handmade.social

0 posts0 participants0 posts today

Erik van StratenPasskey/password bug: iOS 18.3.1Ook in iOS versie 18.3.1 is de eerder door mij gemelde iCloud KeyChain (*) kwetsbaarheid nog niet gerepareerd (eerder schreef ik hierover, Engelstalig: <a href="https://infosec.exchange/@ErikvanStraten/113821443334366419" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://infosec.exchange/@ErikvanStraten/113821443334366419</a>).(*) Tegenwoordig is dat de app genaamd "Wachtwoorden" (of "Passwords").De kwetsbaarheid bestaat indien:• De eigenaar een "passcode" (pincode of wachtwoord) gebruikt om de iPhone of iPad te ontgrendelen - en er GÉÉN biometrie is geconfigureerd;ofwel:• De gebruiker wel biometrie kan gebruiken om het scherm te ontgrendelen, doch in 'Instellingen' > 'Touch ID en toegangscode' de instelling "Autom. invullen wachtw." is UITgezet.Zie onderstaande screenshots (Engelstalig in <a href="https://infosec.exchange/@ErikvanStraten/113821443334366419" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://infosec.exchange/@ErikvanStraten/113821443334366419</a>). Meer info ziet u door op "Alt" in de plaatjes te drukken.Probleem: iedereen met toegang tot de ontgrendelde iPhone of iPad kan dan, *zonder* opnieuw lokaal te hoeven authenticeren:1) Op elke website inloggen waarvan het user-ID en wachtwoord in iCloud Keychain zijn opgeslagen;2) Met passkeys op enkele specifieke websites inloggen (waaronder <a href="https://account.apple.com" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://account.apple.com</a> en <a href="https://icloud.com" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://icloud.com</a>), namelijk als volgt:a) Open de website; b) Druk op "Inloggen"; c) Druk op de "x" rechts bovenaan de pop-up die verschijnt (in de onderste schermhelft); d) Druk kort in het veld waar om het e-mailadres gevraagd wordt; e) Druk op de knop "gebruik passkey".Risico: uitlenen van een unlocked iDevice (o.a. aan kinderen) maar ook diefstal nadat de passcode is afgekeken. Of als de dief geen passcode heeft, als deze wacht tot de eerstvolgende iOS/iPadOS kwetsbaarheid bekend wordt waarbij de schermontgrendeling omzeild kan worden.Als u ze nog niet gezien heeft, bekijk in elk geval de eerste van de volgende twee video's van Joanna Stern (van de Wall Street Journal): <a href="https://youtube.com/watch?v=QUYODQB_2wQ" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://youtube.com/watch?v=QUYODQB_2wQ</a> <a href="https://youtube.com/watch?v=tCfb9Wizq9Q" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://youtube.com/watch?v=tCfb9Wizq9Q</a><a href="https://infosec.exchange/tags/TouchID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TouchID</a> <a href="https://infosec.exchange/tags/FaceID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FaceID</a> <a href="https://infosec.exchange/tags/Passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Passkeys</a> <a href="https://infosec.exchange/tags/iCloudKeychain" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#iCloudKeychain</a> <a href="https://infosec.exchange/tags/Passwords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Passwords</a> <a href="https://infosec.exchange/tags/PadswordsApp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PadswordsApp</a> <a href="https://infosec.exchange/tags/Wachtwoorden" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Wachtwoorden</a> <a href="https://infosec.exchange/tags/WachtwoordenApp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#WachtwoordenApp</a> <a href="https://infosec.exchange/tags/Biometrie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Biometrie</a> <a href="https://infosec.exchange/tags/Passcode" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Passcode</a> <a href="https://infosec.exchange/tags/iOS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#iOS</a> <a href="https://infosec.exchange/tags/iPadOS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#iPadOS</a> <a href="https://infosec.exchange/tags/iPhone" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#iPhone</a> <a href="https://infosec.exchange/tags/iPad" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#iPad</a> <a href="https://infosec.exchange/tags/iDevice" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#iDevice</a> <a href="https://infosec.exchange/tags/ScreenLock" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ScreenLock</a> <a href="https://infosec.exchange/tags/ScreenUnlock" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ScreenUnlock</a> <a href="https://infosec.exchange/tags/SchermVergrendeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SchermVergrendeling</a> <a href="https://infosec.exchange/tags/SchermOntgrendeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SchermOntgrendeling</a> <a href="https://infosec.exchange/tags/SchermOntgrendelCode" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SchermOntgrendelCode</a> <a href="https://infosec.exchange/tags/PINcode" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PINcode</a> <a href="https://infosec.exchange/tags/Kwetsbaarheid" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Kwetsbaarheid</a> <a href="https://infosec.exchange/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Vulnerability</a> <a href="https://infosec.exchange/tags/OngeautoriseerdeToegang" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OngeautoriseerdeToegang</a> <a href="https://infosec.exchange/tags/IdentiteitsFraude" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#IdentiteitsFraude</a> <a href="https://infosec.exchange/tags/Inloggen" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Inloggen</a> <a href="https://infosec.exchange/tags/Stern" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Stern</a> <a href="https://infosec.exchange/tags/JoannaStern" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#JoannaStern</a> <a href="https://infosec.exchange/tags/WSJ" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#WSJ</a>

