Intego Mac Security Podcast

We discuss new US tariffs placed on China might affect the price of Apple products in the coming months. We now know more about how a journalist was added to a supposedly private Signal chat among White House officials. Researchers claim any Bluetooth device can be converted to behave like an AirTag tracker. And we’ve got a few ideas and tricks on how you can use the buttons on your iPhone and iPad.

• You Should Think About Replacing Your iPhone — Now
• How the Atlantic’s Jeffrey Goldberg got added to the White House Signal group chat
• Apple sometimes shows “Maybe:” based on what the sender claims
• To turn this feature off, go to Settings > Apps > Contacts > Siri, then turn off Show Contact Suggestions
• Why you see “Maybe” before contacts on iPhone, and how to fix it
• UK Court Rejects Government Secrecy in Apple’s Fight Against Backdoor Request
• Lazarus Group Targets Job Seekers With ClickFix Tactic to Deploy GolangGhost Malware
• Tracking You from a Thousand Miles Away! Turning a Bluetooth Device into an Apple AirTag
• Google fixes Android zero-days exploited in attacks, 60 other flaws
• Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws
• Everything you can do with the buttons on your iPhone or iPad

---

If you like the Intego Mac Podcast, be sure to follow it on Apple Podcasts, Spotify, or Amazon.

Intego Mac Premium Bundle X9 is the ultimate protection and utility suite for your Mac. Download a free trial now at intego.com, and use this link for a special discount when you’re ready to buy.

Get Apple security news delivered straight to your inbox, for free. Intego’s twice-monthly newsletter will keep you informed about Apple-related privacy and security, along with tips and tricks for getting the most out of your Mac or iPhone. Subscribe for free—no strings attached.

---

Transcript of Intego Mac Podcast 391

Voice Over 0:00
This is the Intego Mac podcast—the voice of Mac security—for Thursday, April 10, 2025. This week’s Intego Mac Podcast security headlines include: How new US tariffs placed on China might affect the price of Apple products in the coming months. We now know more about how a journalist was added to a supposedly private Signal chat among White House officials. Researchers claim any Bluetooth device can be converted to behave like an AirTag tracker. And we’ve got a few ideas and tricks on how you can use the buttons on your iPhone and iPad. Now here are the hosts of the Intego Mac podcast. Veteran Mac journalist Kirk McElhearn and Intego’s chief security analyst, Josh Long.

Kirk McElhearn 0:49
Good morning. Josh, how are you today?

Josh Long 0:51
I’m doing well. How are you, Kirk?

Nintendo delays pre-ordering of the Switch 2 in the US

Kirk McElhearn 0:52
I’m doing just fine. Do you know what today is? I’m going to tell you it is the date for pre orders for the Nintendo Switch 2, but not in the United States, right? Yeah, that’s That’s true. So all around the world, people have been able to pre order the Nintendo Switch 2. Now, I’m not really a Nintendo fan, but I did some searches, and here in the UK, I would have had to get up early to check. I only started doing this a couple hours ago, and every one’s out of stock. Apparently, Nintendo has delayed pre orders in the United States because…

Josh Long 1:20
Because there are tariffs now that weren’t in place a week ago.

Will price of Apple products be affected by Chinese tariffs?

Kirk McElhearn 1:25
Interestingly, Nintendo announced the switch to the day before the tariffs were announced. They knew they were going to be announced, but I guess they had already announced their announcement, their event, so they couldn’t cancel it, because then it would look like maybe the switch two isn’t working, or something like that, and they were in a situation where they can’t take orders in one of their biggest markets. I mean, it’s a device, it sells around the world, but the US is an important market. We’re talking about tariffs, because this morning, at 12:01am, tariffs started applying. And in particular, I think we’re up to 104% for goods from China. This changes every day, because just before we started recording, China bounced back with an additional 50% against us products, and probably by tomorrow, April 10, when this episode is released, the tariffs will have increased. But one of the most important things we want to talk about is how tariffs will affect the price of Apple products going forward, I want to tell a quick story. I do a photo podcast called photoactive, and my co host was teaching a class about, I think it was about Adobe white room in a camera store over the weekend in Seattle, where he lives, and he said the camera store was really crowded. He was surprised. You know, for April, there usually aren’t a lot of people buying cameras. And he asked the owner of the store why it was so crowded, and he said, people are buying cameras before the tariff hits. And these are people who you know, you upgrade your camera every few years, and there’s been a new model out that you’ve been waiting for. And all these people were hurrying up before the price doubles. Of course, last weekend, it was only going to be a 54% tariff. Now it’s 104 so and four. So the real question here is, what should you do for your iPhone or other Apple products about these tariffs?

