Category: Security

How to Use AirPods as a Remote Spying Tool

Go to OSX Daily to read How to Use AirPods as a Remote Spying Tool

Did you know you can use AirPods and iPhone as a remote spying tool, or simply to boost the volume of some distant sound or speaker? Indeed, with a little planning and know-how, you can use AirPods, AirPods Pro, and PowerBeats Pro, like spying microphones or for amplification to better hear conversations! That may be a little goofy, but this feature does allow you to amplify a voice or conversation, so if you’re away from someone or something and you want to hear it better, this is a great solution to that.

You may be wondering how this is accomplished, so…

Read more: How to Use AirPods as a Remote Spying Tool

How to Control What Apps Can Access Files & Folders in MacOS Catalina

Go to OSX Daily to read How to Control What Apps Can Access Files & Folders in MacOS Catalina

You can control which apps have access to files and folders on the Mac. This article will walk you through how to manage what apps can access files and folders in macOS.

This is a security feature that is relatively new, helping to precent apps from having full access to the Mac and filesystem if that access is not necessary. Thus if you want to manage folder and file access in macOS you will need MacOS Catalina 10.15 or later installed. With a modern macOS release, you now have full control over which apps have access to what on the Mac.

This security feature…

Read more: How to Control What Apps Can Access Files & Folders in MacOS Catalina

How to Fix Cron Permission Issues in MacOS Catalina & Mojave

Go to OSX Daily to read How to Fix Cron Permission Issues in MacOS Catalina & Mojave

Some advanced Mac users may have noticed that certain shell scripts with cron, cron jobs, and crontab are either not working at all, or not able to function properly in the newest versions of MacOS, notably Mojave 10.14, Catalina 10.15 and later. Depending on the situation, this may be accompanied by a permissions error, an operation not permitted error, or a script or cronjob may simply fail silently in the background. While there are numerous reasons a cronjob may fail, strict security measures in the latest MacOS releases may also be at fault and cause problems…

Read more: How to Fix Cron Permission Issues in MacOS Catalina & Mojave

How to Set Time Limits on iPhone & iPad Apps with Screen Time

Go to OSX Daily to read How to Set Time Limits on iPhone & iPad Apps with Screen Time

Want to set a time limit for app usage on iPhone or iPad? Screen Time lets you do just that.

At a time where we all perhaps use our iPhones a little too much, knowing exactly how long we spend with it in our hand can be useful. Knowing which apps we use most can inform our decisions around usage habits, too. But if all that fails simply setting a time limit might be the only way to go. Apple makes it easy to do exactly that by setting time limits on specific apps and how long they can be used for on iPhone, iPad, and iPod touch.

Setting an app time limit is a…

Read more: How to Set Time Limits on iPhone & iPad Apps with Screen Time

How to Delete VPN from Mac

Go to OSX Daily to read How to Delete VPN from Mac

If you have previously setup a VPN on Mac but no longer use the VPN service, you may want to delete and remove the VPN from MacOS. Additionally, you may wish to remove a VPN configuration from a Mac that is not needed for a particular purpose, job, or enterprise anymore.

Removing a VPN from the Mac is incredibly simple, and if you manually configured a VPN then you’ll be impressed at just how easy it is to delete the VPN especially compared to the manual setup process which is much more complex.

How to Delete a VPN Configuration from Mac

Note this is deleting…

Read more: How to Delete VPN from Mac

How to Setup a VPN on Mac

Go to OSX Daily to read How to Setup a VPN on Mac

Need to setup a VPN on Mac? Setting up a VPN on MacOS is very easy, as this tutorial will walk you through the steps to accomplish a manual VPN configuration on the Mac.

VPN stands for Virtual Private Network, and VPN services are often used by businesses, enterprises, agencies, and individuals for a wide variety of purposes. Often consumers will use a VPN as a means of improving privacy, security, or being a bit more anonymous online, or to protect data that is being transferred from the Mac to the internet. Basically how a VPN works is that, when enabled, it…

Read more: How to Setup a VPN on Mac

How to Spot iOS Apps That Are Scams

We tend to call out shady apps found on the Google Play Store pretty regularly, but there are also some iOS apps looking to pull one over on unsuspecting Apple customers. In this case, these apps are trying to scam users into costly—and in some cases, undisclosed—in-app transactions.

