Follow MKF via Twitter > Facebook > Reddit > Apple News (iOS)

Yet another iPhone lockscreen exploit allows access to your photos

Sat Nov 28, 12:45 PM

YouTuber videosdebarraquito (a.k.a. iOS hacker Jose Rodriguez) has identified yet another iPhone lockscreen bug that could – under certain circumstances – allow access to the device’s pictures without the iPhone being first unlocked via a passcode or TouchID.

Unlike previous exploits, Jose’s effort doesn’t involve Siri but instead exploits a bug in the Contacts, Camera and photo-chooser apps. Jose appears to imply this particular bug is “just a clue” for something else he has not yet revealed. In October he identified a similar bug within the Clock app for iPhones.

We’ve tested the bug several times on an iPhone 6 Plus running the latest iOS release (9.1; 13B143). Notably, the exploit didn’t seem to work on our iPad Air 2.

The video is below but here are the steps:

  1. Wake the iPhone as usual, return to the Home screen, then open the Camera app and tap to access your photo library at the bottom left.
  2. Choose any photo, then tap the Share button and then the Assign to Contact icon on the bottom row of the Share pop-up.
  3. In the search field for Contacts that appears, type any single-word gibberish you like – gssgwj, for example.
  4. Tap what you typed in the search field, then tap Select All, and then the Share option on that pop-out menu.
  5. In the Share options pop-up, tap the Message icon.
  6. Again type any single-word gibberish into the To field, then tap into the message field briefly, before again tapping in the To field and highlighting what you’ve typed (which will now be colored green or blue).
  7. Ensure the entry in the To field is highlighted, and then tap it. This will open a mysterious new contacts entry, which is perhaps the first indication of a bug. On this screen tap Create New Contact.
  8. Tap the Add Photo icon at the top left of the new contact screen. Don’t select anything on the pop-up menu that subsequently appears.
  9. Click the Home button, and then sleep the iPhone.
  10. Wake the iPhone but don’t enter the passcode/TouchID. Instead, slide up the camera icon at the right, and you’ll see the previous menu – even though you haven’t unlocked the device. By tapping the Choose Photo button you’ll have access to all your photos, again with no prompt for a passcode or TouchID.
  11. Even if you don’t choose a photo, and again click the Home button – which will lock the phone – waking the phone and again accessing the camera without unlocking the device will provide access to this blank contact and you can again select to add a photo and thereby view the device’s photos.

See also


Leave a comment...


Little Snitch 50% off

Fri Nov 27, 08:06 PM

There are few apps I recommend as essential but Little Snitch is one of them. And today it’s 50% less than the usual price.

I’ve had Little Snitch installed on every Mac I’ve owned for around a decade now.

As soon as you’re connected to the Internet, applications can potentially send whatever information they want to wherever they want. Sometimes they do this for good reason, on your explicit request. But often they don’t.

Little Snitch intercepts these unwanted connection attempts, and lets you decide how to proceed.

See also


Leave a comment...


Black Friday: Serious Apple Bling at insane 25% discount

Fri Nov 27, 12:00 PM

We’re able to bring you perhaps the hugest Black Friday discounts this year with our insane 25% discount on Apple bling created by luxury British customisation outfit GoldGenie. You can save literally thousands of dollars.

Incredibly beautiful luxury customised iPhones, iPads (including Pro), and Apple Watches are available in 24-karat gold, genuine rose gold, and platinum finishes, with additional beautiful embellishments available such as diamonds, Swarovski crystal, mother of pearl, carbon fibre, and much more.

How to get the discount
Firstly, click here to order, select your country from the dropdown list at the top right, and shop! (Select the product range from the Luxury Gifts dropdown list.) Then just quote code BLFRI2015 at checkout. The 25% discount will be yours. Oh, and shipping is free!

What do we mean by Apple bling? In short, we’re taking about ultimate gifts for the Apple lover. The true Apple fan simply will not find anything anywhere more luxurious.

Now, if Sir or Madam would like to step this way, let’s take a look through the gallery.

Apple iPhone 6S

Apple Watch

Apple iPad/iPad Pro

How to get the discount
Firstly, click here to order, select your country from the dropdown list at the top right, and shop! (Select the product range from the Luxury Gifts dropdown list.) Then just quote code BLFRI2015 at checkout. The 25% discount will be yours.


Leave a comment...