Josh Long 3:09
Well, we don’t claim to be financial experts and so and also, we can’t predict the future. There’s a lot of things that could potentially happen here. It’s possible that there might not be any changes to Apple pricing before we started recording, Kirk was kind of looking into what percentage of iPhones, iPhones are the biggest Apple hardware product, right? What percentage of iPhones are sold in the US? And it’s roughly 10% it’s kind of a big chunk, but it’s also not 90% right? So maybe Apple could eat that a little bit. Maybe they wouldn’t have to necessarily adjust their prices right away. I’m sure they wouldn’t. They would adjust prices on any future versions of their products, but maybe they wouldn’t necessarily adjust prices on any existing products that they’re already selling.

Kirk McElhearn 3:59
Now the company was apparently sending airplanes full of iPhones from China to the US in the days before the Tariffs applied, in order to get as many devices here as possible, because the tariffs apply on devices that are received in the country after the date the tariff supply. So they probably have, I don’t know, a stock of iPhones that will last a certain amount of time. Apple Stores have been really crowded over the weekend as well. But it’s not just the iPhone. It’s It’s Max it’s the vision Pro, do you want to pay twice as much for a vision Pro, which is already overpriced, it’s AirTags. You get four AirTags for 100 bucks. You’re going to pay 200 bucks for four AirTags, air pods Pro, you’re going to pay $500 for air pods Pro, instead of so the real question is, I believe Apple has something like a 45% profit margin on hardware, so they could eat a lot of these tariffs on a lot of the devices. The real question for them is, you know, the flagship device is the iPhone followed by, I’d say, the iPad followed by the Mac. Something is going to happen?

Josh Long 5:02
Well, I don’t think that anything is going to double. I certainly wouldn’t expect that to happen. But if you have been thinking about getting a new Apple product, and you’ve kind of been dragging your feet for a little while, it might be a good time to get one just, you know, just in case, yeah.

Signal chat incident and suggestions for future security

Kirk McElhearn 5:18
If you think about the latest MacBook Air with an M4 chip that starts at $999 that’s a bargain at today’s price, it’ll be even more of a bargain in a few weeks. If it doesn’t go up, we’ll see the what we wanted to do was warn about this. So we’re going to link to an article in The New York Times. It says you should think about replacing your iPhone now. But this goes for all sorts of electronic devices. This goes for sneakers. Apparently, Nike sneakers are mostly made in Vietnam, which has something like a 50% tariff. But electronic devices are particularly hit because most of them are made in China. Anyway, we’ll have more news about this next week, as you will certainly find out on the news. It’ll be interesting to see if these tariffs last long term, which I must say looks likely be interesting to see what Apple says at the worldwide Developer Conference, which is in two months. Okay, we recently talked about the in some places, they’re calling it Signalgate. Everything’s a gate, right? Where was this group chat among people working with the White House and Atlantic journalist Jeffrey Goldberg got added to the chat and had all these war plans. And there’s an article we have in The Guardian, it’s been reported in several places, explaining how he got added to the Signal group chat. And it looks like we can’t confirm this, but it looks like it might have been one of the features of iOS that suggested that a contact name had his phone number. In other words, it pulled some information out of an email or something, and suggested to the person who had set up this chat that Person A has the phone number of Person B.

Josh Long 6:53
I’m a little skeptical of this. I honestly am skeptical about, like, almost everything that I read or hear about anything related to this story, because I there’s all kinds of different opinions and perspectives on this, and that a lot of people are getting the technology part of things very wrong, and saying, for example, that Signal can’t be trusted anymore. It’s like, no, no, this is not a Signal problem. Signal is something that we’ve actually been recommending for for years, and a lot of other cybersecurity experts have been recommending for a number of years too. It’s open source. The protocol is is verifiable. It’s open source as well. And in fact, it’s so good and well trusted that government agencies, including apparently, the US government, have been using it for many years. Maybe they shouldn’t be, maybe they should be using their own proprietary system. We’re kind of talking about this, you know, because it’s open source, there’s no reason why the US government couldn’t just make their own version of Signal and just have it run on their own servers with their own compiled software, and that would be a lot safer, because they could just decide to not make it interoperable with regular Signal, and then problem solved, right? Then they wouldn’t have any sort of potential for accidentally adding people to the chat who are not government employees, right?

