Site icon The Mac Security Blog

AT&T Data Breach, Apple Public Betas, and Is Safari a Browser That’s Actually Private? – Intego Mac Podcast Episode 353

The AT&T breach affects over 100 million users. What customer data has fallen into the hands of hackers? Public betas of Apple’s new operating systems are available, and we have some advice if you’re thinking of installing the. A recover feature is coming to the Photos app. But…why? And Apple’s latest ad highlighting its privacy features is big on imagination, but are its implied advantages accurate?


If you like the Intego Mac Podcast, be sure to follow it on Apple Podcasts, Spotify, or Amazon.

Intego Mac Premium Bundle X9 is the ultimate protection and utility suite for your Mac. Download a free trial now at intego.com, and use this link for a special discount when you’re ready to buy.

Get Apple security news delivered straight to your inbox, for free. Intego’s twice-monthly newsletter will keep you informed about Apple-related privacy and security, along with tips and tricks for getting the most out of your Mac or iPhone. Subscribe for free—no strings attached.


Transcript of Intego Mac Podcast episode 353

Voice Over 0:00
This is the Intego Mac Podcast—the voice of Mac security—for Thursday July 18 2024.

This week’s Intego Mac Podcast security headlines include: the AT&T breach affects over 100 million users. What customer data has fallen into the hands of hackers? Public betas of Apple’s new operating systems are available. And we have some advice if you’re thinking of installing. A recover feature is coming to the Photos app. But…why? And Apple’s latest ad highlighting its privacy features is big on imagination, but are its implied advantages accurate? Now here are the hosts of the Intego Mac podcast. Veteran Mac journalist, Kirk McElhearn. And Intego’s Chief Security Analyst, Josh Long.

Kirk McElhearn 0:52
Good morning, Josh, how are you today?

Josh Long 0:54
I’m doing well. How are you, Kirk?

Kirk McElhearn 0:56
I’m doing just fine. I’m trying to get some extra sleep after all the time I spent buying things on Prime Day.

Josh Long 1:02
Oh, yeah. Did you stay up all night refreshing and watching for the latest deals as they rolled in.

Kirk McElhearn 1:07
I didn’t. I bought cat food. As always. I did buy an external SSD, I needed a new two terabyte SSD from my Plex library, it’s connected to my Mac mini. And SSDs seem you know, we’re used to prices going down we’re used to a downward curve over the years and SSDs have been going up in price, because of the high demand for NAND chips for AI products for all the data centers that are using these things. So we reached the plateau about a year ago, and prices have started going up. And you can check this on camelcamelcamel.com. If you pick some sort of a Portable SSD, on Amazon, you can see the price, there was one that I got 420 pounds for a two terabyte, which is a decent price. But prices are not going down anymore. And I have a feeling we’re gonna see this with other types of chips, especially graphics cards for PCs, because GPUs are often used for this sort of task as well.

Josh Long 1:59
That’s kind of interesting. Yeah, I’ve actually been thinking about that about external backup drives and things like that, it’s a good idea to you have your data backed up to more than one location. So one of the things that you can do is backup to an external hard drive I wrote an article about this, how you might want to have a couple and keep them in a safe deposit box. So you backup to one, you go swap it out with the other one that’s at the bank. Probably a good idea. If you haven’t done something like that, it’s a good idea to have an off site backup too, just in case there’s a fire or flood, it’s definitely good idea to have an off site backup as well.

Should anyone install Apple Public Beta software?

Kirk McElhearn 2:39
Okay, so we are getting closer to that intense period that’s going to occur in a little bit less than two months when Apple releases all their new operating systems. And they have released public betas of all of the new operating systems, iOS 18 iPadOS 18, macOS Sequoia, et cetera, et cetera. Public betas are out this week, so anyone can install them. Now, anyone could have installed them previously, because last year, Apple made it possible for users to choose in the Settings app to install betas, developer betas, even without developer accounts. And I’ll put a link in the show notes to an article explaining how to do this, which also says why you probably shouldn’t do it, because this is beta software. And things don’t always work. But when they released the public beta, it’s generally in a state that they feel is not too unsafe. But I still don’t recommend it. For everyone. Definitely don’t do it on your most important device. I mean, if you need your iPhone every day, don’t install the beta of iOS 18, you might install a beta on an iPad that’s at home or whatever. But always be aware that these things can break.

