive personal accounts to create an always-on Plex Media Server run from the cloud.

Readdle's PDF Expert For Mac Gains Improved Search, New Toolbar Layout, by Juli Clover, MacRumors

Readdle today updated its popular PDF Expert app for the Mac to version 2.2, overhauling the app and adding new features to make editing and annotating PDFs even easier than before.

Pocket’s New iMessage App Just Made Sharing Stories Via Chat A Whole Lot Easier, by Jon Russell, TechCrunch

The iMessage integration potentially means an end to copy and pasting links into chat windows and/or using Apple’s extensions. Plus, if like me you use Pocket a lot to stash good reads away for a rainy day, a newsletter or other reasons, your sharing of wisdom with others is about to become a whole lot more organized.

Bumpr Expands Your Choices Of Where Links Open, by John Voorhees, MacStories

Instead of opening a particular app, Bumpr intercepts the link and opens a menu of options for each of the browsers or email clients installed on you Mac depending on whether you click a web or email link.


Developers Can No Longer Edit App Store Descriptions Without App Review Approval, by Benjamin Mayo, 9to5Mac

Developers are no longer able to edit descriptions, update notes or any other metadata for their apps without making a new version, which must be submitted to App Review for approval.


Are Apple AirPods The New Earrings? Kristen Stewart Thinks So, by Maria Ward, Vogue

The thing about short hair is it can bring a whole new meaning to the transformative power of statement earrings. But what about cool girls who lean toward a more lo-fi use of accessories? Enter Kristen Stewart. The Personal Shopper actress only recently stepped out with a radical new buzz cut—all the more reason to show off a pair of just-released Apple AirPods, as she demonstrated today in New York when she lent a quietly edgy touch to wearable tech.

Bottom of the Page

What do you get when you combine an iMac with the current Mac Pro to create an iMac Pro?

A computer that looks like an old-fashioned Kodak film roll.


Thanks for reading.