Kirk McElhearn 8:21
In that case, you’d have an IT, Administrator, authorize users, add them to the account, which I’m sure is what the Army and the Navy and the Air Force do, and the Department of Defense, and they all have these systems that are extremely, I want to say, mission critical.

Josh Long 8:36
Yeah, yeah. So, I mean, that would be the most logical thing, but it’s setting that aside, that for whatever reason, the US government hasn’t done that and have decided to use Signal and yeah. So the claim is that somebody who was in the chat got a message from somebody where it said, sometimes you see these little these contact suggestions where it’ll say something like maybe colon, and then the name that the person identified themselves as in that email or in that text message, and you can then choose to add that person to your contacts or update your contact for that person. So I’ve never thought this was a good idea, by the way, because I’ve seen things like this a long time ago. In the past, I haven’t seen these things recently. Interestingly enough, I’ve seen these before, where it was clearly a spam message, and the preview said, Maybe this person who’s saying they’re this person, and I’m like, no, no, like, of course not. It’s a spammer. Why? Why would I trust anything that a spammer is saying? So you can turn off that feature? By the way, we actually tried to test this to see definitively if we could say, Okay, well, turning off this feature will for sure make it so that you. Have this contact suggestion thing ever show up again? But we were trying to reproduce the contact suggestion thing, and maybe it’s just because Kirk and I are in each other’s contacts, and we were trying to use contact information for each other, like email addresses that neither one of us had for each other. And anyway, we couldn’t reproduce it, but we think the setting that you would need to turn off is, if you go into your settings app, it’s apps, contacts, Siri, and then turn off Show contact suggestions. There’s a little slider for that. And if you turn that off, I believe that’s the setting that you would need to disable in order to make sure that this maybe thing won’t show up for you in future.

Kirk McElhearn 10:43
And on the Mac, you go into the Contacts app, and you choose Settings General, and there’s an option to show Siri suggestions. Now I’ve seen this in the past, and we both scrolled through emails in the trash and everything, trying to see if we could find one of these messages. And I’ve seen them at the top of an email message, there’ll be the brown Contacts icon and new contact information. Or do you want to add this person to your contacts? But we try, we couldn’t reproduce it. We couldn’t find any messages, so we can’t I mean, this is a really interesting theory about how this person got added to this Signal group chat. Well actually, how the person got added to the person’s contacts right, which then he used in the Signal group chat, but we can’t prove it, so if you are worried about this, turn off this setting. But also be aware that if you ever do see one of these little notifications, think twice before you tap yes, because it might not be the right person. It might be a spammer. It might be someone pretending to be someone you know, for example, I often see in messages. I don’t know why one of my message contacts, I often see that he’s updated his contact information. And I don’t know what’s been updated, but I know who the person is, so I click, yes. Now, if you get a suggestion that so and so is a person in your contacts, it could be a spammer who somehow figured out a way to trick you into adding their address to your contacts as an alternate address for someone you already know. So in any case, I would avoid it.

Josh Long 12:12
By the way, there’s also a related attack that is often called CEO fraud, where somebody will send an email to some important person at a company, maybe somebody who works in the finance department, perhaps, and say, I’m so and so the CEO, I really need you to do this urgently right now. And it might come as a text message or an email or whatever, and the person receiving the message goes, that’s an important person. I recognize that person’s name, so they might act on it quickly, without taking the time to realize this is not actually from the person that it claims to be from. That’s another scenario where you need to be really, really careful. Slow down, pay attention, really close attention to who’s actually sending you messages.

Kirk McElhearn 12:58
Okay, quick update on something we discussed, I don’t know, four or five weeks ago, the UK government has been trying to force Apple to create a back door in iCloud, and this is why Apple has turned off the ability to enable advanced data protection for iCloud in the UK. And one of the issues here was that the hearing about this was kept private and behind closed doors so no one could communicate about it. So Apple went to court to force the government to allow them to discuss it. That’s kind of interesting. Apple doesn’t want to be seen as the bad guy here, and they’re not, but the fact that the government had managed to keep the case private meant that Apple couldn’t communicate about this, and I think it’s really important that Apple is able to communicate so users know what’s at stake in this issue.

