Tag: apple

How a Well-Regarded Mac App Became a Trojan Horse

In the early days of macOS Mojave in 2018, Apple hadn’t offered users a way to automatically switch to dark and light mode at different times of the day. As usual, there were third-party developers eager to pick up the slack. One of the more well-regarded night mode apps to fix this issue was NightOwl, first released in the middle of 2018, a small app with a simple utility that could run in the background during day-to-day use.

With more official macOS features added in 2021 that enabled the “Night Shift” dark mode, the NightOwl app was left forlorn and forgotten on many older Macs. Few of those supposed tens of thousands of users likely noticed when the app they ran in the background of their older Macs was bought by another company, nor when earlier this year that company silently updated the dark mode app so that it hijacked their machines in order to send their IP data through a server network of affected computers, AKA a botnet.

After some users noted issues with the app after a June update, web developer Taylor Robinson discovered the problem ran deep, as the program redirected users’ computers’ connections without any notification. The real dark mode turned out to be the transformation of a respectable Mac app into a playground for data harvesters.

In an email with Gizmodo, Robinson broke down their own investigation into the app. They found that NightOwl installs a launcher that turns the users’ computer into a kind of botnet agent for data that’s sold to third parties. The updated 0.4.5.4 version of NightOwl, released June 13, runs a local HTTP proxy without users’ direct knowledge or consent, they said. The only hint NightOwl gives to users that something’s afoot is a consent notice after they hit the download button, saying the app uses Google Analytics for anonymized tracking and bugs. The botnet settings cannot be disabled through the app, and in order to remove the modifications made to a Mac, users need to run several commands in the Mac Terminal app to excise the vestiges of the code from their system, per Robinson.

It’s currently unclear how many users were affected by the seemingly malicious code, especially as NightOwl has since become unavailable on both the website and app store. The NightOwl site claims the app was downloaded more than 141,000 times, and that there were more than 27,000 active users on the app. Even if the app lost most of its users after Apple installed new Dark Mode software, there were potentially thousands of users running NightOwl on their old Macs.

Keep reading

Apple turned off a private communication tool in China just before major protests broke out

Earlier this month, Apple restricted the use of AirDrop in China. The file-sharing tool for iOS was used by protesters to communicate freely without the risk of censorship, because the tool uses direct connections between devices, creating a local network that cannot be monitored by government internet regulators.

Initially, people could choose to receive AirDrops from everyone nearby. However, a recent iOS update has made that impossible. The update made a change to AirDrop’s usage that only applies in mainland China, while the rest of the world can still use it to communicate as before.

Users in China can only receive from everyone nearby for only ten minutes, putting restrictions on how it’s used.

AirDrop has been used by protesters in Hong Kong to communicate with other protesters and bystanders, as well as send messages to tourists from mainland China. On the mainland, protesters have used AirDrop to spread protest literature.

Keep reading

Apple and Meta Gave User Data to Hackers Who Used Forged Legal Requests

Apple and Meta provided basic subscriber details, such as a customer’s address, phone number and IP address, in mid-2021 in response to the forged “emergency data requests.” Normally, such requests are only provided with a search warrant or subpoena signed by a judge, according to the people. However, the emergency requests don’t require a court order.

Snap Inc. received a forged legal request from the same hackers, but it isn’t known whether the company provided data in response. It’s also not clear how many times the companies provided data prompted by forged legal requests.

Cybersecurity researchers suspect that some of the hackers sending the forged requests are minors located in the U.K. and the U.S. One of the minors is also believed to be the mastermind behind the cybercrime group Lapsus$, which hacked Microsoft Corp., Samsung Electronics Co. and Nvidia Corp., among others, the people said. City of London Police recently arrested seven people in connection with an investigation into the Lapsus$ hacking group; the probe is ongoing.

Keep reading

Leaked Documents Show Apple’s Attempts to Silence Whistleblowers

Tech giant Apple previously told the SEC that it does not attempt to silence employees in relation to workplace harassment or discrimination, but a whistleblower’s nondisclosure agreement is bringing new scrutiny to this claim.

Business Insider reports that on October 18, tech giant Apple made a number of statements to the Securities and Exchange Commission (SEC) including claims that the company does not attempt to silence former employees or whistleblowers in relation to the company’s working conditions.

