Privacy

Update January 6, 2025: In a new statement to 9to5Mac, Apple says:

Siri has been engineered to protect user privacy from the beginning. Siri data has never been used to build marketing profiles and it has never been sold to anyone for any purpose. Apple settled this case to avoid additional litigation so we can move forward from concerns about third-party grading that we already addressed in 2019. We use Siri data to improve Siri, and we are constantly developing technologies to make Siri even more private.

Find more details in our new story on the subject.

Over five years ago, Apple was hit with a lawsuit over ‘unlawful and intentional recording’ of Siri interactions. Now finally, the case is coming to an end, with Apple agreeing to pay $95 million in a settlement.

Phishing attacks are about to get a whole lot more convincing. A new report warns that scammers are now using AI to scrape information about you from your online profiles in order to send hyper-personalized emails which target your login credentials.

By finding out everything from your employer to your interests, scammers can send emails which have a far greater chance of appearing to be genuine …

I’ve been arguing that passwords are horrible for the best part of a decade now, and was an enthusiastic early adopter of the far better approach of passkeys.

Passkeys were supposed to achieve the holy grail of an approach which is both more secure than passwords and so easy to use that everyone would adopt them. But a new piece outlines four problems with the technology …

A US Army soldier has been arrested on suspicion of extorting money from AT&T and Verizon, following data breaches which saw a massive amount of customer data obtained.

The 20-year-old was arrested near the Army base in Fort Hood, Texas, on suspicion of being the cybercriminal known as Kiberphant0m – and statements by his mother aren’t likely to help …

A developer has noted that Apple’s Photos app shares your iPhone photos with Apple by default, for an iOS 18 feature known as Enhanced Visual Search.

This is an expansion of the older Visual Look Up feature, which can recognize objects within your photos, but a privacy note in the Settings app implies that it sends more data to Apple …

The Federal Trade Commission (FTC) has responded to a series of massive Marriott and Starwood data breaches, ordering the companies to make no fewer than 13 changes to ensure it can’t happen again.

More than 344 million customers were impacted by three separate security breaches, which revealed personal data that included credit card details and passport information …

A report over the weekend suggested an Apple smart home doorbell with support for Face ID is in development. It follows an earlier report of an Apple smart home camera next year.

While it could be argued that both are commodity products, and that Apple’s most important contribution is the HomeKit platform rather than the hardware, there seems little doubt about the opportunity here …

The most popular home internet router brand in the US may be banned from sale in the country over fears that it represents a threat to national security.

Three separate US agencies have opened investigations into TP-Link routers, which account for 65% of the US market, in part because badged versions are supplied to customers by more than 300 ISPs …

Amnesty International says a security vulnerability in HomeKit was used to target iPhones belonging to Serbian journalists and activists.

The civil rights organization conducted an investigation after Apple notified two of the victims that their devices had been compromised by Pegasus spyware …

An official government report has concluded that the Trump-era Department of Justice (DOJ) did not obtain the required authorizations before demanding customer call and message data from Apple and others.

It also failed to obtain authorization from the Attorney General before imposing a gag order on Apple, preventing it from disclosing the fact that it had been forced to hand over the personal data …

Thousands of CSAM victims are suing Apple for dropping plans to scan devices for the presence of child sexual abuse materials.

In addition to facing more than $1.2B in penalties, the company could be forced to reinstate the plans it dropped after many of us pointed to the risk of misuse by repressive regimes …

A newly-released app lets you regularly scan your iPhone for Pegasus spyware – which can access almost all the data on a phone – for a one-off cost of just one dollar.

A mobile security firm created the app, which allows you to scan your iPhone or Android phone and send the results to them for analysis – and they’ve so far detected seven phones infected by the spyware …

Popular video conferencing platform Zoom agreed to pay $85M in compensation back in 2021 after it was revealed that the company lied to users about the type of encryption it offered. It has now offered to pay an $18M fine to the Securities & Exchange Commission (SEC) in order to settle an investigation into the same security and privacy issue.

Zoom disclosed the offer in a regulatory filing …

Some six years after virtual private network company NordVPN started searching data breaches for the most-used passwords, things are every bit as bad as when the company started.

Each year, the company searches the dark web for passwords stolen by malware or exposed in security breaches to determine the most commonly-used passwords, and this year’s crop is as depressing as ever …

Earlier this week Ming-Chi Kuo suggested that we’ll see an Apple smart home camera in 2026, with the company confident it will prove to be a popular accessory, selling in the tens of millions per year.

Given Apple’s habit of minimizing the number of products it makes, if the report is accurate the company must feel there’s good reason to enter a crowded product category, and I think an Apple camera will likely differentiate itself in two ways: privacy, and Apple Intelligence …

A UnitedHealth hack exposed the personal information and health data of more than 100M Americans – the first time the company has put a specific number on the security breach.

A ransomware attack was made on Change Healthcare back in February, but it was only yesterday that the company revealed its “unprecedented magnitude” …

Apple Intelligence is launching later this month, bringing a first wave of AI features to your iPhone, iPad, and Mac. But as with all AI technology, the matter of privacy is a key one to pay attention to. How does Apple Intelligence handle user privacy? Here’s what you should know.

One of the new features of iOS 18 and macOS Sequoia is iPhone Mirroring – but using this with a personal iPhone on a work Mac currently creates a privacy risk for employees, and a legal risk for businesses.

The problem, as cybersecurity company Sevco discovered, is that apps on the iPhone get treated as Mac apps, and that means their presence is included in corporate IT audits …

It was revealed this weekend that Chinese hackers managed to access systems run by three of the largest internet service providers (ISPs) in the US.

What’s notable about the attack is that it compromised security backdoors deliberately created to allow for wiretaps by US law enforcement …

A MoneyGram hack has seen an attacker obtain the personal data of an unknown number of the company’s 50 million money transfer users.

A separate hack of a debt collection company has seen personal data obtained for more than 200,000 Comcast customers, despite previous assurances that this was not the case …

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

I’m in the midst of traveling to Ukraine this week for OFTWv2.0, and I can’t help but think about the comments on last week’s edition of Security Bite defending the VPN apps that still exist on the App Store in Russia. While almost every app from legitimate providers in the country has been removed, Russian users can still find a surplus of VPN options claiming to offer secure encryption and private browsing. The only question being–really?