Josh Long 13:46
Right. This is the thing that we talked about where Apple suddenly stopped allowing you, if you were in the UK, to enable advanced data protection. This is why, so now at least this can be discussed in public, and Apple doesn’t have to keep this a secret anymore.

Kirk McElhearn 14:04
Okay, let’s take a break. When we come back, we’re going to talk about some malware and some other news.

Voice Over 14:10
Protecting your online security and privacy has never been more important than it is today. Intego has been proudly protecting Mac users for over 25 years. And our latest Mac protection suite includes the tools you need to stay protected. Intego’s Mac Premium Bundle X9 includes Virus Barrier, the world’s best Mac anti-malware protection, Net Barrier, powerful inbound and outbound firewall security, Personal Backup to keep your important files safe from ransomware. And much more to help protect, secure and organize your Mac. Download the free trial of Mac Premium Bundle X9 from intego.com today. When you’re ready to buy, Intego Mac Podcast listeners can get a special discount by using the link in this episode’s show notes at podcast.intego.com. That’s podcast.intego.com and click on this episode to find the special discount link exclusively for Intego Mac Podcast listeners. Intego. World class protection and utility software for Mac users made by the Mac security experts.

Malware targeting job seekers

Kirk McElhearn 15:21
I haven’t looked for a job in a long time, but I know that when people are looking for jobs these days, there’s quite an obstacle course of filling out forms and going to websites and getting all sorts of information and everything. And when Josh was explaining this latest technique to get people to install malware. He didn’t understand it. But to me, knowing some people who’ve been looking for jobs and knowing how complicated it is, it doesn’t really it’s not that much of a stretch. I mean, okay, it’s a little bit ridiculous, but it’s not that much of a stretch when people who look for jobs have to go through all these different kinds of portals and everything. It would be clever, if it wasn’t such a complicated thing, to try and force people to do.

Josh Long 16:06
Okay. This threat actor group that you’ve heard us talk about probably before the Lazarus Group, they’ve had Mac malware for a number of years, and this time around, yes, they’re targeting job seekers, and they’re telling people that they need to enable their camera or microphone in order to use a particular website, and so they need to copy and paste something into the Terminal. Terminal is this old school looking thing where you can type in commands, just like an old school, like Windows, you know, or pre Windows, dos computer, right?

Kirk McElhearn 16:44
Unix, Josh, it’s Unix. It’s Unix under the hood, right?

Josh Long 16:48
macOS is Unix under the hood. And so the point is, they’re trying to get you to copy and paste a command from their website into your Terminal, and that would, of course, install malware on your device. And they claim that this somehow, this is going to unblock your camera or microphone in your browser. That’s not a thing that is going to happen anytime that you’re copying and pasting something like that. If you legitimately need to enable your camera or microphone. There’s a way to do that within the browser that does not require you copying and pasting Terminal commands. So please, please, don’t ever copy something and paste it into your Terminal unless you really, really know what you’re doing.

Kirk McElhearn 17:36
But what gets me is the dialog that’s shown in a screenshot. We’re going to an article on the Hacker News, and the dialog says the camera drive Discoverer on Windows has a race condition in its cache usage. This means multiple processes or threads accessing the cache at the same time can cause problems like etc, etc, etc. This sounds like this is so serious, the way they explain it, I got to do what they say. Otherwise, nothing’s gonna work. And on the one hand, you would think that something that complicated would turn people off, but it actually might convince some people that it’s a true problem.

Josh Long 18:10
Yeah, it also might be kind of a situation where it’s like too long, didn’t read, whatever. Let me just read what I need to do, like copy, paste. Okay, cool.

Kirk McElhearn 18:19
So this is a Windows screenshot. And Windows has its own command prompt so you’re not actually opening Terminal. It’s a different type of dialog. It’s more accessible on Windows, it is on the Mac. And believe me, Windows users are not unaware of this command prompt because you download some sort of a driver for your graphics card, and you may have to enter a command, especially if you’re playing games, in order to enable or disable certain features. So it’s much rarer on the Mac to have to use Terminal than it is to use the command prompt on Windows. Okay, interesting proof of concept. These are some researchers at George Mason University who presented this at a security conference, the USENIX security conference this year, tracking you from 1000 miles away, turning a Bluetooth device into an Apple AirTag without privileges. Now, why would you want to turn a Bluetooth device into an Apple AirTag? What can you do with an Apple AirTag?