One such app is a notorious iOS heart rate monitor app that has reappeared on the App Store just eight months after it was banned for scamming users out of their hard-earned cash. The app claims to use the fingerprint Touch ID scanner found on some iOS devices to track your pulse; What it actually does is dupe you into performing an in-app purchase for $89 by using your fingerprint to complete the transaction in the background.

The app’s return to the App Store was reported on by 9to5Mac, who also notes that a recent report from Apps Exposed references more than 500 other apps on the App Store that are also using similar tactics to con users..

Unsurprisingly, many are based around adult content—especially peer-to-peer video chatting, free pornography, and casual sex. What is surprising, however, is that many manage to skirt Apple’s relatively strict reviews policy and artificially inflate their app scores with five-star reviews, which makes it harder to tell they’re fishy from a cursory glance. Still, if you look hard enough and comb through the reviews, you’ll find plenty calling out these apps for being scams.

To keep yourself safe, don’t download apps that appear on Apps Exposed’ list. If you have, delete them immediately and review and report any dubious transaction history. Some of these apps have managed to scam hundreds of thousands in total revenue from users in just the last year.

Remember to vet apps and user reviews thoroughly. Take a few extra minutes to check out apps you’re unfamiliar with by doing a quick Google search before installing them—especially if they claim to, say, send you free naughty images or set you up with real-life hookups or private video chats.

That said, many con apps aren’t based around adult content; plenty of other categories like photo/video filters, quizzes and games, health and wellness, and backgrounds or UI themes are common targets as well. That’s why all unfamiliar apps should be approached with caution. When in doubt, don’t put them on your device, and keep your finger away from any typical in-app purchase approval methods, too.


How to Delete Voice Recordings From Alexa, Google Assistant, Facebook Portal, and Siri

We can control so many devices through voice interactions with digital assistants like Alexa, Siri, and Google Assistant. This can be incredibly convenient, but it can also be nerve-wracking, knowing that technology companies now possess recordings of your voice and interactions.

That’s not to say digital assistants are unsafe to use, but users should know what data is being collected and why—and how much control they have over the way it’s used. Amazon, Apple, Google, and Facebook all collect voice data in some form. They also all let users manage what and how the data is saved—though some are a lot better at this than others.


Everything you say to Alexa, via whatever devices you’re using, is stored on Amazon’s servers. You can manage all of this data through your Amazon account, and you can also change these settings for each device using the Alexa app.

  1. Go to Amazon’s voice data management page.
  2. The page features several different headings, each one containing specific stored data/settings. You can use them to delete your voice history, smart alert history, and device-specific history.
  3. Check each of these pages and delete any data you don’t want to be saved—especially the “Alexa Privacy” page.
  4. To opt-out of Amazon using your recordings to improve Alexa’s capabilities, visit the Alexa Privacy page and click on “Manage how your data improves Alexa.” Then, disable “Use Voice Recordings to Improve Amazon Services and to Develop New Features” and “Use Messages to Improve Transcriptions.”


While Facebook doesn’t have an AI assistant of its own yet, the company still collects voice data through its Alexa-powered Facebook Portal video chat devices.

You can manage voice data on your Portal device, in the Facebook mobile app, or from the Facebook website.

  1. Open your Facebook profile
  2. Click/tap the Activity Log
  3. Select “Voice Interactions” filter from the side menu.
  4. Click/tap “Delete All Voice Interactions” to wipe your voice history, or search and delete for specific interactions using the search icon.