Josh Long 3:42
Right? betas are intentionally released a little bit early, a little bit unstable, you know, still, they’re not quite polished. They’re not quite perfect yet, just to get as much feedback from people who are willing to take the risks of running beta software as possible. So that’s the idea behind betas. That’s why Apple starts with releasing developer betas. First, they’re trying to make it as easy as possible for those who make software for Apple operating systems to get the bugs worked out and give them as much lead time as possible before the new operating systems are released to the general public.

Kirk McElhearn 4:18
So we have a little less than two months. And if you want to play with the public betas, go ahead. If not, don’t worry, it’ll be actually more interesting. When it comes September, you will discover all these new things instead of finding them now before everyone else.

Josh Long 4:30
And as a quick reminder, you don’t get Apple intelligence yet, Apple’s not planning on even launching the beta version of that until the fall, which basically means December.

Kirk McElhearn 4:41
Well, yeah, maybe. Fall ends around the 20th of December.

Josh Long 4:44
Technically, that’s true. It could mean a timeframe even sometime after the operating systems are generally available.

Apple’s Photo app to receive “recovery” feature

Kirk McElhearn 4:51
Okay, there’s one new feature in the latest betas which is a “Recovered Album” in the Photos app. And this is meant to restore lost or damaged photos and videos. Now the only place I’ve seen this on Apple devices so far is in mail. Sometimes you have recovered messages that show up in a folder if mail was crashed or something like this. The thing is recovered photos in the Photos app. This reminds me of something. What am I thinking of Josh?

Josh Long 5:18
Yeah, it’s funny that you mentioned that because it seems like it wasn’t that long ago, we were just talking about how people were mysteriously discovering some photos that they know they had deleted. And now all of a sudden, it’s back in my photos app. And some people were even making the claim that it was showing up on other devices, or people were seeing photos that never belonged to them at some point. In any case, there was a whole controversy over that. And that wasn’t that long ago, what it was a couple of months ago.

Kirk McElhearn 5:47
It was couple months ago, I’ll put a link in the show notes to an article we have about that.

Josh Long 5:51
So the interesting thing here is either one thing or the other happened, either Apple was already working on a feature to have a recovered album show up in photos, or they thought, oh, maybe that’s actually we should make that a feature. That’s actually kind of cool. We didn’t realize that we could, we could do that. And so let’s make sure that we add this as a feature. So people don’t think that it’s a bug in the future.

Kirk McElhearn 6:17
Well, it’s entirely possible that they were working on this feature, and they shipped it accidentally, without any one being aware of it. But I don’t recall it being in a recovered photos album. I recall that being just a normal LM, it’s worth pointing out that you can recover a lot of stuff from your iCloud account, you can recover deleted files, notes, reminders, calendar, events, contacts, all of this on icloud.com. And you can recover these up to 30 days after you’ve deleted them. You can also currently recover photos from icloud.com. So what that means is if you do delete something, it’s not deleted for at least 30 days. You don’t know when it’s actually deleted. Because if it’s sitting someplace in some in Apple’s trashcan on a data center someplace, you don’t know if it’s been deleted.

Josh Long 7:06
Well, and that’s kind of how Cloud Storage works. So it’s one of those trade offs, right? Like, you probably do want to have Cloud Storage. And who better to trust than Apple, right, Apple? It’s all about privacy with Apple, right? That’s what they try to tell us all the time. So you know, I guess if I have to trust somebody to store my data in the cloud, it’s probably going to be Apple.

Taboola CEO claims it has an ad partnership with Apple

Kirk McElhearn 7:29
Well, can you trust Apple to display ads that are not scammy? I don’t know if you use Apple news a lot. I do. And the ads and Apple news are pretty much like those ads you get at the bottom of webpages, the ones that hardly anyone goes to. And they remind me of those ads by that company Taboola. I don’t know if you’ve ever noticed the name, but it says above the sort of bar of ants at the bottom, you know from taboo. And curiously, Apple has engaged Taboola to provide ads in the Apple news app and an Apple stocks. I find it really bad that in the Apple stocks app, you get news stories and ads. But the ads and Apple news are so bad that I’m this close to stopping using Apple news. If Taboola starts putting these ads, and what are you going to get you’re going to get these ads about, you’ll never believe what happened when someone did this or you know, cryptocurrency ads, or all types of scammy ads. I can’t believe that Apple is stooping that low.

