We design Mac hardware and software with advanced technologies that work together to run apps more securely, protect your data, and help keep you safe on the web. And with macOS Big Sur available as a free upgrade, it’s easy to get the most secure version of macOS for your Mac.*
Apple M1 chip.
A shared architecture for security.
- Download this app from Microsoft Store for Windows 10 Mobile, Windows Phone 8.1, Windows Phone 8. See screenshots, read the latest customer reviews, and compare ratings for SECURUS App.
- Securus Video Connect SM, is a fully web-based visual communication system that allows friends, family members, attorneys, and public officials to schedule and participate in video sessions with an incarcerated individual – from anywhere with internet access using the free Securus app, computer or tablet.
The Apple M1 chip with built-in Secure Enclave brings the same powerful security capabilities of iPhone to Mac — protecting your login password, automatically encrypting your data, and powering file-level encryption so you stay safe. And the Apple M1 chip keeps macOS secure while it’s running, just as iOS has protected iPhone for years.
Aug 05, 2020 2. Method # 2 RMEye Pro for Mac OS. This method works for both Windows and Mac as well. Here we will use an emulator program to run the RMEye Pro for Mac or Windows. An emulator is a hardware or software that facilitates one computer system to function like another computer system. Securus Video Connect SM system is a fully web-based visual communication system that allows friends, family members, attorneys, and public officials to schedule and participate in video sessions with an incarcerated individual – from anywhere with internet access using the free Securus app, computer or tablet.
Apple helps you keep your Mac secure with software updates.
The best way to keep your Mac secure is to run the latest software. When new updates are available, macOS sends you a notification — or you can opt in to have updates installed automatically when your Mac is not in use. macOS checks for new updates every day and starts applying them in the background, so it’s easier and faster than ever to always have the latest and safest version.
Protection starts at the core.
The technically sophisticated runtime protections in macOS work at the very core of your Mac to keep your system safe from malware. This starts with state-of-the-art antivirus software built in to block and remove malware. Technologies like XD (execute disable), ASLR (address space layout randomization), and SIP (system integrity protection) make it difficult for malware to do harm, and they ensure that processes with root permission cannot change critical system files.
Download apps safely from the Mac App Store. And the internet.
Now apps from both the App Store and the internet can be installed worry-free. App Review makes sure each app in the App Store is reviewed before it’s accepted. Gatekeeper on your Mac ensures that all apps from the internet have already been checked by Apple for known malicious code — before you run them the first time. If there’s ever a problem with an app, Apple can quickly stop new installations and even block the app from launching again.
Stay in control of what data apps can access.
Apps need your permission to access files in your Documents, Downloads, and Desktop folders as well as in iCloud Drive and external volumes. And you’ll be prompted before any app can access the camera or mic, capture keyboard activity, or take a photo or video of your screen.
FileVault 2 encrypts your data.
With FileVault 2, your data is safe and secure — even if your Mac falls into the wrong hands. FileVault 2 encrypts the entire drive on your Mac, protecting your data with XTS-AES 128 encryption. Mac computers built on the Apple M1 chip take data protection even further by using dedicated hardware to protect your login password and enabling file-level encryption, which developers can take advantage of — just as on iPhone.
Designed to protect your privacy.
Online privacy isn’t just something you should hope for — it’s something you should expect. That’s why Safari comes with powerful privacy protection technology built in, including Intelligent Tracking Prevention that identifies trackers and helps prevent them from profiling or following you across the web. A new weekly Privacy Report on your start page shows how Safari protects you as you browse over time. Or click the Privacy Report button in your Safari toolbar for an instant snapshot of the cross-site trackers Safari is actively preventing on that web page.
Automatic protections from intruders.
Safari uses iCloud Keychain to securely store your passwords across all your devices. If it ever detects a security concern, Password Monitoring will alert you. Safari also prevents suspicious websites from loading and warns you if they’re detected. And because it runs web pages in separate processes, any harmful code is confined to a single browser tab and can’t crash the whole browser or access your data.
Find your missing Mac with Find My.
The Find My app can help you locate a missing Mac — even if it’s offline or sleeping — by sending out Bluetooth signals that can be detected by nearby Apple devices. These devices then relay the detected location of your Mac to iCloud so you can locate it. It’s all anonymous and encrypted end-to-end so no one — including Apple — knows the identity of any reporting device or the location of your Mac. And it all happens silently using tiny bits of data that piggyback on existing network traffic. So there’s no need to worry about your battery life, your data usage, or your privacy being compromised.
Securus App For Mac Computer
Keep your Mac safe.