Google Assistant

Much like Alexa, all Google Assistant history from devices tied to your Google account can be viewed from any device you can use to access your account settings

  1. Go to your Google activity page.
  2. Scroll down to “Voice & Audio Activity.”
  3. Click or tap “Manage Activity.”
  4. From here, you can search through the history using the search bar; delete based on keywords, date, and/or product-type; or delete each entry individually.
  5. You can disable voice interaction tracking by going back to the main Google activity page, than clicking or tapping the blue slider next to “Voice & Audio activity” to disable it.


Apple often gets a pass when it comes to privacy and data concerns, but even if it is “safer” about handling your voice data, it’s still collecting and saving it—and was having real people listen to snippets to improve Siri’s capabilities.

Unlike other companies, Apple takes an all-or-nothing approach to deleting and blocking recordings of your Siri interactions. You’ll have to stop using the assistant entirely (or delete your Apple account) to remove any recordings Apple has kept.

To “disable” Siri in iOS 11+, you’ll need to:

  1. Go to Settings > Siri & Search.
  2. Disable “Listen for ‘Hey Siri” and “Press Side Button for Siri.”
  3. Accept the warning to fully disable the features.
  4. Next, go to Settings > General > Keyboard.
  5. Disable “Enable Dictation” and accept the warning.
  6. Repeat for every Apple device you own.


How To Prevent and Respond to a SIM Swap Scam

SIM swap attacks are “off the hook right now,” as described in a November 2018 article from security maven Brian Krebs. While most of you probably have never, and won’t ever, encounter one, it’s good to be prepared should this irritating hack happen to you.

What is SIM swapping?

SIM swapping involves a hacker duping your cell provider into thinking you’re activating your SIM card on another device in their possession. In other words, they’re stealing your phone number and associating it with their SIM card.

If successful, this attack will deactivate your device, and their device will now be the destination for all texts, phone calls, data, and accounts tied to your phone number and SIM card. With that information, the attacker could easily gain access to your app accounts, personal data, and financial information. They could even lock you out of your services for good.

Think of how many apps and accounts use your phone number to verify your identity—and not even when you go to log in with your username and password, which an attacker won’t know, but the very recovery mechanisms you would use to reset this key information. All the account security in the world won’t do much good if an attacker can pretend they’re you just by taking over your phone number.

What a SIM swap scam looks like

Photo: Pexels

A person doesn’t need physical access to your phone to perform a SIM swap—they can do it all remotely, regardless of your device’s make and model, or your service provider. They just need to have enough information to convince a customer support agent that they are you. You may not see a SIM swap scam headed your way until it’s too late.

The easiest way to tell you’ve been targeted by a SIM Swap is when you see strange behavior from your phone, like an inability to send or receive texts and calls despite not having service shut off; receiving notifications from your provider that your phone number or SIM card has been activated elsewhere; or being unable to login into any of your important accounts. Consider this recent example from ZDNet’s Matthew Miller:

“At 11:30 pm on Monday, 10 June, my oldest daughter shook my shoulder to wake me up from a deep sleep. She said that it appeared my Twitter account had been hacked. It turns out that things were much worse than that.

After rolling out of bed, I picked up my Apple iPhone XS and saw a text message that read, “T-Mobile alert: The SIM card for xxx-xxx-xxxx has been changed. If this change is not authorized, call 611.” Well, seeing as how T-Mobile took away my cell service, I could not call 611 for help so that is a worthless message.”

Preventing a SIM swap attack

It’s a lot easier to set up defenses against a SIM swap attack right now than it is to deal with the fallout from one—one is a minor annoyance, the other will consume your week (or more).

Beware of phishing scams

The first step in an SIM swap attack is usually (but not always) phishing. Sketchy emails with malicious links, bogus login screens, fake address bars—there are many forms phishing scams can take, but they’re easy to spot if you know what to look out for. Don’t click links, download programs, or sign in to websites you don’t recognize. If an attacker gets enough key data about you from these attacks, they’ll have what they need to try a SIM swap.

Reduce excessive personal data online

Whether in addition to phishing or in place of it, the other early part of an SIM swap involves social engineering—basically collecting as much data about you as possible so the hacker can reliably pass for you over the phone or in an email.