Black Friday security special: VPN and region unblockers, 15% extra off already unbelievable deals

Thu Nov 26, 03:30 PM

We’ve featured VPN and region-blocking offers in the past here on Mac Kung Fu, and they’ve been incredibly popular amongst our readership. This is undoubtedly because of the value – you can get lifetime subscriptions (lasting until the day you die!) for what it ordinarily costs for a few months’ subscription fees.

Well, today and Black Friday we have an even better deal: use the code VPN15 at the checkout (click “Have A Promo Code?”) and you’ll get an EXTRA 15% off.

This is simply unbelievable value.

Here are the options:

PureVPN Lifetime Subscription: 88% discount at $69
($58.65 with VPN15 code)

Make sure your personal data and Internet activity are never exposed with the extremely reliable VPN trusted by over a million users. Whether you’re looking to beat geo-restrictions to binge-watch your favorite show anywhere in the world, or you need to send personal banking information over a safe connection, access to PureVPN’s self-managed VPN network will make sure that happens. Not to mention it has a wider reach (550+ servers nodes in 141 countries) and allows more simultaneous device connections (five) than pretty much any other VPN out there.

proXPN VPN: Premium Lifetime Subscription: 89% discount at $39
($33.15 with VPN15 code)

Surf the web with ultimate peace of mind – both at home and on the road – over proXPN’s fully-encrypted, lightning-fast servers. Your lifetime premium subscription gets you unlimited bandwidth on their ultra-private global server network and complete online anonymity—it even unblocks geo-locked content so you can browse freely around the world. Plus, proXPN never logs your online movements, so no one can ever track you or steal vital personal data.

TurboFlix: 3-Yr Subscription: 80% discount at $34.99
($30.10 with VPN15 code)

There’s more to Netflix than meets the eye. In fact, they’re thousands of awesome movies and shows that you’ve yet to binge watch. TurboFlix fixes this. By breaking geographical barriers, TurboFlix grants access to thousands of new videos offered in other regions. Plus with added DNS and VPN technologies, it does double-duty by simultaneously masking your Internet activity from hackers. So what are you waiting for? Get TurboFlix, and take Netflix and chill to new heights.

Tiger VPN Lite: Lifetime Subscription: 96% discount at $29
($24.65 with VPN15 code)

The Internet can be a scary place, packed full of hackers, government spies, identity thieves, and other degenerates. TigerVPN protects you from cyber crimes, and guarantees that your Internet activity stays anonymous. How? Connect to TigerVPN Lite’s 15 servers worldwide to get fast, private access—free from location restrictions. Yes, that means you can have your Netflix and watch it too no matter what country you’re visiting.

Getflix: Lifetime Subscription: 88% discount at $39
($33.15 with VPN15 code)

Watching Netflix, Hulu or other streaming services can unfortunately be difficult while traveling outside the US. Rather than bypass these restrictions with the help of a complex and slow VPN, choose a faster and simpler solution with Getflix. Instead of rerouting all your Internet traffic through a different server, this handy service only routes the traffic needed so you can still enjoy top Internet speeds. Getflix unblocks more than 100 streaming channels around the world so you can watch movies, TV, sports, and more wherever life may take you.

Privatoria Personal VPN & Tor: 3-Yr Subscription: 48% discount at $39
($33.15 with VPN15 code)

Imagine a world where anonymous communication, anonymous surfing, and secure file transfers exist in one easy-to-use service. The team at Privatoria made this a reality, helping your data to stay safe and confidential while you browse the Internet. Privatoria doesn’t require an ounce of tech background to set up, and doesn’t keep any logs of your activity—it’s quite simply, the simplest way to stay secure online.


Leave a comment...


How to backup your online life

Thu Nov 26, 02:30 PM

All of us create huge amounts of data every day. With each Facebook posting, uploaded picture, online auction or email message, we’re adding to an online footprint that can be many gigabytes in size. Yet none of us ever comprehend the degree of trust we’re placing in online services to keep that data safe. Disasters are rare but they do happen: people log into Gmail to find 10 years of emails have simply disappeared, with no hope of recovery, and eBay and Facebook accounts are routinely locked by overzealous administrators who are reluctant explain why.

We’re encouraged to backup our Mac data to cloud storage online but the opposite might be an equally good idea: making a personal backup to your Mac’s hard disk of the data you put online.