Now, a new nondisclosure agreement given to a company whistleblower is bringing greater scrutiny to these claims. Apple’s lawyers reportedly wanted former engineer Cher Scarlett to state only the following words upon her departure from the company: “After 18 months at Apple, I’ve decided it is time to move on and pursue other opportunities.”

This language was included in an extremely strict nondisclosure and non-disparagement agreement as part of a separation agreement that Apple offered Scarlett last month. Scarlett, who spent months working to improve pay equity at Apple allegedly resulting in harassment and intimidation from the company, said that when she received the nondisclosure agreement she was “shocked.”

She added: “In my mind, I should be able to say whatever I want as long as I’m not defaming Apple.” Scarlett refused to sign the gag order but was reminded of the agreement upon seeing Apple’s statements to the SEC.

Apple claimed that when it comes to NDAs “in the context of harassment, discrimination, and other unlawful acts,” its “policy is to not use such clauses.” Scarlett filed a whistleblower complaint with the SEC on October 25 in which she claims Apple made “false statements or misleading statements” to the SEC.

Keep reading

Scanning your iPhone for Pegasus, NSO Group’s malware

In collaboration with more than a dozen other news organizations The Guardian recently published an exposé about Pegasus, a toolkit for infecting mobile phones that is sold to governments around the world by NSO Group. It’s used to target political leaders and their families, human rights activists, political dissidents, journalists, and so on, and surreptitiously download their messages/photos/location data, record their microphone, and otherwise spy on them. As part of the investigation, Amnesty International wrote a blog post with their forensic analysis of several compromised phones, as well as an open source tool, Mobile Verification Toolkit, for scanning your mobile device for these indicators. MVT supports both iOS and Android, and in this blog post we’ll install and run the scanner against my iOS device.

Keep reading

Apple’s Plan to “Think Different” About Encryption Opens a Backdoor to Your Private Life

Apple has announced impending changes to its operating systems that include new “protections for children” features in iCloud and iMessage. If you’ve spent any time following the Crypto Wars, you know what this means: Apple is planning to build a backdoor into its data storage system and its messaging system.

Child exploitation is a serious problem, and Apple isn’t the first tech company to bend its privacy-protective stance in an attempt to combat it. But that choice will come at a high price for overall user privacy. Apple can explain at length how its technical implementation will preserve privacy and security in its proposed backdoor, but at the end of the day, even a thoroughly documented, carefully thought-out, and narrowly-scoped backdoor is still a backdoor.

To say that we are disappointed by Apple’s plans is an understatement. Apple has historically been a champion of end-to-end encryption, for all of the same reasons that EFF has articulated time and time again. Apple’s compromise on end-to-end encryption may appease government agencies in the U.S. and abroad, but it is a shocking about-face for users who have relied on the company’s leadership in privacy and security.

Keep reading

Apple bans, at Amazon’s request, app that reveals fake Amazon reviews

Calling out scammers has always been a perilous approach when it comes to tech giants.

Amazon has requested that Apple delete from its App Store the app Fakespot, a popular service that tries to uncover false reviews on Amazon.

The incident put two of the internet industry’s greatest behemoths against a small startup and Fakespot is disappointed.

Keep reading

7 Apple suppliers in China have links to forced labor programs, including the use of Uyghur Muslims from Xinjiang, according to a new report

Seven of Apple’s suppliers were found to be linked to suspected forced labor of Uyghur Muslims and other persecuted groups sourced from the Xinjiang region, according to an investigation by The Information.

Apple has previously denied using suppliers that rely on the forced labor of Uyghurs, a Muslim minority group that has faced persecution in China. The Information’s investigation suggests the use of forced labor by some of Apple’s largest suppliers is more widespread than previously reported.

Apple did not immediately respond to Insider’s request for comment.

As the Information notes, just one of the suppliers is in Xinjiang, the western region of China that consists predominately of the Uyghur Muslim population, which is native to the area. Other workers were shipped from Xinjiang to companies like Luxshare, which is one of Apple’s biggest Chinese suppliers, according to records viewed by the outlet.

Keep reading