Even if it’s in the wrong hands.
All Mac systems built on the Apple M1 chip or with the Apple T2 Security Chip support Activation Lock, just like your iPhone or iPad. So if your Mac is ever misplaced or lost, the only person who can erase and reactivate it is you.
In many of our recent episodes, we’ve spent plenty of time talking about data breaches, a subject that often dominates security conversations these days. For good, reason, too, as everyone from major credit bureaus such as Equifax to retail store chains have lost or mishandled user information in recent years. Data breaches aren’t the only ways your personal information ends up in the hands of people who might not be authorized to handle it, though — leaks can and do happen, too, and organizations could hand your data off to someone they shouldn’t.This week on The Checklist, we’re wondering if there are any digital plumbers around — because it looks like everyone has some serious leaks to fix! On our list for this week:Securus: Not So Secure After allUS Cell Carriers Sell Real-Time Location DataLocationSmart Leaked Location Data for All Major US Carriers
Securus Video Connect Browser
Parental Controls Gone Wrong: Apps Expose PasswordsComcast Drops the Ball: Xfinity Site Leaks User InfoFor the first half of today’s show, we’re focusing on what your cell phone could reveal about you, intentionally or unintentionally, and how those responsible for your data might be falling short of the best practices.
Securus: Not So Secure After all
Concerns about what your phone’s GPS data can reveal about you and your activities have existed since phones first began to offer location services. That’s why it’s often so important to take care of which apps you grant permission to access your location. As a matter of personal privacy, it just makes good sense to safeguard this information — but did you know that, as with many other items of personal information, many people view your GPS data as a valuable commodity to buy and sell? It’s an unfortunate and creepy truth: there are numerous companies out there right now that buy location data directly from cell carriers just to turn around and resell that data immediately.One of those companies, Securus, takes this information and packages it for sale to law enforcement. This data would typically go to a marketing company (which is uncomfortable in its own right) but Securus, which already provides monitoring for calls that prisoners make, chose to provide law enforcement with the ability to “track mobile devices even with GPS turned off.” How is that possible? Securus customers receive the geo-location information pinged to cell towers when you place and end phone calls. That would allow a police officer to know the rough placement of your phone when you last received a phone call. The news that Securus was allowing the police to locate phones with pinpoint accuracy was first reported by the New York Times on May 10. In that story, they described how a sheriff in Missouri used and abused the Securus service to check up on the locations of other police officers and even a judge. The potential for abuse with this kind of information is clearly huge, and Securus’s lax policies — they do not check on the validity or authenticity of the warrants provided to them — spurred one senator to demand an investigation by the FCC.It wasn’t even a full week after this news came out that something worse about Securus emerged: despite their name, the company isn’t very secure at all. On May 16th, Motherboard posted an article claiming that a hacker had contacted them with proof they had breached Securus, providing the publication with a list of usernames and poorly-secured passwords created by the company’s law enforcement customers. These internal documents contained a wealth of information, including a spreadsheet with nearly three thousand usernames, along with email addresses, phone numbers, security questions, and even the hashed passwords. This information dates to 2011 and covers many of Securus’s customers.Although the passwords weren’t stored in plain text, they might as well have been: the hashed passwords were created using the MD5 algorithm, which has been completely broken for years. Decrypting MD5-hashed passwords is trivial now a days, which is why it hasn’t been used or recommended for proper security for quite some time. Of course, as it turns out, Securus is apparently full of holes, and not just the one exploited by the hacker. A user manual created by Securus for their service is openly available online, and they contain plenty of screenshots to demonstrate how it works. The problem? The screenshots don’t contain fake information as you’d expect from a manual — instead, they use real personally identifiable information. All in all, this is the type of situation that leaves one shaking your head in disbelief — but this is only the tip of the iceberg.
