New in OS X: Get MacRumors Push Notifications on your Mac

Resubscribe Now Close

iTunes Backup Passwords 'Much Easier' to Crack in iOS 10, Apple Working on Fix

iOS 10 uses a new password verification mechanism for iTunes backups that makes them easier to crack, according to testing performed by Elcomsoft, a company that specializes in software designed to access iPhone data.

Encrypted iTunes backups created on a Mac or PC are protected by a password that can potentially be brute forced by password cracking software. The backup method in iOS 10 "skips certain security checks," allowing Elcomsoft to try backup passwords "approximately 2500 times faster" compared to iOS 9 and earlier operating systems.

ios10
Obtaining the password for an iTunes backup provides access to all data on the phone, including that stored in Keychain, which holds all of a user's passwords and other sensitive information.
At this time, we have an early implementation featuring CPU-only recovery. The new security check is approximately 2,500 times weaker compared to the old one that was used in iOS 9 backups. At this time, we are getting these speeds:

iOS 9 (CPU): 2,400 passwords per second (Intel i5)
iOS 9 (GPU): 150,000 passwords per second (NVIDIA GTX 1080)
iOS 10 (CPU): 6,000,000 passwords per second (Intel i5)
In specific terms, security analyst Per Thorsheim of Peerlyst says Apple has switched from using a PBKDF2 hashing algorithm with 10,000 iterations to using a SHA256 algorithm with a single iteration, allowing for a significant speed increase when brute forcing a password.

ios10passwordcrackingelcomsoft
Image via Peerlyst

In a statement given to Forbes, Apple confirmed it is aware of the issue and is working on a fix.
"We're aware of an issue that affects the encryption strength for backups of devices on iOS 10 when backing up to iTunes on the Mac or PC. We are addressing this issue in an upcoming security update. This does not affect iCloud backups," a spokesperson said. "We recommend users ensure their Mac or PC are protected with strong passwords and can only be accessed by authorized users. Additional security is also available with FileVault whole disk encryption."
As Apple points out, this security oversight is limited to backups created on a Mac or PC and does not affect the security of iCloud backups. Most users likely do not need to worry about this issue as it requires access to the Mac or PC that was used to make the backup.

Apple has updates for iOS 10 and macOS Sierra in the works, and it's possible a fix will be included in the new versions of the software. iOS 10.1 and macOS Sierra 10.12.1 were seeded to developers and public beta testers earlier this week.

Related Roundup: iOS 10

Snapchat Announces 'Spectacles,' $130 Sunglasses That Record 10 Seconds of Video at a Time

Snapchat has announced its first hardware product, a one-size-fits-all pair of sunglasses called Spectacles that can record 10 seconds of video at a time, reports The Wall Street Journal. The glasses will cost $130 and launch this fall in three colors: teal, black and coral. Video will sync wirelessly to a paired iPhone or other smartphone.

spectacles
Snap CEO Evan Spiegel in Spectacles, Photo by The WSJ

The glasses record when you tap a button near the hinge, and each tap records 10 seconds of video footage from its 115-degree-angle lens. The lens was designed to be wider than smartphone cameras, more closely mirroring the natural view of human eyes. The video is recorded in a circular format, as Snapchat CEO Evan Spiegel argues that the square and rectangle form that photos and videos currently come in are a vestige of early photos being printed on paper.

Snapchat has been developing Spectacles for years, and Spiegel has been testing the device himself for a year. He tells The WSJ that one of the advantages of Spectacles is not having to hold a smartphone in front of your face because it's "like a wall." Re-watching first-person footage is like reliving a memory, Spiegel argues.
He remembers testing a prototype in early 2015 while hiking with his fiancée, supermodel Miranda Kerr. “It was our first vacation, and we went to Big Sur for a day or two. We were walking through the woods, stepping over logs, looking up at the beautiful trees. And when I got the footage back and watched it, I could see my own memory, through my own eyes—it was unbelievable. It’s one thing to see images of an experience you had, but it’s another thing to have an experience of the experience. It was the closest I’d ever come to feeling like I was there again.”
Spiegel refers to Spectacles as a "toy," and that the best use of it would be to wear it at an outdoor concert or barbecue "for kicks." The company is taking a slow approach to launch with limited distribution, similar to Google Glass. Spiegel says Snapchat wants to "figure out if it fits into people's lives and seeing how they like it." When asked why they made the product and decided to enter the hardware market, Spiegel said "because it's fun."

Snapchat has also changed its company name to Snap, Inc as it has expanded its portfolio past its Snapchat app, similar to how Apple changed its name from Apple Computer.