Researchers test converting Bluetooth devices into AirTags

Josh Long 19:13
Well, you can track the location of that AirTag or whatever it’s attached to.

Kirk McElhearn 19:18
So in the introduction to the article, imagine someone could turn your laptop, smartphone, or even your gaming console into a tracking device without your knowledge. Now you can be tracked from your iPhone, but you have to share your location with someone for them to be able to track you. So any sort of attack that could turn a device into a Bluetooth tracker means that, I don’t know, let’s think the most obvious way you happen to have a very expensive car, and someone wants to track the car to be able to steal it when it’s not at your house, because maybe you put it in your garage, right? And so if they can get access to your laptop or your gaming console or any other Bluetooth device, that would be a good way to track the car.

Josh Long 19:59
I mean. You can think of all kinds of Tom Cruise scenarios, right? If somebody wants to, wants to track an individual for whatever reason, right, like they may know well enough to check their bags to make sure there’s not an AirTag. But if they’re only bringing their own devices, their own laptop, for example, then they would have no reason to not trust their own laptop, and they might not have any idea that their own laptop might be behaving just like an AirTag. So that’s the whole idea behind this. And they actually devised this whole scheme. They tested it. It works well. It works with an asterisk. Apple actually updated its operating systems all the point two releases that came out in December 2024 so this was like iOS, 18.2 etc. macOS, Sequoia, 15.2 these operating systems fixed this vulnerability, meaning that these devices will no longer report back to Apple servers about these fake devices that are claiming to be AirTags. However, it’s still entirely possible that somebody could install some malware on a device that will hide and report itself as an AirTag, and if it sees any older version of Apple’s operating systems on any nearby device, they will still report on the location of these devices that are claiming to be AirTags but are actually not, they will report back to the Find my network, and so the person who Is the attacker. In this scenario, we’ll be able to to locate these non AirTag devices that are claiming to be AirTags.

Patch Tuesday and Google’s updates

Kirk McElhearn 21:48
Okay, we want to just briefly talk about Microsoft. April 2025, Patch Tuesday, and Google has released a bunch of updates. Does Google have a patch day like Microsoft does?

Josh Long 21:59
Well, Google does have its own monthly cycle that’s kind of similar to Microsoft’s Patch Tuesday. And so yes, in both cases, they resolved zero day vulnerability. In fact, I think there were two zero day vulnerabilities that got resolved in the Android operating system and one zero day vulnerability in Microsoft’s operating system now. And remember Apple’s patches last week. There were no actively exploited vulnerabilities that got patched this time around, I should say, for the current gen of all of Apple’s operating systems, meaning Sequoia and iOS and iPad, os 18, those were previously patched earlier in the month and also back in February with a couple of patches for zero day vulnerabilities, but not this big round of updates that we just got last week. Interesting to see that it’s a similar number of vulnerabilities here between Microsoft and Apple, at least if you’re comparing macOS Sequoia with 131 plus all of the unnamed non CVE vulnerabilities. Technically, I guess you could say Apple had a lot more in that case, but Microsoft had 134 Google had about 60 flaws that were patched. So if you do know somebody who’s using Android or Windows, make sure that they know that they need to install updates as well.

Kirk McElhearn 23:19
I’m probably asked this question once a year or so, does these higher number of vulnerabilities and CVEs mean that there are more vulnerabilities and flaws, or that they’re just finding more and searching more, especially because there are bug bounties from these different companies so security researchers can make a fair amount of money if they find a good flaw, right?

Josh Long 23:39
Yeah, and I wouldn’t really worry too much about the quantity of vulnerabilities getting patched in terms of like, it doesn’t necessarily have any bearing on how secure or not secure some particular piece of software is, and especially if you’re comparing two dissimilar pieces of software, right? Like, yes, Apple has operating systems and Microsoft and Google, they all have operating systems, but they’re very different under the hood, there’s all kinds of differences between them that make them really difficult to compare. Just from a numbers perspective, I think all three of these companies actually do a pretty good job of handling vulnerabilities that get reported to them from third parties. There are exceptions to that, but they all do a pretty good job of both finding vulnerabilities internally and also patching vulnerabilities that get reported to them from outsiders.