Perhaps surprisingly, several online services we use everyday provide tools to do just this, although others are less helpful. Below we take a look at some of the top Internet hangouts – everything from social networking to email – to see what can be done. We simply can’t cover all of them, though. Post in the comments below instructions for other services, if you know them.

It goes without saying that you should already have a backup plan in place for your hard disk data.

It might surprise many that Facebook has a comprehensive yet easy to use “core dump” feature that allows the download of most of the data you’ve provided it over the years – everything from pictures, to wall postings, and messages. There are some important caveats, though.

  1. Start by clicking the menu icon at the top right of the Facebook home page, and select Settings.
  2. At the bottom of the General Account Settings list click the link to download a copy of your Facebook data.
  3. Finally, click the Start My Archive button and type your Facebook password when prompted.

Archiving takes a few moments but eventually you’ll be sent an email with a link to download a zip archive. In my test the file was just under 90MB, and I’ve been a moderate Facebook user since around 2009.

Once the zip is unpacked, double-click the index.htm file within the folder. This will open it within your favourite web browser. What you’ll see might look like a web page but, of course, it’s actually a series of files on your hard disk within the backup folder. There are no links to anything online, even when you click to view your photos and videos.

Links at the left beneath your profile picture take you straight to the various categories of downloaded files, or to lists of your usage data.

You’ll soon discover that Facebook’s largesse borders on being a token gesture. Your friends list is provided, for example, but it’s literally nothing more than a text list that’s sorted randomly. Wall postings going right back to your very first are provided, including those made by yourself and by others posting on your wall, but any comments made by others by others are absent. Images are stripped out, and the number of likes is not provided.

Your wall photos are available to view in the Photos section but you’ll see that they’ve been shrunk considerably for the archive file, which is the case with all photos provided as part of the archive. Shrinking happens anyway when you upload to Facebook – an eight-megapixel is automatically shrunk to 1-2 megapixels – but the images downloaded as part of the archive are smaller still. The same applies to video files – HD might be an option within Facebook, but the version downloaded as part of the backup archive is even lower than Facebook’s standard resolution. To get good copies of both photos or videos you’ll need to view each individually at Facebook and select the Options -> Download link (choosing the Download HD link for videos, if it’s available).

Not only are photos reduced in size but any captions simply aren’t listed, although comments made by yourself or others are.

Messages are reproduced in the same conversation view as you see on Facebook, and are sorted via each friend you’ve chatted to, but images and some links are stripped out.

In fact, it’s not even the case that all information about you is provided, as Facebook willingly points out. Some data like check-ins, things/people you follow, and notes can only be seen by manually viewing the Activity Log, which you’ll also find on the main menu within the Facebook home page. To find out some technical details, such as which apps are linked into your Facebook account, you’ll need to delve down into the various settings options and then output the page as a PDF (assuming you’re using Safari, click File > Print, then click the PDF button at the bottom left of the dialog box).

There’s a couple of scenarios where backing up eBay data makes sense. The first is if you’re a heavy eBay user, perhaps repeatedly selling similar items. You may want to make a backup on your Mac of your auction listings, including the all-important product images, for use elsewhere in case your account becomes locked.

Alternatively, or additionally, you may simply want to create a local backup of your purchases and sales for use later when calculating your yearly taxes, for example, or simply for peace of mind.

Unfortunately, with the exception of messages (see below), eBay doesn’t provide backup facilities or a way to “core dump” your account data. It does allow the creation of auction templates for reuse repeatedly but these are stored as part of your online account, and the purpose of backup is to provide access to data should the account become inaccessible. Similarly, Selling Manager is the official tool of choice for many advanced-level eBayers but is solely an online tool, so will become inaccessible should your account be blocked.

Many less-than-casual eBayers will probably already have a solution in the form of apps they use to manage their listings, which lets you build auctions on your Mac before uploading them. This way you’ll always have a local copy. Some offer backup features too.

However, BackupYourItems is an eBay app that backs-up your auction descriptions and photographs every week, or more frequently should you choose to make a manual backup. Backups are stored for three months on the server of the app developer and you can download them whenever you want. The service costs $3.99 per month. eBay apps run online and are linked to your account so, again, if your account access is limited or revoked then you might also lose access to your backups. Therefore you should set yourself a personal reminder to periodically download them.