Spiegel thinks of the newly-dubbed Snap, Inc as a camera company rather than a social media company, The WSJ notes. He studied the early histories of Kodak and Polaroid and how they pitched portable cameras to the public. Spectacles gives Snap control of a physical camera, bypassing the smartphone cameras, like that of the iPhone, at the heart of Snapchat thus far. Spiegel hints to The WSJ that there could be "far-reaching implications" if Snap controlled the hardware its users take pictures and video with.

Apple to Offer 'Spoken Editions' of Written News on iTunes

Apple is planning on turning news stories and articles from popular news sites into audio podcasts called "Spoken Editions," reports TechCrunch. Spoken Editions will be short broadcasts that transform content from publishers into spoken word instead of written word, making it possible for customers to listen to their favorite news sites.

An early leak on iTunes suggests Apple has already teamed up with several publishers, including Wired, TIME, and Forbes, offering dedicated "Spoken Edition" sections on company iTunes pages.

spokeneditions
Wired, for example, will launch Spoken Editions for "Business," "Science," and its homepage. TIME has will offer a Spoken Edition called "The Brief." Forbes, .Mic, Bustle, Playboy, OZY, and - yep - TechCrunch (which I discovered while browsing our iTunes page, of all things), will have Spoken Editions, it seems, as all popped up for a time on iTunes.

The links to all the publishers' Spoken Editions have since been pulled, after our discovery and outreach.
Some digging by TechCrunch suggests many of the publishers' Spoken Edition podcasts were created by SpokenLayer, a company that creates streaming audio and podcasts for media brands using text. SpokenLayer already works with a host of publishers like Forbes, Huffington Post, TIME, Reuters, and more, with audio recordings distributed on iTunes, SoundCloud, and other sources.

Spoken Editions will include audio ads, with revenue shared between the publisher and SpokenLayer, and the company makes an effort to make sure each brand sounds unique. "We make sure Wired sounds like Wired and any other publication sounds like those publications," SpokenLayer CEO Will Mayo told TechCrunch.

Spoken Editions are set to launch soon, rolling out in early October.

Apple Restricts iPhone 7 Reservations to Upgrade Program Members

iphone-7-front-backApple recently updated the confirmation email it sends to customers who reserve an iPhone 7 or iPhone 7 Plus to clarify that in-store reservations are now limited to iPhone Upgrade Program members in the United States.

Apple allows upgraders to reserve an iPhone through its iPhone Upgrade Program reservation system for pick up in store, but many customers were able to bypass the program and pay in full or with carrier financing instead upon arriving at their local Apple retail store.

Old wording:
Can I change to a different form of payment for the iPhone Upgrade Program?
Yes. You can also upgrade your iPhone to carrier financing or purchase it at full price. Ask a Specialist for more information.
New wording:
Can I change from the iPhone Upgrade Program to a different form of payment?
Yes. You must be currently enrolled in the iPhone Upgrade Program, so that you can upgrade your iPhone to carrier financing, or purchase at full price. Ask a Specialist for more information.
MacRumors reader DSTOFEL was one of many customers previously able to reserve an iPhone 7 or iPhone 7 Plus online and pay for it outright at an Apple Store without enrolling in the iPhone Upgrade Program:
I did this last Sunday and it went off without a hitch! I used the iPhone Upgrade Program reservation link to reserve my iPhone 7 at my local Apple Store. I was not a member of the iPhone Upgrade Program at the time and had no plan to join it. I showed up at the store, they had my phone and I just told them I wanted to purchase at full price. Not a problem!
But since the change in wording, it appears that Apple has already turned away some non-upgraders attempting to purchase an iPhone through the Upgrade Program reservation system without signing up for the program.

MacRumors reader vsp attempted to purchase an iPhone 7 for full price last night, for example, but an Apple retail employee allegedly would not let him:
I just tried this earlier today and wasn't able to purchase one I reserved with a different carrier. According to the clerk, they received notice yesterday that some of the iPhones were reserved for people enrolled in the Upgrade Program and they couldn't sell to me outright.
While many other MacRumors and Reddit users have faced the same situation since yesterday or so, some customers have still managed to reserve an iPhone and pay in full or with carrier financing. For that reason, your mileage may vary, and non-upgraders are recommended to call their local Apple retail store and request to speak with a manager before placing a reservation.