Josh Long 8:25
Well, yeah, and first of all, we should say that this is a an exclusive report from Axios. But they say that their source is the founder and CEO of Taboola. So I mean, I guess he’s not going to probably put this information out there if it’s not accurate, because obviously there would be some potential problems for him as a the owner of the company. It’s also entirely possible that Apple has worked out some special deal where maybe they get some say, in the ad type of ads that are displayed. Maybe they get to vet the ads, or some other thing like this, because why else like I mean, they have such a bad reputation, right? So like you say, I mean, they’re very often these extremely click Beatty. I use ad blockers pretty much everywhere. So I don’t really see these anymore.

Kirk McElhearn 9:13
But you can’t use an ad blocker in the Apple news app.

Josh Long 9:17
Yeah, well, that’s how it’ll get you I guess. I wouldn’t be surprised if they’re also using like aI generated images. Now that’s kind of the thing you see this all over social media. Now, anytime you’re seeing these ads, and there’s also scam accounts that are using like, poorly generated AI art, you know, that looks kind of like it’s an actual photo at first, until you start looking a little more closely at it. This is the kind of garbage that I would expect to see from a company like Taboola. So I really, really hope that Apple’s worked out a particular deal with them. We’re not going to see as much garbage as the usual stuff that they put out.

Kirk McElhearn 9:56
Do you think it might be ads like? Here’s what a new walk in tub should cost you in 2024. Or roofers tested 17 Gutter Guards. Here’s what they discovered. Are those the examples? These are actual ads in Apple news today? Ah, okay. So if it’s going to be worse than that, that’s really terrible. I mean, there are some decent ads in Apple news, but most of them are just sleazy.

Josh Long 10:20
Do you have targeted ads enabled though?

Kirk McElhearn 10:22
No, I don’t.

Josh Long 10:24
Okay, well, I guess maybe that’s why you’re getting stuff that seems irrelevant, because like you’ve chosen not to get relevant ads.

Kirk McElhearn 10:29
But do I want relevant ads? I just don’t want ads. It’s funny because I subscribed to The Guardian newspaper in the UK, and I use the Guardian app. And I get no ads in The Guardian app, because I’m a subscriber. That’s not the case with other newspapers, you subscribe to New York Times, you get just as many ads and just as crappy as as you do. And if you pay for Apple news plus, which is quite expensive, you’ll still get ads and Apple news. Now I could understand that a subscription would say, Okay, you’re paying us and the money is going to the publishers and you won’t get it. But if they keep serving as like that Apple is going to lose a lot of users.

Josh Long 11:04
Well, that’s a good point. Of course, Apple wants to keep the users come into the premium features like Apple news plus, so we’ll have to see how this works out for Apple, hopefully, it’s not going to be as bad as we’re making it sound.

Apple’s latest Safari ad touts privacy features

Kirk McElhearn 11:17
Okay, speaking of ads, Apple has a new Safari ad campaign that they’ve launched. And it’s a 92nd ad. This is a browser that actually private now, it’s a clever ad, it’s these surveillance cameras, it turned into birds and fly around. And then in a parking garage, it turned into bats, and it’s really creepy. And it looks like a Pixar movie type thing. And all these people are on their phones. And these cameras are flying around looking at them until the woman takes out the iPhone and taps the safari icon, and then they will start blowing up in the sky.

Josh Long 11:49
It looks like a Pixar movie. If Pixar made horror films, I’ll put it that way. So yeah, it’s okay. So first of all, this ad is way too long. I’m sure that when they put out versions of this on television, and YouTube, or wherever else they put it, I’m sure that it will be 32nd versions of this ad. But the actual thing that they’re implying with this ad is that all you have to do is simply tap on Safari. And now nobody can possibly track you ever again, anyone who’s ever tracked you, they’re just going to disappear into the abyss and they will no longer exist.

