Tag: iCloud

Posted on by

Apple devices are at ‘most risk’ in UK following government ‘backdoor’ order

Users of Apple devices in the UK are “at the most risk in the world” of being hacked, following a secret government order requiring the tech company to allow ‘backdoor’ access to its users’ encrypted data, the House of Lords heard on Monday 31 March.

Liberal peer Paul Strasburger pressed the government to answer questions about a decision by the home secretary, Yvette Cooper, to issue a secret notice against Apple.

The order, first reported in the Wall Street Journal, extends law enforcement and intelligence services’ access to encrypted data stored on Apple’s iCloud to include users of Apple’s secure Advanced Data Protection (ADP) service.

In questions posed in the House of Lords on Monday, Strasburger said the government had “demonstrated its disdain for the privacy and digital security of British citizens and companies” by issuing the TCN against Apple.

The Liberal peer said the order would introduce weaknesses to encryption on Apple devices that could be exploited by criminals and hostile states.

“Strong encryption is essential to protect our data and our commerce from attack by organised crime and rogue states,” he said. “Any weakness inserted into encryption for the benefit of the authorities is also available to those who would do us harm – yet that is precisely what the government are demanding from Apple.”

Tribunal held closed-door hearing

Apple is challenging the legality of the government’s order in the Investigatory Powers Tribunal (IPT), which discussed arguments in a closed-door hearing on 14 March.

Civil society groups Privacy International and Liberty, along with two individuals whose security has been impacted by the government’s order against Apple, have filed separate legal interventions.

Ten newspapers, publishers and broadcasters – including Computer Weekly – have also filed legal submissions calling for Apple’s appeal against the widely publicised order to be heard in open court on public interest grounds.

Non-affiliated peer Claire Fox said it was not possible for Apple to open doors to its customers’ data in a way that would ensure that only the police and intelligence services would have access to its users’ encrypted data.

“It is obvious that criminals, foreign adversaries and others would exploit that weakness,” she said.

Fox said it was baffling if the Home Office was choosing to “bully tech companies into undermining their users’ privacy, security, civil liberties and free speech” while at the same time seeking to establish the UK as a leading hub for innovation and technology.

Liberal democrat peer Tim Clement Jones told the Lords that the government could be in breach of the European Court of Human Rights following a key judgment by the court last year.

In the case of Podchasov v Russia, the European Court of Human Rights found that weakening end-to-end encryption or creating backdoors could not be justified under human rights law.

Labour peer Toby Harris asked what consideration had been given to the trade-off between the “general weakening of security and confidentiality” compared with the gains made by the security services in being able to decrypt data stored by Apple.

Home Office minister and Labour peer David Hanson repeatedly declined to answer questions from peers, citing national security reasons.

“We have a long-standing position of protecting privacy while ensuring that action can be taken against child sexual abusers and terrorists,” he said.

“I cannot comment on operational matters today, including neither confirming nor denying the existence of any notices. This has been the long-standing position of successive UK governments for reasons of national security.”

Conservative peer Daniel Moylan pressed Hanson to comment on Apple’s decision to publicly withdraw its ADP encryption service from the UK, even if he could not comment on whether a notice had been issued.

He also asked the home office minister whether the US and UK governments had any high-level discussions about the order against Apple.  

Bloomberg reported on 13 March that the US and UK governments were holding private talks in an attempt to resolve US concerns that the UK was trying to force Apple to create a backdoor that would allow the UK access to encrypted data belonging to US citizens.

Hanson said he could not comment on the matter.

“Decisions made by Apple are a matter for Apple, and the removal of any features is a matter for Apple. Again, for reasons of national security I cannot confirm or deny any conversations that we have had or any issues that are undertaken,” he said

The Investigatory Powers Act contained “robust safeguards” and “oversight to protect privacy and ensure that data is obtained only on an exceptional basis and only when necessary and proportionate to do so”, he added.

A Home Office spokesperson said: “We do not comment on operational matters, including, for example, confirming or denying the existence of any such notices.”

Media companies have asked the Investigatory Powers Tribunal to hold hearings into Apple’s appeal against the technical capability notice in open court.

Separately, Big Brother Watch, Index on Censorship and the Open Rights Group have written an open letter to the tribunal calling for an open court hearing.