For its part, Apple's reservation page has always noted that a 24-month installment loan through Citizens Bank, which finances the iPhone Upgrade Program, is required -- this change just cements it. In other countries where the iPhone Upgrade Program does not exist, such as Canada, all customers are able to use Reserve and Pick Up regardless of their payment method of choice.

Apple Watch Series 2: A Swimmer's Perspective

As a lifelong swimmer, I found the addition of 50-meter water resistance and swim workout tracking in the Apple Watch Series 2 to be a welcome improvement that made the new watch a must-have upgrade for me. While the original Apple Watch was not rated for swimming, many users had no issues regularly using it in the water, although its lack of built-in swim tracking features limited its usefulness.

apple_watch_swim_wrist
With Apple Watch Series 2, Apple has not only upgraded the water resistance with new gaskets and seals to make it suitable for swimming, but added new Pool Swim and Open Water Swim workouts to help track your progress. As part of the Apple Watch Series 2 introduction earlier this month, Apple highlighted how it worked with swimmers in the company's fitness labs to develop the software to accurately track swim workouts, from using the accelerometer in the watch to measure arm movements to tracking energy expenditures during workouts.

So how well does the new Apple Watch work when you take it for some swims in a pool? Let's take a look.

➜ Click here to read rest of article...

Related Roundups: Apple Watch Series 2, watchOS 3
Buyer's Guide: Apple Watch (Buy Now)

UPS Working to Expedite iPhone 7 Deliveries Following Weather and Mechanical Delays

iphone-ups-logoYesterday, we reported that some iPhone 7 and iPhone 7 Plus shipments have experienced irregular movement or delays during delivery between China or South Korea and their final destinations in the United States.

UPS has since confirmed to MacRumors that a small number of deliveries were impacted due to a mechanical problem and weather delay, while it is still investigating the reason for erroneous tracking notices.
UPS experienced a mechanical problem on one flight and a weather delay on another flight containing iPhones. The cargo was redirected, but not in time to avoid minor delays in residential deliveries of these packages. None of the phones were returned to their origin or routed on extraneous legs of the journey to their final destination.

We are still investigating the reason for the erroneous tracking notices. When the packages receive their next physical scan at a UPS facility, the ups.com tracking information will be updated to reflect the next planned delivery date. UPS is working to expedite these deliveries as rapidly as possible. The updated delivery date may be improved and another status update posted. To be informed of latest status, consumers can request text or email notification by selecting the “Notify me with Updates” feature when tracking their shipment on ups.com.
Apple began accepting iPhone 7 and iPhone 7 Plus pre-orders on September 9, and it took less than 20 minutes for supplies of popular models to begin selling out. iPhone 7 Plus and Jet Black models have been most constrained, but some customers originally quoted October to November delivery dates for Jet Black iPhone 7 Plus models have seen their orders ship sooner than expected.

Related Roundup: iPhone 7
Tag: UPS

Second Wave iPhone 7 and 7 Plus Launch Kicks Off in Dozens of Countries Around the World

Following their September 16 debut in more than 25 countries around the world, the iPhone 7 and the iPhone 7 Plus are seeing their second wave launch today, debuting in a number of additional countries across Europe and the Middle East.

The iPhone 7 and the iPhone 7 Plus are now available for purchase in the following locations: Andorra, Bahrain, Bosnia and Herzegovina, Bulgaria, Croatia, Cyprus, Czech Republic, Estonia, Greece, Greenland, Guernsey, Hungary, Iceland, Isle of Man, Jersey, Kosovo, Kuwait, Latvia, Liechtenstein, Lithuania, Maldives, Malta, Monaco, Poland, Qatar, Romania, Russia, Saudi Arabia, Slovakia, and Slovenia.

With today's second wave launch, Apple's latest devices have rolled out to more than 55 countries, and will expand to India in the near future with an October 7 launch date planned.

iphone7lineup
In many countries, supplies of the iPhone 7 and especially the iPhone 7 Plus are likely to be severely constrained, as Apple has been struggling to meet demand. In the United States, Apple had no iPhone 7 Plus stock available for walk-in customers on launch day, with all supplies having gone to pre-order customers.

Wait times are up to three to five weeks for the most popular iPhone models, like the Jet Black iPhone 7 Plus, in many countries, with lower two to three week shipping estimates for other devices.

The iPhone 7 and the iPhone 7 Plus feature better water resistance, much improved cameras (with a dual-camera for the 7 Plus), faster processors, brighter, more vivid displays, a redesigned Home button powered by a new Taptic engine and no headphone jack.