To prevent this, keep your phone number, date of birth, mailing address, and all other compromising information off as many of your accounts as possible, and don’t share this information publicly if you can avoid it. Some of this data is necessary for certain services, but you don’t need for any of to be searchable on social media. You should cancel and delete any accounts you no longer use as an added precaution.

Protect your accounts

Many digital accounts have settings that can help you take back your accounts if they’re ever stolen—but they need to be properly set up before the account is stolen in order to be of any help. These can include:

  • Creating a PIN number that is required for logins and password changes. This is especially important to set up with your cellular carrier, as it’s a great defense against SIM hijacking.
  • A suitable two-factor security method that relies on a physical device, like Google Authenticator or Authy, rather than SMS-based verification for logins. You can also spring for a hardware token to protect your accounts if you want to get really fancy.
  • Strong answers security recovery questions that aren’t tied to your personal information.
  • Unlinking your smartphone phone number from your accounts, where possible. (You could always use a free Google Voice number if you’re required to have one for your sensitive accounts.)
  • Using long, randomized, and unique passwords for each account.
  • Use an encrypted password manager.
  • Don’t use your favorite services (Google, Facebook, et cetera) to sign in to other services; all an attacker needs is to break into one to have access to a lot more of your digital life.

You should also make note of important account-related information that could be used to identify you as the rightful account holder, such as:

  • The month and year you created the account
  • Previous screen names on the account
  • Physical addresses associated with the account
  • Credit card numbers that have been used with the accounts or bank statements that can confirm you were the one who made purchases
  • Content created by the accounts, such as character names, if the account is for an online video game

Similarly, keeping a list of all your critical accounts will make reacting to a SIM swaps or similar ID theft easier, as you’ll be able to securely comb through each account and change passwords, email addresses, et cetera. Have all this information stored securely—perhaps even as a physical printout of a text file—rather than saving it on a service associated with a digital entity (that could be broken into).

Decentralize your online footprint

Consider using encrypted, open-source apps and services instead of just the apps from Google, Apple, Microsoft, to keep important data spread out, with the most sensitive data stored in places with the highest security. This applies to email, messaging apps, bank apps, etc. Google Drive and iCloud are great, but if everything funnels into a single drive—including personal financial information et cetera—you’re screwed.

Also, you should keep certain data out of the cloud entirely. Don’t throw your tax returns into your Google Drive, because if someone were to gain access, they’d suddenly have a ton of critical information about you (and plenty of information they could use to pretend they are you). And please, no matter what, don’t keep a list of your common passwords, backup sign-in keys, your password manager’s “account recovery” PDF in a simple cloud storage account.

How to respond to a SIM swap attack

If you suspect you’ve fallen victim to a SIM swap or any form of ID theft, work through all of these steps quickly:

  • File identity theft reports with your local police bureau and the FTC.
  • Alert your banks/financial institutions to the potential identity report and request holds be put on your accounts and bank cards, then contact all three credit bureaus (Experian, Equifax, and TransUnion) to request a freeze on your credit and flag potential credit fraud. If you suspect your tax identity or social security numbers are compromised, contact the IRS. You might even want to change your bank account or credit card numbers just in case.
  • Report the identity theft to your cellular service provider. Be aware, however, that unless you can sufficiently prove this has happened and that you are the rightful account holder, they may not be able to do much (since the hacker as your phone number, and all).
  • If you have an offline/analog list of your accounts and their information, change each account’s email address and password (make sure the new email address is not tied to your phone number; a new one works best), and update any other account security measures. The most important places to start are your email address(es) and financial institutions, including PayPal, Venmo, etc, and any accounts tied to your phone number or Google/Apple accounts.
  • Important: If given the option, DO NOT have confirmation codes or reset links sent to your phone number. These will be sent to the hacker, not you.
  • If you cannot log in to an account or reset your password, contact that account’s customer service ASAP and explain the situation. You’ll be asked to prove your identity, so having as much information about the account as possible will help you take back control.