The media companies challenging the secrecy of Apple’s appeal in the Investigatory Powers Tribunal are Associated Newspapers Ltd, the British Broadcasting Corporation, Computer Weekly, Financial Times Group, Guardian News & Media, News Group Newspapers, Reuters News and Media, Sky News, Telegraph Media Group and Times Media.

Source

Posted on by

Secret London tribunal to hear appeal in Apple vs government battle over encryption

A secret tribunal is due to meet at the High Court in London this week to hear tech giant Apple appeal against a Home Office order to compromise the encryption of data stored by its customers on the iCloud service worldwide.

The Investigatory Powers Tribunal (IPT) has taken the unusual step of publishing a notification of a closed-door hearing on Friday 14 March, days after leaks revealed that Apple was intending to appeal against the secret order.

Press and civil society groups are expected to petition the Tribunal, which rules on matters of national security, to hold the hearings in open court, given the important public interest surrounding the case and the fact the government’s order has been widely leaked.

The decision by home secretary Yvette Cooper to issue a Technical Capability Notice requiring Apple to give UK law enforcement and intelligence services “backdoor” access to data stored by Apple’s customers on the encrypted version of its iCloud service, has raised tensions between the UK and the US.

US lawmakers are expected to intervene further in the case after the US director of national intelligence Tulsi Gabbard – President Trump’s most senior advisor on intelligence and security – warned that any order from the UK that could put Americans’ privacy at risk would be a “clear and egregious violation”.

As a result of the UK government’s move, Apple in the UK has withdrawn its Advanced Data Protection (ADP) service which allows users to store data in end-to-end encrypted form on iCloud.

The decision is likely to expose people in the UK using Apple services to greater risk of cyber threat as they will no longer have the ability to encrypt their personal data on Apple’s iCloud with end-to-end encryption, though the service will remain available elsewhere in the world.

The president of the IPT, Lord Justice Rabinder Singh, and a senior High Court Judge, Mr Justice Jeremy Johnson, have made themselves available at short notice to hear a case behind closed doors on the morning of 14 March, according to court listings.

The IPT hears national security cases in secure courts at the High Court in the Strand – the only central London venue authorised for national security cases, aside from a secure court on Chancery Lane used for immigration cases.

A series of leaks about the secret order issued by the UK have made it more difficult for the Home Office and security agencies to maintain a stance of neither confirming nor denying the move against Apple.

Privacy International, which has brought a number of cases against government agencies in the IPT, said the Apple hearings should be conducted in public.

Caroline Wilson Palow, legal director and general counsel at Privacy International said: “This is a very important debate to have in public, because we’re talking about the security of our computer systems that can affect millions, if not billions, of people around the world, given the reported technical capability notice has global reach.”

Last month, over 100 cyber security experts, companies and civil society groups signed a letter calling for home secretary Cooper to drop the demands for Apple to create a backdoor that would allow government access to encrypted communications and data stored on Apple’s iCloud service.

Apple has previously said that despite withdrawing Advanced Data Protection from the UK 14 categories of data stored on Apples iCloud will still be end-to-end encrypted by default, including health data.

UK users will not be able to opt for more secure end-to-end encryption for iCloud Backup; iCloud Drive; Photos; Notes; Reminders; Safari Bookmarks; Siri Shortcuts; Voice Memos; Wallet Passes; and Freeform, a collaboration tool.

Source

Posted on by

Siri needs its iCloud moment: A complete rebrand

Even without the current Apple Intelligence fiasco, we already realized that Apple needs to ditch Siri or rebrand it in favor of a new personal assistant. Long before Apple Intelligence or LLMs started taking over the internet, we already felt like Siri was lost in time.

In the past few years, reports suggested the issue with Cupertino’s personal assistant is bigger than it seems. In 2023, the New York Times reported about the rise and fall of the assistants, including why Siri struggles with what sounds like regular tasks. John Burkey, a former Apple engineer who worked on the virtual assistant, said it had a “cumbersome design that made it time-consuming to add new features.”

In 2014, he was given the job of improving Siri. But since its database contains a gigantic list of words in nearly two dozen languages, its vast knowledge bade it “one big snowball,” as if someone wants to add a word to Siri’s database, “it goes in one big pile.”