Using iPhone and iPad buttons for various functions

Kirk McElhearn 24:30
Okay, we want to quickly discuss an article. It was published on the Intego Mac security blog a few weeks ago. Everything you can do with the buttons on your iPhone or iPad. You know, when the iPhone 16 came out with the action button. I was like, Oh, another button. And then they came out with the camera control button. And if you think about it, there are, well, Apple shows that there are four buttons on the iPhone 16, there are actually five, because it’s a volume up and a volume down, but they show them as just one button. But you’ve. Got the power button and the camera control. On the right side, you’ve got the action button and the volume buttons on the left. I don’t know about you, but I press the action button accidentally when I’m going to raise the volume, and I press the volume button accidentally when I’m going to hit to hit the action button. They’re too close together, but there are lots of things you can do with these buttons, not to mention the home button if you have an old Touch ID device. So in this article, we explain the kind of things you can do is take screenshots. If you press volume up in power, people take a lot of screenshots. These days. It used to be just people like us writing about things who did screenshots. I see people all the time taking screenshots to remember things that they’ve seen on their phone, and their photo albums are full of screenshots. It’s really useful hard lock your device. This is a really interesting thing. If you think your phone’s going to be stolen and you want to hard lock it so it can’t be opened with face ID, press and hold the side button and either volume button for two seconds, and that’s it, and it will require a pass code to access. Another thing to know is, if you want to shut down your device, there’s two ways to do it. One, is press the power button and the volume up button and hold it for a few seconds, and then you get a slider to shut it down. But you could do it more quickly just pressing volume up, volume down, and then the side button. I think it was an Apple technician who once told me how to do that on the phone five years ago that I was restarting the phone. I said, Wait a second. I have to figure out how to do don’t just do it. Don’t just do this really quick. Do you use your action button? I mentioned that before.

Josh Long 26:26
I have used it one time when I first got my iPhone, 16 Pro to test it. And I was like, well, that’s dumb, and I’m never gonna use it again. And I’ve literally never used it after that.

Kirk McElhearn 26:42
Oh, that’s a shame. So you can program a lot of things to the action button. By default, it’s set to turn on the flashlight, which is also available on one of the buttons on the bottom of the lock screen. But you can set it to call up Siri. You can set it to switch your phone between silent and very loud noisy mode. You can invoke the Translate app. You can do a number of things. You can set it to launch the camera app. You can also set a shortcut to the action button. And we’re not going to talk about shortcuts, because that’s complicated, but you could with a shortcut, you could do almost anything with it. You know, I’ve left mine. I had originally set mine to do a shortcut to give me options for four or five things. I realized it was useless, so I just use it for the flashlight. Now, something I actually use a lot is the flashlight, but there’s no point in making that button do anything else unless it’s something you really need to do often, like the difference between silent and not silent, for example. Anyway, have a look at this article. Everything you can do with the buttons on your iPhone or iPad, because iPad has a lot of options as well, and you may discover some interesting things that these buttons can do that’s enough for this week until next week. Josh, stay secure.

Josh Long 27:51
All right. Stay secure.

Voice Over 27:54
Thanks for listening to the Intego Mac podcast. The voice of Mac security with your hosts, Kirk McElhearn and Josh Long. To get every weekly episode be sure to follow us in Apple podcasts or subscribe in your favorite podcast app, and if you can leave a rating, a like or a review. Links to topics and information mentioned in the podcast can be found in the show notes for the episode at podcast.intego.com. The Intego website is also where to find details on the full line of Intego security and utility software. intego.com.

Share this:

• Twitter
• Facebook


About Kirk McElhearn

Kirk McElhearn writes about Apple products and more on his blog Kirkville. He is co-host of the Intego Mac Podcast, as well as several other podcasts, and is a regular contributor to The Mac Security Blog, TidBITS, and several other websites and publications. Kirk has written more than two dozen books, including Take Control books about Apple's media apps, Scrivener, and LaunchBar. Follow him on Twitter at @mcelhearn. View all posts by Kirk McElhearn →