Kirk McElhearn 12:28
Okay, let’s take a break. When we come back, we’re gonna go into more detail about this ad campaign and why it’s not that private Safari.

Voice Over 12:38
Protecting your online security and privacy has never been more important than it is today. Intego has been proudly protecting Mac users for over 25 years. And our latest Mac protection suite includes the tools you need to stay protected. Intego’s Mac Premium Bundle X9 includes Virus Barrier, the world’s best Mac anti-malware protection, Net Barrier, powerful inbound and outbound firewall security, Personal Backup to keep your important files safe from ransomware. And much more to help protect, secure and organize your Mac. Best of all, it’s compatible with macOS Sonoma, and the latest Apple Silicon Macs. Download the free trial of Mac Premium Bundle X9 from intego.com today. When you’re ready to buy, Intego Mac Podcast listeners can get a special discount by using the link in this episode’s show notes at podcast.intego.com. That’s podcast.intego.com and click on this episode to find the special discount link exclusively for Intego Mac Podcast listeners. Intego. World class protection and utility software for Mac users made by the Mac security experts.

Kirk McElhearn 13:54
Okay, so we were talking about Apple’s ad campaign, a browser that’s actually private. And Josh has a number of points he’d like to make about why Safari is maybe not that private. Now, on the surface Safari is probably better than some other browsers.

Josh Long 14:09
But here’s just a few examples. Apple has something called Intelligent Tracking Protection that’s been built into Safari for a number of years. It doesn’t block everything. It’s not perfect. So again, like implying that no tracker can ever track you just by virtue of using Safari is very disingenuous. A second thing is browser fingerprinting is real thing that actually exists. Browser fingerprinting is a complicated thing that we don’t have time to get into all the particulars of, but it’s certainly true that there are at least dozens of different ways that websites can you potentially uniquely identify you and certainly significantly narrow down the possibility of who you might be in whether you’re a returning user. We’ve mentioned many times on the show that if you go to am I unique.org And if you go there, very likely you will We’ll find that your particular browser is unique. They’ve never seen it before, especially if you’re on a desktop browser, maybe not if you’re using Safari on an iPhone, which is what they’re showing in this ad, but even so, I suspect that very few people who are visiting mi unique.org are using it on an iPhone. So it still narrows down the pool of people that you might be if you frequent a particular site.

Kirk McElhearn 15:29
Okay, so Safari has a setting to prevent cross site tracking and cross site tracking is when third party cookies can be on multiple sites and collect information about you. Now, at the bottom of the page. In Apple’s Safari User Guide, I’ll put a link in the show notes Apple explains how this works. And they says, To prevent this fingerprinting, whenever you visit a website, Safari presents a simplified version of your system configuration. Your Mac looks more like everyone else’s Mac which dramatically reduces the ability of trackers to quickly identify your device. I went to mi unique.org With my iMac and I was unique out of 2.7 5 million people who have gone to their website. So Apple’s cross site tracking thing isn’t really doing anything that they’re pretending that this protects from fingerprinting, but it’s not. It may block certain cookies. But fingerprinting isn’t just based on third party cookies. It’s based on the language you’re in the timezone, you’re in which fonts you have installed. It’s a whole bunch of things, right?

Josh Long 16:28
Intelligent Tracking Protection doesn’t do nothing at all. I mean, it is doing some things. It’s it’s blocking certain known trackers and things like that, but it doesn’t actually keep you 100% private, and have nobody be able to tell what you’re doing online as again, this ad strongly implies all you have to do is tap on Safari, and that’s it. And it’s not the reality.

Kirk McElhearn 16:50
Okay, so this is another thing that’s Apple private briefly that hides your IP address. And you have to pay for this with iCloud Plus, I’ll put a link in the show notes to an article about iCloud plus. And on the page. Apple says, just turn it on and you’re instantly protected. Is that true, Josh?