With that in mind, Burkey explained that what seemed like small updates, such as new phrases, would require rebuilding the entire database, which could take up to six weeks. More complex features like new search tools could take nearly a year, meaning Siri could never become a creative assistant like ChatGPT unless it’s completely rebuilt.

Tech. Entertainment. Science. Your inbox.

Sign up for the most interesting tech & entertainment news out there.

By signing up, I agree to the Terms of Use and have reviewed the Privacy Notice.

When looking back at this report, it makes sense why Apple decided to indefinitely delay Siri’s on-screen awareness capabilities, as it still doesn’t know which month we are. This is why I think Apple should rebrand Siri and do something similar to what the MobileMe-iCloud transition was.

Siri feels like MobileMe, but Apple was fast enough to address it

Before iCloud was a thing, Apple had MobileMe. The service was available from July 2008 until October 2011, when iCloud was introduced. However, this subscription-based service was very unstable and had several syncing issues.

This is why when Steve Jobs introduced iCloud and said the service “just worked,” he rhetorically asked: “Why should I believe them? They’re the ones that brought me MobileMe!” Still, iCloud was better than MobileMe, and even though it had a few issues over the years, it’s Apple’s main service.

With that in mind, I think Siri needed a similar approach. At this moment, Apple is focusing on reshaping the personal assistant’s command structure. However, I don’t think promoting executives is enough. If Apple wants to be serious about AI, it must catch up with major players and offer a different experience. Should it call the new assistant Newton, Siri 2.0, or Apple Assistant? It doesn’t matter.

Siri’s revamp is urgent, and Cupertino needs to offer a faster response and service to users.

Source

Posted on by

US Congress demands UK lifts gag on Apple encryption order

US lawmakers have hit out at the Home Office for “attempting to gag” US companies by preventing them from telling Congress whether they have been subject to secret UK orders requiring them to hand over their users’ data.

In an unprecedented intervention, five lawmakers from both sides of the US political divide, led by senator Ron Wyden, have written to the UK’s Investigatory Powers Tribunal (IPT) accusing the British government of undermining Congressional oversight and restricting the free speech of US companies.

Their letter comes as the IPT is preparing to hear closed-door arguments from Apple, which is challenging a notice requiring it to extend UK law enforcement’s existing access to encrypted data stored by customers on the Apple iCloud service anywhere in the world to users of Apple’s Advanced Data Protection (ADP) who choose to hold encryption keys privately on their own devices.

British media organisations, including the BBC, The Times, Financial Times, Reuters, The Guardian, The Telegraph and Computer Weekly, have also filed legal submissions with the IPT today, arguing that there is an important public interest in hearing arguments over the UK’s demands against Apple in a public court.

In the Congressional letter, five US senators and congressmen complained to the Investigatory Powers Tribunal that the secrecy surrounding the orders – known as Technical Capability Notices (TCNs) – are impairing Congress’s power and duty to conduct oversight on matters of national security.

The letter disclosed that Apple and Google have informed Congress that were they to have received Technical Capability Notices, they would be barred by UK law from disclosing it to US lawmakers. The UK embassy has also failed to respond to US requests about potential demands by the UK to other US companies.

“By attempting to gag US companies and prohibit them from answering questions from Congress, the UK is both violating the free speech rights of US companies and impairing Congress’s power and duty to conduct oversight on matters of national security,” the lawmakers wrote.

“The UK’s attempted gag has already restricted US companies from engaging in speech that is constitutionally protected under US law and necessary for ongoing Congressional oversight,” they added.

The letter has been signed by democrats senator Ron Wyden from Oregon, who has campaigned for healthcare and the environment; Alex Padilla from California, who is chairman of the Senate Judiciary Subcommittee on Immigration; and Zoe Loefgren, an advocate for digital rights from California.

By attempting to gag US companies and prohibit them from answering questions from Congress, the UK is both violating the free speech rights of US companies and impairing Congress’s power and duty to conduct oversight on matters of national security Congressional letter to the Investigatory Powers Tribunal

Republicans Andy Bigg from Arizona, chair of the House Judiciary Subcommittee on Crime and Federal Government Surveillance and a vocal trump supporter; and Warren Davidson for Ohio, a member of House Financial Services Committee and a former US soldier, have also signed.

Their unified complaint calls on the IPT to apply principles of open justice to the hearing scheduled for Friday, and for all subsequent proceedings in Apple’s appeal against the Technical Capability Notice. 

