iPhone “word of death” could crash your phone – what you need to know

Naked Security

It’s happened again!

A weird combination of Unicode characters that make up a nonsense word can crash your iPhone, apparently by confusing the iOS operating system when it tries to figure out how to display the “word”.

(We say apparently because we have an iPhone 6+, which is stuck back on iOS 12, and we couldn’t get our phone to crash, although we’ve seen one person on Twitter claiming that their iOS 12 device was affected.)

If you’re a regular Naked Security reader, you’ll have a feeling not just of having read this before but of having read it before before, because we covered similar troubles for iOS back in 2013 and in 2018.

Full article

TikTok users beware: Hackers could swap your videos with their own

Naked Security

Mobile app developers Tommy Mysk and Talal Haj Bakry just published a blog article entitled “TikTok vulnerability enables hackers to show users fake videos“.

As far as we can see, they’re right.

(We replicated their results with a slightly older Android version of TikTok from a few days ago, 15.5.44; their tests included the very latest builds on Android and iOS, numbered 15.7.4 and 15.5.6 respectively.)

We used a similar approach to Mysk and Haj Bakry to look at the network traffic produced by TikTok – we installed the tPacketCapture app on Android and then ran the TikTok app for a while to flip through a few popular videos.

The tPacketCapture app works rather like tcpdump on Unix/Linux computers, logging your network packets to a file called a .pcap (short for packet capture) that you can analyze later at your leisure.

We imported our .pcap file back into Wireshark on Linux, which automatically “dissects” the captured packets to give you a human-readable interpretation of their contents.

Full article

Patch now! Critical flaw found in OpenWrt router software

Naked Security

A researcher has stumbled on a big security flaw affecting OpenWrt, an open source operating system used by millions of home and small business routers and embedded devices.

OpenWrt has become a popular Linux alternative to the stock software that vendors ship with home routers. Other examples of this type of router software include DD-WRT and Tomato.

It can used to replace the factory firmware on any router product with the correct hardware, for example, models from NetGear, Linksys, Zyxel and others.

Full article

5 tips for keeping your data safe this World Backup Day

Naked Security

Today is, wait for it, drum roll, please…

World Backup Day.

You knew that already, didn’t you?

So you’re way ahead of us here, with your backups neatly done and safely stored away.

Or perhaps not, because sorting out your backups is a bit like taking the garbage out or washing the dog – you know it needs doing, and you might as well do it now, but it can probably wait until tomorrow.

Depending on what happens today, of course.

Well, the bad news is, now that so many of us are working from home, we can’t rely on IT to do it all for us, or to show up at our desks with a smile and a USB drive filled with all those precious files that we just deleted by mistake.

But the good news is, now that so many of us are working from home, that backup isn’t that hard to do right – the hardest part is just getting round to doing it properly, or even at all.

Full article