A slightly clumsy but effective way of making a backup of your purchase and sales information is to ensure you keep the emails eBay sends each time a transaction takes place. Simply create an email rule to filter these into a folder and back them up as usual with your Mac backup. However, there might be no need because it’s with messages that there’s perhaps the only concession to offline backup offered by eBay – open My eBay, then select the Messages tab, and in the left-hand column will be a Save Your Messages option. This will give you the chance to download all your messages as either HTML, for opening in your web browser, or EML, for opening in most email clients. Bear in mind that eBay messages are automatically deleted after six months, however, and some disappear even sooner. Therefore you’ll need to do this periodically to keep an up-to-date backup.

If you’d like to backup a list of what you’ve purchased over the years, the only way to do so is manually: View My eBay, then select Purchase History in the list at the left. Select the year from the dropdown list below (only two years’ worth of data is available). By selecting 100 items per page at the bottom of the list, you should be able to fit all the items into one web page, and can then output the page as a PDF (File > Print, and then the PDF button at the bottom left).

Downloading details of your transactions via PayPal is relatively easy although again there are some caveats. The instructions below assume you’re using an ordinary (that is, non-business) PayPal account.

  1. Select Activity heading after logging into PayPal. This will show your most recent transactions.
  2. Click the Statements dropdown at the top right (below the Simple/Detailed options), and select Activity Export.
  3. Under the History heading on the old-style screen that appears, ensure Download My History is selected.
  4. Enter a custom date range, with the From: field being two years before the current date, and the To: field being the current date. This is necessary because only two years’ worth of data is accessible in this way.
  5. In the File Types For Download list you can select between Comma Delimited (also known as Comma Separated Values, or CSV), tab delimited, Quicken-compatible files, or PDF. CSV will open in most spreadsheet apps.
  6. Clicking the Customise Download Fields link lets you add quite a few important data items to the report, and you should also put a check alongside Include Shopping Card Details at the bottom of the window.
  7. Once you’ve made your selections, click the Download History button. PayPal will take a few moments to generate the data.

Another way to access monthly statements akin to those you might get from a bank, which can be useful when attempting to prove a financial transaction took place, is to click the Activity heading again, and then the same Statements dropdown as in the steps above, but this time select Reporting Center.

Then click the Monthly Financial Summary link at the left-hand side. Choose a month from the dropdown list in the window that appears, or enter a date alongside (the two-year restriction again applies), then click the View Report button. Once the details are shown, click the small Download button at the top right of the table, after selecting a file type alongside.

Twitter offers a similar “core dump” of user data compared to Facebook. Just login, click your profile pic at the top right, select Settings, and then click the Request Your Archive button near the bottom of the list of options. This feature works in a very similar way to Facebook in that a zip is offered for download and, when unpacked, double-clicking the index.html file will open it for viewing in your favourite web browser.

All you really get in the archive is your tweets, including anything that you’ve retweeted. You don’t get any images you’ve uploaded. They might appear on the page you’ve opened but it’s an illusion because they’re actually being fetched from online sources, and aren’t part of the backup archive. Nor do you get tweets others made mentioning you, or any replies to your tweets. This means you can end-up with some curiously one-sided conversations within the backup.

However, on the plus side you can also click an icon at the top of the screen to view your basic account information, such as your total number of tweets, and account blurb.

The tweet data is downloaded in two file formats that contain identical data: JSON, for people like web developers who know what that means, and comma separated values (CSV). The latter can be opened in a spreadsheet or perhaps manipulated via simple databases if you’ve got the know-how.

Google also offers a “core dump” in the form of Takeout, wherein you can create an archive of most of the data within various Google services. Google says that 23 products are supported so far, including arguably the most important: Gmail (mail and contacts), Calendar, Drive, YouTube, and Blogger.

To access the feature, login to a Google service like Gmail and then visit Download Your Data. Select what you want to include, then click Next, and leave the default File Type and Delivery Method options as they are. Then click the Create Archive button.

Building the archive took around four hours in my test, and I was offered two files for downloading: a zip file containing most of my actual data (241MB), and a mailbox (.mbox) file containing my Gmail (4.68GB). I’ve been using Gmail heavily and other Google services moderately for around 10 years, so this is perhaps average.

Unlike with Facebook and Twitter, the Takeout archive contents are arranged into folders named after each Google service, and there’s no useful index.htm to help you navigate through them. However, in most cases it’s obvious – any video files you uploaded to YouTube are simply made available in a folder with that name, for example. Google Docs files are all automatically converted to standard MS Office format with the Drive folder.