The Apple Watch Series 1, Apple Watch Series 2, and Apple Watch Edition are launching in new countries today as well, including Anguilla, Antigua and Barbuda, Cayman Islands, Croatia, Czech Republic, El Salvador, Greece, Guam, Hungary, Jersey, Kuwait, Macau, Monaco, Poland, Qatar, Romania, Russia, Saudi Arabia, Slovakia and the US Virgin Islands.

Apple Watch Hermès Series 2 models are also available as of today in Australia, Belgium, Canada, China, France, Germany, Hong Kong, Italy, Japan, Macau, Russia, Singapore, Spain, Switzerland, Taiwan, UAE, the UK and the US.

Related Roundups: Apple Watch Series 2, watchOS 3, iPhone 7
Buyer's Guide: Apple Watch (Buy Now)

Apple Submits Mystery 'Wireless Device' With Bluetooth and NFC to FCC

Earlier this week, we spotted an Apple filing for a nondescript "wireless device" pass through the FCC ID database. Apple characteristically requested permanent confidentiality for most of the documents in the filing, including photos, user manuals, and schematics, so the entry largely remains a mystery.

What we do know is the device has a model number of A1844, which does not line up with any existing Apple products. A regulatory label shows the device has two Torx screws on the back plate of the device, which appears to have at least two slightly curved edges. The device has an electrical rating of 5.5V to 13.2V.

apple-a1844-fcc-filing
Test reports completed by UL Verification Services also reveal the wireless device has Bluetooth and NFC, although Wi-Fi is not mentioned.

Some websites have speculated the filing could represent a new Apple TV, but the device appears to be smaller based on the artwork -- although there are no exact measurements for scale. The device also has oddly specific regulatory text etched directly on the back of the device, including a wiring guide, which would be uncharacteristic of Apple to include on the exterior of a consumer-facing product.

Perhaps, then, the wireless device is for internal use. Back in 2014, an FCC filing revealed Apple's first-party iBeacon hardware, for example, which the company uses in its retail stores. Originally introduced at WWDC 2013, iBeacon technology enables iOS devices to communicate with transmitters via Bluetooth LE in order to deliver relevant information to apps and services when a user is nearby.

Without any supplemental information, the FCC filing will likely remain a mystery. At this point, virtually any wild speculation is fair game, ranging from a new AirPort Extreme to Apple's widely rumored Siri-enabled speaker for smart homes, although the latter product is reportedly still being prototyped.

Tag: FCC

Apple Releases iOS 10.0.2 With Fixes for Headphone, Photos, and App Extension Bugs

Apple today released the first official update to the iOS 10 operating system, just 10 days after releasing iOS 10 to the public and two days after seeding the first iOS 10.1 beta.

iOS 10.0.2 can be downloaded as an over-the-air update on all devices running iOS 10.

ios10
Today's update includes fixes for several minor bugs that have been discovered since the operating system was released.

A bug that caused the new Lightning EarPods designed for the iPhone 7 and 7 Plus to stop working properly has been addressed. EarPods have been timing out after a short period of time when listening to music, rendering the remote unresponsive and unable to control volume, access Siri, and answer phone calls.

The update also resolves an issue that caused Photos to quit for some users when activating iCloud Photo Library and fixes an issue that prevented enabling some app extensions.

iOS 10 is a major update that includes features like a redesigned Lock screen experience, a revamped Messages app with a full App Store, a Siri SDK for developers, new looks and features for Maps and Apple Music, and tons more.

Related Roundup: iOS 10

Apple Watch Hermès Series 2 Models Officially Launch Today

hermes-2Apple Watch Hermès Series 2 models, released on a pre-order basis last week, are now officially available for purchase both online and in stores.

Apple offers seven different Hermès models designed with handcrafted leather, including three with Single Tour bands, two with Double Tour bands, one with a Single Tour Deployment Buckle, and one with a Double Buckle Cuff. Prices range between $1,149 and $1,499 in the United States.

The new models serve as a refresh to last year's original Apple Watch Hermès lineup, released in October 2015. The new Series 2 models have the same custom Hermès watch face, but beyond that and the bands, the Hermès models are identical to regular Apple Watch models.


Apple Watch Hermès Series 2 models can be purchased through Apple's website in many countries, while in-store availability is limited to select Apple Store and Hermès locations in Boston, Chicago, Dallas, Honolulu, Houston, Las Vegas, Los Angeles, Miami, New York, Portland, San Francisco, Seattle, Toronto, and Washington D.C.