The lawmakers note that the existence of the TCN has been widely reported and commented on, which makes any argument for closed hearings to keep the existence of the notice secret “unsustainable”.

The existence of the notice has also been confirmed by Apple’s public decision to withdraw its advanced encryption option, known as Advanced Data Protection, for all UK users. Apple would not have done this “unless it felt compelled to do so by a request to insert a backdoor”.

Holding public hearings would allow lawmakers to hear expert evidence from cyber security specialists, civil society representatives and experts on US-UK data flows, enabling the IPT to reach a well-informed decision over the lawfulness of the notice, they said.

Serious concerns over national security 

The lawmakers argue that the UK’s demands against Apple raise “serious concerns which directly impact national security” and therefore warrant public debate. 

As Computer Weekly previously reported, Tulsi Gabbard, the director of national intelligence, stated in a letter to Congress that the UK’s demands would be “a clear and egregious violation of American’s privacy and civil liberties, and open up a serious vulnerability for cyber exploitation by adversarial actors”.

President Donald Trump confirmed in an interview with The Spectator that he had raised the Apple TCN with prime minister Keir Starmer during his visit to Washington, comparing the UK’s actions to the conduct of China.

Chinese exploited US ‘lawful access’

The lawmakers point out that the security of US technology products against surveillance by foreign governments is an important topic for ongoing Congressional oversight following a spate of hacks against the communications of senior US government officials.

China exploited US lawful interception systems in 2023 to reportedly tap the phone calls of Trump and vice-president JD Vance, and to steal millions of phone records after gaining access to major US carriers in the “Salt Typhoon” attack.

In April 2024, hackers stole phone records of “nearly all” AT&T customers, including records of members of the president’s family, the then vice-president, Kamala Harris, and the wife of the now secretary of state, Marco Rubio, in the “snowflake” incident.

And in 2003, China stole more than 60,000 emails from the department of state and compromised the email accounts of US officials and politicians after hacking into Microsoft-hosted US government email accounts.

“The common link between these incidents is that sensitive government data held by third-party companies was not properly secured and subsequently accessed by hackers … most importantly, the Salt Typhoon incident reportedly involved compromising ‘lawful intercept’ systems of the kind that it appears Apple has been ordered to build,” the letter states.

“Given the significant technical complexity of this issue, as well as the important national security harms that will result from weakening cyber security defences, it is imperative that the UK’s technical demands of Apple – and of any other US companies – be subjected to robust, public analysis and debate by cyber security,” the lawmakers wrote.

Vital for US cyber security experts to comment

“Secret court hearings featuring intelligence agencies and a handful of individuals approved by them do not enable robust challenges on highly technical matters. Moreover, given the potential impact on US national security, it is vital that American cyber security experts be permitted to analyse and comment on the security of what is proposed.”

The Home Office’s shocking order to Apple to break encryption represents a huge attack on privacy rights and is unprecedented in any democracy Rebecca Vincent, Big Brother Watch

The lawmakers invited the tribunal to permit US companies to discuss the technical demands they have received under the UK’s Investigatory Powers Act with Congress. The IPT should “invite robust public debate by independent cyber security experts before deciding the merits of the reported challenge that Apple has brought”, they said.

Separately, civil society groups Big Brother Watch, Index on Censorship and Open Rights Group have written to the president of the Investigatory Powers Tribunal, the Rt Hon Lord Justice Singh, calling for the case to be made public.

They argue that the case implicates the privacy rights of millions of British citizens who use Apple’s technology, and those of its overseas customers.

There is a “significant public interest in knowing when and on what basis the UK government believes that it can compel a private company to undermine the privacy and security of its customers”, according to the letter.

Big Brother Watch interim director Rebecca Vincent said the tribunal hearing must not take place in secret. “The Home Office’s shocking order to Apple to break encryption represents a huge attack on privacy rights and is unprecedented in any democracy,” she said.

Index on Censorship CEO Jemimah Steinfeld said breaking encryption would do away with our rights to privacy, make us far less safe and secure online, and challenge the very notion of the UK as a democracy. “With such high stakes, we demand to know what could possibly justify this. We need answers, not more secrecy,” she said.

