Pocket Boom Portable Vibration Speaker [Review]

Is your iPhone speaker not loud enough for you? Don’t want to lug around a hefty set of portable speakers? Then look no further than the PocketBoom portable surface vibration device which turns almost any surface you can think of into a speaker.

It’s pretty simple, all you do is unwrap the vibration head from the main battery unit and stick it to a large surface. The other end goes into the headphone socket on your iPhone, iPod touch, iPad, or any other generic MP3 player or device with a standard 3.5mm headphone jack.

If you turn the PocketBoom on without it being attached to any surface you will still hear your music being played but it will sound very quiet and tinny. If you touch the white sticky pad on the vibration head you’ll feel it moving up and down much like any normal speaker cone would do. The fun begins when you stick it to a random surface like a cardboard box or plastic tub….suddenly the music is massively amplified and you effectively turn the random item into a speaker! Continue reading “Pocket Boom Portable Vibration Speaker [Review]”

LinkedIn iOS app also vulnerable to plist identity theft

Following the recent findings by Gareth Wright about Facebook iOS app storing authentication keys in a plain text file that is easily accessible even on non-jailbroken devices (allowing it to simply be copied to another device to grant access to that account) we have just discovered the same security flaw is also present in the latest version of LinkedIn iPhone app and you can also easily extract these plist files from iTunes backups.

Using a free app (in this case iExplorer) to browse the contents of your iPhone if you navigate to Apps/LinkedIn/Library/Preferences you will find a file named com.linkedin.LinkedIn.plist and this is the file in question.

Simply copying the com.linkedin.LinkedIn.plist file from one device to another and then relaunching the LinkedIn app will automatically log the user is using the account details from the cloned plist file.

I “nabbed” a copy of Gareth Wright’s LinkedIn plist (he emailed it to me) and dropped it onto my own non-jailbroken iPhone and relaunched LinkedIn.

I was instantly into Gareth’s LinkedIn Profile, I could browse all his personal messages, invitations, contacts, edit his profile and even sent myself an invite to join his network!

Here was my LinkedIn screen prior to copying the plist file over

and here it was after copying the plist and relaunching the app. At no point did it prompt me to re-enter my password or authenticate

I was able to navigate his LinkedIn profile without any issues, view all his messages, invitations, connections and even created an invitation and sent it to myself.

and here is the invitation I received

Best security practices for your iPhone/iPad

Basic Security – Everybody should at least do this

Turn on passcode lock and set a 4 digit numeric pin number.

Set it to only prompt for the pin number after 1 hour of inactivity.

Medium Security – For those who like to be extra careful

Turn off simple pascode and opt for a more secure alphanumeric password.

Set it to prompt for the password immediately so every time you pick up the device it prompts you for a password.

Turn restrictions on and go to location services, click find my ipad and make sure “status bar icon is off” so tell tale gps arrow doesnt show if you need to track your iOS device.

High Security – For the über paranoid

As per medium security above for the passcode.

Turn on Erase Data so if somebody tried to use the wrong passcode 10 times it wipes your device.

Turn Restrictions on and go to location section, make sure all the apps you use that need location services are turned on (disable any apps you dont think need to know you location)

Go to system services and disable Setting time zone, location based iAds, Diag and Usage (they just waste battery for now reason). Make sure status bar icon for system services is also OFF.

Make sure find ipad is ON and status bar icon is OFF.

and then select Dont allow changes. this greys out all location services so if your ipad ends up in the wrong hands and they took it from you whilst you were logged in (ie they dont need to get past your passcode). However, a clever thief who’s managed to take your ipad from your hands whilst you were logged would first try and disable location services, once they realise they cant the will then jump to deleting your iCloud or MobileMe account so you can’t use find my ipad, so you’ll want to stop them from being able to do that.

Go to restrictions–>Accounts–>click Don’t Allow Changes and now all the account options are greyed out.

This next step will seem non-sensical but if you want to make sure you can track your iOS device and get it back then make sure Erase data after 10 failed passwords is turned OFF. If it’s turned on and they try 10 passwords your iOS device wipes itself make it like a brand new iPad for them to play with and no way for you to track it.