Apple 'Pressing Ahead' Into Prototype Testing for Echo-Like Smart Home Device Powered by Siri

Apple is said to be "stepping up plans" for its connected smart home device powered by Siri, which would rival the technology that Amazon has made popular in its Alexa-enabled Echo speaker system (via Bloomberg). After two years of research and development, the Apple device is said to be in prototype testing, but because Apple hasn't officially finalized any plans it "could still scrap the project."

Similar to Echo, the Siri device is said to be able to control smart home accessories like lights, locks, and curtains all through voice activation, and would most notably be the first new piece of Apple hardware introduced since the Apple Watch, and the iPad before that. To compete with Amazon -- and Google's own similar device called "Google Home" -- Apple will introduce "more advanced microphone and speaker technology," according to people close to the project. This could potentially include an ecosystem-wide upgrade to Siri's current functionality.

amazon-echo
Beyond the home device, Apple is researching new ways to improve Siri on iPhones and iPads, two people said. With an initiative code-named “Invisible Hand,” Apple hopes to give users the ability to fully control their devices through a Siri command system within three years, one of the people added. Currently, the voice assistant is able to respond to commands within its application, but Apple’s goal is for Siri to be able to control the entire system without having to open an app or reactivate Siri.

For example, a user would be able to ask their iPhone to open a web page and then share it with a friend without the need to ever launch the Siri interface. Other examples from Apple’s current research include being able to print a PDF by speaking “print” while reading it or saying “help” in order for the system to help the user navigate a particular task or application. Apple has also been researching opening this ability to third-party apps, the person said.
A few prototypes in testing are said to include technology related to facial recognition, potentially fueled by Apple's acquisition of Faceshift and Emotient, "which may help the device act based on who is in a room or a person’s emotional state." Otherwise, the device will be able to perform all of the Siri actions expected of the personal assistant, including responding to text messages, playing music, searching the internet, and more. Apple Maps integration is a possibility, which Apple is considering so Siri could alert you exactly when to leave the house for an appointment.

Before it moved to a standalone speaker unit, Apple considered introducing Siri into a voice-activated feature on the new Apple TV, but the company decided on a more reliable button addition to the Apple TV remote over shouting commands across a room to activate Siri. In its original testing in 2014, Apple crafted a small and a large version of the Siri speaker, said to be like the Amazon Echo and Amazon Echo Dot, "but those early efforts may not translate into a final product."

The prototype phase has advanced to the point of Apple engineers testing the device in their own homes, according to the individuals with knowledge of the project. As Bloomberg pointed out, while this is not an exact measure of when the Siri speaker might launch, Apple CEO Tim Cook was known to test out the original iPad at his home "for roughly six months before its introduction." Apple employees also tested out the fourth-generation Apple TV about a year before its launch in 2015.

Ultimately, the Siri speaker is described as a way for Apple to "augment the iPhone," and drive sales for the company's devices following a year where it faced dwindling returns for its iPhone line. Its most recent device launches for the iPhone 7, iPhone 7 Plus, and Apple Watch Series 2 have all faced the expected initial shortages most Apple products encounter in their first few weeks on the market, but Apple has chosen not to reveal first weekend sales numbers for the iPhone 7 because it feels the results are "no longer a representative metric" due to demand outweighing supply.

At Least 500 Million Yahoo Accounts Hacked in Late 2014

Yahoo today confirmed that "at least" 500 million Yahoo accounts were compromised in an attack in late 2014, leaking customer information like names, email addresses, telephone numbers, birthdates, hashed passwords, and both encrypted and unencrypted security questions and answers.

Yahoo does not believe unprotected passwords, payment card data, or bank account information was accessed, as that data is not stored in the system that was hacked. According to Yahoo, account information was stolen by a "state-sponsored actor" and the company is working with law enforcement on a full investigation.

yahoo
Starting today, Yahoo will notify all affected users and is asking them to change their passwords immediately if passwords have not been changed since 2014. All compromised security questions and answers have also been invalidated. Yahoo has laid out a set of recommendations for all customers who might have had data stolen:
-Change your password and security questions and answers for any other accounts on which you used the same or similar information used for your Yahoo account.
- Review your accounts for suspicious activity.
- Be cautious of any unsolicited communications that ask for your personal information or refer you to a web page asking for personal information.
- Avoid clicking on links or downloading attachments from suspicious emails.
- Additionally, please consider using Yahoo Account Key, a simple authentication tool that eliminates the need to use a password altogether.
Yahoo first said it was investigating a data breach earlier this summer after hackers started selling account access online. The full scope of the attack was not revealed until today and could potentially affect Yahoo's sale to Verizon.

Tag: Yahoo