Open Rights Group executive director Jim Killock said: “If the UK wants to claim the right to make all of Apple’s users more likely to be hacked and blackmailed, then they should argue for that in an open court.”

Source

Posted on by

Your Apple ID was not suspended

With over 2 billion Apple devices in use worldwide, it’s likely that hundreds of millions of people receive scary emails telling them they need to act fast as their Apple ID is in some sort of danger. Maybe the Apple ID was suspended, or perhaps you need to refresh your Apple Pay information because it’s supposedly not up to date.

These emails look similar to what Apple might send. They try to convince you to click a button to help you rectify the problem. That button will lead to a website that looks like Apple’s, but it’s not. 

Whatever you do, don’t click the link, and do not fill in your information. Why? Well, your Apple ID was not suspended, and your Apple Pay cards still work. It’s not Apple contacting you; it’s hackers trying to steal access to your Apple Account.

I get these emails occasionally, and you probably do as well. They’ll even send scary Apple ID emails to email accounts that aren’t actually associated with my Apple Account. They have no way of knowing that, and that’s the first red flag you’re dealing with phishing attacks.

Tech. Entertainment. Science. Your inbox.

Sign up for the most interesting tech & entertainment news out there.

By signing up, I agree to the Terms of Use and have reviewed the Privacy Notice.

By the way, Apple ID is no longer called that. It’s an Apple Account, and that’s another hint that you’ve received a phishing email trying to get access to your login credentials.

How do hackers target you?

With so many data breaches occurring in the past years, hackers have obtained a treasure trove of information about hundreds of millions of people. All they need is a valid email address to start sending phishing attacks in bulk. 

That explains why you’ll receive “Apple ID suspended” emails from email accounts not associated with your Apple Account. 

The hackers hope a percentage of the unsuspecting victims will click the links in the emails where they’d fill in passwords and/or credit card numbers. 

What do the hackers want?

Any phishing attack is looking for access first and foremost. You’ll be told to click a link that looks like something you’d get from Apple. From there, you might be prompted to log into your Apple ID on a website that looks like Apple’s, but it’s fraudulent. Just look at the URL you’re being directed to. It’ll have a strange address rather than something simple associated with Apple.com or iCloud.com.

The attackers might even try to obtain two-factor authentication (2FA) codes from you once you fill in your login details to bypass Apple’s security protections. Never accept that, either. 

Once they obtain your login data and 2FA data, they might try to purchase products and gift cards or just snoop around. Maybe you hold passwords in your iCloud Notes, which would become accessible to them once they get in. 

Or they might be after Apple Pay data so that they can use credit cards to buy things online, which they’ll then sell on the black market.

Logging into my Apple ID on iCloud.com.Logging into my Apple ID on iCloud.com. Image source: Chris Smith, BGR

What you should do

First of all, do not panic. Rather than acting in a rush, just inspect the email carefully. Email services usually catch some of these, sending them directly to the spam folder. But others make it to your inbox. 

The first thing you should do is look at the sender’s email address and compare it to emails you receive regularly from Apple. If your Apple ID is associated with the same email account, you can easily compare them.

Hackers might spoof their emails to make them look like they’re coming from Apple. Just hover over the “From” field to see what it says without clicking. Do the same for links and buttons in the phishing email.  They might say, “Go to Apple ID” or “Update Account,” but these are not official. 

Next, look at the text in the email. It often includes inconsistencies. Hackers might try to make it look like the real thing, using Apple logos and similar colors. The email might also include your name if the hackers obtained it from the data breach your email address came from and purported case IDs.

However, the text will often contain grammar and punctuation mistakes. It’ll be easy to spot them. 

After all of that, just go about your day. Send that scary email to the spam folder, and forget about it. 

What if…

I know what you’re thinking: maybe the email is from Apple after all.

In that case, continue to do nothing the sender tells you to do. Instead, inspect your Apple ID on your iPhone, Mac, or iPad and ensure it’s working properly. Go outside and use Apple Pay to make sure you can make payments. 

You’ll notice that your Apple ID has not been suspended, and Apple Pay still works. 

The email you’ve just received will often contain a deadline to pressure you into action. You have 24 or 48 hours to save your account. Wait it out. The hackers might reach out again or not. Your Apple ID will continue to work properly.