US Cell Carriers Sell Real-Time Location Data
You might be wondering: how is any of this legal? How is it okay for government agencies such as police departments to get their hands on the ability to geo-locate practically any cell phone user at any time? In fact, strictly speaking, it isn’t legal. There is a law known as the Electronic Communications Privacy Act, designed to safeguard consumers from situations such as these. The ECPA, passed in 1986 during concerns about the rising amount of electronic data not subject to anti-wiretapping laws, restricts the ability of telecom businesses to share their data with the government. Unfortunately, there’s a loophole, and it’s large enough for large amounts of data to escape.Remember, law enforcement agencies weren’t purchasing this location data directly from Verizon or AT&T. By purchasing it through a third party like Securus, LEOs can skirt the legal prohibitions that would normally stop them from obtaining this information. The ECPA only puts hard limits on direct disclosures between telcos and the government. Therefore, this roundabout way of handing over the data remains legal, if potentially ethically dubious.Government agencies are not the only ones purchasing this data, though, and Securus is certainly not the only business focused on reselling data from cell carriers. In some cases, the uses for the information are completely legitimate and even warranted. In many other cases, though, the opposite is true.One positive real-world example centers around tracking shipments. Using location data can help to ensure that deliveries arrive on time and that drivers follow the proper delivery routes for fuel efficiency and prompt package arrivals. Banks, too, might want to make use of this information in their sophisticated anti-fraud efforts. Consider this example: you make a purchase with your credit in your hometown in the morning on your way to work. Just a few minutes later, the same card number shows up in a transaction that takes place 100 miles away. If the bank can cross-reference your cellphone location records to the places where these transactions took place, they can make a smart assessment of the risk of fraud. In this example, they could stop the transaction and alert you to the fact that someone may have stolen your card number. But not all examples are positive, though. Some companies, for example, could use your location data to send you a text message when you visit a rival store. Perhaps they want to offer you a coupon or encourage you to check out their new products — but if you wanted to go there, you’d have picked them first! Unfortunately, marketers don’t seem to consider how they’d feel about their own personal data being used in this way; efforts like this are underway in a variety of industries. The true scope of how much this location data is sold and shared is hard to know, and it’s difficult to speculate how many have legitimate versus not so legitimate uses for the information. It’s one thing that this info is even for sale — but wait till you find out how some companies handle, or as the case may be, mishandle the data.
LocationSmart Leaked Location Data for All Major US Carriers
As if it wasn’t already bad enough that your location data is often for sale without your knowledge, it turns out one of the biggest purveyors of that information hasn’t been following good security practices, either. As it turns out, Securus wasn’t actually purchasing data directly from cell carriers, either. They were using another intermediary, known as LocationSmart, one of the biggest companies receiving and reselling user location data. Well, LocationSmart seems to have had a large bug present on their website — and that bug would allow literally anyone who wanted it the opportunity to gain real-time access to highly precise location data for mobile devices within the United States. No password, no username, no authorization—it was available right there on the site!How could such a glaring oversight exist? The problem was rooted in a demo version of LocationSmart’s tracking abilities that was available publicly on the Internet. The purpose: provide prospective clients with a chance to try it out on themselves to experience to see the accuracy firsthand before choosing to make a purchase. All one had to do was plug in their name, email address, and phone number. LocationSmart would then send a text message to the device requesting permissions to check their location. Once granted, LocationSmart would ping the cell tower nearest to their device and receive their location back promptly.A security researcher based out of Carnegie Mellon University uncovered the bug in question hiding in this demo. With a “minimal” amount of knowledge about how websites work, the researcher claimed, one could manipulate the demo to repeatedly request pings on any mobile device without ever requesting permission from that device’s owner. Over several days of testing, researchers were able to confirm the method worked. Some tests even revealed that multiple pings were accurate enough to track a user’s movement over time, and others showed that the service worked for a user in Canada as well.With no authentication necessary to trigger this bug, and no consent from the user, it could have allowed anyone with the right knowledge to spy on someone else’s location through their phone. The worst part of this demo: it’s been a part of LocationSmart’s website since at least January 2017, meaning it has been leaking this data for well over a year at this point. When well-known researcher Brian Krebs brought the situation to LocationSmart’s attention, they quickly disabled the demo and removed it from their website altogether. While it’s good news to see the company respond quickly, the lax handling of such sensitive data for so long surely raises other questions about how they manage the information they hold. For now, though, their services remain in the clear, legally speaking, and with no clear evidence of problems caused by the leaky demo, the fallout has been minimal. Even so, it’s a shocking example of a common lapse in security on the web.