Regardless of the service, you do appear to get full copies of what’s online, with no shrinking of images or videos, for example.

Some data such as your location history or profile information is downloaded JSON files, which are a form of XML mark-up used in programming. You can open these files in plain text viewers like TextEdit but they’re not supposed to make sense to everyday users. Pasting their contents into a site like, and then selecting the Viewer tab, can make the data slightly easier to read because it will be arranged it into a tree structure.

Be careful importing your Gmail inbox into your usual mail app if the mbox file is multiple gigabytes in size because there’s a strong likelihood everything will crawl to a stop. It might be better to install a new email app specifically to browse the mbox file, such as Thunderbird.


Leave a comment...


Mac Kung Fu: 400+ tips, 120,000+ words, just $1.99

Wed Nov 25, 09:58 PM

In late 2012/early 2013 the superb men and women at Pragmatic Bookshelf published Mac Kung Fu, Second Edition. This is a 424-page book I wrote, packed with over 400 tips, tricks, hints and hacks for OS X and all Mac hardware.

After what has been an amazing run, Pragmatic has decided to take the book out of print. Therefore, I’m very pleased to announce that you can now buy the Mac Kung Fu, Second Edition eBook direct from the author for just $1.99, via these superb eBook outlets:

The eBook retailed for $25+ just a few weeks ago, giving you a 92% saving!

Although written with OS X Mountain Lion in mind, Mac Kung Fu Second Edition is packed with superb and incredibly useful information about getting the very most from your Mac experience. In its pages I discovered and detailed many hacks that have become part of power-user folklore, and also detailed pretty much every trick that true Mac experts consider essential.

Mac Kung Fu, Second Edition is available at just $1.99 for over 400 tips spread over what is a 424-page book in the print edition.

That’s simply insane value for money!


Leave a comment... [1]


The fascinating MacBook charger teardown

Wed Nov 25, 09:09 PM

Ken Shirriff disassembles a MacBook power adapter for science and our edification. He also tears down a cheap third-party adapter and demonstrates why you should never buy one.

If nothing else Ken’s posting is a terrific introduction to how switching power supplies work, and Ken calls-out Apple’s pioneering work in this regard back in the days of the Apple ][.

The most interesting take-home fact: The charger has a couple of high-powered semiconductors that require heatsinks to keep cool. One of these is roughly as powerful as the 68000 CPU from the original Mac 128K

You might wonder why the Apple charger has all this complexity. Other laptop chargers simply provide 16 volts and when you plug it in, the computer uses the power. The main reason is for safety, to ensure that power isn’t flowing until the connector is firmly attached to the laptop.


Leave a comment...


Bros' Gold: Helping men feel comfortable with pink iPhones

Wed Nov 25, 02:49 PM

I missed this report from re/code a few months ago but it’s hilarious:

“There’s enough guys getting rose gold that it should be called bros’ gold,” said Dan Bentley, a 33-year-old Twitter developer who showed up at San Francisco’s Union Square store as it was opening Friday to switch from an Android device to an iPhone — his first since 2007.

“It’s a little bit girly, but I like it,” said Bobby Evans, 28, of Los Angeles, who arrived at the upscale Grove Mall at 7 pm Thursday for the opportunity to replace his iPhone 6 Plus with the new, rose gold edition.


Leave a comment...


New instalment of my extensive Photos tutorial

Wed Nov 25, 12:42 PM

Macworld UK has published the latest update to my extremely comprehensive (as in almost book-length) guide to using the Photos app on Mac OS X. This time around I explain how the new features introduced with El Capitan work. You’ll have to scroll to the bottom of the piece to find this.


Leave a comment...


Use the Apple Watch as an emergency (but VERY bright) flashlight

Wed Nov 25, 12:30 PM

The picture above instantly explains this trick. The pulse measurement LEDs on the back of an Apple Watch made an extremely bright flashlight should the need for one arise. Just remove the Watch, unlock it if you need to via your PIN, and then swipe up to the Heart Rate glance. Following this you’ll need to hold the Watch by its strap in order to avoid touching the screen or the LED sensors, which could turn the LEDs off.

The illumination lasts for around a minute.

Of course, doing this will mess-up your daily Heart Rate stats, so this isn’t a perfect trick. The light is also green, of course, rather than white.

But if you need illumination in the dark and your Apple Watch is the only thing at hand (literally) then it’s worth remembering.


Leave a comment...


« Older