Josh Long 17:06
Well, it might hide your IP address. But again, that’s only one layer. It’s like one thing out of many. And if you’re also being fingerprinted, and other ways, well, there’s a whole bunch of other things that a website can use to identify you potentially uniquely. And maybe you don’t think about this as being something in your browser. But hide my email is yet another feature that still requires I’ve Cloud Plus. And if you lot are logged into a website, you also need to have a unique email address, right? Otherwise, you know, if you’re using the same email address across multiple sites, or to log into multiple sites, that can be another element that might be used to identify the year the same person who logged into this site as that site. So yet another thing that like you have to pay the premium for. So there’s so many different things, that obviously anybody who’s just watching this ad is probably not going to think about the average person will look at this ad and go, Oh, my gosh, well, I’m just gonna use Safari for all eternity, because it’s the only safe browser and I will never be tracked again. And that’s just not true.

Kirk McElhearn 18:13
One thing they don’t mention is using private browsing, maybe because it isn’t that private.

Josh Long 18:18
That’s it’s kind of a good point. Yeah. So there is a different mode that you can use within safari to do private browsing. Interestingly, Apple’s the only one as far as I know, in the entire browser markets, that keeps your private browsing tabs and windows open, even when you quit the browser. So you can force quit Safari on your iPhone or on your Mac, or restart your device. And you’ll get all your private browsing tabs back, which is kind of odd, like nobody else does that. And I’m not sure how much that really keeps you private because again, like you can sign into websites. We talked about this a while back. Remember with Google, there was a lawsuit over Chrome’s incognito mode and how it wasn’t really keeping people as private as they said, or implied that it would. And this is another one of those things. And I almost feel like this might even be a little bit worse. Because again, just just like with private browsing mode, people were logging into their Gmail accounts, because they were like, well, it’s private. And they didn’t realize that Chrome’s incognito mode only protects you in certain ways. And if you’re choosing to sign in, well, now you’re giving the information about who you are to the websites that you’re visiting.

How to tell if a security alert from Apple is legitimate

Kirk McElhearn 19:39
Okay, some months ago, we reported that Apple had issued an order to users in 92 countries that they had been targeted in attacks by spyware and this is Pegasus spyware or something similar. They recently issued another warning to users in 98 countries. We don’t know which countries we don’t know how many users they are, but this is pointing out that Apple is paying attention on the back end, that they’re looking for certain things that can happen that suggests that people may have been targeted. And Well, Josh, you haven’t been targeted, neither have I, and probably no one listening has. This is very, very specific attacks on journalists and politicians and activists and stuff. If you ever do receive an award like this, you should go to icloud.com. And make sure it’s real. But it’s I think it’s good that Apple is reacting about this and warning people.

Josh Long 20:28
We have an article on the Mac Security Blog that we’ll link to in the show notes about how you can tell whether some security alert is really from Apple, or whether it’s somebody else trying to trick you, or fish you or whatever it might be. So there are some particular things to look for. Apple will send you alerts via email, and I message if your account may have been targeted. And if you go to hopefully you have this bookmarked. If you don’t already, you should probably do that. Now, go to Apple id.Apple.com. And when you sign in there, you’ll have a banner across the top that says threat notification, Apple sent you a threatened notification via email and iMessage on and then the date, and then they give you a view details link. So if Apple is going to contact you to let you know that you were targeted in a what they call mercenary spyware attack, if they give you that kind of threat notification, it’ll come in three different places. And it’ll be consistent. So you’ll know that it’s really from Apple and not just somebody sending you a malicious link. By the way, Apple’s not going to send you a link in that email or that iMessage they won’t send you a link, you’ll have to sign into your Apple ID. Again, hopefully you have that bookmarked already, and you’re not going to be Google searching for it because we know that can be problematic as well.

What is the Poseidon malware?

Kirk McElhearn 21:48
Okay, so there’s new Mac malware with new tricks targeting Swiss Mac users called Poseidon.

