Apple seems to have gone bit too far this time in implementing cool and convenient features in iOS7 !
More than 200 million users adopted iOS7 within weeks of release in Sep. That is the kind of response Apple’s products has been getting in last few years. iOS7 was announced at the company’s Apple Worldwide Developers Conference (WWDC) on June 10, 2013, and was released on September 18, 2013.
With iOS7 Apple implemented many functionality changes in addition to a redesigned user interface.
But very soon, actually within days of release, concerns about its security also started doing the rounds. Its large user base got worried as some of those concerns were real. Now when the dust seems to be settling let’s see how serious they are.
Airplane mode using Control Center gives an opportunity to snatcher
iOS7 allows access to Airplane Mode without having to enter a passcode lock. Once in Airplane mode, the iPhone gets off the grid i.e. it cannot be tracked or remotely wiped. Using this feature a thief could prevent rightful owner of iPhone from tracking or remotely wiping it. While the phone is beyond reach the thief can take further steps to change ids and pretty much become the new owner.
It can be argued that such a thing requires just too many coincidences but the fact remains that it is possible. Especially since videos detailing those steps are publicly available any smart thief can misuse it.
In iOS6 Airplane mode was accessible only after getting through the lock screen. Clearly it is case where things went wrong in bringing more convenience to the user.
Finger printer sensor can be compromised
One has to acknowledge that this is a cool feature but the makers probably did not imagine that it can be cracked so soon. A team of hackers demonstrated that using everyday means it will take just one hour to spoof the fingerprint sensor.
Use of touch id to access your device is really cool and convenient. But technically speaking this is not the most secure way to do so.
Upgrade to iOS7 without touch id adds to worries
Another security issue that made it to the news relates to upgrade to IOS7. Users having earlier iPhones (other than iPhone 5S) can also upgrade their operating system to iOS7. These iPhones, including 5C, do not have fingerprint sensor at home button. One upgraded a swipe at home button means allowing access using the passcode. Users using basic 4 digit number as passcode are particularly vulnerable to this.
Siri, the intelligent personal assistant can help you hack too
Yet another issue is related with Siri, another cool feature from Apple’s stable. Simply hold down the home button and wait for Siri to ask what you want. With Siri’s assistance one could make phone calls, possibly update status on Facebook and send text messages.
Well, people suggest that this how Siri is supposed to work. But then if it is allowed by default, it’s a security flaw.
Multi-tasking screen opens a window to vulnerabilities
One problematic, but now patched, iOS7 security flaw allowed for the circumvention of a device’s lockscreen. In a locked phone swiping up to access the alarm clock app and then following couple of extra steps brings you to multitasking screen. Once there you can access Twitter, email and other accounts via camera app or photo gallery.
Apple’s lukewarm response so far
In recent few years Apple gets a lot of publicity in whatever they do. So is the case this time with vulnerabilities. Except for releasing an iOS software upgrade (7.0.2) Apple has largely been unresponsive. Also one cannot find fault with user community because Apple has set pretty high benchmarks for itself. People expect their product to be the best and flawless. Their silence on security concerns is not helping the issue.
What can users do on their own to improve security?
While clearly Apple can do more to address these security concerns, can I as a user do something about it? Yes. To begin with one has to understand these security issues with slightly different perspective.
Any out of the box product is set for convenience so that even a non-tech person can get started. Companies do this on purpose so that initially users can roam freely and explore its features. Security is one of the first victims in this process because it is always in contrast with convenience. But as they move up on the learning curve it is expected that users customize settings and increase security and privacy to their acceptable levels.
A lot of much publicized flaws in iOS7 can be kept at bay by changing the default settings.
Here are few steps you can take to make your iPhone more secure. But please remember that implementing some of these would mean compromising on your convenience.
- Do not rely entirely on fingerprint sensor. A complex passcode, using alphanumeric characters is a must.
- Ensure that latest patches are applied to iOS.
- Disable Siri and passbook access when the phone is locked.
- Setup 2 -step verification for Apple ID, Google accounts, Dropbox, Twitter etc
- Adjust privacy settings on Facebook, Safari to more conservative levels
- Clear web history regularly
These will make your device more secure though it may also mean that you will have to enter complex passcode more often and bother yourself with extra clicks to reach your favorite app. But that is the trade-off you should make to keep your iPhone safe.