Matthew Abbott:boost_requested: <a href="https://oliphaunt.social/tags/PSA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PSA</a>: It looks like <a href="https://oliphaunt.social/tags/iOS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#iOS</a> 18 removed the ability to disable biometrics and USB data with “Hey Siri, whose phone is this?” and similar prompts. Activating the power/SOS screen with physical buttons still works.<a href="https://oliphaunt.social/tags/Siri" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Siri</a> can now shut off or restart your phone *but* you will need time to respond to their confirmation prompt.Remember that <a href="https://oliphaunt.social/tags/TouchID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TouchID</a> can be compelled and that <a href="https://oliphaunt.social/tags/FaceID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FaceID</a> requires open eyes

Autonomie und Solidarität<a href="https://todon.eu/tags/Clearview" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Clearview</a> <a href="https://todon.eu/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AI</a> used nearly 1m times by US police"Facial recognition firm Clearview has run nearly a million searches for US police, its founder has told the BBC. Clearview's system allows a law enforcement customer to upload a photo of a face and find matches in a database of billions of images it has collected. It then provides links to where matching images appear online. It is considered one of the most powerful and accurate facial recognition companies in the world."<a href="https://www.bbc.com/news/technology-65057011" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.bbc.com/news/technology-65057011</a><a href="https://todon.eu/tags/Surveillance" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Surveillance</a> <a href="https://todon.eu/tags/faceID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#faceID</a> <a href="https://todon.eu/tags/%C3%9Cberwachung" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Überwachung</a> <a href="https://todon.eu/tags/police" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#police</a> <a href="https://todon.eu/tags/netzpolitik" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#netzpolitik</a> <a href="https://todon.eu/tags/antireport" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#antireport</a> <a href="https://todon.eu/tags/reclaimyourface" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#reclaimyourface</a>

Autonomie und SolidaritätIran installs cameras in public places to identify, penalise unveiled women"In a further attempt to rein in the increasing number of women defying Iran's compulsory dress code, authorities are installing cameras in public places and thoroughfares to identify and penalise unveiled women, the police announced on Saturday. After they have been identified, violators will receive “warning text messages as to the consequences”, police said in a statement."<a href="https://www.reuters.com/world/middle-east/iran-installs-cameras-public-places-identify-penalise-unveiled-women-police-2023-04-08/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.reuters.com/world/middle-east/iran-installs-cameras-public-places-identify-penalise-unveiled-women-police-2023-04-08/</a><a href="https://todon.eu/tags/Iran" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Iran</a> <a href="https://todon.eu/tags/Repression" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Repression</a> <a href="https://todon.eu/tags/videosurveillance" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#videosurveillance</a> <a href="https://todon.eu/tags/Surveillance" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Surveillance</a> <a href="https://todon.eu/tags/socialcontroll" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#socialcontroll</a> <a href="https://todon.eu/tags/Biometrie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Biometrie</a> <a href="https://todon.eu/tags/Gesichtserkennung" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Gesichtserkennung</a> <a href="https://todon.eu/tags/WomanLifeFreedom" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#WomanLifeFreedom</a> <a href="https://todon.eu/tags/Antireport" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Antireport</a> <a href="https://todon.eu/tags/faceID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#faceID</a> <a href="https://todon.eu/tags/reclaimyourface" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#reclaimyourface</a>

Autonomie und Solidarität<a href="https://todon.eu/tags/Clearview" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Clearview</a> <a href="https://todon.eu/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AI</a> used nearly 1m times by US police, it tells the BBC"CEO Hoan Ton-That also revealed Clearview now has 30bn images scraped from platforms such as <a href="https://todon.eu/tags/facebook" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#facebook</a> taken without users' permissions. The company has been repeatedly fined millions of dollars in <a href="https://todon.eu/tags/Europe" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Europe</a> and <a href="https://todon.eu/tags/Australia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Australia</a> for breaches of privacy. Critics argue that the police's use of Clearview puts everyone into a "perpetual police line-up". "Whenever they have a photo of a suspect, they will compare it to your face," says Matthew Guariglia from the <a href="https://mastodon.social/@eff" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@eff</a> says. "It's far too invasive.""<a href="https://www.bbc.com/news/technology-65057011" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.bbc.com/news/technology-65057011</a><a href="https://todon.eu/tags/Surveillance" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Surveillance</a> <a href="https://todon.eu/tags/faceID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#faceID</a> <a href="https://todon.eu/tags/%C3%9Cberwachung" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Überwachung</a> <a href="https://todon.eu/tags/police" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#police</a> <a href="https://todon.eu/tags/netzpolitik" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#netzpolitik</a> <a href="https://todon.eu/tags/antireport" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#antireport</a> <a href="https://todon.eu/tags/reclaimyourface" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#reclaimyourface</a>

Recent searches

Search options

Administered by:

Server stats:

#faceid