Latest posts by Alvin Bryan (see all)
- Millionaire Tyupkin Malware ATM Hackers May Come to US, India After Hitting Europe - October 23, 2014
- BitLicense Will Allow Bitcoin Spying in New York - October 22, 2014
- Australians are Fighting Data Retention Laws - October 22, 2014
BBC News reported two security vulnerabilities found by California-based security firm Cenzic in the new Apple iOS 7. These vulnerabilities were discovered just two hours after its launch. Apple says it will work on a fix to be released in a later update.
There was much hype about the new iOS 7 revolving around its over 200 new features like clear graphics and control over apps. But there was not much detailed information provided about its security capabilities. Despite many requests from interested smartphone users, Apple did not release any security information other than what was related to the physical device features like the fingerprint scanner. Despite this, over 9 million new iPhones were sold with the new iOS 7 in just three days after it launched. Since the iOS 7 launch on September 18, over 200 million people downloaded the iOS 7 upgrade. It appears that users are either not as concerned about online security as they should be. Or maybe they trust Apple to give them security without verifying it first.
The iOS 7 Vulnerabilities
One of the iOS 7 flaws is related to a user’s ability to recover data after the device has been stolen. The “Find my iPhone” feature that allows users to lock their phones and later retrieve the data can be very easily disabled. Since the data wipe feature only works when the phone is online, all a thief has to do is put the device into airplane mode so it can’t communicate. Since setting an iPhone or iPad to airplane mode can be done through the voice-activated assistant Siri, this is very dangerous. Siri can be instructed to carry out the task, so locking the device with a passcode becomes useless. After much discussion over the years on Apple’s data security practices and features, it is surprising that they let this one slip past them.
The other discovered flaw is probably more serious because it allows the device owner’s email and social networking accounts to be hijacked. Again, the device lock and password are useless because access is granted through the Control Center. Thieves can use locked phones to make calls, send text messages and emails and post updates to Twitter and Facebook. The Control Center is a convenient new feature in iOS 7 that gives users quick access to Wi-Fi and Bluetooth radios, media controls, and a bunch of other features by swiping up from the bottom of the screen. The problem is that the Control Center is always one swipe away, even when you’re on the lock screen, so you don’t need the passcode to get into the Control Center.
“Find My Phone” can also be disabled from the Control Center. Any thief can easily access the Control Center and enter airplane mode, so that Find My Phone features like tracking down the phone’s exact location or using remote data wipe cannot be used. Photos can also be accessed from the Control Center in a few steps. First tap the stopwatch and switch it to alarm mode, then hold down the power button until the “slide to power off” message appears. Then tap cancel and immediately double-click the Home button, giving you access to the camera and photo library. Intruders can gain access from here to the device owner’s Messages, Mail, Twitter, Facebook and Flickr accounts via the sharing menu.
These iOS vulnerabilities have so far not yet been fixed despite the high sales figures for the new mobile operating system. Apple made a statement saying that it takes security very seriously and will fix the problem in a future software update. They said nothing about how long it would take them to release this update, or what users can do in the meantime to secure their iPhones.
A Strong VPN to Better Secure iOS 7 Devices
Using a strong VPN will not fix the Control Center or the Siri issues. It cannot help users keep their data same once a thief has gotten hold of the device. But it can help users to secure themselves online. Apple has put a lot into physical iPhone and iPad device security. But it has left out quite a bit with regards to personal online safety. iOS 7 gives users easier access from the Privacy menu to the once deeply hidden option to disable the ad tracking that came with iOS 6. This means that users can prevent their iPhone’s unique identifier from being used to keep track of browsing activity. This was done to allow targeted advertising and posed several security and privacy risks. But so far this option is the only additional one that is related to online security.
A strong VPN can give users data encryption capabilities to secure their devices over public WiFi. Unsecured connections are the biggest dangers to mobile phone security today. WiFi hotspots are teeming with hackers and thieves just waiting for someone to connect. Gaining access and control over a device from online is much easier than most people think. And because our online lives are so closely linked these days, we are in great danger of opening every aspect of our lives to snooping. Social media and email accounts give away enough information for advertisers and thieves to create a very detailed profile of a users’ daily movements and activities. They can also get into calendars and linked accounts to attempt hacks on bank accounts and other financial services accounts. They can assume the user’s identity, access all a user’s contacts and connect with them to launch further scams. Using a VPN is currently one of the best ways to make sure that your iOS 7 device doesn’t get infiltrated online as this is far more likely to happen than your device being physically stolen.