Parental Controls Gone Wrong: Apps Expose Passwords
Way back in Episode 69 of The Checklist, one of the topics we covered focused on apps that can allow parents to track their kids. For some families, this may seem like an investment in safety and an opportunity to keep tabs on where their children go, though we did not recommend this type of software during our discussion. As it turns out, these programs can be a potential weak point when it comes to safeguarding your information. Recently, one of the main companies providing this type of service to parents everywhere was exposed for not properly handling user information. As it turns out, while they built their business model on keeping track of kids, they were no good at keeping track of their own security efforts.Called TeenSafe, the app bills itself as a way for parents to exercise an enormous amount of oversight on their children by viewing text messages, current device location, when and to whom they make phone calls, what apps they have installed, and even the websites they visit on their phone’s browser. Rather than relying on a jailbreak as some apps, TeenSafe instead pulls all its data out of iCloud backups — which means iCloud needs to be enabled on the device. Parents must also disable two-factor authentication to allow the app to work.In other words, parents would need to give the app their child’s iCloud account username and password. They’d also need to disable an important security feature to do their snooping. Since we’re reporting on this story on The Checklist, you already know something must have gone wrong—so what happened?Robert Wiggins, an independent security researcher, was probing this particular type of software when he uncovered two highly leaky servers used by TeenSafe. While one of these machines appeared only to contain test data used by the company to develop its services, the other server held customer records — nearly 10,000 in number. So, what did Wiggins have to do to break in to these servers to see the information? Nothing! There was no breaking and entering or clever hacking going on here. Instead, TeenSafe left the servers entirely unsecured. Anyone with the right idea about where to look could have accessed their info without ever being asked for a password or a username.Once Wiggins began examining the data, he realized TeenSafe was leaking some very sensitive information indeed. Contained on the live server was a treasure trove for potential bad guys: the parent’s email address, the child’s Apple ID email address (which works as the iCloud login), the child’s registered device name, and its unique identifying number. Of course, it wouldn’t be a Checklist story without the cherry on top: TeenSafe stored the child’s Apple ID password in plain text
! With no two-factor authentication, anyone who accessed this server would have everything they need to log into an iCloud account and leave no trace behind. The only potential silver lining about this story is the fact that TeenSafe did not store other sensitive iCloud data, such as the photos, messages, or location data tied to the phone. Even so, this represents a massive lapse in security on multiple levels. From leaving the servers wide open to not hashing the passwords, this is a big entry in the “security fail” column.Now is a good time to reiterate a point we touched on during our list discussion of monitoring software such as TeenSafe. During that talk, we talked about how it’s always a bad idea to provide a third party with your Apple ID and password. How can you trust that they will use it safely or appropriately? The TeenSafe fiasco is the perfect example of both the pitfalls of this software and of handing out your Apple ID to other parties.
Comcast Drops the Ball: Xfinity Site Leaks User Info
Mobile phone users aren’t the only ones coping with a multitude of data leaks, though. Is Comcast Xfinity your Internet service provider? Congratulations — you get to join in on the fun and games, too!As part of the basic setup process for new Xfinity routers, Comcast operates a website where users can plug in the right numbers and activate the modem. This is commonly the case for a new installation, or when you transfer your service from one location to another. Can you guess the problem we’re about to discuss? That’s right: the website had a bug, of course, and with the right steps, someone could have forced the website to give up sensitive information on the customers. It was a simple thing to do, too: all you needed was the ID number for a customer account and that customer’s house or apartment number.Wait a minute — you might ask — that’s all? It’s true. While the website asked for the full address, it appears the input was not properly validated, and so all that was truly required was the number in the address. In other words, a determined attacker who had an ID number, but no address could simply brute force the field until it found the number that worked. Once successfully gaining access, the attacker would receive the following information:
The router’s complete physical addressThe name of the Wi-Fi network (potentially valuable information for an attacker)The Wi-Fi network’s password, stored in plaintext
Worse still, activating your router wouldn’t close any doors to the bad guys. The bug remained available to exploit indefinitely after activation, so there would be nothing to stop a malicious hacker from exploiting the form at any time to gain Wi-Fi network names and passwords. With that information — if they were able to get in physical range of the modem — they could log in to the network and snoop through the unencrypted network traffic at will. While this might not be something that would happen to the Average Joe, it could be a serious leak if someone wanted to target specific individual. The bad guys could even use a tool built-in to the page to rename the Wi-Fi network and changes its password — locking out the legitimate users on the network!The good news: Comcast has already acted, and the buggy web tool has since been disabled. Even so, it shows that massive, multi-billion-dollar corporations are just as vulnerable to poor practices and simple mistakes as the maker of a parental control app. While it’s positive that Comcast moved swiftly to make amends, the reality is this bug should never have made it into the wild to start.Leaks, breaches, and hacks — it seems like our information is under assault from every angle these days. That’s why it’s so important to take the time to keep up to date on the news and stay informed about what’s going on, so you can empower yourself to demand change or make smart choices. With that, we conclude today’s discussion on The Checklist, although this certainly won’t be the last time we discuss leaky sources of digital data. Filed under Computer Security News, Advisories, Blog and Reviews for Everything Apple & Mac Security OS X, The Checklist Podcast by SecureMac
Tags comcast, locationsmart, parental controls, xfinity