You should also contact Apple directly and ask for guidance. Apple actually has a detailed support document that explains some of the scams associated with Apple products, including Apple Accounts.

Finally, if these emails are increasingly frequent, you should change your Apple ID email address to a freshly minted email address. Then, use that email address only for your Apple account and nothing else.

While we’re at it, change your Apple ID passwords from time to time. Use password managers to create unique, strong passwords for each online service you might use.

Mind you, some hackers might also call you pretending to be Apple support staff. They’re looking to extract the same information. Whatever you do, don’t provide it. Hang up, and call Apple yourself. If you’re lucky, some scammers will talk to a Grandma AI instead of you, which will keep them on the line so they can’t target real people.

Apple will never ask you to provide critical account information over the phone or email. Here’s what Apple says in the support document above: 

Apple will never ask you to log in to any website, or to tap Accept in the two-factor authentication dialog, or to provide your password, device passcode, or two-factor authentication code or to enter it into any website.

Rinse and repeat every time you receive a scary email telling you your Apple ID has been suspended. 

Mind you, the same scam can apply to all sorts of online accounts. But hackers will target Apple users first. Treat those emails with the same circumspection and do nothing to fix the problem they instruct you to fix.

After your first shock when receiving such an email, you’ll soon get used to recognizing phishing attacks that warn you that your internet account has just been suspended because you’ll continue to get these emails time and again.

Source

Posted on by

This is Apple’s official fix for the bug that makes notes disappear in iOS 18

Some iPhone owners recently discovered that their Notes were missing from the handset. Savvy users figured out that accepting the new iCloud terms of service on the iPhone triggers the bug, and the Notes disappear. It happens after the iOS 18 update, but the iPhone doesn’t delete the Notes documents.

That data is still safe in iCloud, but the Notes app won’t sync with it properly after agreeing to the updated terms of service.

We showed you how to fix the disappearing Notes bug a few days ago. People figured out that syncing their Notes from iCloud would do the trick. Judging from the emails I received, the solution actually works, and the affected users have already regained access to their Notes.

Meanwhile, Apple has issued a support document that addresses the issue. The company doesn’t explain what’s causing the problem, but it offers a solution that matches the unofficial fix from a few days ago.

Tech. Entertainment. Science. Your inbox.

Sign up for the most interesting tech & entertainment news out there.

By signing up, I agree to the Terms of Use and have reviewed the Privacy Notice.

I’ve been using the Notes app religiously since Apple introduced it several years ago. It’s my go-to note-taking app on Mac and iPhone, and I don’t want to imagine losing access to local or iCloud notes.

I haven’t experienced the disappearing Notes bug at any point since running iOS 18. I have installed the first beta as soon as it came out this summer, and I’m currently on the latest iOS 18.2 beta.

In the process, I have agreed to all terms of service updates, without really reading any of it. I have no idea if I already agreed to the new iCloud tems of service, but I suspect I did.

This is the Notes toggle you are looking for.This is the Notes toggle you are looking for. Image source: Chris Smith, BGR

Plenty of iPhone users would be affected if Apple decided to put out a support page to address the problem. Here’s the entirety of Apple’s support document:

Here’s how to check your iCloud sync settings and restart if needed.

If your iCloud notes aren’t appearing on your iPhone, iPad, or Apple Vision Pro, follow these steps.

  1. Open the Settings app and tap your name.
  2. Tap iCloud, then tap Notes.
  3. Make sure Sync this [device] is on, then check the Notes app.
  4. If you still don’t see your notes, restart your iPhone, iPad, or Apple Vision Pro. After restarting, check your settings again.

After these steps, your iCloud notes should appear and start syncing again on devices signed in to the same Apple Account. When syncing completes, content previously synced to iCloud should appear.

That’s all you need to do to recover your Notes. Again, they were not deleted, you have not lost anything. A synchronization issue is to blame here, as the iCloud notes did not sync with your Notes app.

Apple’s solution matches the unofficial fix we covered a few days ago. It’s unclear whether Apple will prevent it from happening with subsequent iOS 18 updates. If you still haven’t fixed your Notes problem, or you’re running into it for the first time, you should follow the steps above.

You should also make a mental note of the fix and return to iCloud every time you encounter any sort of iCloud sync issues, whether it’s Notes or a different app. The fix is as easy as turning a toggle off and back on again.

Source