Josh Long 21:53
That’s right, Poseidon. Wow, that’s some new Mac malware right? Well, no, it’s pretty much the same. Amis atomic stealer malware that we’ve been talking about also known as atomic Mac OS stealer. It first surfaced in April of last year. And at the time, a threat actor was selling it on telegram and so forth. Well, there’s new versions of it. And there’s new threat actors. There’s a particular threat actor who goes by the name Rodrigo, four, and Poseidon is just like his branded version, basically, of Amos. So it’s the same old malware, we’re seeing it used in some of the same campaigns, just like I think we might have talked about it on the show that there was a fake arc browser arc is this like aI enhanced browser. And so it’s kind of the hot new thing. And so people might be searching for that browser on Google. And if they happen to click on a Google ad, at the very top of the Google search results, that looked exactly like the ads for the real Ark browser, they might have been taken to a malicious site, that would give them a Trojan horse instead of the actual Ark browser. Poseidon has its own variant of that. In addition to that, there were also some targeted emails sent out to people in Switzerland, about a supposedly public service login site. And they claim to have an app that you should be using to access the site. And if you downloaded that app, well, it turned out that was actually Poseidon malware as well. And so the Swiss government sent out a write up about this and republished some technical details about it. We’ve got all the information about that in our article on intego.com.

AT&T announces major data breach

Kirk McElhearn 23:35
Okay, there was a huge AT&T data breach just after a previous AT&T data breach, but this one is more serious. 110 million subscribers have AT&T as of the end of 2022. Now, this contains call records, but not times of calls. It contains the cell tower where people were when they made call so that someone could if they find your phone number, they could find your location to this database. We initially wondered why it took a while for a TNT reported but turns out that the Justice Department asked them not to because they were worried that this data could have potential national security or public safety risks. Interestingly,

Josh Long 24:12
The former director of CISA of the US government cybersecurity agency posted that this was noteworthy because this is the first time that anyone any company has received a national security exception from the DOJ under these new SEC reporting requirements, so an exception to not report this to the public right away. So what information was leaked to that’s kind of the most important part of this story. AT&T says that according to their investigation, the data included the phone numbers of your call and text interactions from May 1 2022 to October 31 2020, to an exact six month period. It also included counts of those calls and texts and the total call duration And for specific days or months, and they say that this is I think the most concerning part, in my opinion, the data included cell tower identification numbers of the most frequently used cell tower over different time periods for some of your call interactions. So basically, if somebody were able to figure out where those cell towers were, they could use that information to basically identify exactly where you live, or very close to where you live, because a particular cell tower is going to be closest to your home, closest to your workplace, and other places that you may frequent.

Kirk McElhearn 25:37
Now, these records don’t have precise times of calls, but the amount of time you spoke with someone is in there. And as you say, if you’re near a certain cell tower, often enough making calls, say eight hours a day, that’s probably your work and not your home. If you’re not an AT&T user, there’s information about your calls in there, because it’s the calls between you and a TNT user. So if this is 110 million people, you can assume there’s maybe another 50 or 60 million. I mean, AT&T is the biggest carrier in the US. But you can assume there’s an awful lot more people whose call records are in here, in spite of them not being customers of AT&T.

Josh Long 26:14
Right, let’s say that you’re on Verizon, there’s a good chance that you may have texted or called somebody during that six month window who happened to us AT&T, you don’t know. I mean, there’s there’s not really any way to tell what carrier somebody else has right when you call or text them. Now, I messages were not affected, because that uses data. And that’s entirely different. They also say that the compromised data does not include the contents of any calls or text messages, and also does not include things like social security numbers, birth dates, etc. But there’s still enough like metadata, that this should be a little bit concerning. It’s unfortunate that this data has leaked, I guess it could have been a lot worse. But certainly investigators, Private Investigators would I’m sure they would love to get their hands on this data, because they could certainly use that to potentially link two people together. You know, too. All it takes is it find this database and say, Oh, that phone number interacted with that phone number. Let me find out who that is. And you can look those kinds of things up on public databases.

Kirk McElhearn 27:16
Okay, that’s enough for this week. Until next week, Josh, stay secure. All right, stay secure.

Voice Over 27:23
Thanks for listening to the Intego Mac podcast, the voice of Mac security with your host, Kirk McElhearn and Josh Long. To get every weekly episode, be sure to follow us on Apple Podcasts, or subscribe in your favorite podcast app. And, if you can, leave a rating, a like or review. Links to topics and information mentioned in the podcast can be found in the show notes for the episode at podcast.intego.com. The Intego website is also where to find details on the full line of Intego security and utility software. intego.com.

Share this: